Jump to content

svchost.exe (Trojan.Agent) -> 3908 -> Delete on reboot Keeps coming back


stayley

Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Stephen Office at 9:22:55 on 2012-09-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8071.5794 [GMT -4:00]

.

AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files (x86)\Common Files\Comscan\Comscan.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\RateWatch\RateWatch.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\WUDFHost.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

"C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mStart Page = hxxp://www.bing.com/?pc=MAGW

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [Google Update] "C:\Users\Stephen Office\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [snapseed] "C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe"

uRun: [GoogleChromeAutoLaunch_7BCCD22CCD6B50943C05683EEFDFE4FC] "C:\Users\Stephen Office\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [steam] "C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Windows Updater] "C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe"

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\STEPHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\STEPHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RATEWA~1.LNK - C:\Program Files (x86)\RateWatch\RateWatch.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{B54D3410-5891-4133-A205-A67F367E80A7} : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{B54D3410-5891-4133-A205-A67F367E80A7}\D45627369616 : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Stephen Office\AppData\Roaming\Mozilla\Firefox\Profiles\9lrs1zgh.default\

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Users\Stephen Office\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Stephen Office\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Stephen Office\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]

R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]

R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-1-25 101112]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808]

R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-17 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-17 161560]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-5 255376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-28 655944]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-8-15 69640]

R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-6-22 3289720]

R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]

R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-6-22 173960]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-17 363800]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]

R3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 Agent;Agent;C:\Windows\agent_x64.exe [2012-8-8 102912]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-30 116648]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 253600]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-4-6 274200]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-30 116648]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-28 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]

S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-09-08 13:08:24 -------- d-----w- C:\Program Files (x86)\ESET

2012-09-08 12:33:05 413138944 ---h--w- C:\Users\Stephen Office\AppData\Roaming\audiohd.exe

2012-09-08 00:29:36 -------- d-----r- C:\Program Files (x86)\Skype

2012-09-07 02:21:54 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\foobar2000

2012-09-07 02:21:50 -------- d-----w- C:\Program Files (x86)\foobar2000

2012-09-07 01:42:36 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Steam

2012-09-05 16:40:02 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-04 19:09:51 -------- d-----w- C:\Program Files (x86)\Common Files\Comscan

2012-09-01 15:55:58 -------- d-----w- C:\Users\Stephen Office\AppData\Local\Proxure

2012-09-01 15:55:57 -------- d-----w- C:\ProgramData\ClubSanDisk

2012-08-29 16:00:56 60864 ----a-w- C:\Users\Stephen Office\g2mdlhlpx.exe

2012-08-28 14:15:51 -------- d-----w- C:\ProgramData\GFI Software

2012-08-28 14:15:33 61184 ----a-w- C:\Windows\System32\drivers\sbhips.sys

2012-08-28 14:15:28 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys

2012-08-28 14:15:28 46472 ----a-w- C:\Windows\System32\sbbd.exe

2012-08-28 14:15:28 258304 ----a-w- C:\Windows\System32\drivers\SbFw.sys

2012-08-28 14:15:28 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys

2012-08-28 14:15:20 -------- d-----w- C:\ProgramData\Downloaded Installations

2012-08-28 14:15:08 -------- d-----w- C:\Program Files (x86)\GFI Software

2012-08-28 14:15:01 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\GFI Software

2012-08-28 14:03:28 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Malwarebytes

2012-08-28 14:03:22 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-28 14:03:22 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-28 14:03:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-28 07:51:15 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD22C2FD-239E-46A1-88E5-41C0D924A524}\mpengine.dll

2012-08-27 21:41:13 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Snapseed

2012-08-27 21:17:55 -------- d-----w- C:\Program Files\BinTube

2012-08-27 21:05:17 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-08-27 21:04:20 -------- d-----w- C:\Users\Stephen Office\AppData\Local\BinTube.com

2012-08-27 21:04:20 -------- d-----w- C:\ProgramData\IsolatedStorage

2012-08-27 21:02:14 -------- d-----w- C:\Program Files (x86)\BinTube

2012-08-22 20:07:57 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-08-22 20:07:57 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-20 19:19:55 -------- d-----w- C:\Users\Stephen Office\AppData\Local\Apple

2012-08-16 19:37:12 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\RateWatch.8120D7806F19A08520F163B2D95EA0AD9E0C0659.1

2012-08-16 19:37:12 -------- d-----w- C:\Program Files (x86)\RateWatch

2012-08-16 19:35:02 -------- d-----w- C:\Users\Stephen Office\AppData\Local\LogMeIn Rescue Applet

2012-08-16 17:40:12 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Downloaded Installations

2012-08-16 17:38:09 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Smart PDF Editor Pro

2012-08-16 17:38:02 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\Smart PDF Editor

2012-08-16 17:37:59 -------- d-----w- C:\Program Files (x86)\Common Files\Smart Soft

2012-08-16 17:24:55 -------- d-----w- C:\Users\Stephen Office\AppData\Local\VS Revo Group

2012-08-16 17:24:54 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys

2012-08-16 17:24:53 -------- d-----w- C:\Program Files\VS Revo Group

2012-08-16 13:23:18 -------- d-----w- C:\Users\Stephen Office\AppData\Roaming\FLEXnet

2012-08-16 13:21:12 -------- d-----w- C:\Program Files (x86)\Common Files\IVA

2012-08-16 13:21:00 -------- d-----w- C:\Program Files (x86)\Common Files\Nuance

2012-08-16 13:18:24 -------- d-----w- C:\Program Files (x86)\Nuance

2012-08-15 20:15:18 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-15 20:15:18 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-15 20:15:17 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-15 20:15:17 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-15 20:15:17 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-15 20:15:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-15 20:15:16 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-15 20:15:16 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-15 20:15:16 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-15 20:15:16 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-15 20:15:16 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-15 18:13:44 69640 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE

2012-08-09 22:34:56 -------- d-----w- C:\checks

2012-08-09 22:28:08 136672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

.

==================== Find3M ====================

.

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-22 19:37:42 46472 ----a-w- C:\Windows\SysWow64\sbbd.exe

.

============= FINISH: 9:23:27.84 ===============

Link to post
Share on other sites

Hello stayley,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-08 09:51:54

-----------------------------

09:51:54.015 OS Version: Windows x64 6.1.7601 Service Pack 1

09:51:54.015 Number of processors: 4 586 0x2A07

09:51:54.016 ComputerName: STEPHENOFFICE UserName:

09:51:54.619 Initialize success

09:52:47.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

09:52:47.095 Disk 0 Vendor: ST1000DM CC4B Size: 953869MB BusType: 3

09:52:47.121 Disk 0 MBR read successfully

09:52:47.123 Disk 0 MBR scan

09:52:47.124 Disk 0 Windows 7 default MBR code

09:52:47.127 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048

09:52:47.137 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176

09:52:47.144 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939431 MB offset 29566976

09:52:47.157 Disk 0 scanning C:\Windows\system32\drivers

09:52:50.960 Service scanning

09:52:57.217 Modules scanning

09:52:57.221 Scan finished successfully

09:53:34.557 Disk 0 MBR has been saved successfully to "C:\Users\Stephen Office\Downloads\malware scanners\asw logs\MBR.dat"

09:53:34.558 The log file has been saved successfully to "C:\Users\Stephen Office\Downloads\malware scanners\asw logs\aswMBR.txt"

09:54:02.0779 4556 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

09:54:03.0128 4556 ============================================================

09:54:03.0128 4556 Current date / time: 2012/09/08 09:54:03.0128

09:54:03.0128 4556 SystemInfo:

09:54:03.0128 4556

09:54:03.0128 4556 OS Version: 6.1.7601 ServicePack: 1.0

09:54:03.0128 4556 Product type: Workstation

09:54:03.0128 4556 ComputerName: STEPHENOFFICE

09:54:03.0128 4556 UserName: Stephen Office

09:54:03.0128 4556 Windows directory: C:\Windows

09:54:03.0128 4556 System windows directory: C:\Windows

09:54:03.0128 4556 Running under WOW64

09:54:03.0128 4556 Processor architecture: Intel x64

09:54:03.0128 4556 Number of processors: 4

09:54:03.0128 4556 Page size: 0x1000

09:54:03.0128 4556 Boot type: Normal boot

09:54:03.0128 4556 ============================================================

09:54:03.0438 4556 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:54:03.0446 4556 ============================================================

09:54:03.0447 4556 \Device\Harddisk0\DR0:

09:54:03.0447 4556 MBR partitions:

09:54:03.0447 4556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000

09:54:03.0447 4556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x72AD3800

09:54:03.0447 4556 ============================================================

09:54:03.0474 4556 C: <-> \Device\Harddisk0\DR0\Partition2

09:54:03.0474 4556 ============================================================

09:54:03.0474 4556 Initialize success

09:54:03.0474 4556 ============================================================

09:54:15.0105 0248 ============================================================

09:54:15.0105 0248 Scan started

09:54:15.0105 0248 Mode: Manual;

09:54:15.0105 0248 ============================================================

09:54:15.0243 0248 ================ Scan system memory ========================

09:54:15.0243 0248 System memory - ok

09:54:15.0244 0248 ================ Scan services =============================

09:54:15.0346 0248 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

09:54:15.0348 0248 1394ohci - ok

09:54:15.0362 0248 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

09:54:15.0364 0248 ACPI - ok

09:54:15.0366 0248 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

09:54:15.0367 0248 AcpiPmi - ok

09:54:15.0422 0248 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:54:15.0423 0248 AdobeARMservice - ok

09:54:15.0474 0248 [ 86D0D87CB86588818805CF29E0CA14DF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:54:15.0476 0248 AdobeFlashPlayerUpdateSvc - ok

09:54:15.0489 0248 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

09:54:15.0491 0248 adp94xx - ok

09:54:15.0496 0248 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

09:54:15.0497 0248 adpahci - ok

09:54:15.0500 0248 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

09:54:15.0501 0248 adpu320 - ok

09:54:15.0521 0248 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

09:54:15.0522 0248 AeLookupSvc - ok

09:54:15.0528 0248 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

09:54:15.0530 0248 AFD - ok

09:54:15.0561 0248 [ 6953D8D79A275EAD9DA145982981236B ] Agent C:\Windows\agent_x64.exe

09:54:15.0562 0248 Agent - ok

09:54:15.0573 0248 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

09:54:15.0573 0248 agp440 - ok

09:54:15.0583 0248 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

09:54:15.0583 0248 ALG - ok

09:54:15.0585 0248 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

09:54:15.0586 0248 aliide - ok

09:54:15.0588 0248 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

09:54:15.0588 0248 amdide - ok

09:54:15.0591 0248 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

09:54:15.0591 0248 AmdK8 - ok

09:54:15.0594 0248 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

09:54:15.0594 0248 AmdPPM - ok

09:54:15.0596 0248 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

09:54:15.0597 0248 amdsata - ok

09:54:15.0600 0248 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

09:54:15.0601 0248 amdsbs - ok

09:54:15.0609 0248 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

09:54:15.0610 0248 amdxata - ok

09:54:15.0620 0248 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

09:54:15.0621 0248 AppID - ok

09:54:15.0633 0248 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

09:54:15.0633 0248 AppIDSvc - ok

09:54:15.0644 0248 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

09:54:15.0645 0248 Appinfo - ok

09:54:15.0647 0248 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

09:54:15.0648 0248 arc - ok

09:54:15.0650 0248 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

09:54:15.0651 0248 arcsas - ok

09:54:15.0664 0248 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

09:54:15.0664 0248 AsyncMac - ok

09:54:15.0676 0248 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

09:54:15.0676 0248 atapi - ok

09:54:15.0693 0248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

09:54:15.0696 0248 AudioEndpointBuilder - ok

09:54:15.0702 0248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

09:54:15.0706 0248 AudioSrv - ok

09:54:15.0727 0248 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

09:54:15.0728 0248 AxInstSV - ok

09:54:15.0748 0248 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

09:54:15.0750 0248 b06bdrv - ok

09:54:15.0756 0248 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

09:54:15.0757 0248 b57nd60a - ok

09:54:15.0797 0248 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

09:54:15.0799 0248 BBSvc - ok

09:54:15.0817 0248 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

09:54:15.0818 0248 BBUpdate - ok

09:54:15.0828 0248 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

09:54:15.0829 0248 BDESVC - ok

09:54:15.0850 0248 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

09:54:15.0850 0248 Beep - ok

09:54:15.0868 0248 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

09:54:15.0871 0248 BFE - ok

09:54:15.0895 0248 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

09:54:15.0899 0248 BITS - ok

09:54:15.0905 0248 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

09:54:15.0906 0248 blbdrive - ok

09:54:15.0916 0248 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

09:54:15.0916 0248 bowser - ok

09:54:15.0919 0248 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

09:54:15.0919 0248 BrFiltLo - ok

09:54:15.0921 0248 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

09:54:15.0921 0248 BrFiltUp - ok

09:54:15.0942 0248 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

09:54:15.0943 0248 Browser - ok

09:54:15.0952 0248 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys

09:54:15.0954 0248 Brserid - ok

09:54:15.0966 0248 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

09:54:15.0966 0248 BrSerWdm - ok

09:54:15.0968 0248 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

09:54:15.0968 0248 BrUsbMdm - ok

09:54:15.0977 0248 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys

09:54:15.0977 0248 BrUsbSer - ok

09:54:15.0980 0248 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

09:54:15.0980 0248 BTHMODEM - ok

09:54:16.0004 0248 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

09:54:16.0004 0248 bthserv - ok

09:54:16.0007 0248 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

09:54:16.0007 0248 cdfs - ok

09:54:16.0034 0248 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

09:54:16.0035 0248 cdrom - ok

09:54:16.0038 0248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

09:54:16.0038 0248 CertPropSvc - ok

09:54:16.0041 0248 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

09:54:16.0041 0248 circlass - ok

09:54:16.0056 0248 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

09:54:16.0058 0248 CLFS - ok

09:54:16.0106 0248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:54:16.0107 0248 clr_optimization_v2.0.50727_32 - ok

09:54:16.0122 0248 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:54:16.0122 0248 clr_optimization_v2.0.50727_64 - ok

09:54:16.0153 0248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:54:16.0154 0248 clr_optimization_v4.0.30319_32 - ok

09:54:16.0179 0248 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:54:16.0180 0248 clr_optimization_v4.0.30319_64 - ok

09:54:16.0192 0248 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

09:54:16.0192 0248 CmBatt - ok

09:54:16.0194 0248 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

09:54:16.0194 0248 cmdide - ok

09:54:16.0219 0248 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

09:54:16.0221 0248 CNG - ok

09:54:16.0230 0248 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

09:54:16.0230 0248 Compbatt - ok

09:54:16.0242 0248 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

09:54:16.0242 0248 CompositeBus - ok

09:54:16.0245 0248 COMSysApp - ok

09:54:16.0270 0248 [ 927DA6432AF23ECD82FDB6A7E76CC842 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

09:54:16.0272 0248 cphs - ok

09:54:16.0274 0248 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

09:54:16.0275 0248 crcdisk - ok

09:54:16.0299 0248 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

09:54:16.0300 0248 CryptSvc - ok

09:54:16.0425 0248 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

09:54:16.0429 0248 cvhsvc - ok

09:54:16.0451 0248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

09:54:16.0454 0248 DcomLaunch - ok

09:54:16.0470 0248 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

09:54:16.0471 0248 defragsvc - ok

09:54:16.0474 0248 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

09:54:16.0475 0248 DfsC - ok

09:54:16.0494 0248 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

09:54:16.0494 0248 dg_ssudbus - ok

09:54:16.0520 0248 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

09:54:16.0522 0248 Dhcp - ok

09:54:16.0528 0248 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

09:54:16.0529 0248 discache - ok

09:54:16.0534 0248 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

09:54:16.0535 0248 Disk - ok

09:54:16.0547 0248 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

09:54:16.0548 0248 Dnscache - ok

09:54:16.0560 0248 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

09:54:16.0561 0248 dot3svc - ok

09:54:16.0565 0248 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

09:54:16.0566 0248 DPS - ok

09:54:16.0601 0248 [ B123656688D67DF3A08FE5912203F71B ] DragonSvc C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

09:54:16.0603 0248 DragonSvc - ok

09:54:16.0606 0248 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

09:54:16.0606 0248 drmkaud - ok

09:54:16.0621 0248 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

09:54:16.0628 0248 DXGKrnl - ok

09:54:16.0663 0248 [ 5DB7CEB8FB44ABF01614E33BAD2056E0 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys

09:54:16.0665 0248 e1cexpress - ok

09:54:16.0673 0248 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

09:54:16.0674 0248 EapHost - ok

09:54:16.0713 0248 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

09:54:16.0727 0248 ebdrv - ok

09:54:16.0759 0248 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

09:54:16.0760 0248 EFS - ok

09:54:16.0792 0248 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

09:54:16.0796 0248 ehRecvr - ok

09:54:16.0804 0248 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

09:54:16.0806 0248 ehSched - ok

09:54:16.0821 0248 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

09:54:16.0825 0248 elxstor - ok

09:54:16.0827 0248 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

09:54:16.0827 0248 ErrDev - ok

09:54:16.0844 0248 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

09:54:16.0846 0248 EventSystem - ok

09:54:16.0861 0248 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

09:54:16.0863 0248 exfat - ok

09:54:16.0875 0248 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

09:54:16.0876 0248 fastfat - ok

09:54:16.0893 0248 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

09:54:16.0896 0248 Fax - ok

09:54:16.0902 0248 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

09:54:16.0902 0248 fdc - ok

09:54:16.0914 0248 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

09:54:16.0914 0248 fdPHost - ok

09:54:16.0920 0248 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

09:54:16.0921 0248 FDResPub - ok

09:54:16.0925 0248 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

09:54:16.0926 0248 FileInfo - ok

09:54:16.0933 0248 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

09:54:16.0934 0248 Filetrace - ok

09:54:16.0937 0248 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

09:54:16.0937 0248 flpydisk - ok

09:54:16.0942 0248 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

09:54:16.0944 0248 FltMgr - ok

09:54:16.0962 0248 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

09:54:16.0980 0248 FontCache - ok

09:54:17.0024 0248 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:54:17.0025 0248 FontCache3.0.0.0 - ok

09:54:17.0039 0248 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

09:54:17.0040 0248 FsDepends - ok

09:54:17.0050 0248 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

09:54:17.0051 0248 Fs_Rec - ok

09:54:17.0054 0248 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

09:54:17.0057 0248 fvevol - ok

09:54:17.0064 0248 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

09:54:17.0065 0248 gagp30kx - ok

09:54:17.0080 0248 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

09:54:17.0086 0248 gpsvc - ok

09:54:17.0118 0248 [ 32096F187020A54D29C95B3A1467D963 ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

09:54:17.0119 0248 GREGService - ok

09:54:17.0186 0248 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:54:17.0186 0248 gupdate - ok

09:54:17.0190 0248 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:54:17.0191 0248 gupdatem - ok

09:54:17.0197 0248 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

09:54:17.0198 0248 hcw85cir - ok

09:54:17.0220 0248 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

09:54:17.0223 0248 HdAudAddService - ok

09:54:17.0233 0248 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

09:54:17.0235 0248 HDAudBus - ok

09:54:17.0238 0248 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

09:54:17.0238 0248 HidBatt - ok

09:54:17.0241 0248 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

09:54:17.0242 0248 HidBth - ok

09:54:17.0244 0248 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

09:54:17.0245 0248 HidIr - ok

09:54:17.0248 0248 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

09:54:17.0249 0248 hidserv - ok

09:54:17.0259 0248 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

09:54:17.0261 0248 HidUsb - ok

09:54:17.0273 0248 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

09:54:17.0275 0248 hkmsvc - ok

09:54:17.0286 0248 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

09:54:17.0289 0248 HomeGroupListener - ok

09:54:17.0309 0248 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

09:54:17.0311 0248 HomeGroupProvider - ok

09:54:17.0314 0248 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

09:54:17.0315 0248 HpSAMD - ok

09:54:17.0325 0248 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

09:54:17.0330 0248 HTTP - ok

09:54:17.0342 0248 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

09:54:17.0343 0248 hwpolicy - ok

09:54:17.0359 0248 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

09:54:17.0361 0248 i8042prt - ok

09:54:17.0376 0248 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

09:54:17.0379 0248 iaStor - ok

09:54:17.0435 0248 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

09:54:17.0435 0248 IAStorDataMgrSvc - ok

09:54:17.0449 0248 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

09:54:17.0453 0248 iaStorV - ok

09:54:17.0479 0248 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:54:17.0485 0248 idsvc - ok

09:54:17.0624 0248 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

09:54:17.0761 0248 igfx - ok

09:54:17.0765 0248 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

09:54:17.0766 0248 iirsp - ok

09:54:17.0792 0248 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

09:54:17.0796 0248 IKEEXT - ok

09:54:17.0848 0248 [ ABA41EE6F5EEFC034F3BBD025506B37E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

09:54:17.0883 0248 IntcAzAudAddService - ok

09:54:17.0896 0248 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

09:54:17.0898 0248 IntcDAud - ok

09:54:17.0948 0248 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

09:54:17.0950 0248 Intel® Capability Licensing Service Interface - ok

09:54:17.0953 0248 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

09:54:17.0953 0248 intelide - ok

09:54:17.0969 0248 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

09:54:17.0970 0248 intelppm - ok

09:54:17.0975 0248 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

09:54:17.0976 0248 IPBusEnum - ok

09:54:17.0979 0248 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:54:17.0980 0248 IpFilterDriver - ok

09:54:17.0991 0248 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

09:54:17.0994 0248 iphlpsvc - ok

09:54:17.0997 0248 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

09:54:17.0998 0248 IPMIDRV - ok

09:54:18.0000 0248 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

09:54:18.0001 0248 IPNAT - ok

09:54:18.0008 0248 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

09:54:18.0009 0248 IRENUM - ok

09:54:18.0011 0248 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

09:54:18.0011 0248 isapnp - ok

09:54:18.0023 0248 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

09:54:18.0025 0248 iScsiPrt - ok

09:54:18.0039 0248 [ DC0DBA5164F657DE2AE94B9D1FF75DA4 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys

09:54:18.0040 0248 iusb3hcs - ok

09:54:18.0051 0248 [ BA4F3A70F03584E5B907DA815677727D ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys

09:54:18.0054 0248 iusb3hub - ok

09:54:18.0077 0248 [ E6130F70D61867C7EFC13A2F808EDC58 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys

09:54:18.0082 0248 iusb3xhc - ok

09:54:18.0112 0248 [ 468F7516B4030603BA9D1427CCEACDF9 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

09:54:18.0113 0248 jhi_service - ok

09:54:18.0125 0248 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

09:54:18.0127 0248 kbdclass - ok

09:54:18.0131 0248 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

09:54:18.0131 0248 kbdhid - ok

09:54:18.0143 0248 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

09:54:18.0143 0248 KeyIso - ok

09:54:18.0165 0248 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

09:54:18.0166 0248 KSecDD - ok

09:54:18.0177 0248 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

09:54:18.0178 0248 KSecPkg - ok

09:54:18.0181 0248 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

09:54:18.0181 0248 ksthunk - ok

09:54:18.0189 0248 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

09:54:18.0193 0248 KtmRm - ok

09:54:18.0212 0248 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

09:54:18.0213 0248 LanmanServer - ok

09:54:18.0222 0248 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

09:54:18.0223 0248 LanmanWorkstation - ok

09:54:18.0261 0248 [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

09:54:18.0262 0248 Live Updater Service - ok

09:54:18.0265 0248 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

09:54:18.0266 0248 lltdio - ok

09:54:18.0275 0248 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

09:54:18.0278 0248 lltdsvc - ok

09:54:18.0286 0248 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

09:54:18.0287 0248 lmhosts - ok

09:54:18.0294 0248 [ B114B200CCDEBC7EBD8EF5D783819386 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

09:54:18.0295 0248 LMS - ok

09:54:18.0318 0248 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

09:54:18.0319 0248 LSI_FC - ok

09:54:18.0328 0248 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

09:54:18.0329 0248 LSI_SAS - ok

09:54:18.0331 0248 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

09:54:18.0332 0248 LSI_SAS2 - ok

09:54:18.0338 0248 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

09:54:18.0339 0248 LSI_SCSI - ok

09:54:18.0349 0248 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

09:54:18.0350 0248 luafv - ok

09:54:18.0381 0248 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

09:54:18.0382 0248 MBAMProtector - ok

09:54:18.0417 0248 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

09:54:18.0420 0248 MBAMService - ok

09:54:18.0434 0248 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

09:54:18.0436 0248 Mcx2Svc - ok

09:54:18.0447 0248 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

09:54:18.0449 0248 megasas - ok

09:54:18.0459 0248 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

09:54:18.0462 0248 MegaSR - ok

09:54:18.0465 0248 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

09:54:18.0465 0248 MEIx64 - ok

09:54:18.0473 0248 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

09:54:18.0474 0248 MMCSS - ok

09:54:18.0486 0248 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

09:54:18.0487 0248 Modem - ok

09:54:18.0492 0248 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

09:54:18.0492 0248 monitor - ok

09:54:18.0503 0248 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

09:54:18.0504 0248 mouclass - ok

09:54:18.0513 0248 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

09:54:18.0515 0248 mouhid - ok

09:54:18.0523 0248 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

09:54:18.0525 0248 mountmgr - ok

09:54:18.0540 0248 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

09:54:18.0542 0248 MozillaMaintenance - ok

09:54:18.0546 0248 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

09:54:18.0548 0248 mpio - ok

09:54:18.0559 0248 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

09:54:18.0561 0248 mpsdrv - ok

09:54:18.0575 0248 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

09:54:18.0579 0248 MpsSvc - ok

09:54:18.0590 0248 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

09:54:18.0591 0248 MRxDAV - ok

09:54:18.0605 0248 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

09:54:18.0607 0248 mrxsmb - ok

09:54:18.0610 0248 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:54:18.0612 0248 mrxsmb10 - ok

09:54:18.0623 0248 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:54:18.0625 0248 mrxsmb20 - ok

09:54:18.0632 0248 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

09:54:18.0634 0248 msahci - ok

09:54:18.0645 0248 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

09:54:18.0646 0248 msdsm - ok

09:54:18.0654 0248 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

09:54:18.0656 0248 MSDTC - ok

09:54:18.0669 0248 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

09:54:18.0670 0248 Msfs - ok

09:54:18.0676 0248 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

09:54:18.0677 0248 mshidkmdf - ok

09:54:18.0682 0248 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

09:54:18.0683 0248 msisadrv - ok

09:54:18.0690 0248 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

09:54:18.0692 0248 MSiSCSI - ok

09:54:18.0694 0248 msiserver - ok

09:54:18.0696 0248 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

09:54:18.0697 0248 MSKSSRV - ok

09:54:18.0699 0248 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

09:54:18.0699 0248 MSPCLOCK - ok

09:54:18.0701 0248 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

09:54:18.0702 0248 MSPQM - ok

09:54:18.0707 0248 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

09:54:18.0710 0248 MsRPC - ok

09:54:18.0716 0248 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

09:54:18.0717 0248 mssmbios - ok

09:54:18.0726 0248 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

09:54:18.0727 0248 MSTEE - ok

09:54:18.0729 0248 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

09:54:18.0730 0248 MTConfig - ok

09:54:18.0737 0248 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

09:54:18.0738 0248 Mup - ok

09:54:18.0748 0248 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

09:54:18.0752 0248 napagent - ok

09:54:18.0761 0248 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

09:54:18.0763 0248 NativeWifiP - ok

09:54:18.0799 0248 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

09:54:18.0802 0248 NAUpdate - ok

09:54:18.0817 0248 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

09:54:18.0834 0248 NDIS - ok

09:54:18.0845 0248 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

09:54:18.0846 0248 NdisCap - ok

09:54:18.0849 0248 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

09:54:18.0850 0248 NdisTapi - ok

09:54:18.0860 0248 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

09:54:18.0861 0248 Ndisuio - ok

09:54:18.0865 0248 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

09:54:18.0866 0248 NdisWan - ok

09:54:18.0874 0248 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

09:54:18.0876 0248 NDProxy - ok

09:54:18.0884 0248 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

09:54:18.0885 0248 NetBIOS - ok

09:54:18.0889 0248 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

09:54:18.0891 0248 NetBT - ok

09:54:18.0901 0248 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

09:54:18.0902 0248 Netlogon - ok

09:54:18.0915 0248 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

09:54:18.0917 0248 Netman - ok

09:54:18.0932 0248 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

09:54:18.0936 0248 netprofm - ok

09:54:18.0973 0248 [ 5758FD37BF31E759F8610311E4D08ECA ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

09:54:18.0990 0248 netr28x - ok

09:54:19.0007 0248 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:54:19.0008 0248 NetTcpPortSharing - ok

09:54:19.0014 0248 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

09:54:19.0015 0248 nfrd960 - ok

09:54:19.0034 0248 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

09:54:19.0036 0248 NlaSvc - ok

09:54:19.0060 0248 [ C379E073E41053C19B0816326210806A ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE

09:54:19.0062 0248 nlsX86cc - ok

09:54:19.0074 0248 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

09:54:19.0075 0248 Npfs - ok

09:54:19.0077 0248 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

09:54:19.0079 0248 nsi - ok

09:54:19.0090 0248 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

09:54:19.0091 0248 nsiproxy - ok

09:54:19.0114 0248 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

09:54:19.0131 0248 Ntfs - ok

09:54:19.0141 0248 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

09:54:19.0143 0248 Null - ok

09:54:19.0149 0248 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

09:54:19.0150 0248 nvraid - ok

09:54:19.0154 0248 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

09:54:19.0156 0248 nvstor - ok

09:54:19.0158 0248 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

09:54:19.0159 0248 nv_agp - ok

09:54:19.0162 0248 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

09:54:19.0163 0248 ohci1394 - ok

09:54:19.0191 0248 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:54:19.0193 0248 ose - ok

09:54:19.0259 0248 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

09:54:19.0278 0248 osppsvc - ok

09:54:19.0298 0248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

09:54:19.0300 0248 p2pimsvc - ok

09:54:19.0312 0248 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

09:54:19.0316 0248 p2psvc - ok

09:54:19.0319 0248 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

09:54:19.0320 0248 Parport - ok

09:54:19.0330 0248 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

09:54:19.0330 0248 partmgr - ok

09:54:19.0334 0248 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

09:54:19.0336 0248 PcaSvc - ok

09:54:19.0339 0248 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

09:54:19.0341 0248 pci - ok

09:54:19.0350 0248 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

09:54:19.0351 0248 pciide - ok

09:54:19.0362 0248 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

09:54:19.0364 0248 pcmcia - ok

09:54:19.0371 0248 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

09:54:19.0372 0248 pcw - ok

09:54:19.0384 0248 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

09:54:19.0388 0248 PEAUTH - ok

09:54:19.0405 0248 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

09:54:19.0406 0248 PerfHost - ok

09:54:19.0428 0248 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

09:54:19.0446 0248 pla - ok

09:54:19.0463 0248 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

09:54:19.0466 0248 PlugPlay - ok

09:54:19.0478 0248 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

09:54:19.0480 0248 PNRPAutoReg - ok

09:54:19.0485 0248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

09:54:19.0487 0248 PNRPsvc - ok

09:54:19.0495 0248 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

09:54:19.0499 0248 PolicyAgent - ok

09:54:19.0504 0248 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

09:54:19.0505 0248 Power - ok

09:54:19.0526 0248 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

09:54:19.0527 0248 PptpMiniport - ok

09:54:19.0534 0248 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

09:54:19.0536 0248 Processor - ok

09:54:19.0547 0248 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

09:54:19.0550 0248 ProfSvc - ok

09:54:19.0559 0248 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

09:54:19.0560 0248 ProtectedStorage - ok

09:54:19.0572 0248 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

09:54:19.0573 0248 Psched - ok

09:54:19.0596 0248 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

09:54:19.0613 0248 ql2300 - ok

09:54:19.0616 0248 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

09:54:19.0617 0248 ql40xx - ok

09:54:19.0625 0248 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

09:54:19.0628 0248 QWAVE - ok

09:54:19.0633 0248 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

09:54:19.0635 0248 QWAVEdrv - ok

09:54:19.0637 0248 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

09:54:19.0638 0248 RasAcd - ok

09:54:19.0646 0248 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

09:54:19.0648 0248 RasAgileVpn - ok

09:54:19.0655 0248 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

09:54:19.0657 0248 RasAuto - ok

09:54:19.0665 0248 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

09:54:19.0666 0248 Rasl2tp - ok

09:54:19.0671 0248 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

09:54:19.0674 0248 RasMan - ok

09:54:19.0682 0248 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

09:54:19.0684 0248 RasPppoe - ok

09:54:19.0692 0248 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

09:54:19.0693 0248 RasSstp - ok

09:54:19.0703 0248 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

09:54:19.0706 0248 rdbss - ok

09:54:19.0717 0248 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

09:54:19.0718 0248 rdpbus - ok

09:54:19.0727 0248 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

09:54:19.0727 0248 RDPCDD - ok

09:54:19.0739 0248 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

09:54:19.0739 0248 RDPENCDD - ok

09:54:19.0745 0248 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

09:54:19.0746 0248 RDPREFMP - ok

09:54:19.0762 0248 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

09:54:19.0764 0248 RDPWD - ok

09:54:19.0768 0248 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

09:54:19.0770 0248 rdyboost - ok

09:54:19.0783 0248 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

09:54:19.0785 0248 RemoteAccess - ok

09:54:19.0797 0248 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

09:54:19.0799 0248 RemoteRegistry - ok

09:54:19.0814 0248 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys

09:54:19.0815 0248 Revoflt - ok

09:54:19.0818 0248 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

09:54:19.0820 0248 RpcEptMapper - ok

09:54:19.0833 0248 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

09:54:19.0834 0248 RpcLocator - ok

09:54:19.0851 0248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

09:54:19.0854 0248 RpcSs - ok

09:54:19.0865 0248 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

09:54:19.0867 0248 rspndr - ok

09:54:19.0870 0248 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

09:54:19.0871 0248 SamSs - ok

09:54:19.0960 0248 [ 1B1B948C2A70EF92AE1D342A26AA89F1 ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe

09:54:19.0999 0248 SBAMSvc - ok

09:54:20.0018 0248 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys

09:54:20.0020 0248 sbapifs - ok

09:54:20.0073 0248 [ C0ACD574F740C5781031FD533C2494F5 ] SbFw C:\Windows\system32\drivers\SbFw.sys

09:54:20.0075 0248 SbFw - ok

09:54:20.0086 0248 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys

09:54:20.0087 0248 SBFWIMCL - ok

09:54:20.0090 0248 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys

09:54:20.0091 0248 SBFWIMCLMP - ok

09:54:20.0101 0248 [ F2C38F62E9C540F40C2A5F6172D9D07B ] sbhips C:\Windows\system32\drivers\sbhips.sys

09:54:20.0103 0248 sbhips - ok

09:54:20.0114 0248 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

09:54:20.0116 0248 sbp2port - ok

09:54:20.0123 0248 [ A31E5652995581E77B62F02EFEB5D09E ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe

09:54:20.0124 0248 SBPIMSvc - ok

09:54:20.0130 0248 [ AAE41EFBAD69B78513875C2EB3DE7008 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys

09:54:20.0131 0248 SBRE - ok

09:54:20.0134 0248 [ F9AA83A88EABE22B29D8F293C21AAA4D ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys

09:54:20.0134 0248 sbwtis - ok

09:54:20.0141 0248 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

09:54:20.0144 0248 SCardSvr - ok

09:54:20.0154 0248 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

09:54:20.0156 0248 scfilter - ok

09:54:20.0176 0248 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

09:54:20.0193 0248 Schedule - ok

09:54:20.0204 0248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

09:54:20.0205 0248 SCPolicySvc - ok

09:54:20.0218 0248 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

09:54:20.0220 0248 SDRSVC - ok

09:54:20.0236 0248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

09:54:20.0237 0248 secdrv - ok

09:54:20.0243 0248 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

09:54:20.0245 0248 seclogon - ok

09:54:20.0262 0248 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

09:54:20.0264 0248 SENS - ok

09:54:20.0275 0248 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

09:54:20.0277 0248 SensrSvc - ok

09:54:20.0283 0248 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

09:54:20.0284 0248 Serenum - ok

09:54:20.0293 0248 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

09:54:20.0295 0248 Serial - ok

09:54:20.0297 0248 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

09:54:20.0298 0248 sermouse - ok

09:54:20.0309 0248 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

09:54:20.0312 0248 SessionEnv - ok

09:54:20.0314 0248 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

09:54:20.0314 0248 sffdisk - ok

09:54:20.0316 0248 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

09:54:20.0317 0248 sffp_mmc - ok

09:54:20.0327 0248 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

09:54:20.0328 0248 sffp_sd - ok

09:54:20.0330 0248 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

09:54:20.0330 0248 sfloppy - ok

09:54:20.0355 0248 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

09:54:20.0360 0248 Sftfs - ok

09:54:20.0396 0248 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

09:54:20.0399 0248 sftlist - ok

09:54:20.0411 0248 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

09:54:20.0413 0248 Sftplay - ok

09:54:20.0419 0248 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

09:54:20.0420 0248 Sftredir - ok

09:54:20.0423 0248 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

09:54:20.0423 0248 Sftvol - ok

09:54:20.0431 0248 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

09:54:20.0432 0248 sftvsa - ok

09:54:20.0439 0248 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

09:54:20.0442 0248 SharedAccess - ok

09:54:20.0453 0248 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

09:54:20.0455 0248 ShellHWDetection - ok

09:54:20.0469 0248 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

09:54:20.0470 0248 SiSRaid2 - ok

09:54:20.0478 0248 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

09:54:20.0480 0248 SiSRaid4 - ok

09:54:20.0518 0248 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

09:54:20.0519 0248 SkypeUpdate - ok

09:54:20.0529 0248 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

09:54:20.0530 0248 Smb - ok

09:54:20.0555 0248 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

09:54:20.0556 0248 SNMPTRAP - ok

09:54:20.0562 0248 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

09:54:20.0564 0248 spldr - ok

09:54:20.0589 0248 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

09:54:20.0592 0248 Spooler - ok

09:54:20.0634 0248 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

09:54:20.0669 0248 sppsvc - ok

09:54:20.0676 0248 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

09:54:20.0678 0248 sppuinotify - ok

09:54:20.0693 0248 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

09:54:20.0696 0248 srv - ok

09:54:20.0702 0248 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

09:54:20.0705 0248 srv2 - ok

09:54:20.0708 0248 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

09:54:20.0709 0248 srvnet - ok

09:54:20.0721 0248 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

09:54:20.0724 0248 SSDPSRV - ok

09:54:20.0730 0248 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

09:54:20.0733 0248 SstpSvc - ok

09:54:20.0757 0248 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

09:54:20.0759 0248 ssudmdm - ok

09:54:20.0772 0248 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

09:54:20.0773 0248 stexstor - ok

09:54:20.0792 0248 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

09:54:20.0797 0248 stisvc - ok

09:54:20.0806 0248 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

09:54:20.0807 0248 swenum - ok

09:54:20.0821 0248 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

09:54:20.0825 0248 swprv - ok

09:54:20.0851 0248 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

09:54:20.0876 0248 SysMain - ok

09:54:20.0880 0248 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

09:54:20.0882 0248 TabletInputService - ok

09:54:20.0892 0248 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

09:54:20.0895 0248 TapiSrv - ok

09:54:20.0907 0248 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

09:54:20.0908 0248 TBS - ok

09:54:20.0940 0248 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

09:54:20.0966 0248 Tcpip - ok

09:54:20.0990 0248 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

09:54:20.0998 0248 TCPIP6 - ok

09:54:21.0019 0248 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

09:54:21.0021 0248 tcpipreg - ok

09:54:21.0034 0248 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

09:54:21.0035 0248 TDPIPE - ok

09:54:21.0047 0248 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

09:54:21.0049 0248 TDTCP - ok

09:54:21.0051 0248 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

09:54:21.0053 0248 tdx - ok

09:54:21.0061 0248 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

09:54:21.0063 0248 TermDD - ok

09:54:21.0074 0248 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

09:54:21.0079 0248 TermService - ok

09:54:21.0086 0248 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

09:54:21.0088 0248 Themes - ok

09:54:21.0098 0248 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

09:54:21.0099 0248 THREADORDER - ok

09:54:21.0109 0248 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

09:54:21.0111 0248 TrkWks - ok

09:54:21.0145 0248 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

09:54:21.0146 0248 TrustedInstaller - ok

09:54:21.0156 0248 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

09:54:21.0158 0248 tssecsrv - ok

09:54:21.0172 0248 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

09:54:21.0173 0248 TsUsbFlt - ok

09:54:21.0176 0248 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

09:54:21.0177 0248 TsUsbGD - ok

09:54:21.0197 0248 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

09:54:21.0199 0248 tunnel - ok

09:54:21.0207 0248 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

09:54:21.0208 0248 uagp35 - ok

09:54:21.0217 0248 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

09:54:21.0219 0248 udfs - ok

09:54:21.0231 0248 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

09:54:21.0233 0248 UI0Detect - ok

09:54:21.0244 0248 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

09:54:21.0245 0248 uliagpkx - ok

09:54:21.0256 0248 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

09:54:21.0258 0248 umbus - ok

09:54:21.0263 0248 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

09:54:21.0264 0248 UmPass - ok

09:54:21.0288 0248 [ 6617E7CC9DC6729A11BFF54C47CEA7D0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

09:54:21.0289 0248 UNS - ok

09:54:21.0304 0248 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

09:54:21.0308 0248 upnphost - ok

09:54:21.0329 0248 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

09:54:21.0331 0248 usbaudio - ok

09:54:21.0353 0248 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

09:54:21.0354 0248 usbccgp - ok

09:54:21.0364 0248 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

09:54:21.0365 0248 usbcir - ok

09:54:21.0377 0248 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

09:54:21.0379 0248 usbehci - ok

09:54:21.0394 0248 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

09:54:21.0396 0248 usbhub - ok

09:54:21.0402 0248 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

09:54:21.0404 0248 usbohci - ok

09:54:21.0415 0248 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

09:54:21.0417 0248 usbprint - ok

09:54:21.0441 0248 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

09:54:21.0442 0248 usbscan - ok

09:54:21.0449 0248 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:54:21.0449 0248 USBSTOR - ok

09:54:21.0458 0248 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

09:54:21.0459 0248 usbuhci - ok

09:54:21.0468 0248 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

09:54:21.0469 0248 UxSms - ok

09:54:21.0476 0248 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

09:54:21.0477 0248 VaultSvc - ok

09:54:21.0482 0248 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

09:54:21.0483 0248 vdrvroot - ok

09:54:21.0498 0248 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

09:54:21.0502 0248 vds - ok

09:54:21.0509 0248 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

09:54:21.0509 0248 vga - ok

09:54:21.0512 0248 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

09:54:21.0512 0248 VgaSave - ok

09:54:21.0516 0248 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

09:54:21.0518 0248 vhdmp - ok

09:54:21.0520 0248 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

09:54:21.0521 0248 viaide - ok

09:54:21.0533 0248 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

09:54:21.0534 0248 volmgr - ok

09:54:21.0549 0248 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

09:54:21.0552 0248 volmgrx - ok

09:54:21.0556 0248 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

09:54:21.0559 0248 volsnap - ok

09:54:21.0571 0248 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

09:54:21.0573 0248 vsmraid - ok

09:54:21.0598 0248 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

09:54:21.0615 0248 VSS - ok

09:54:21.0620 0248 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

09:54:21.0621 0248 vwifibus - ok

09:54:21.0642 0248 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

09:54:21.0643 0248 vwififlt - ok

09:54:21.0657 0248 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

09:54:21.0658 0248 vwifimp - ok

09:54:21.0671 0248 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

09:54:21.0675 0248 W32Time - ok

09:54:21.0678 0248 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

09:54:21.0679 0248 WacomPen - ok

09:54:21.0685 0248 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

09:54:21.0686 0248 WANARP - ok

09:54:21.0688 0248 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

09:54:21.0689 0248 Wanarpv6 - ok

09:54:21.0743 0248 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

09:54:21.0760 0248 WatAdminSvc - ok

09:54:21.0781 0248 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

09:54:21.0798 0248 wbengine - ok

09:54:21.0812 0248 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

09:54:21.0814 0248 WbioSrvc - ok

09:54:21.0821 0248 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

09:54:21.0825 0248 wcncsvc - ok

09:54:21.0834 0248 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

09:54:21.0836 0248 WcsPlugInService - ok

09:54:21.0838 0248 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

09:54:21.0839 0248 Wd - ok

09:54:21.0849 0248 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

09:54:21.0853 0248 Wdf01000 - ok

09:54:21.0858 0248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

09:54:21.0859 0248 WdiServiceHost - ok

09:54:21.0861 0248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

09:54:21.0863 0248 WdiSystemHost - ok

09:54:21.0876 0248 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

09:54:21.0879 0248 WebClient - ok

09:54:21.0886 0248 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

09:54:21.0889 0248 Wecsvc - ok

09:54:21.0898 0248 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

09:54:21.0901 0248 wercplsupport - ok

09:54:21.0906 0248 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

09:54:21.0908 0248 WerSvc - ok

09:54:21.0918 0248 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

09:54:21.0920 0248 WfpLwf - ok

09:54:21.0927 0248 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

09:54:21.0928 0248 WIMMount - ok

09:54:21.0938 0248 WinDefend - ok

09:54:21.0940 0248 WinHttpAutoProxySvc - ok

09:54:21.0972 0248 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

09:54:21.0974 0248 Winmgmt - ok

09:54:22.0000 0248 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

09:54:22.0025 0248 WinRM - ok

09:54:22.0063 0248 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys

09:54:22.0064 0248 WinUSB - ok

09:54:22.0077 0248 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

09:54:22.0081 0248 Wlansvc - ok

09:54:22.0112 0248 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

09:54:22.0113 0248 wlcrasvc - ok

09:54:22.0153 0248 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:54:22.0162 0248 wlidsvc - ok

09:54:22.0177 0248 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

09:54:22.0178 0248 WmiAcpi - ok

09:54:22.0189 0248 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

09:54:22.0191 0248 wmiApSrv - ok

09:54:22.0202 0248 WMPNetworkSvc - ok

09:54:22.0212 0248 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

09:54:22.0214 0248 WPCSvc - ok

09:54:22.0221 0248 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

09:54:22.0224 0248 WPDBusEnum - ok

09:54:22.0228 0248 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

09:54:22.0229 0248 ws2ifsl - ok

09:54:22.0240 0248 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

09:54:22.0242 0248 wscsvc - ok

09:54:22.0243 0248 WSearch - ok

09:54:22.0291 0248 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

09:54:22.0316 0248 wuauserv - ok

09:54:22.0322 0248 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

09:54:22.0323 0248 WudfPf - ok

09:54:22.0330 0248 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

09:54:22.0331 0248 WUDFRd - ok

09:54:22.0340 0248 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

09:54:22.0343 0248 wudfsvc - ok

09:54:22.0351 0248 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

09:54:22.0354 0248 WwanSvc - ok

09:54:22.0361 0248 ================ Scan global ===============================

09:54:22.0372 0248 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

09:54:22.0386 0248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

09:54:22.0391 0248 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

09:54:22.0397 0248 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

09:54:22.0424 0248 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

09:54:22.0426 0248 [Global] - ok

09:54:22.0426 0248 ================ Scan MBR ==================================

09:54:22.0433 0248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

09:54:22.0553 0248 \Device\Harddisk0\DR0 - ok

09:54:22.0553 0248 ================ Scan VBR ==================================

09:54:22.0555 0248 [ D2FE34C7B3FB24C5DECB5B5FE33F131F ] \Device\Harddisk0\DR0\Partition1

09:54:22.0556 0248 \Device\Harddisk0\DR0\Partition1 - ok

09:54:22.0572 0248 [ 838308FFABEC079BB34D6E1879653794 ] \Device\Harddisk0\DR0\Partition2

09:54:22.0574 0248 \Device\Harddisk0\DR0\Partition2 - ok

09:54:22.0574 0248 ============================================================

09:54:22.0574 0248 Scan finished

09:54:22.0574 0248 ============================================================

09:54:22.0579 2216 Detected object count: 0

09:54:22.0579 2216 Actual detected object count: 0

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Stephen Office [Admin rights]

Mode : Scan -- Date : 09/08/2012 09:58:15

¤¤¤ Bad processes : 1 ¤¤¤

[sVCHOST] svchost.exe -- C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> FOUND

[RUN][HJNAME] HKCU\[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> FOUND

[RUN][HJNAME] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe") -> FOUND

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000DM003-9YN162 +++++

--- User ---

[MBR] 4af6bf70c69f8ceb732bdd1551bdb956

[bSP] d8561dcf563882ab125a0ba050e7d21f : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 939431 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Now, select only the following lines (if present) {un-select any others }

    [RUN][HJNAME] HKCU\[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe")
    [RUN][HJNAME] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe")
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1)

  • Then press the Delete button. :excl:
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Next Run a Batch Script

  1. Press the Windows-key on keyboard.
  2. In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    sc stop Windows Updater
    del /f /q C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe
    del /f /q C:\Users\Stephen Office\AppData\Local\Temp\*.*
    sc delete Windows Updater
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  10. Press Yes if prompted by User Account Control.

This batch will run very quickly in a command-prompt-window & delete itself. There is no log.

Step 3

Temporarily turn OFF your GFI Vipre antivirus so that it does not interfere.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan. :excl:

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy and Paste the MBAM scan log.

Re-enable your GFI Vipre antivirus.

Link to post
Share on other sites

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Stephen Office [Admin rights]

Mode : Remove -- Date : 09/08/2012 16:15:00

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> NOT SELECTED

[RUN][sUSP PATH] HKCU\[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> NOT SELECTED

[RUN][HJNAME] HKCU\[...]\Run : Windows Updater ("C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe") -> DELETED

[RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Snapseed ("C:\Users\Stephen Office\AppData\Roaming\Snapseed\Snapseed.exe") -> DELETED

[RUN][sUSP PATH] HKUS\S-1-5-21-3708766167-61689912-231149725-1000[...]\Run : Steam ("C:\Users\Stephen Office\AppData\Roaming\Steam\steam.exe") -> DELETED

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> NOT SELECTED

[sTARTUP][sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> NOT SELECTED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000DM003-9YN162 +++++

--- User ---

[MBR] 4af6bf70c69f8ceb732bdd1551bdb956

[bSP] d8561dcf563882ab125a0ba050e7d21f : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 939431 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.08.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Stephen Office :: STEPHENOFFICE [administrator]

Protection: Enabled

9/8/2012 4:29:32 PM

mbam-log-2012-09-08 (16-29-32).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 313510

Time elapsed: 17 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Stephen Office\AppData\Roaming\audiohd.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

C:\Users\Stephen Office\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Backdoor trojan warning:

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Let me know what you decide.

If you wish to continue to hunt and remove malware, do the following.

If your system does not have a CD or DVD writer, let me know.

And let me know if you have the Windows 7 operating system DVD. :excl:

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

You need a new/unused CD-R or DVD-R of at least 175 MB capacity.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:
    recdisc.exe
  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-

WTSRD1.gif

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-

WTSRD2.gif

  • Now click on Close >> OK.
  • You now have a Windows 7 System Repair Disc. Remove the disc and mark a label on it with felt-tip marker.

Let me know when the CD is done.

Link to post
Share on other sites

Maurice, thank you for the advice.... I have no choice but format my hard drive. One question for you, this is a new computer (purchased in july) & it came with MS Word & MS Excel starter programs with advert's and limited functionality. Do you know if this back I'm creating will back this information up?

Thank you again for all your help, I look forward to your response.

Link to post
Share on other sites

No, the creation of repair disc does not do any backups in its creation.

If you are planning to do a factory restore, you need to contact your OEM manufacturer and follow their procedure.

Please do that.

If this system was purchased in July, it should still be under manufacturer warranty. i.e., you should get free support.

Meantime, if you have files or documents you did not backup before, do so now.

Back them up to offline media, like external USB drive or CD or DVD.

Good luck.

Link to post
Share on other sites

OK. IF the setup from Gateway came with a trial version of antivirus program please speak up and tell me which.

Trial versions are for a limited time and will expire.

IF it did not come with an antivirus program, also please speak up right away.

Every system must have an antivirus program installed, active, and up-to-date.

Link to post
Share on other sites

So you purchased Viper and it is current with updates ?

IF I am not mistaken, the factory restore procedure will have put back Norton Internet Security.

You need to get, save, and then run the Norton/Symantec removal tool

from

https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?version=1&product=home&lg=english&ct=united_states&docid=kb20080710133834EN_EndUserProfile_en_us&pvid=f-home

and when finished, logoff and Restart the system.

Edited by Maurice Naggar
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.