Jump to content

Unable to remove malware


Recommended Posts

Hello.

My name is Chris and I'm having a bit of trouble with a nasty infection. On the 23rd of February I seem to have "acquired" a trojan that has henceforth spread and infected other system files. I ran ESET Smart Security 5 and MBAM and yet they can't seem to help much in the matter. I performed registry cleaning tasks on a semi-daily basis with as much help as Tune-Up Utilities can provide. The infection has surprised me and I am yet to find a resolution. A possible cause would be that I've had 2 other people not so tech-savvy use my laptop for personal "business" for about 2 days.

My system restore only has 1 file recognized from November last year, but I would rather have my system cleaned rather than replaced. I'm looking for any other alternatives than a drive C format and reinstalling OS as I quite like the way my system ran prior to this infection, and have worked a lot on customizing it with various programs.

I've attached the logs requested below.

I'll kindly await your reply.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 01.09.2011 10:56:52

System Uptime: 04.03.2012 17:52:16 (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | N/A | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 289 GiB total, 132,931 GiB free.

D: is CDROM ()

G: is CDROM ()

N: is FIXED (NTFS) - 288 GiB total, 128,894 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

????? Windows Live

?????? Windows Live

??????? ??????????? ??? Windows Live

???????? ?????????? Windows Live

?????????? Windows Live

??????????? ?? Windows Live

???????????? Windows Live

AC3Filter 1.63b

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Master Collection

Adobe Flash Player 10 ActiveX

Adobe Media Player

Adobe Photoshop Elements 9

Adobe Premiere Elements 9

Adobe Reader X (10.1.2) MUI

Adobe Shockwave Player 11.6

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 4

Ask Toolbar Updater

Assassin's Creed Brotherhood

Assassin's Creed II

Assassin's Creed Revelations

Atheros WiFi Driver Installation

µTorrent

Bing Bar

Corel WinDVD

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Disciples II Rise of the Elves

Disciples III: Resurrection

DivX Setup

Elements 9 Organizer

Elements STI Installer

FotoSketcher 2.20

Galeria de Fotografias do Windows Live

Galeria fotografii usługi Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

GOM Player

Google Chrome

High-Definition Video Playback 10

IconPackager

Intel® Management Engine Components

Intel® Rapid Storage Technology

IrfanView (remove only)

Java Auto Updater

Java™ 6 Update 22

Junk Mail filter update

Malwarebytes Anti-Malware version 1.60.1.1000

Mass Effect

Mass Effect 2

Mass Effect™ 3 Demo

Matroska Pack

Mesh Runtime

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

NVIDIA 3D Vision Video Player

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Origin

PDF Settings CS5

PMB VAIO Edition Guide

PMB VAIO Edition Plug-in

Poczta usługi Windows Live

Podstawowe programy Windows Live

PxMergeModule

Qualcomm Atheros Direct Connect

Quick Web Access

QuickTime

Raccolta foto di Windows Live

Rainmeter

Realtek High Definition Audio Driver

Remote Keyboard

Remote Play with PlayStation 3

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for ?????? ??????? ??? ?? ???????? ??? Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for ?????? ??????? ??? ?? ???????? ??? Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja (KB2478663)

Security Update for A Microsoft .NET-keretrendszer 4-es verziójához tartozó ügyfélprofil HUN nyelvi csomagja (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile NOR Language Pack (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile NOR Language Pack (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile PTG Language Pack (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile PTG Language Pack (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Istemci Profili TRK Dil Paketi (KB2478663)

Security Update for Microsoft .NET Framework 4 Istemci Profili TRK Dil Paketi (KB2518870)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (KB2518870)

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 - Warlords

Sid Meier's Civilization IV: Realism:Invictus

Skype™ 5.5

SmartSound Quicktracks for Premiere Elements 9.0

SSLx86

Star Wars: The Old Republic

StarCraft II

swMSM

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

tools-winPre2k

TuneUp Utilities 2011

TuneUp Utilities Language Pack (en-US)

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi

V3DPX86

VAIO - Media Gallery

VAIO - PMB VAIO Edition Guide

VAIO - PMB VAIO Edition Plug-in

VAIO - Remote Keyboard

VAIO - Remote Play with PlayStation®3

VAIO 3D Portal

VAIO Care

VAIO Control Center

VAIO Data Restore Tool

VAIO Easy Connect

VAIO Event Service

VAIO F Series - Summer 2011 Screensaver

VAIO Gate

VAIO Gate Default

VAIO Hardware Diagnostics

VAIO Improvement

VAIO Manual

VAIO Sample Contents

VAIO Smart Network

VAIO Transfer Support

VAIO Update

VC80CRTRedist - 8.0.50727.6195

VCCx86

VESx86

VirtualCloneDrive

VIx86

VLC media player 1.1.11

VMware Workstation

VSNx86

VWSTx86

WebCam Recorder

Winamp

Winamp Detector Plug-in

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

Windows Media Player Firefox Plugin

XSplit

Xvid Plus Codec Pack

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

27.02.2012 22:19:37, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

27.02.2012 22:19:36, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.

27.02.2012 22:19:28, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

27.02.2012 22:19:28, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

26.02.2012 17:35:18, Error: Service Control Manager [7034] - The VAIO Power Management service terminated unexpectedly. It has done this 1 time(s).

26.02.2012 17:35:04, Error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

26.02.2012 12:54:22, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).

26.02.2012 12:54:16, Error: Service Control Manager [7034] - The Nero Update service terminated unexpectedly. It has done this 1 time(s).

26.02.2012 12:54:10, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

26.02.2012 12:54:00, Error: Service Control Manager [7034] - The Bing Bar Update Service service terminated unexpectedly. It has done this 1 time(s).

04.03.2012 17:58:47, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

04.03.2012 17:58:46, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

04.03.2012 17:55:02, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

04.03.2012 17:52:40, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.

04.03.2012 17:52:40, Error: Service Control Manager [7003] - The McAfee Anti-Spam Service service depends the following service: MfeFire. This service might not be installed.

04.03.2012 17:52:40, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

04.03.2012 17:49:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

04.03.2012 17:48:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

04.03.2012 17:48:41, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

04.03.2012 17:48:25, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Program Files (x86)\Atheros WiFi Driver Installation\AthIhvWlanExt.dll Error Code: 21

04.03.2012 17:48:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

04.03.2012 17:48:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv ElbyCDIO spldr Wanarpv6

04.03.2012 17:47:01, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

04.03.2012 16:07:15, Error: Service Control Manager [7034] - The VUAgent service terminated unexpectedly. It has done this 1 time(s).

04.03.2012 13:06:07, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

04.03.2012 13:06:05, Error: Service Control Manager [7034] - The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).

04.03.2012 01:18:37, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

03.03.2012 22:37:46, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

03.03.2012 22:36:49, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

01.03.2012 18:12:55, Error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).

01.03.2012 18:12:47, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

01.03.2012 18:12:47, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by NINE at 18:00:07 on 2012-03-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1250.40.1033.18.6125.3763 [GMT 0:00]

.

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Rainmeter\Rainmeter.exe

N:\Downloads\Taskbar Eliminator\Taskbar Eliminator.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k bthsvcs

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\wbengine.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\splwow64.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.sony.eu/vaioportal

uInternet Settings,ProxyOverride = <local>

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\NINE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

StartupFolder: C:\Users\NINE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKBA~1.LNK - N:\Downloads\Taskbar Eliminator\Taskbar Eliminator.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: %SystemRoot%\system32\vsocklib.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{32877206-6FCB-4797-BF56-EE38C5FF321B} : DhcpNameServer = 138.37.6.1 138.37.7.1

TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\05576696 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\149657270275966496 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\25332305F6775627 : DhcpNameServer = 213.154.124.1 193.231.252.1

TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\37075636472757D6 : DhcpNameServer = 172.16.66.1

TCP: Interfaces\{BC857DE5-0836-4565-955B-C758EB8D164B}\75962756A7 : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\NINE\AppData\Roaming\Mozilla\Firefox\Profiles\p78u4anx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.co.uk

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\NINE\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - c3a6b478-ff98-4305-948d-6ca708dc3437

FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader,BestVideoDownloader,

FF - user.js: extensions.autoDisableScopes - 14

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-8 138400]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-8 73376]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-10 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-24 652360]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-29 2253120]

R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]

R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]

R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsnxc64.sys --> C:\Windows\system32\drivers\risdsnxc64.sys [?]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-9-1 259192]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-9-27 2027840]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-5-10 105024]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-10 2656280]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-5-10 550080]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-9-15 971704]

R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]

R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]

R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\drivers\btath_bus.sys --> C:\Windows\system32\drivers\btath_bus.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-7-8 11856]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-9-1 44736]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-9-2 8192]

S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\drivers\btath_hcrp.sys --> C:\Windows\system32\drivers\btath_hcrp.sys [?]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\drivers\btath_rcp.sys --> C:\Windows\system32\drivers\btath_rcp.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-9-15 104096]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]

S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]

S3 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-1-18 11839488]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-03-03 13:32:39 -------- d-----w- C:\Users\NINE\AppData\Local\DDMSettings

2012-03-03 13:21:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E888B89F-AB71-4949-9AC7-F0A3F306F4C8}\offreg.dll

2012-03-02 11:09:34 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E888B89F-AB71-4949-9AC7-F0A3F306F4C8}\mpengine.dll

2012-02-27 20:04:14 20480 ----a-w- C:\Windows\svchost.exe

2012-02-26 11:40:39 -------- d-----w- C:\Users\NINE\AppData\Roaming\AusLogics

2012-02-24 10:26:48 -------- d-sh--w- C:\$RECYCLE.BIN

2012-02-24 09:57:45 98816 ----a-w- C:\Windows\sed.exe

2012-02-24 09:57:45 518144 ----a-w- C:\Windows\SWREG.exe

2012-02-24 09:57:45 256000 ----a-w- C:\Windows\PEV.exe

2012-02-24 09:57:45 208896 ----a-w- C:\Windows\MBR.exe

2012-02-24 09:44:02 -------- d-----w- C:\Users\NINE\AppData\Roaming\Malwarebytes

2012-02-24 09:43:56 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-24 09:43:55 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-24 09:43:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-24 09:38:36 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-23 20:06:46 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2012-02-23 20:06:46 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2012-02-23 20:06:45 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2012-02-15 14:51:17 -------- d-----w- C:\ProgramData\EA Logs

2012-02-15 13:51:27 -------- d-----w- C:\Program Files (x86)\Origin Games

2012-02-15 13:51:25 -------- d-----w- C:\Users\NINE\AppData\Roaming\Origin

2012-02-15 13:51:25 -------- d-----w- C:\Users\NINE\AppData\Local\Origin

2012-02-15 13:51:19 -------- d-----w- C:\ProgramData\Origin

2012-02-15 13:51:19 -------- d-----w- C:\ProgramData\Electronic Arts

2012-02-15 13:51:04 -------- d-----w- C:\Program Files (x86)\Origin

2012-02-14 21:57:29 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-14 21:57:29 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-14 21:57:28 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-14 21:57:28 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-14 21:57:27 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-14 21:57:27 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-14 21:57:22 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-14 21:57:21 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-10 16:07:13 -------- d-----w- C:\Users\NINE\AppData\Local\VMware

2012-02-10 15:52:58 63088 ----a-w- C:\Windows\System32\drivers\vmx86.sys

2012-02-10 15:52:35 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe

2012-02-10 15:52:31 433264 ----a-w- C:\Windows\SysWow64\vmnat.exe

2012-02-10 15:52:31 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys

2012-02-10 15:52:28 942192 ----a-w- C:\Windows\System32\vnetlib64.dll

2012-02-10 15:51:39 32880 ----a-w- C:\Windows\System32\drivers\VMkbd.sys

2012-02-10 15:51:38 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys

2012-02-10 15:50:53 -------- d-----w- C:\Program Files (x86)\VMware

2012-02-10 15:50:53 -------- d-----w- C:\Program Files (x86)\Common Files\VMware

2012-02-10 15:50:20 -------- d-----w- C:\Program Files\Common Files\VMware

2012-02-08 19:28:11 -------- d-----w- C:\Windows\System32\embrace

.

==================== Find3M ====================

.

2012-02-29 14:09:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-29 05:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-28 09:12:50 28056 ----a-w- C:\Windows\System32\xfcodec64.dll

2012-01-18 13:41:32 252016 ----a-w- C:\Windows\SysWow64\vmnc.dll

2012-01-18 13:06:00 62064 ----a-w- C:\Windows\System32\vmnetbridge.dll

2012-01-18 13:06:00 48752 ----a-w- C:\Windows\System32\vnetinst.dll

2012-01-18 13:06:00 45680 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys

2012-01-18 13:06:00 24176 ----a-w- C:\Windows\System32\drivers\vmnet.sys

2012-01-18 13:06:00 20080 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 18:01:04,89 ===============

DDS.txt

Attach.txt

Link to post
Share on other sites

Hello Chris, I see indeed some evidence of malware here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hello Elise and thank you for your assistance.

The required log contents are below.

17:22:02.0568 4828 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39

17:22:02.0660 4828 ============================================================

17:22:02.0660 4828 Current date / time: 2012/03/06 17:22:02.0660

17:22:02.0660 4828 SystemInfo:

17:22:02.0660 4828

17:22:02.0660 4828 OS Version: 6.1.7601 ServicePack: 1.0

17:22:02.0660 4828 Product type: Workstation

17:22:02.0660 4828 ComputerName: NINE-VAIO

17:22:02.0660 4828 UserName: NINE

17:22:02.0660 4828 Windows directory: C:\Windows

17:22:02.0660 4828 System windows directory: C:\Windows

17:22:02.0660 4828 Running under WOW64

17:22:02.0660 4828 Processor architecture: Intel x64

17:22:02.0660 4828 Number of processors: 8

17:22:02.0660 4828 Page size: 0x1000

17:22:02.0660 4828 Boot type: Normal boot

17:22:02.0660 4828 ============================================================

17:22:02.0954 4828 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:22:02.0958 4828 \Device\Harddisk0\DR0:

17:22:02.0958 4828 MBR used

17:22:02.0958 4828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x24B8800, BlocksNum 0x32000

17:22:02.0958 4828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24EA800, BlocksNum 0x242CFAB0

17:22:02.0977 4828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x267BB000, BlocksNum 0x2409C800

17:22:03.0040 4828 Initialize success

17:22:03.0040 4828 ============================================================

17:22:14.0208 4952 ============================================================

17:22:14.0208 4952 Scan started

17:22:14.0208 4952 Mode: Manual;

17:22:14.0208 4952 ============================================================

17:22:14.0581 4952 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

17:22:14.0629 4952 1394ohci - ok

17:22:14.0671 4952 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:22:14.0716 4952 ACPI - ok

17:22:14.0734 4952 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:22:14.0767 4952 AcpiPmi - ok

17:22:14.0818 4952 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

17:22:14.0881 4952 adp94xx - ok

17:22:14.0982 4952 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

17:22:15.0027 4952 adpahci - ok

17:22:15.0055 4952 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

17:22:15.0061 4952 adpu320 - ok

17:22:15.0132 4952 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

17:22:15.0189 4952 AFD - ok

17:22:15.0248 4952 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:22:15.0281 4952 agp440 - ok

17:22:15.0373 4952 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:22:15.0403 4952 aliide - ok

17:22:15.0439 4952 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:22:15.0459 4952 amdide - ok

17:22:15.0516 4952 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

17:22:15.0548 4952 AmdK8 - ok

17:22:15.0569 4952 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

17:22:15.0611 4952 AmdPPM - ok

17:22:15.0668 4952 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

17:22:15.0709 4952 amdsata - ok

17:22:15.0793 4952 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

17:22:15.0834 4952 amdsbs - ok

17:22:15.0860 4952 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

17:22:15.0881 4952 amdxata - ok

17:22:15.0926 4952 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:22:15.0950 4952 AppID - ok

17:22:15.0995 4952 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

17:22:16.0029 4952 arc - ok

17:22:16.0104 4952 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

17:22:16.0162 4952 arcsas - ok

17:22:16.0213 4952 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

17:22:16.0217 4952 ArcSoftKsUFilter - ok

17:22:16.0286 4952 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:22:16.0309 4952 AsyncMac - ok

17:22:16.0388 4952 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

17:22:16.0419 4952 atapi - ok

17:22:16.0473 4952 AthBTPort (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys

17:22:16.0477 4952 AthBTPort - ok

17:22:16.0553 4952 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\System32\Drivers\AthDfu.sys

17:22:16.0585 4952 ATHDFU - ok

17:22:16.0760 4952 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys

17:22:16.0786 4952 athr - ok

17:22:16.0902 4952 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

17:22:16.0916 4952 b06bdrv - ok

17:22:16.0990 4952 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:22:17.0024 4952 b57nd60a - ok

17:22:17.0161 4952 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:22:17.0164 4952 Beep - ok

17:22:17.0260 4952 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

17:22:17.0290 4952 blbdrive - ok

17:22:17.0330 4952 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:22:17.0381 4952 bowser - ok

17:22:17.0412 4952 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

17:22:17.0415 4952 BrFiltLo - ok

17:22:17.0435 4952 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

17:22:17.0438 4952 BrFiltUp - ok

17:22:17.0512 4952 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

17:22:17.0542 4952 BridgeMP - ok

17:22:17.0576 4952 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:22:17.0595 4952 Brserid - ok

17:22:17.0629 4952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:22:17.0663 4952 BrSerWdm - ok

17:22:17.0689 4952 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:22:17.0703 4952 BrUsbMdm - ok

17:22:17.0765 4952 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:22:17.0767 4952 BrUsbSer - ok

17:22:17.0795 4952 BTATH_A2DP (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys

17:22:17.0830 4952 BTATH_A2DP - ok

17:22:17.0849 4952 btath_avdt (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys

17:22:17.0852 4952 btath_avdt - ok

17:22:17.0901 4952 BTATH_BUS (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\drivers\btath_bus.sys

17:22:17.0925 4952 BTATH_BUS - ok

17:22:18.0003 4952 BTATH_HCRP (a441b800e04cf8443faf519207563abb) C:\Windows\system32\drivers\btath_hcrp.sys

17:22:18.0035 4952 BTATH_HCRP - ok

17:22:18.0057 4952 BTATH_LWFLT (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys

17:22:18.0059 4952 BTATH_LWFLT - ok

17:22:18.0090 4952 BTATH_RCP (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\drivers\btath_rcp.sys

17:22:18.0116 4952 BTATH_RCP - ok

17:22:18.0228 4952 BtFilter (d87aba7079a975eb0a8afdd4ec54f5f8) C:\Windows\system32\DRIVERS\btfilter.sys

17:22:18.0270 4952 BtFilter - ok

17:22:18.0316 4952 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

17:22:18.0343 4952 BthEnum - ok

17:22:18.0381 4952 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:22:18.0399 4952 BTHMODEM - ok

17:22:18.0474 4952 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

17:22:18.0480 4952 BthPan - ok

17:22:18.0508 4952 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

17:22:18.0552 4952 BTHPORT - ok

17:22:18.0592 4952 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

17:22:18.0603 4952 BTHUSB - ok

17:22:18.0622 4952 catchme - ok

17:22:18.0709 4952 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:22:18.0715 4952 cdfs - ok

17:22:18.0754 4952 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

17:22:18.0789 4952 cdrom - ok

17:22:18.0820 4952 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

17:22:18.0825 4952 circlass - ok

17:22:18.0859 4952 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:22:18.0911 4952 CLFS - ok

17:22:19.0016 4952 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

17:22:19.0037 4952 CmBatt - ok

17:22:19.0068 4952 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:22:19.0087 4952 cmdide - ok

17:22:19.0133 4952 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

17:22:19.0183 4952 CNG - ok

17:22:19.0275 4952 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

17:22:19.0277 4952 Compbatt - ok

17:22:19.0316 4952 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

17:22:19.0319 4952 CompositeBus - ok

17:22:19.0405 4952 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys

17:22:19.0422 4952 cpuz135 - ok

17:22:19.0474 4952 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

17:22:19.0489 4952 crcdisk - ok

17:22:19.0568 4952 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:22:19.0575 4952 DfsC - ok

17:22:19.0601 4952 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:22:19.0643 4952 discache - ok

17:22:19.0697 4952 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

17:22:19.0725 4952 Disk - ok

17:22:19.0745 4952 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:22:19.0765 4952 drmkaud - ok

17:22:19.0791 4952 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:22:19.0797 4952 DXGKrnl - ok

17:22:19.0841 4952 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys

17:22:19.0851 4952 e1yexpress - ok

17:22:19.0920 4952 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys

17:22:19.0943 4952 eamonm - ok

17:22:20.0051 4952 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

17:22:20.0099 4952 ebdrv - ok

17:22:20.0205 4952 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys

17:22:20.0238 4952 ehdrv - ok

17:22:20.0334 4952 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys

17:22:20.0381 4952 ElbyCDIO - ok

17:22:20.0477 4952 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

17:22:20.0493 4952 elxstor - ok

17:22:20.0564 4952 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys

17:22:20.0583 4952 epfw - ok

17:22:20.0674 4952 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys

17:22:20.0719 4952 EpfwLWF - ok

17:22:20.0779 4952 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys

17:22:20.0814 4952 epfwwfp - ok

17:22:20.0849 4952 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:22:20.0871 4952 ErrDev - ok

17:22:20.0964 4952 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:22:21.0018 4952 exfat - ok

17:22:21.0034 4952 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:22:21.0062 4952 fastfat - ok

17:22:21.0104 4952 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

17:22:21.0139 4952 fdc - ok

17:22:21.0161 4952 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:22:21.0171 4952 FileInfo - ok

17:22:21.0186 4952 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:22:21.0199 4952 Filetrace - ok

17:22:21.0267 4952 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

17:22:21.0272 4952 flpydisk - ok

17:22:21.0297 4952 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:22:21.0326 4952 FltMgr - ok

17:22:21.0362 4952 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:22:21.0389 4952 FsDepends - ok

17:22:21.0410 4952 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:22:21.0425 4952 Fs_Rec - ok

17:22:21.0506 4952 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:22:21.0556 4952 fvevol - ok

17:22:21.0598 4952 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

17:22:21.0629 4952 gagp30kx - ok

17:22:21.0666 4952 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys

17:22:21.0720 4952 hcmon - ok

17:22:21.0789 4952 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:22:21.0794 4952 hcw85cir - ok

17:22:21.0829 4952 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

17:22:21.0853 4952 HdAudAddService - ok

17:22:21.0885 4952 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

17:22:21.0890 4952 HDAudBus - ok

17:22:21.0908 4952 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

17:22:21.0953 4952 HidBatt - ok

17:22:22.0016 4952 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

17:22:22.0050 4952 HidBth - ok

17:22:22.0100 4952 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

17:22:22.0160 4952 HidIr - ok

17:22:22.0199 4952 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

17:22:22.0215 4952 HidUsb - ok

17:22:22.0294 4952 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:22:22.0300 4952 HpSAMD - ok

17:22:22.0349 4952 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:22:22.0376 4952 HTTP - ok

17:22:22.0395 4952 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:22:22.0416 4952 hwpolicy - ok

17:22:22.0460 4952 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

17:22:22.0494 4952 i8042prt - ok

17:22:22.0552 4952 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys

17:22:22.0559 4952 iaStor - ok

17:22:22.0638 4952 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

17:22:22.0679 4952 iaStorV - ok

17:22:22.0716 4952 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

17:22:22.0721 4952 iirsp - ok

17:22:22.0949 4952 IntcAzAudAddService (2cc2f7c5990bb76767038f4b16d17a56) C:\Windows\system32\drivers\RTKVHD64.sys

17:22:23.0006 4952 IntcAzAudAddService - ok

17:22:23.0163 4952 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:22:23.0167 4952 intelide - ok

17:22:23.0208 4952 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

17:22:23.0234 4952 intelppm - ok

17:22:23.0293 4952 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:22:23.0300 4952 IpFilterDriver - ok

17:22:23.0492 4952 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:22:23.0495 4952 IPMIDRV - ok

17:22:23.0537 4952 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:22:23.0567 4952 IPNAT - ok

17:22:23.0595 4952 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:22:23.0597 4952 IRENUM - ok

17:22:23.0641 4952 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:22:23.0686 4952 isapnp - ok

17:22:23.0873 4952 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:22:23.0942 4952 iScsiPrt - ok

17:22:24.0218 4952 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys

17:22:24.0257 4952 ivusb - ok

17:22:24.0368 4952 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

17:22:24.0373 4952 kbdclass - ok

17:22:24.0740 4952 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

17:22:24.0745 4952 kbdhid - ok

17:22:24.0831 4952 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

17:22:24.0852 4952 KSecDD - ok

17:22:24.0890 4952 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

17:22:24.0921 4952 KSecPkg - ok

17:22:25.0012 4952 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:22:25.0044 4952 ksthunk - ok

17:22:25.0106 4952 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:22:25.0125 4952 lltdio - ok

17:22:25.0257 4952 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

17:22:25.0281 4952 LSI_FC - ok

17:22:25.0301 4952 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

17:22:25.0322 4952 LSI_SAS - ok

17:22:25.0339 4952 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

17:22:25.0350 4952 LSI_SAS2 - ok

17:22:25.0372 4952 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

17:22:25.0384 4952 LSI_SCSI - ok

17:22:25.0401 4952 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:22:25.0403 4952 luafv - ok

17:22:25.0503 4952 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

17:22:25.0524 4952 MBAMProtector - ok

17:22:25.0575 4952 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

17:22:25.0632 4952 megasas - ok

17:22:25.0669 4952 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

17:22:25.0684 4952 MegaSR - ok

17:22:25.0817 4952 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys

17:22:25.0821 4952 MEIx64 - ok

17:22:25.0867 4952 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:22:25.0871 4952 Modem - ok

17:22:25.0915 4952 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:22:25.0916 4952 monitor - ok

17:22:26.0022 4952 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:22:26.0027 4952 mouclass - ok

17:22:26.0058 4952 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:22:26.0062 4952 mouhid - ok

17:22:26.0102 4952 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:22:26.0137 4952 mountmgr - ok

17:22:26.0231 4952 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:22:26.0256 4952 mpio - ok

17:22:26.0274 4952 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:22:26.0302 4952 mpsdrv - ok

17:22:26.0324 4952 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:22:26.0329 4952 MRxDAV - ok

17:22:26.0371 4952 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:22:26.0376 4952 mrxsmb - ok

17:22:26.0445 4952 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:22:26.0501 4952 mrxsmb10 - ok

17:22:26.0574 4952 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:22:26.0612 4952 mrxsmb20 - ok

17:22:26.0701 4952 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

17:22:26.0733 4952 msahci - ok

17:22:26.0868 4952 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:22:26.0893 4952 msdsm - ok

17:22:27.0001 4952 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:22:27.0005 4952 Msfs - ok

17:22:27.0047 4952 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:22:27.0050 4952 mshidkmdf - ok

17:22:27.0072 4952 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:22:27.0098 4952 msisadrv - ok

17:22:27.0133 4952 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:22:27.0134 4952 MSKSSRV - ok

17:22:27.0253 4952 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:22:27.0272 4952 MSPCLOCK - ok

17:22:27.0282 4952 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:22:27.0310 4952 MSPQM - ok

17:22:27.0331 4952 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:22:27.0337 4952 MsRPC - ok

17:22:27.0516 4952 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

17:22:27.0540 4952 mssmbios - ok

17:22:27.0635 4952 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:22:27.0640 4952 MSTEE - ok

17:22:27.0793 4952 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

17:22:27.0797 4952 MTConfig - ok

17:22:27.0818 4952 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:22:27.0848 4952 Mup - ok

17:22:27.0963 4952 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:22:28.0008 4952 NativeWifiP - ok

17:22:28.0132 4952 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

17:22:28.0140 4952 NDIS - ok

17:22:28.0287 4952 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:22:28.0310 4952 NdisCap - ok

17:22:28.0359 4952 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:22:28.0363 4952 NdisTapi - ok

17:22:28.0388 4952 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:22:28.0391 4952 Ndisuio - ok

17:22:28.0413 4952 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:22:28.0468 4952 NdisWan - ok

17:22:28.0599 4952 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:22:28.0677 4952 NDProxy - ok

17:22:28.0868 4952 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:22:28.0899 4952 NetBIOS - ok

17:22:28.0918 4952 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:22:28.0934 4952 NetBT - ok

17:22:29.0188 4952 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

17:22:29.0209 4952 nfrd960 - ok

17:22:29.0318 4952 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:22:29.0335 4952 Npfs - ok

17:22:29.0366 4952 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:22:29.0397 4952 nsiproxy - ok

17:22:29.0685 4952 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

17:22:29.0736 4952 Ntfs - ok

17:22:30.0243 4952 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:22:30.0259 4952 Null - ok

17:22:30.0357 4952 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\drivers\nusb3hub.sys

17:22:30.0387 4952 nusb3hub - ok

17:22:30.0413 4952 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\drivers\nusb3xhc.sys

17:22:30.0417 4952 nusb3xhc - ok

17:22:30.0439 4952 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

17:22:30.0489 4952 NVHDA - ok

17:22:30.0993 4952 nvlddmkm (a8151a773ce78233375445d41b77e85e) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:22:31.0114 4952 nvlddmkm - ok

17:22:31.0565 4952 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

17:22:31.0622 4952 nvraid - ok

17:22:31.0850 4952 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

17:22:31.0879 4952 nvstor - ok

17:22:31.0946 4952 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:22:31.0971 4952 nv_agp - ok

17:22:32.0419 4952 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:22:32.0472 4952 ohci1394 - ok

17:22:32.0701 4952 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

17:22:32.0735 4952 Parport - ok

17:22:32.0883 4952 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

17:22:32.0912 4952 partmgr - ok

17:22:33.0044 4952 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:22:33.0093 4952 pci - ok

17:22:33.0234 4952 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:22:33.0245 4952 pciide - ok

17:22:33.0279 4952 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

17:22:33.0293 4952 pcmcia - ok

17:22:33.0309 4952 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:22:33.0320 4952 pcw - ok

17:22:33.0340 4952 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:22:33.0357 4952 PEAUTH - ok

17:22:33.0487 4952 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:22:33.0518 4952 PptpMiniport - ok

17:22:33.0554 4952 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

17:22:33.0566 4952 Processor - ok

17:22:33.0623 4952 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:22:33.0637 4952 Psched - ok

17:22:33.0827 4952 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

17:22:33.0874 4952 PxHlpa64 - ok

17:22:33.0985 4952 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

17:22:34.0001 4952 ql2300 - ok

17:22:34.0197 4952 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

17:22:34.0213 4952 ql40xx - ok

17:22:34.0284 4952 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:22:34.0296 4952 QWAVEdrv - ok

17:22:34.0380 4952 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:22:34.0405 4952 RasAcd - ok

17:22:34.0450 4952 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:22:34.0452 4952 RasAgileVpn - ok

17:22:34.0480 4952 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:22:34.0501 4952 Rasl2tp - ok

17:22:34.0511 4952 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:22:34.0513 4952 RasPppoe - ok

17:22:34.0539 4952 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:22:34.0569 4952 RasSstp - ok

17:22:34.0591 4952 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:22:34.0596 4952 rdbss - ok

17:22:34.0631 4952 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

17:22:34.0672 4952 rdpbus - ok

17:22:34.0814 4952 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:22:34.0817 4952 RDPCDD - ok

17:22:34.0833 4952 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:22:34.0837 4952 RDPENCDD - ok

17:22:34.0851 4952 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:22:34.0855 4952 RDPREFMP - ok

17:22:34.0888 4952 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

17:22:34.0912 4952 RDPWD - ok

17:22:34.0939 4952 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:22:34.0992 4952 rdyboost - ok

17:22:35.0027 4952 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys

17:22:35.0109 4952 regi - ok

17:22:35.0286 4952 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

17:22:35.0318 4952 RFCOMM - ok

17:22:35.0377 4952 rimspci (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\drivers\rimssne64.sys

17:22:35.0409 4952 rimspci - ok

17:22:35.0451 4952 risdsnpe (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\drivers\risdsnxc64.sys

17:22:35.0512 4952 risdsnpe - ok

17:22:35.0636 4952 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:22:35.0687 4952 rspndr - ok

17:22:35.0747 4952 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:22:35.0775 4952 RTL8167 - ok

17:22:35.0868 4952 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:22:35.0903 4952 sbp2port - ok

17:22:36.0029 4952 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:22:36.0061 4952 scfilter - ok

17:22:36.0123 4952 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

17:22:36.0129 4952 sdbus - ok

17:22:36.0210 4952 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:22:36.0256 4952 secdrv - ok

17:22:36.0352 4952 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

17:22:36.0383 4952 Serenum - ok

17:22:36.0470 4952 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

17:22:36.0537 4952 Serial - ok

17:22:36.0568 4952 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

17:22:36.0579 4952 sermouse - ok

17:22:36.0631 4952 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys

17:22:36.0674 4952 SFEP - ok

17:22:36.0698 4952 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

17:22:36.0769 4952 sffdisk - ok

17:22:36.0837 4952 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:22:36.0865 4952 sffp_mmc - ok

17:22:36.0912 4952 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

17:22:36.0916 4952 sffp_sd - ok

17:22:36.0974 4952 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

17:22:36.0985 4952 sfloppy - ok

17:22:37.0060 4952 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

17:22:37.0151 4952 SiSRaid2 - ok

17:22:37.0221 4952 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

17:22:37.0243 4952 SiSRaid4 - ok

17:22:37.0372 4952 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:22:37.0379 4952 Smb - ok

17:22:37.0479 4952 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:22:37.0510 4952 spldr - ok

17:22:37.0590 4952 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:22:37.0593 4952 srv - ok

17:22:37.0615 4952 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:22:37.0629 4952 srv2 - ok

17:22:37.0693 4952 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:22:37.0697 4952 srvnet - ok

17:22:37.0933 4952 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

17:22:37.0935 4952 stexstor - ok

17:22:38.0198 4952 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

17:22:38.0228 4952 swenum - ok

17:22:38.0491 4952 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\drivers\SynTP.sys

17:22:38.0516 4952 SynTP - ok

17:22:38.0757 4952 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

17:22:38.0815 4952 Tcpip - ok

17:22:39.0042 4952 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

17:22:39.0060 4952 TCPIP6 - ok

17:22:39.0151 4952 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:22:39.0172 4952 tcpipreg - ok

17:22:39.0283 4952 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:22:39.0302 4952 TDPIPE - ok

17:22:39.0311 4952 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:22:39.0325 4952 TDTCP - ok

17:22:39.0357 4952 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:22:39.0378 4952 tdx - ok

17:22:39.0524 4952 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

17:22:39.0536 4952 TermDD - ok

17:22:39.0592 4952 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:22:39.0594 4952 tssecsrv - ok

17:22:39.0655 4952 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:22:39.0703 4952 TsUsbFlt - ok

17:22:39.0801 4952 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

17:22:39.0805 4952 TsUsbGD - ok

17:22:40.0008 4952 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys

17:22:40.0010 4952 TuneUpUtilitiesDrv - ok

17:22:40.0186 4952 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:22:40.0189 4952 tunnel - ok

17:22:40.0238 4952 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

17:22:40.0282 4952 uagp35 - ok

17:22:40.0313 4952 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:22:40.0322 4952 udfs - ok

17:22:40.0483 4952 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:22:40.0512 4952 uliagpkx - ok

17:22:40.0561 4952 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

17:22:40.0578 4952 umbus - ok

17:22:40.0698 4952 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

17:22:40.0719 4952 UmPass - ok

17:22:40.0814 4952 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

17:22:40.0834 4952 usbccgp - ok

17:22:40.0980 4952 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:22:40.0986 4952 usbcir - ok

17:22:41.0034 4952 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

17:22:41.0081 4952 usbehci - ok

17:22:41.0126 4952 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

17:22:41.0173 4952 usbhub - ok

17:22:41.0264 4952 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

17:22:41.0290 4952 usbohci - ok

17:22:41.0378 4952 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

17:22:41.0389 4952 usbprint - ok

17:22:41.0410 4952 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:22:41.0430 4952 USBSTOR - ok

17:22:41.0452 4952 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

17:22:41.0454 4952 usbuhci - ok

17:22:41.0526 4952 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

17:22:41.0539 4952 usbvideo - ok

17:22:41.0655 4952 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys

17:22:41.0680 4952 VClone - ok

17:22:41.0765 4952 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:22:41.0785 4952 vdrvroot - ok

17:22:41.0832 4952 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:22:41.0834 4952 vga - ok

17:22:41.0879 4952 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:22:41.0890 4952 VgaSave - ok

17:22:41.0923 4952 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:22:41.0937 4952 vhdmp - ok

17:22:42.0012 4952 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:22:42.0068 4952 viaide - ok

17:22:42.0117 4952 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys

17:22:42.0161 4952 vmci - ok

17:22:42.0229 4952 vmkbd (ed82d26b5e26542615483b8bed77d826) C:\Windows\system32\drivers\VMkbd.sys

17:22:42.0234 4952 vmkbd - ok

17:22:42.0307 4952 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys

17:22:42.0325 4952 VMnetAdapter - ok

17:22:42.0343 4952 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys

17:22:42.0348 4952 VMnetBridge - ok

17:22:42.0385 4952 VMnetuserif (1e74142ded099de7ada258042f891a8d) C:\Windows\system32\drivers\vmnetuserif.sys

17:22:42.0409 4952 VMnetuserif - ok

17:22:42.0510 4952 vmx86 (18a28eda522b6c0560e59d5be638d076) C:\Windows\system32\drivers\vmx86.sys

17:22:42.0530 4952 vmx86 - ok

17:22:42.0623 4952 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:22:42.0647 4952 volmgr - ok

17:22:42.0667 4952 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:22:42.0672 4952 volmgrx - ok

17:22:42.0697 4952 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:22:42.0715 4952 volsnap - ok

17:22:42.0782 4952 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

17:22:42.0805 4952 vsmraid - ok

17:22:42.0831 4952 vstor2-mntapi10-shared - ok

17:22:42.0891 4952 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:22:42.0917 4952 vwifibus - ok

17:22:42.0940 4952 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:22:42.0943 4952 vwififlt - ok

17:22:42.0998 4952 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

17:22:43.0028 4952 vwifimp - ok

17:22:43.0071 4952 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

17:22:43.0075 4952 WacomPen - ok

17:22:43.0111 4952 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:22:43.0134 4952 WANARP - ok

17:22:43.0138 4952 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:22:43.0139 4952 Wanarpv6 - ok

17:22:43.0175 4952 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

17:22:43.0178 4952 Wd - ok

17:22:43.0261 4952 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

17:22:43.0265 4952 WDC_SAM - ok

17:22:43.0321 4952 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:22:43.0332 4952 Wdf01000 - ok

17:22:43.0480 4952 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:22:43.0503 4952 WfpLwf - ok

17:22:43.0533 4952 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:22:43.0543 4952 WIMMount - ok

17:22:43.0718 4952 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

17:22:43.0868 4952 WinUsb - ok

17:22:44.0014 4952 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

17:22:44.0032 4952 WmiAcpi - ok

17:22:44.0189 4952 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:22:44.0207 4952 ws2ifsl - ok

17:22:44.0479 4952 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:22:44.0511 4952 WudfPf - ok

17:22:44.0587 4952 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:22:44.0618 4952 WUDFRd - ok

17:22:44.0924 4952 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

17:22:44.0990 4952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

17:22:44.0990 4952 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

17:22:45.0026 4952 Boot (0x1200) (a6ea5341dd708ac919dd18d4e6e12b95) \Device\Harddisk0\DR0\Partition0

17:22:45.0028 4952 \Device\Harddisk0\DR0\Partition0 - ok

17:22:45.0038 4952 Boot (0x1200) (b788456dbe420cf5996b02509b9fea6b) \Device\Harddisk0\DR0\Partition1

17:22:45.0040 4952 \Device\Harddisk0\DR0\Partition1 - ok

17:22:45.0071 4952 Boot (0x1200) (96a3b3e496da08c1cb234b3c544a61c3) \Device\Harddisk0\DR0\Partition2

17:22:45.0072 4952 \Device\Harddisk0\DR0\Partition2 - ok

17:22:45.0073 4952 ============================================================

17:22:45.0073 4952 Scan finished

17:22:45.0073 4952 ============================================================

17:22:45.0084 2788 Detected object count: 1

17:22:45.0084 2788 Actual detected object count: 1

17:24:24.0858 2788 \Device\Harddisk0\DR0\# - copied to quarantine

17:24:24.0891 2788 \Device\Harddisk0\DR0 - copied to quarantine

17:24:24.0967 2788 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

17:24:34.0540 2788 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

17:24:34.0824 2788 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

17:24:35.0086 2788 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

17:24:35.0386 2788 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

17:24:35.0389 2788 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

17:24:35.0435 2788 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

17:24:35.0463 2788 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

17:24:35.0939 2788 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

17:24:36.0195 2788 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

17:24:36.0267 2788 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

17:24:36.0267 2788 \Device\Harddisk0\DR0 - ok

17:24:36.0671 2788 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

17:24:44.0113 0160 Deinitialize success

Link to post
Share on other sites

I realize you do not want to reformat, nevertheless, please read the following information, you had a nasty rootkit on your computer.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

In addition to the information in my first post, before I ran TDSSKiller I had around 100 active processes running for all users. Among them, around 15 svchosts, one of which used up to 500k of my memory and under description just had "winrscmde". Sometimes it would play a random sound until I would manually kill the process.

After the TDSSKiller reboot and just before I ran ComboFix, MBAM detected a trojan in svchost. Should that be of concern?

The ComboFix report log was too long to C/P, I've attached it instead.

ComboFix.txt

Link to post
Share on other sites

Yes, that file was part of the infection. I take it MBAM deleted it as it is no longer present in the combofix log (it was present in DDS).

How are things running at this point? What problem do you still have left?

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

When prompted with the virus detection, MBAM can only ignore or quarantine. I always chose the latter, last time included, but prior to running ComboFix, MBAM displayed that message around 20 times / day so I didn't really think much was done against in until I ran ComboFix.

I've also updated Java [thanks for the tip] and restarted. It does seem to boot up and get all systems running in less time and I only have 75 processes running for all users. I've updated MBAM and will post the resulting full scan log here when it's done.

As a personal advice, would a rootkit of this sort damage my security in an unrecoverable way? Would backdoor access to my system be possible / detected by software such as MBAM? Other than changing all my passwords, what other steps can I take to ensure better protection? Note that this is a personal laptops and is not used in the course of business or trade.

Many thanks for all your assistance so far.

Link to post
Share on other sites

No tool is able to detect what exactly the rootkit altered (aside from what we see in logs) and what private information was sent "home". Theoretically a malware developer may have all information necessary to get back in your computer later, even if the infection is gone. However, in practice the chance is very small. This rootkit is very common, thousands of computers are or have been infected with it. A good security setup may alert you to possible intrusion, however thats not a given fact.

I'll wait for the MBAM log.

Link to post
Share on other sites

The full scan doesn't seem to have picked up anything. Let me know if there's anything more I need to do on my part.

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.06.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

NINE :: NINE-VAIO [administrator]

Protection: Enabled

06.03.2012 19:23:55

mbam-log-2012-03-06 (19-23-55).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 616322

Time elapsed: 1 hour(s), 16 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Lets do one more check for possible remnants. :)

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Done. This is what the scan produced. Let me know if there's anything else I need to take care of.

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\NINE\AppData\Local\dplayx.dll.vir a variant of Win32/Kryptik.ABDQ trojan cleaned by deleting - quarantined

C:\Users\NINE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\795aee91-1ba0006f a variant of Java/Agent.DN trojan deleted - quarantined

C:\Users\NINE\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\38e6a667-3180f22e a variant of Java/TrojanDownloader.Agent.AD trojan deleted - quarantined

N:\Current\Windows Tweaks\Icon Packager\Patch\startdock.iconpackager-patch ~TheOrb666~.exe Win32/HackTool.Patcher.A application cleaned by deleting - quarantined

N:\Downloads\mini-KMS_Activator_v1.3_Office2010_VL_ENG.exe a variant of Win32/HackKMS.A application deleted - quarantined

Link to post
Share on other sites

Those were just some leftovers, which means you're good to go. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

I've downloaded it again and ran uninstall. That seemed to have worked, thank you. The only thing I noticed during this clean-up is some of my system files such as explorer and various dlls were patched back to the original state, my theme was consequently modified to a basic early XP one, which was a bit of a nuisance since I like my desktop simple, elegant, but highly customized. I patched some files, took ownership of others and got everything back into place. I ran more tests and reinstalled ESET Smart Security 5 and MBAM. My system seems to be clean and running factory-smooth.

Thank you for everything!

Link to post
Share on other sites

That is usually a result of running tools like combofix. This restores certain default settings that can be altered by malware (but also by customizations you make yourself). Likewise, our tools cannot distinguish between malicious patched files and files that are patched intentionally.

I am glad to hear things are okay now and will request this topic to be closed. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.