Jump to content

The First of Two


Recommended Posts

Good morning guys,

I have been following the forums for a while now but this is my first post.

I'm dealing with a 0Access Trojan / Rootkit paired with an MBR Rootkit on a second computer. The laptop I am on now was connected to the same switch as the infected computer for a while. Ran a scan just to be sure with malwarebytes and rogue killer just to see if I picked anything up and found some questionable results in rogue killer:

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\RunOnce : 000_TmTdiUninstall (rundll32 C:\Windows\TmNSCIns.dll,DoUninstallTmTdi C:\Windows\TmTdi.inf) [7] -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Now, Malwarebytes and TDSSKiller did not find anything. The only thing I was concerned with was the "newstartpanel" entry as 0Access likes that set of keys. I havent done any virus removal for YEARS so things seem to have changed a little on me. I'll post a new topic for the second issue since it's long winded.

Logs below. (malwarebytes log was clean so I didnt save it, I can re-scan and post if needed :) )

Thanks for the help in advance!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464

Run by Owner at 7:07:49 on 2013-02-14

Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8067.5914 [GMT -7:00]

.

AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\vcsFPService.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Conexant\SA3\CxUtilSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\SysWOW64\irstrtsv.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Conexant\SA3\SmartAudio3.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\Elantech\ETDGesture.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\splwow64.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

TCP: NameServer = 192.168.1.1 64.59.184.13 64.59.190.242

TCP: Interfaces\{87B7AF23-5E6C-4A3A-876B-75CB60224ADF} : DHCPNameServer = 192.168.88.2

TCP: Interfaces\{9EF8DFDD-AE3A-42A1-B48C-B881A47C53D9} : DHCPNameServer = 192.168.1.1 64.59.184.13 64.59.190.242

TCP: Interfaces\{9EF8DFDD-AE3A-42A1-B48C-B881A47C53D9}\35357534 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{9EF8DFDD-AE3A-42A1-B48C-B881A47C53D9}\452796E657372556471696C6 : DHCPNameServer = 192.168.90.1 4.2.2.1

TCP: Interfaces\{F76896D8-E82D-45CF-A982-FA5795BF8E34} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages = DPPassFilter scecli

x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0 /dne /s

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-RunOnce: [000_TmTdiUninstall] rundll32 C:\Windows\TmNSCIns.dll,DoUninstallTmTdi C:\Windows\TmTdi.inf

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-9-11 31872]

R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-2-8 15224]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-11 19264]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-9-11 22128]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]

R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-9-11 109184]

R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-7-30 8515544]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-11 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]

R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-9-11 192856]

R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-1-11 50208]

R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-7-17 344376]

R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2012-7-17 42808]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2011-8-18 3175728]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]

R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]

R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-2-8 318840]

R3 ETD;Dell Touchpad;C:\Windows\System32\drivers\ETD.sys [2012-9-11 201008]

R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-11 331264]

R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-9-11 14745600]

R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2012-9-11 26504]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-11 357184]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-11 789824]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-9-11 313448]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-11 646248]

R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2012-9-11 67184]

R3 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-10-30 65872]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-8-8 918064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-11 363800]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]

S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys [2012-7-30 17408]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]

S3 LAN9500;LAN9500 USB 2.0 to Ethernet 10/100 Adapter Service;C:\Windows\System32\drivers\lan9500-x64-n620f.sys [2012-11-2 76288]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-3-29 273168]

S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-20 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-20 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-20 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-5-15 1014096]

S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-5-15 1304912]

S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-5-15 1104208]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

S4 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]

.

=============== Created Last 30 ================

.

2013-02-14 13:52:36 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A8E5F38-BF25-48BE-AD52-1D073DAAA884}\offreg.dll

2013-02-14 01:02:51 -------- d-----w- C:\ProgramData\Samsung

2013-02-14 01:02:51 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller

2013-02-14 01:02:51 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdate

2013-02-14 01:02:48 37376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\sst6cpc.dll

2013-02-13 18:04:12 -------- d-----w- C:\Program Files\CCleaner

2013-02-13 15:35:55 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 15:35:55 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 15:33:06 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A8E5F38-BF25-48BE-AD52-1D073DAAA884}\mpengine.dll

2013-02-12 20:24:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes

2013-02-12 20:21:12 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-12 20:21:11 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-12 20:21:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-12 20:21:10 -------- d-----w- C:\Users\Owner\AppData\Local\Programs

2013-02-12 18:41:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\TeamViewer

2013-02-12 18:39:33 -------- d-----w- C:\ProgramData\AMMYY

2013-02-12 17:35:43 -------- d-----w- C:\Users\Owner\AppData\Local\ntr

2013-02-09 23:36:49 -------- d-----w- C:\Users\Owner\AppData\Local\My Games

2013-02-09 23:35:58 74576 ----a-w- C:\Windows\System32\XAPOFX1_2.dll

2013-02-09 23:35:58 70992 ----a-w- C:\Windows\SysWow64\XAPOFX1_2.dll

2013-02-09 23:35:58 518480 ----a-w- C:\Windows\System32\XAudio2_3.dll

2013-02-09 23:35:58 514384 ----a-w- C:\Windows\SysWow64\XAudio2_3.dll

2013-02-09 23:35:57 25936 ----a-w- C:\Windows\System32\X3DAudio1_5.dll

2013-02-09 23:35:57 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll

2013-02-09 23:35:57 23376 ----a-w- C:\Windows\SysWow64\X3DAudio1_5.dll

2013-02-09 23:35:57 175440 ----a-w- C:\Windows\System32\xactengine3_3.dll

2013-02-09 23:35:56 72200 ----a-w- C:\Windows\System32\XAPOFX1_1.dll

2013-02-09 23:35:56 513544 ----a-w- C:\Windows\System32\XAudio2_2.dll

2013-02-09 23:35:56 238088 ----a-w- C:\Windows\SysWow64\xactengine3_2.dll

2013-02-09 23:35:56 177672 ----a-w- C:\Windows\System32\xactengine3_2.dll

2013-02-08 19:36:22 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll

2013-02-08 19:36:22 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll

2013-02-08 19:36:22 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll

2013-02-08 19:36:22 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

2013-02-08 19:36:21 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll

2013-02-08 19:36:21 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2013-02-08 19:36:20 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll

2013-02-08 19:36:10 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2013-02-08 19:32:17 -------- d-----w- C:\ProgramData\Steam

2013-02-08 19:32:17 -------- d-----w- C:\ProgramData\PopCap Games

2013-02-08 18:51:23 -------- d-----w- C:\Users\Owner\AppData\Local\Adobe_Systems_Incorporate

2013-02-08 18:05:17 15224 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys

2013-02-08 18:05:12 318840 ----a-w- C:\Windows\System32\drivers\dlkmd.sys

2013-02-08 18:04:36 0 ----a-w- C:\Windows\SysWow64\dlumdfb9.dll

2013-02-08 18:04:36 0 ----a-w- C:\Windows\SysWow64\dlumdfb11.dll

2013-02-08 18:04:36 0 ----a-w- C:\Windows\SysWow64\dlumdfb10.dll

2013-02-08 18:04:36 0 ----a-w- C:\Windows\SysWow64\dlumd9.dll

2013-02-08 18:04:36 0 ----a-w- C:\Windows\SysWow64\dlumd11.dll

2013-02-08 18:04:36 0 ----a-w- C:\Windows\SysWow64\dlumd10.dll

2013-02-08 18:04:36 0 ----a-w- C:\Windows\System32\dlumd9.dll

2013-02-08 18:04:36 0 ----a-w- C:\Windows\System32\dlumd11.dll

2013-02-08 18:04:36 0 ----a-w- C:\Windows\System32\dlumd10.dll

2013-02-08 18:04:24 -------- d-----w- C:\Program Files\DisplayLink Core Software

2013-02-08 16:25:57 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2013-02-08 05:44:32 -------- d-----w- C:\Users\Owner\AppData\Local\Diagnostics

2013-02-08 01:43:34 -------- d-----w- C:\Users\Owner\AppData\Roaming\LolClient

2013-02-08 01:12:18 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll

2013-02-08 01:12:18 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll

2013-02-08 01:12:18 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2013-02-08 01:12:18 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2013-02-08 01:12:18 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2013-02-08 00:20:12 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2013-02-08 00:20:09 -------- d-----w- C:\Games

2013-02-08 00:18:17 -------- d-----w- C:\Users\Owner\AppData\Local\PMB Files

2013-02-08 00:18:16 -------- d-----w- C:\ProgramData\PMB Files

2013-02-08 00:18:09 -------- d-----w- C:\Program Files (x86)\Pando Networks

2013-02-08 00:17:42 -------- d-----w- C:\Users\Owner\.swt

2013-02-07 23:08:23 -------- d-----w- C:\Windows\System32\log

2013-02-07 23:08:07 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-02-07 23:07:44 525792 ----a-w- C:\Windows\DIFxAPI.dll

2013-02-07 23:07:44 232272 ----a-w- C:\Windows\TmNSCIns.dll

2013-02-07 22:58:50 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-02-07 22:57:20 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys

2013-02-07 22:57:20 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys

2013-02-07 22:57:20 -------- d-----w- C:\Program Files (x86)\MagicDisc

2013-02-07 22:25:18 -------- d-----w- C:\Users\Owner\AppData\Roaming\FLEXnet

.

==================== Find3M ====================

.

2013-02-12 20:21:05 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-12 20:21:05 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-17 08:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-12-06 19:11:40 11518976 ----a-w- C:\Windows\System32\drivers\Netwsw00.sys

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

.

============= FINISH: 7:08:20.24 ===============

attach.txt

RKreport1_S_02132013_02d1100.txt

RKreport2_S_02132013_02d1111.txt

Link to post
Share on other sites

Hello Welta.

Re-confirm for me that this is a "different" machine from your other thread.

Going forward, do NOT attach any log I ask for. I need for you to Copy all contents and Paste directly into main-body of reply.

The following is only a start.

IF I find a hint of Zero access on this pc, we will need to give you some serious notice.

Meantime, do NOT do any websurfing, nor online banking, shopping, or any sort of free-wheeling web surfing.

Treat this machine as in a serious quarantine type isolation.

Do NOT share any USB-flash-thumb drives from any stranger nor that used on your other infected-machine.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Delete any prior copy of aswmbr.exe if you had it from before.

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

aswmbr-1_zps5bcff15d.gif

On the following screen:

aswmbr-2_zpse79f2c16.gif

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in a new reply.

Do NOT click any Fix button.

EXIT the tool.

Step 4

Delete any prior copy of TDSSKILLER.exe if you had it before.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

delete roguekiller.exe if you had it from before.

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into a new reply.
  • Re-enable your security software.

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of aswMBR log;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log
  • the contents of JRT.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Hello Maurice,

Yes this is a different machine from the original post - I do a large majority of my work from this laptop.

Here are the results of aswMBR: (Fix MBR was available, Fix was inactive.)

==============================================

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-14 11:49:13

-----------------------------

11:49:13.755 OS Version: Windows x64 6.1.7601 Service Pack 1

11:49:13.755 Number of processors: 4 586 0x3A09

11:49:13.755 ComputerName: TRINUS-LAPTOP UserName: Owner

11:49:26.436 Initialize success

11:49:33.807 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:49:33.807 Disk 0 Vendor: Intel___ 1.0. Size: 476937MB BusType: 8

11:49:33.807 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

11:49:33.807 Disk 1 Vendor: Intel___ 1.0. Size: 8192MB BusType: 8

11:49:33.807 Disk 0 MBR read successfully

11:49:33.807 Disk 0 MBR scan

11:49:33.807 Disk 0 Windows VISTA default MBR code

11:49:33.807 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63

11:49:33.807 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15514 MB offset 81920

11:49:33.822 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461382 MB offset 31854592

11:49:33.822 Disk 0 scanning C:\Windows\system32\drivers

11:49:44.130 Service scanning

11:49:51.010 Service tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys **LOCKED** 5

11:49:58.483 Service tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys **LOCKED** 5

11:50:03.131 Service tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys **LOCKED** 5

11:50:04.504 Modules scanning

11:50:04.504 Scan finished successfully

11:50:39.045 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"

11:50:39.045 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-14 11:51:55

-----------------------------

11:51:55.323 OS Version: Windows x64 6.1.7601 Service Pack 1

11:51:55.323 Number of processors: 4 586 0x3A09

11:51:55.323 ComputerName: TRINUS-LAPTOP UserName: Owner

11:51:56.259 Initialize success

11:51:58.419 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:51:58.419 Disk 0 Vendor: Intel___ 1.0. Size: 476937MB BusType: 8

11:51:58.419 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

11:51:58.419 Disk 1 Vendor: Intel___ 1.0. Size: 8192MB BusType: 8

11:51:58.419 Disk 0 MBR read successfully

11:51:58.419 Disk 0 MBR scan

11:51:58.419 Disk 0 Windows VISTA default MBR code

11:51:58.435 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63

11:51:58.435 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15514 MB offset 81920

11:51:58.435 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461382 MB offset 31854592

11:51:58.435 Disk 0 scanning C:\Windows\system32\drivers

11:52:06.612 Service scanning

11:52:13.111 Service tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys **LOCKED** 5

11:52:20.042 Service tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys **LOCKED** 5

11:52:25.131 Service tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys **LOCKED** 5

11:52:26.161 Modules scanning

11:52:26.161 Disk 0 trace - called modules:

11:52:26.161 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll

11:52:26.161 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800957c790]

11:52:26.177 3 CLASSPNP.SYS[fffff88001c6d43f] -> nt!IofCallDriver -> [0xfffffa8008279cb0]

11:52:26.177 5 stdcfltn.sys[fffff880019bbd12] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800957b050]

11:52:26.177 Scan finished successfully

11:52:37.897 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"

11:52:37.897 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

=================================================================================

Running TDSSKiller now

Link to post
Share on other sites

TDSSKiller found nothing

RogueKiller log:

======================================================

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 02/14/2013 12:01:51

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\RunOnce : 000_TmTdiUninstall (rundll32 C:\Windows\TmNSCIns.dll,DoUninstallTmTdi C:\Windows\TmTdi.inf) [7] -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : Z1 (cmd /c "C:\Users\Owner\Desktop\mbar\mbar.exe" /cleanup /s) [x] -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: DWW-BXE11ARDUX2 +++++

--- User ---

[MBR] 6f0be82af8a3148115d5141680610a14

[bSP] 8f74f5824a01ad188ab230f82960f3cb : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15514 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31854592 | Size: 461382 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: FFS +++++

--- User ---

[MBR] 216e978e67e55a5f5f8ca7b2810e44ef

[bSP] 3d6bf6b07cd4b3412ffea76cc5d71970 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 2048 | Size: 8190 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_02142013_02d1201.txt >>

RKreport[1]_S_02142013_02d1201.txt

===================================================================

Link to post
Share on other sites

Results of JRT:

=====================================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.3 (02.12.2013:1)

OS: Windows 7 Professional x64

Ran by Owner on 14/02/2013 at 12:04:19.99

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 14/02/2013 at 12:10:54.74

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

====================================================================

Link to post
Share on other sites

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [RUN][sUSP PATH] HKLM\[...]\RunOnce : 000_TmTdiUninstall (rundll32 C:\Windows\TmNSCIns.dll,DoUninstallTmTdi C:\Windows\TmTdi.inf) [7] -> FOUND
    [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : Z1 (cmd /c "C:\Users\Owner\Desktop\mbar\mbar.exe" /cleanup /s) [x] -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into a new reply.

Step 2

I do need for you to post that TDSSKILLER log

Step 3

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

You got it,

Below is the TDSSKiller report while I work on the rest:

============================================================

11:54:56.0764 7824 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

11:54:57.0201 7824 ============================================================

11:54:57.0201 7824 Current date / time: 2013/02/14 11:54:57.0201

11:54:57.0201 7824 SystemInfo:

11:54:57.0201 7824

11:54:57.0201 7824 OS Version: 6.1.7601 ServicePack: 1.0

11:54:57.0201 7824 Product type: Workstation

11:54:57.0201 7824 ComputerName: TRINUS-LAPTOP

11:54:57.0201 7824 UserName: Owner

11:54:57.0201 7824 Windows directory: C:\Windows

11:54:57.0201 7824 System windows directory: C:\Windows

11:54:57.0201 7824 Running under WOW64

11:54:57.0201 7824 Processor architecture: Intel x64

11:54:57.0201 7824 Number of processors: 4

11:54:57.0201 7824 Page size: 0x1000

11:54:57.0201 7824 Boot type: Normal boot

11:54:57.0201 7824 ============================================================

11:54:57.0576 7824 Drive \Device\Harddisk0\DR0 - Size: 0x74709D0E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:54:57.0576 7824 Drive \Device\Harddisk1\DR1 - Size: 0x200000000 (8.00 Gb), SectorSize: 0x200, Cylinders: 0x414, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:54:57.0576 7824 ============================================================

11:54:57.0576 7824 \Device\Harddisk0\DR0:

11:54:57.0576 7824 MBR partitions:

11:54:57.0576 7824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1E4D000

11:54:57.0576 7824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E61000, BlocksNum 0x38523000

11:54:57.0576 7824 \Device\Harddisk1\DR1:

11:54:57.0576 7824 MBR partitions:

11:54:57.0576 7824 ============================================================

11:54:57.0576 7824 C: <-> \Device\Harddisk0\DR0\Partition2

11:54:57.0576 7824 ============================================================

11:54:57.0576 7824 Initialize success

11:54:57.0576 7824 ============================================================

11:55:12.0910 7036 ============================================================

11:55:12.0910 7036 Scan started

11:55:12.0910 7036 Mode: Manual;

11:55:12.0910 7036 ============================================================

11:55:13.0082 7036 ================ Scan system memory ========================

11:55:13.0082 7036 System memory - ok

11:55:13.0082 7036 ================ Scan services =============================

11:55:13.0488 7036 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

11:55:13.0488 7036 1394ohci - ok

11:55:13.0488 7036 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

11:55:13.0503 7036 ACPI - ok

11:55:13.0503 7036 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

11:55:13.0503 7036 AcpiPmi - ok

11:55:13.0519 7036 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

11:55:13.0519 7036 AdobeARMservice - ok

11:55:13.0566 7036 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

11:55:13.0581 7036 AdobeFlashPlayerUpdateSvc - ok

11:55:13.0581 7036 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

11:55:13.0581 7036 adp94xx - ok

11:55:13.0597 7036 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

11:55:13.0597 7036 adpahci - ok

11:55:13.0597 7036 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

11:55:13.0597 7036 adpu320 - ok

11:55:13.0597 7036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

11:55:13.0612 7036 AeLookupSvc - ok

11:55:13.0612 7036 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

11:55:13.0612 7036 AFD - ok

11:55:13.0612 7036 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

11:55:13.0628 7036 agp440 - ok

11:55:13.0628 7036 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

11:55:13.0628 7036 ALG - ok

11:55:13.0644 7036 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

11:55:13.0644 7036 aliide - ok

11:55:13.0644 7036 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

11:55:13.0659 7036 AMD External Events Utility - ok

11:55:13.0659 7036 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

11:55:13.0659 7036 amdide - ok

11:55:13.0659 7036 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

11:55:13.0659 7036 AmdK8 - ok

11:55:13.0784 7036 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

11:55:13.0815 7036 amdkmdag - ok

11:55:13.0831 7036 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

11:55:13.0831 7036 amdkmdap - ok

11:55:13.0846 7036 [ 554FB0F28C411FB1EAFD4EA46A8CAAA4 ] amdkmpfd C:\Windows\system32\DRIVERS\amdkmpfd.sys

11:55:13.0846 7036 amdkmpfd - ok

11:55:13.0846 7036 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

11:55:13.0846 7036 AmdPPM - ok

11:55:13.0846 7036 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

11:55:13.0846 7036 amdsata - ok

11:55:13.0846 7036 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

11:55:13.0846 7036 amdsbs - ok

11:55:13.0862 7036 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

11:55:13.0862 7036 amdxata - ok

11:55:13.0862 7036 [ 157B1C973637919DCD0D0464167C86BA ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys

11:55:13.0862 7036 AMPPAL - ok

11:55:13.0862 7036 [ 157B1C973637919DCD0D0464167C86BA ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys

11:55:13.0862 7036 AMPPALP - ok

11:55:13.0878 7036 [ FB70F8C1283C8CC6BFAA6F9971107E68 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

11:55:13.0893 7036 AMPPALR3 - ok

11:55:13.0893 7036 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

11:55:13.0893 7036 AppID - ok

11:55:13.0893 7036 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

11:55:13.0909 7036 AppIDSvc - ok

11:55:13.0909 7036 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

11:55:13.0909 7036 Appinfo - ok

11:55:13.0909 7036 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

11:55:13.0924 7036 AppMgmt - ok

11:55:13.0924 7036 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

11:55:13.0924 7036 arc - ok

11:55:13.0940 7036 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

11:55:13.0940 7036 arcsas - ok

11:55:13.0940 7036 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

11:55:13.0956 7036 aspnet_state - ok

11:55:13.0956 7036 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

11:55:13.0956 7036 AsyncMac - ok

11:55:13.0956 7036 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

11:55:13.0956 7036 atapi - ok

11:55:13.0971 7036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

11:55:13.0987 7036 AudioEndpointBuilder - ok

11:55:14.0002 7036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

11:55:14.0002 7036 AudioSrv - ok

11:55:14.0002 7036 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

11:55:14.0018 7036 AxInstSV - ok

11:55:14.0034 7036 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

11:55:14.0034 7036 b06bdrv - ok

11:55:14.0034 7036 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

11:55:14.0034 7036 b57nd60a - ok

11:55:14.0049 7036 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

11:55:14.0049 7036 BDESVC - ok

11:55:14.0049 7036 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

11:55:14.0049 7036 Beep - ok

11:55:14.0065 7036 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

11:55:14.0080 7036 BFE - ok

11:55:14.0096 7036 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

11:55:14.0112 7036 BITS - ok

11:55:14.0112 7036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

11:55:14.0112 7036 blbdrive - ok

11:55:14.0127 7036 [ BC7E8D3CC0B41B027495E7ECF83D6C87 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

11:55:14.0190 7036 Bluetooth Device Monitor - ok

11:55:14.0221 7036 [ EA1412DE64832ED9D920E88A9464196E ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

11:55:14.0314 7036 Bluetooth Media Service - ok

11:55:14.0330 7036 [ 0D14E1675A8C34229E6162558487D65B ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

11:55:14.0424 7036 Bluetooth OBEX Service - ok

11:55:14.0424 7036 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

11:55:14.0424 7036 bowser - ok

11:55:14.0424 7036 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

11:55:14.0424 7036 BrFiltLo - ok

11:55:14.0424 7036 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

11:55:14.0424 7036 BrFiltUp - ok

11:55:14.0439 7036 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

11:55:14.0439 7036 Browser - ok

11:55:14.0455 7036 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

11:55:14.0455 7036 Brserid - ok

11:55:14.0455 7036 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

11:55:14.0455 7036 BrSerWdm - ok

11:55:14.0455 7036 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

11:55:14.0455 7036 BrUsbMdm - ok

11:55:14.0455 7036 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

11:55:14.0455 7036 BrUsbSer - ok

11:55:14.0470 7036 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

11:55:14.0470 7036 BthEnum - ok

11:55:14.0470 7036 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

11:55:14.0470 7036 BTHMODEM - ok

11:55:14.0470 7036 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

11:55:14.0470 7036 BthPan - ok

11:55:14.0486 7036 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

11:55:14.0486 7036 BTHPORT - ok

11:55:14.0486 7036 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

11:55:14.0502 7036 bthserv - ok

11:55:14.0502 7036 [ FA2D081709A764F6BEE16B7FFE03E36C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

11:55:14.0502 7036 BTHSSecurityMgr - ok

11:55:14.0517 7036 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

11:55:14.0517 7036 BTHUSB - ok

11:55:14.0517 7036 [ 3676BEAA7D842047D30E95D59B241F22 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys

11:55:14.0517 7036 btmaux - ok

11:55:14.0533 7036 [ FA0E7B5AFB8FD335234916764A2D6CF9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys

11:55:14.0533 7036 btmhsf - ok

11:55:14.0533 7036 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

11:55:14.0533 7036 cdfs - ok

11:55:14.0548 7036 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

11:55:14.0548 7036 cdrom - ok

11:55:14.0548 7036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

11:55:14.0564 7036 CertPropSvc - ok

11:55:14.0564 7036 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

11:55:14.0564 7036 circlass - ok

11:55:14.0564 7036 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

11:55:14.0564 7036 CLFS - ok

11:55:14.0580 7036 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:55:14.0580 7036 clr_optimization_v2.0.50727_32 - ok

11:55:14.0595 7036 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:55:14.0595 7036 clr_optimization_v2.0.50727_64 - ok

11:55:14.0611 7036 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:55:14.0626 7036 clr_optimization_v4.0.30319_32 - ok

11:55:14.0626 7036 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:55:14.0642 7036 clr_optimization_v4.0.30319_64 - ok

11:55:14.0642 7036 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

11:55:14.0642 7036 CmBatt - ok

11:55:14.0642 7036 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

11:55:14.0642 7036 cmdide - ok

11:55:14.0658 7036 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

11:55:14.0658 7036 CNG - ok

11:55:14.0673 7036 [ 97238AC8006C14EAF80E374D3B81C2B3 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys

11:55:14.0689 7036 CnxtHdAudService - ok

11:55:14.0689 7036 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

11:55:14.0689 7036 Compbatt - ok

11:55:14.0689 7036 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

11:55:14.0689 7036 CompositeBus - ok

11:55:14.0689 7036 COMSysApp - ok

11:55:14.0736 7036 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

11:55:14.0751 7036 cphs - ok

11:55:14.0751 7036 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

11:55:14.0751 7036 crcdisk - ok

11:55:14.0751 7036 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

11:55:14.0767 7036 CryptSvc - ok

11:55:14.0767 7036 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

11:55:14.0782 7036 CSC - ok

11:55:14.0782 7036 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

11:55:14.0798 7036 CscService - ok

11:55:14.0798 7036 CtClsFlt - ok

11:55:14.0798 7036 [ 9A59DF2CA690019FEA3B265D5A7EB619 ] CxUtilSvc C:\Program Files\Conexant\SA3\CxUtilSvc.exe

11:55:14.0814 7036 CxUtilSvc - ok

11:55:14.0829 7036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

11:55:14.0829 7036 DcomLaunch - ok

11:55:14.0829 7036 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

11:55:14.0845 7036 defragsvc - ok

11:55:14.0845 7036 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

11:55:14.0845 7036 DfsC - ok

11:55:14.0860 7036 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

11:55:14.0860 7036 Dhcp - ok

11:55:14.0860 7036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

11:55:14.0860 7036 discache - ok

11:55:14.0876 7036 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

11:55:14.0876 7036 Disk - ok

11:55:15.0001 7036 [ 95422E960A0ABD922D4CD47CEA2A06E0 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

11:55:15.0094 7036 DisplayLinkService - ok

11:55:15.0094 7036 [ 8DEB7C73F210D0983091EAB3F734EA0B ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys

11:55:15.0094 7036 DisplayLinkUsbPort - ok

11:55:15.0094 7036 [ 4CE52D98C4C865276607FFBE92781C62 ] dlkmd C:\Windows\system32\drivers\dlkmd.sys

11:55:15.0110 7036 dlkmd - ok

11:55:15.0110 7036 [ 9EE92A1B53E11B1CA33011192DAC158B ] dlkmdldr C:\Windows\system32\drivers\dlkmdldr.sys

11:55:15.0110 7036 dlkmdldr - ok

11:55:15.0110 7036 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

11:55:15.0110 7036 dmvsc - ok

11:55:15.0110 7036 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

11:55:15.0126 7036 Dnscache - ok

11:55:15.0126 7036 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

11:55:15.0141 7036 dot3svc - ok

11:55:15.0141 7036 [ AD57743DBA53B0B525202AB47CA90CC5 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe

11:55:15.0157 7036 DpHost - ok

11:55:15.0157 7036 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

11:55:15.0172 7036 DPS - ok

11:55:15.0172 7036 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

11:55:15.0172 7036 drmkaud - ok

11:55:15.0188 7036 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

11:55:15.0188 7036 DXGKrnl - ok

11:55:15.0188 7036 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

11:55:15.0204 7036 EapHost - ok

11:55:15.0235 7036 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

11:55:15.0250 7036 ebdrv - ok

11:55:15.0250 7036 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

11:55:15.0266 7036 EFS - ok

11:55:15.0266 7036 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

11:55:15.0297 7036 ehRecvr - ok

11:55:15.0297 7036 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

11:55:15.0313 7036 ehSched - ok

11:55:15.0313 7036 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

11:55:15.0313 7036 elxstor - ok

11:55:15.0328 7036 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

11:55:15.0328 7036 ErrDev - ok

11:55:15.0328 7036 [ 3B1F66A4E400D7ACF90D233D47DE6C7E ] ETD C:\Windows\system32\DRIVERS\ETD.sys

11:55:15.0328 7036 ETD - ok

11:55:15.0344 7036 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

11:55:15.0344 7036 EventSystem - ok

11:55:15.0360 7036 [ 52AE29A233832E0C704FD7FC534AF9FB ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

11:55:15.0375 7036 EvtEng - ok

11:55:15.0375 7036 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

11:55:15.0391 7036 exfat - ok

11:55:15.0391 7036 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

11:55:15.0391 7036 fastfat - ok

11:55:15.0406 7036 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

11:55:15.0422 7036 Fax - ok

11:55:15.0422 7036 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

11:55:15.0422 7036 fdc - ok

11:55:15.0422 7036 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

11:55:15.0438 7036 fdPHost - ok

11:55:15.0438 7036 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

11:55:15.0438 7036 FDResPub - ok

11:55:15.0438 7036 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

11:55:15.0453 7036 FileInfo - ok

11:55:15.0453 7036 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

11:55:15.0453 7036 Filetrace - ok

11:55:15.0453 7036 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

11:55:15.0453 7036 flpydisk - ok

11:55:15.0453 7036 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

11:55:15.0469 7036 FltMgr - ok

11:55:15.0469 7036 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

11:55:15.0500 7036 FontCache - ok

11:55:15.0500 7036 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:55:15.0516 7036 FontCache3.0.0.0 - ok

11:55:15.0516 7036 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

11:55:15.0516 7036 FsDepends - ok

11:55:15.0516 7036 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

11:55:15.0516 7036 Fs_Rec - ok

11:55:15.0516 7036 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

11:55:15.0531 7036 fvevol - ok

11:55:15.0531 7036 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

11:55:15.0531 7036 gagp30kx - ok

11:55:15.0547 7036 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

11:55:15.0547 7036 gpsvc - ok

11:55:15.0547 7036 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

11:55:15.0547 7036 hcw85cir - ok

11:55:15.0562 7036 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

11:55:15.0562 7036 HdAudAddService - ok

11:55:15.0562 7036 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

11:55:15.0562 7036 HDAudBus - ok

11:55:15.0562 7036 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

11:55:15.0562 7036 HidBatt - ok

11:55:15.0562 7036 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

11:55:15.0578 7036 HidBth - ok

11:55:15.0578 7036 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

11:55:15.0578 7036 HidIr - ok

11:55:15.0578 7036 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

11:55:15.0578 7036 hidserv - ok

11:55:15.0594 7036 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

11:55:15.0594 7036 HidUsb - ok

11:55:15.0594 7036 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

11:55:15.0594 7036 hkmsvc - ok

11:55:15.0609 7036 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

11:55:15.0609 7036 HomeGroupListener - ok

11:55:15.0625 7036 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

11:55:15.0625 7036 HomeGroupProvider - ok

11:55:15.0625 7036 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

11:55:15.0625 7036 HpSAMD - ok

11:55:15.0640 7036 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

11:55:15.0640 7036 HTTP - ok

11:55:15.0640 7036 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

11:55:15.0640 7036 hwpolicy - ok

11:55:15.0656 7036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

11:55:15.0656 7036 i8042prt - ok

11:55:15.0656 7036 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\drivers\iaStor.sys

11:55:15.0672 7036 iaStor - ok

11:55:15.0672 7036 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

11:55:15.0672 7036 IAStorDataMgrSvc - ok

11:55:15.0687 7036 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

11:55:15.0687 7036 iaStorV - ok

11:55:15.0687 7036 [ 653A38B868A5F20BB506AB57AC41B936 ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys

11:55:15.0687 7036 ibtfltcoex - ok

11:55:15.0703 7036 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:55:15.0734 7036 idsvc - ok

11:55:15.0734 7036 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

11:55:15.0734 7036 iirsp - ok

11:55:15.0750 7036 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

11:55:15.0750 7036 IKEEXT - ok

11:55:15.0765 7036 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys

11:55:15.0765 7036 intaud_WaveExtensible - ok

11:55:15.0765 7036 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

11:55:15.0765 7036 IntcDAud - ok

11:55:15.0781 7036 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe

11:55:15.0781 7036 Intel® Capability Licensing Service Interface - ok

11:55:15.0796 7036 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

11:55:15.0796 7036 intelide - ok

11:55:15.0937 7036 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys

11:55:15.0999 7036 intelkmd - ok

11:55:15.0999 7036 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

11:55:15.0999 7036 intelppm - ok

11:55:15.0999 7036 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

11:55:16.0015 7036 IPBusEnum - ok

11:55:16.0015 7036 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:55:16.0015 7036 IpFilterDriver - ok

11:55:16.0030 7036 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

11:55:16.0046 7036 iphlpsvc - ok

11:55:16.0046 7036 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

11:55:16.0046 7036 IPMIDRV - ok

11:55:16.0046 7036 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

11:55:16.0046 7036 IPNAT - ok

11:55:16.0046 7036 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

11:55:16.0062 7036 IRENUM - ok

11:55:16.0062 7036 [ 6DC22BDAA595BE00F19696E72F2F3312 ] irstrtdv C:\Windows\system32\DRIVERS\irstrtdv.sys

11:55:16.0062 7036 irstrtdv - ok

11:55:16.0062 7036 [ 49869B871F6DB76021D0E9B5DF1CC2CB ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe

11:55:16.0077 7036 irstrtsv - ok

11:55:16.0077 7036 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

11:55:16.0077 7036 isapnp - ok

11:55:16.0093 7036 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

11:55:16.0093 7036 iScsiPrt - ok

11:55:16.0093 7036 [ D596D915CF091DA1F8CE4BD38BB5D509 ] iusb3hcs C:\Windows\system32\drivers\iusb3hcs.sys

11:55:16.0093 7036 iusb3hcs - ok

11:55:16.0093 7036 [ 023896E23B61543A15A230EED996D911 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys

11:55:16.0093 7036 iusb3hub - ok

11:55:16.0108 7036 [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys

11:55:16.0108 7036 iusb3xhc - ok

11:55:16.0140 7036 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys

11:55:16.0140 7036 iwdbus - ok

11:55:16.0140 7036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

11:55:16.0140 7036 kbdclass - ok

11:55:16.0155 7036 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

11:55:16.0155 7036 kbdhid - ok

11:55:16.0155 7036 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

11:55:16.0155 7036 KeyIso - ok

11:55:16.0155 7036 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

11:55:16.0155 7036 KSecDD - ok

11:55:16.0155 7036 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

11:55:16.0171 7036 KSecPkg - ok

11:55:16.0171 7036 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

11:55:16.0171 7036 ksthunk - ok

11:55:16.0171 7036 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

11:55:16.0186 7036 KtmRm - ok

11:55:16.0186 7036 [ AAC9ADA7FCB617D8718392FE542D768B ] LAN9500 C:\Windows\system32\DRIVERS\lan9500-x64-n620f.sys

11:55:16.0186 7036 LAN9500 - ok

11:55:16.0202 7036 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

11:55:16.0202 7036 LanmanServer - ok

11:55:16.0202 7036 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

11:55:16.0218 7036 LanmanWorkstation - ok

11:55:16.0218 7036 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

11:55:16.0218 7036 lltdio - ok

11:55:16.0233 7036 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

11:55:16.0233 7036 lltdsvc - ok

11:55:16.0233 7036 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

11:55:16.0249 7036 lmhosts - ok

11:55:16.0249 7036 [ 5C08357C65F658E29B5DDC2EF18D575C ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

11:55:16.0264 7036 LMS - ok

11:55:16.0264 7036 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

11:55:16.0280 7036 LSI_FC - ok

11:55:16.0280 7036 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

11:55:16.0280 7036 LSI_SAS - ok

11:55:16.0280 7036 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

11:55:16.0280 7036 LSI_SAS2 - ok

11:55:16.0280 7036 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

11:55:16.0280 7036 LSI_SCSI - ok

11:55:16.0296 7036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

11:55:16.0296 7036 luafv - ok

11:55:16.0296 7036 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys

11:55:16.0296 7036 mcdbus - ok

11:55:16.0296 7036 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

11:55:16.0311 7036 Mcx2Svc - ok

11:55:16.0311 7036 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

11:55:16.0311 7036 megasas - ok

11:55:16.0327 7036 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

11:55:16.0327 7036 MegaSR - ok

11:55:16.0327 7036 [ D71FD7A4FDB01C554AE144037B688DF1 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

11:55:16.0327 7036 MEIx64 - ok

11:55:16.0327 7036 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

11:55:16.0342 7036 MMCSS - ok

11:55:16.0342 7036 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

11:55:16.0342 7036 Modem - ok

11:55:16.0342 7036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

11:55:16.0342 7036 monitor - ok

11:55:16.0342 7036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

11:55:16.0342 7036 mouclass - ok

11:55:16.0342 7036 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

11:55:16.0358 7036 mouhid - ok

11:55:16.0358 7036 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

11:55:16.0358 7036 mountmgr - ok

11:55:16.0358 7036 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

11:55:16.0358 7036 mpio - ok

11:55:16.0358 7036 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

11:55:16.0374 7036 mpsdrv - ok

11:55:16.0374 7036 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

11:55:16.0389 7036 MpsSvc - ok

11:55:16.0389 7036 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

11:55:16.0389 7036 MRxDAV - ok

11:55:16.0405 7036 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

11:55:16.0405 7036 mrxsmb - ok

11:55:16.0405 7036 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:55:16.0405 7036 mrxsmb10 - ok

11:55:16.0420 7036 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:55:16.0420 7036 mrxsmb20 - ok

11:55:16.0420 7036 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

11:55:16.0420 7036 msahci - ok

11:55:16.0420 7036 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

11:55:16.0420 7036 msdsm - ok

11:55:16.0436 7036 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

11:55:16.0436 7036 MSDTC - ok

11:55:16.0452 7036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

11:55:16.0452 7036 Msfs - ok

11:55:16.0452 7036 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

11:55:16.0452 7036 mshidkmdf - ok

11:55:16.0452 7036 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

11:55:16.0452 7036 msisadrv - ok

11:55:16.0452 7036 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

11:55:16.0467 7036 MSiSCSI - ok

11:55:16.0467 7036 msiserver - ok

11:55:16.0467 7036 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

11:55:16.0467 7036 MSKSSRV - ok

11:55:16.0483 7036 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

11:55:16.0483 7036 MSPCLOCK - ok

11:55:16.0483 7036 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

11:55:16.0483 7036 MSPQM - ok

11:55:16.0483 7036 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

11:55:16.0483 7036 MsRPC - ok

11:55:16.0498 7036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

11:55:16.0498 7036 mssmbios - ok

11:55:16.0498 7036 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

11:55:16.0498 7036 MSTEE - ok

11:55:16.0498 7036 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

11:55:16.0498 7036 MTConfig - ok

11:55:16.0498 7036 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

11:55:16.0498 7036 Mup - ok

11:55:16.0514 7036 [ 4D02A9A4AAE43280D8631F232AAD79BC ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

11:55:16.0530 7036 MyWiFiDHCPDNS - ok

11:55:16.0530 7036 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

11:55:16.0545 7036 napagent - ok

11:55:16.0545 7036 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

11:55:16.0545 7036 NativeWifiP - ok

11:55:16.0561 7036 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

11:55:16.0561 7036 NDIS - ok

11:55:16.0561 7036 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

11:55:16.0561 7036 NdisCap - ok

11:55:16.0576 7036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

11:55:16.0576 7036 NdisTapi - ok

11:55:16.0576 7036 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

11:55:16.0592 7036 Ndisuio - ok

11:55:16.0592 7036 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

11:55:16.0592 7036 NdisWan - ok

11:55:16.0592 7036 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

11:55:16.0592 7036 NDProxy - ok

11:55:16.0592 7036 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

11:55:16.0592 7036 NetBIOS - ok

11:55:16.0608 7036 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

11:55:16.0608 7036 NetBT - ok

11:55:16.0608 7036 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

11:55:16.0608 7036 Netlogon - ok

11:55:16.0608 7036 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

11:55:16.0623 7036 Netman - ok

11:55:16.0639 7036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:55:16.0654 7036 NetMsmqActivator - ok

11:55:16.0654 7036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:55:16.0654 7036 NetPipeActivator - ok

11:55:16.0654 7036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

11:55:16.0670 7036 netprofm - ok

11:55:16.0670 7036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:55:16.0670 7036 NetTcpActivator - ok

11:55:16.0670 7036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:55:16.0670 7036 NetTcpPortSharing - ok

11:55:16.0686 7036 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys

11:55:16.0686 7036 netvsc - ok

11:55:16.0795 7036 [ 98CF53F7B23F77D082805D5DBBD99A4E ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys

11:55:16.0842 7036 NETwNs64 - ok

11:55:16.0857 7036 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

11:55:16.0857 7036 nfrd960 - ok

11:55:16.0857 7036 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

11:55:16.0873 7036 NlaSvc - ok

11:55:16.0873 7036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

11:55:16.0873 7036 Npfs - ok

11:55:16.0873 7036 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

11:55:16.0873 7036 nsi - ok

11:55:16.0888 7036 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

11:55:16.0888 7036 nsiproxy - ok

11:55:16.0904 7036 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

11:55:16.0904 7036 Ntfs - ok

11:55:17.0044 7036 [ 309D50EC629F6160CCCB6061FC1D0119 ] ntrtscan C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

11:55:17.0060 7036 ntrtscan - ok

11:55:17.0060 7036 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

11:55:17.0076 7036 Null - ok

11:55:17.0076 7036 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

11:55:17.0076 7036 nvraid - ok

11:55:17.0076 7036 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

11:55:17.0076 7036 nvstor - ok

11:55:17.0091 7036 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

11:55:17.0091 7036 nv_agp - ok

11:55:17.0091 7036 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

11:55:17.0091 7036 ohci1394 - ok

11:55:17.0091 7036 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:55:17.0107 7036 ose - ok

11:55:17.0185 7036 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

11:55:17.0216 7036 osppsvc - ok

11:55:17.0232 7036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

11:55:17.0232 7036 p2pimsvc - ok

11:55:17.0247 7036 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

11:55:17.0247 7036 p2psvc - ok

11:55:17.0247 7036 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

11:55:17.0263 7036 Parport - ok

11:55:17.0263 7036 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

11:55:17.0263 7036 partmgr - ok

11:55:17.0263 7036 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

11:55:17.0278 7036 PcaSvc - ok

11:55:17.0278 7036 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

11:55:17.0278 7036 pci - ok

11:55:17.0278 7036 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

11:55:17.0278 7036 pciide - ok

11:55:17.0294 7036 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

11:55:17.0294 7036 pcmcia - ok

11:55:17.0294 7036 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

11:55:17.0294 7036 pcw - ok

11:55:17.0294 7036 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

11:55:17.0310 7036 PEAUTH - ok

11:55:17.0325 7036 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

11:55:17.0341 7036 PeerDistSvc - ok

11:55:17.0372 7036 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

11:55:17.0388 7036 PerfHost - ok

11:55:17.0403 7036 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

11:55:17.0419 7036 pla - ok

11:55:17.0419 7036 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

11:55:17.0435 7036 PlugPlay - ok

11:55:17.0435 7036 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

11:55:17.0435 7036 PNRPAutoReg - ok

11:55:17.0450 7036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

11:55:17.0450 7036 PNRPsvc - ok

11:55:17.0450 7036 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

11:55:17.0466 7036 PolicyAgent - ok

11:55:17.0481 7036 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll

11:55:17.0481 7036 Power - ok

11:55:17.0481 7036 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

11:55:17.0481 7036 PptpMiniport - ok

11:55:17.0497 7036 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

11:55:17.0497 7036 Processor - ok

11:55:17.0497 7036 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

11:55:17.0513 7036 ProfSvc - ok

11:55:17.0513 7036 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

11:55:17.0513 7036 ProtectedStorage - ok

11:55:17.0513 7036 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

11:55:17.0513 7036 Psched - ok

11:55:17.0528 7036 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

11:55:17.0544 7036 ql2300 - ok

11:55:17.0544 7036 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

11:55:17.0544 7036 ql40xx - ok

11:55:17.0559 7036 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

11:55:17.0559 7036 QWAVE - ok

11:55:17.0559 7036 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

11:55:17.0559 7036 QWAVEdrv - ok

11:55:17.0559 7036 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

11:55:17.0575 7036 RasAcd - ok

11:55:17.0575 7036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

11:55:17.0575 7036 RasAgileVpn - ok

11:55:17.0575 7036 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

11:55:17.0591 7036 RasAuto - ok

11:55:17.0591 7036 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

11:55:17.0591 7036 Rasl2tp - ok

11:55:17.0591 7036 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

11:55:17.0606 7036 RasMan - ok

11:55:17.0606 7036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

11:55:17.0622 7036 RasPppoe - ok

11:55:17.0622 7036 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

11:55:17.0622 7036 RasSstp - ok

11:55:17.0622 7036 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

11:55:17.0637 7036 rdbss - ok

11:55:17.0637 7036 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

11:55:17.0637 7036 rdpbus - ok

11:55:17.0637 7036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

11:55:17.0637 7036 RDPCDD - ok

11:55:17.0637 7036 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

11:55:17.0637 7036 RDPDR - ok

11:55:17.0653 7036 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

11:55:17.0653 7036 RDPENCDD - ok

11:55:17.0653 7036 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

11:55:17.0653 7036 RDPREFMP - ok

11:55:17.0653 7036 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

11:55:17.0653 7036 RdpVideoMiniport - ok

11:55:17.0669 7036 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

11:55:17.0669 7036 RDPWD - ok

11:55:17.0669 7036 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

11:55:17.0669 7036 rdyboost - ok

11:55:17.0669 7036 [ C480D028012881E0136962A49379688D ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

11:55:17.0684 7036 RegSrvc - ok

11:55:17.0684 7036 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

11:55:17.0700 7036 RemoteAccess - ok

11:55:17.0700 7036 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

11:55:17.0715 7036 RemoteRegistry - ok

11:55:17.0715 7036 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

11:55:17.0715 7036 RFCOMM - ok

11:55:17.0715 7036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

11:55:17.0731 7036 RpcEptMapper - ok

11:55:17.0731 7036 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

11:55:17.0731 7036 RpcLocator - ok

11:55:17.0747 7036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

11:55:17.0747 7036 RpcSs - ok

11:55:17.0747 7036 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

11:55:17.0747 7036 rspndr - ok

11:55:17.0762 7036 [ 40817D2DA49866C55781DB7601ABCEC1 ] RSUSBVSTOR C:\Windows\system32\Drivers\RTSUVSTOR.sys

11:55:17.0762 7036 RSUSBVSTOR - ok

11:55:17.0778 7036 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

11:55:17.0778 7036 RTL8167 - ok

11:55:17.0778 7036 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

11:55:17.0778 7036 s3cap - ok

11:55:17.0778 7036 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

11:55:17.0778 7036 SamSs - ok

11:55:17.0778 7036 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

11:55:17.0793 7036 sbp2port - ok

11:55:17.0793 7036 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

11:55:17.0809 7036 SCardSvr - ok

11:55:17.0809 7036 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

11:55:17.0809 7036 scfilter - ok

11:55:17.0825 7036 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

11:55:17.0825 7036 Schedule - ok

11:55:17.0840 7036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

11:55:17.0840 7036 SCPolicySvc - ok

11:55:17.0840 7036 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

11:55:17.0856 7036 SDRSVC - ok

11:55:17.0856 7036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

11:55:17.0856 7036 secdrv - ok

11:55:17.0856 7036 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

11:55:17.0856 7036 seclogon - ok

11:55:17.0871 7036 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

11:55:17.0871 7036 SENS - ok

11:55:17.0871 7036 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

11:55:17.0887 7036 SensrSvc - ok

11:55:17.0887 7036 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

11:55:17.0887 7036 Serenum - ok

11:55:17.0887 7036 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

11:55:17.0887 7036 Serial - ok

11:55:17.0887 7036 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

11:55:17.0887 7036 sermouse - ok

11:55:17.0903 7036 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

11:55:17.0903 7036 SessionEnv - ok

11:55:17.0903 7036 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

11:55:17.0903 7036 sffdisk - ok

11:55:17.0918 7036 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

11:55:17.0918 7036 sffp_mmc - ok

11:55:17.0918 7036 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

11:55:17.0918 7036 sffp_sd - ok

11:55:17.0918 7036 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

11:55:17.0918 7036 sfloppy - ok

11:55:17.0934 7036 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

11:55:17.0934 7036 SharedAccess - ok

11:55:17.0949 7036 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

11:55:17.0949 7036 ShellHWDetection - ok

11:55:17.0965 7036 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

11:55:17.0965 7036 SiSRaid2 - ok

11:55:17.0965 7036 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

11:55:17.0965 7036 SiSRaid4 - ok

11:55:17.0965 7036 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

11:55:17.0965 7036 Smb - ok

11:55:17.0981 7036 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

11:55:17.0981 7036 SNMPTRAP - ok

11:55:17.0981 7036 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

11:55:17.0981 7036 spldr - ok

11:55:17.0996 7036 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

11:55:17.0996 7036 Spooler - ok

11:55:18.0043 7036 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

11:55:18.0059 7036 sppsvc - ok

11:55:18.0074 7036 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

11:55:18.0074 7036 sppuinotify - ok

11:55:18.0090 7036 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

11:55:18.0090 7036 srv - ok

11:55:18.0090 7036 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

11:55:18.0090 7036 srv2 - ok

11:55:18.0105 7036 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

11:55:18.0105 7036 srvnet - ok

11:55:18.0105 7036 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

11:55:18.0105 7036 SSDPSRV - ok

11:55:18.0121 7036 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

11:55:18.0121 7036 SstpSvc - ok

11:55:18.0121 7036 [ E4EA2412FB1B8AEE33667A9CC6D456A4 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys

11:55:18.0121 7036 stdcfltn - ok

11:55:18.0137 7036 Steam Client Service - ok

11:55:18.0137 7036 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

11:55:18.0137 7036 stexstor - ok

11:55:18.0137 7036 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

11:55:18.0152 7036 stisvc - ok

11:55:18.0152 7036 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

11:55:18.0168 7036 StorSvc - ok

11:55:18.0168 7036 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

11:55:18.0168 7036 storvsc - ok

11:55:18.0168 7036 [ 10D69C83513B50F34032F7F96E40019D ] ST_ACCEL C:\Windows\system32\DRIVERS\ST_ACCEL.sys

11:55:18.0168 7036 ST_ACCEL - ok

11:55:18.0215 7036 [ 033E379F36D98FD2A5715C5EC831E4D4 ] svcGenericHost C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

11:55:18.0215 7036 svcGenericHost - ok

11:55:18.0230 7036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

11:55:18.0230 7036 swenum - ok

11:55:18.0230 7036 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

11:55:18.0246 7036 swprv - ok

11:55:18.0246 7036 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys

11:55:18.0246 7036 SynthVid - ok

11:55:18.0261 7036 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

11:55:18.0277 7036 SysMain - ok

11:55:18.0293 7036 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

11:55:18.0293 7036 TabletInputService - ok

11:55:18.0293 7036 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

11:55:18.0308 7036 TapiSrv - ok

11:55:18.0308 7036 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

11:55:18.0324 7036 TBS - ok

11:55:18.0355 7036 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

11:55:18.0355 7036 Tcpip - ok

11:55:18.0386 7036 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

11:55:18.0386 7036 TCPIP6 - ok

11:55:18.0402 7036 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

11:55:18.0402 7036 tcpipreg - ok

11:55:18.0402 7036 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

11:55:18.0402 7036 TDPIPE - ok

11:55:18.0402 7036 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

11:55:18.0402 7036 TDTCP - ok

11:55:18.0402 7036 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

11:55:18.0402 7036 tdx - ok

11:55:18.0417 7036 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

11:55:18.0417 7036 TermDD - ok

11:55:18.0417 7036 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

11:55:18.0433 7036 TermService - ok

11:55:18.0433 7036 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

11:55:18.0449 7036 Themes - ok

11:55:18.0449 7036 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

11:55:18.0449 7036 THREADORDER - ok

11:55:18.0449 7036 [ 505DB66467DF7658CC156B1704C7582C ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys

11:55:18.0464 7036 tmactmon - ok

11:55:18.0464 7036 [ C501873D7ADBA7DA1743878F44261E51 ] TMBMServer C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

11:55:18.0480 7036 TMBMServer - ok

11:55:18.0480 7036 [ 46EDB648C1B5C3ABD76BD5E912DAC026 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys

11:55:18.0495 7036 tmcomm - ok

11:55:18.0495 7036 [ 30CF571B3320221E331D2D887CB8552B ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys

11:55:18.0495 7036 tmevtmgr - ok

11:55:18.0511 7036 [ 55283E1FC92021AEBA8E1E5B7EBAD9D1 ] TmFilter C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys

11:55:18.0511 7036 TmFilter - ok

11:55:18.0527 7036 [ E5E3EE9C39295307418824F26F651CC0 ] tmlisten C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

11:55:18.0542 7036 tmlisten - ok

11:55:18.0542 7036 [ 8F82EF40FA762354530236ABE302FA35 ] TmPreFilter C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys

11:55:18.0542 7036 TmPreFilter - ok

11:55:18.0558 7036 [ EB689B4C0FCA28A7BA881BA31A9224D4 ] TmProxy C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

11:55:18.0573 7036 TmProxy - ok

11:55:18.0573 7036 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys

11:55:18.0573 7036 tmtdi - ok

11:55:18.0589 7036 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

11:55:18.0589 7036 TrkWks - ok

11:55:18.0589 7036 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

11:55:18.0605 7036 TrustedInstaller - ok

11:55:18.0605 7036 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

11:55:18.0605 7036 tssecsrv - ok

11:55:18.0620 7036 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

11:55:18.0620 7036 TsUsbFlt - ok

11:55:18.0620 7036 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

11:55:18.0620 7036 TsUsbGD - ok

11:55:18.0620 7036 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

11:55:18.0620 7036 tunnel - ok

11:55:18.0620 7036 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

11:55:18.0636 7036 uagp35 - ok

11:55:18.0636 7036 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

11:55:18.0636 7036 udfs - ok

11:55:18.0636 7036 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

11:55:18.0651 7036 UI0Detect - ok

11:55:18.0651 7036 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

11:55:18.0651 7036 uliagpkx - ok

11:55:18.0651 7036 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

11:55:18.0667 7036 umbus - ok

11:55:18.0667 7036 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

11:55:18.0667 7036 UmPass - ok

11:55:18.0667 7036 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

11:55:18.0683 7036 UmRdpService - ok

11:55:18.0683 7036 [ 0DFC9713D117B349E41A2A477448107A ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

11:55:18.0714 7036 UNS - ok

11:55:18.0714 7036 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

11:55:18.0729 7036 upnphost - ok

11:55:18.0729 7036 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

11:55:18.0729 7036 usbccgp - ok

11:55:18.0729 7036 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

11:55:18.0729 7036 usbcir - ok

11:55:18.0729 7036 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

11:55:18.0729 7036 usbehci - ok

11:55:18.0745 7036 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

11:55:18.0745 7036 usbhub - ok

11:55:18.0745 7036 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

11:55:18.0745 7036 usbohci - ok

11:55:18.0745 7036 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

11:55:18.0745 7036 usbprint - ok

11:55:18.0761 7036 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:55:18.0761 7036 USBSTOR - ok

11:55:18.0761 7036 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

11:55:18.0761 7036 usbuhci - ok

11:55:18.0761 7036 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

11:55:18.0761 7036 usbvideo - ok

11:55:18.0776 7036 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

11:55:18.0776 7036 UxSms - ok

11:55:18.0776 7036 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

11:55:18.0776 7036 VaultSvc - ok

11:55:18.0823 7036 [ 6392117B3F8B4AC98408D430D8F12366 ] vcsFPService C:\Windows\system32\vcsFPService.exe

11:55:18.0839 7036 vcsFPService - ok

11:55:18.0839 7036 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

11:55:18.0839 7036 vdrvroot - ok

11:55:18.0854 7036 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

11:55:18.0870 7036 vds - ok

11:55:18.0870 7036 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

11:55:18.0870 7036 vga - ok

11:55:18.0870 7036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

11:55:18.0870 7036 VgaSave - ok

11:55:18.0870 7036 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

11:55:18.0870 7036 vhdmp - ok

11:55:18.0885 7036 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

11:55:18.0885 7036 viaide - ok

11:55:18.0885 7036 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

11:55:18.0885 7036 VMBusHID - ok

11:55:18.0885 7036 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

11:55:18.0885 7036 volmgr - ok

11:55:18.0901 7036 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

11:55:18.0901 7036 volmgrx - ok

11:55:18.0901 7036 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

11:55:18.0901 7036 volsnap - ok

11:55:18.0917 7036 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys

11:55:18.0917 7036 vpcbus - ok

11:55:18.0917 7036 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys

11:55:18.0917 7036 vpcnfltr - ok

11:55:18.0917 7036 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys

11:55:18.0917 7036 vpcusb - ok

11:55:18.0932 7036 [ 30D4243726A15A14F5C5E45898D14394 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys

11:55:18.0932 7036 vpcvmm - ok

11:55:18.0963 7036 [ BF63E3F8F1CED65F4F5AD22E0735B2E4 ] VSApiNt C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys

11:55:18.0979 7036 VSApiNt - ok

11:55:18.0979 7036 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

11:55:18.0979 7036 vsmraid - ok

11:55:18.0995 7036 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

11:55:19.0010 7036 VSS - ok

11:55:19.0026 7036 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

11:55:19.0026 7036 vwifibus - ok

11:55:19.0026 7036 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

11:55:19.0026 7036 vwififlt - ok

11:55:19.0026 7036 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

11:55:19.0026 7036 vwifimp - ok

11:55:19.0041 7036 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

11:55:19.0041 7036 W32Time - ok

11:55:19.0041 7036 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

11:55:19.0057 7036 WacomPen - ok

11:55:19.0057 7036 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

11:55:19.0057 7036 WANARP - ok

11:55:19.0057 7036 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

11:55:19.0057 7036 Wanarpv6 - ok

11:55:19.0073 7036 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

11:55:19.0088 7036 WatAdminSvc - ok

11:55:19.0104 7036 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

11:55:19.0119 7036 wbengine - ok

11:55:19.0135 7036 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

11:55:19.0135 7036 WbioSrvc - ok

11:55:19.0151 7036 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

11:55:19.0151 7036 wcncsvc - ok

11:55:19.0151 7036 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

11:55:19.0166 7036 WcsPlugInService - ok

11:55:19.0166 7036 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

11:55:19.0166 7036 Wd - ok

11:55:19.0166 7036 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

11:55:19.0166 7036 WDC_SAM - ok

11:55:19.0182 7036 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

11:55:19.0182 7036 Wdf01000 - ok

11:55:19.0197 7036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

11:55:19.0197 7036 WdiServiceHost - ok

11:55:19.0197 7036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

11:55:19.0197 7036 WdiSystemHost - ok

11:55:19.0213 7036 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

11:55:19.0213 7036 WebClient - ok

11:55:19.0229 7036 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

11:55:19.0229 7036 Wecsvc - ok

11:55:19.0229 7036 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

11:55:19.0244 7036 wercplsupport - ok

11:55:19.0244 7036 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

11:55:19.0244 7036 WerSvc - ok

11:55:19.0260 7036 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

11:55:19.0260 7036 WfpLwf - ok

11:55:19.0260 7036 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

11:55:19.0260 7036 WimFltr - ok

11:55:19.0260 7036 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

11:55:19.0260 7036 WIMMount - ok

11:55:19.0260 7036 WinDefend - ok

11:55:19.0275 7036 WinHttpAutoProxySvc - ok

11:55:19.0275 7036 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

11:55:19.0291 7036 Winmgmt - ok

11:55:19.0322 7036 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

11:55:19.0338 7036 WinRM - ok

11:55:19.0353 7036 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys

11:55:19.0353 7036 WinUSB - ok

11:55:19.0353 7036 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

11:55:19.0369 7036 Wlansvc - ok

11:55:19.0369 7036 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

11:55:19.0385 7036 wlcrasvc - ok

11:55:19.0416 7036 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:55:19.0431 7036 wlidsvc - ok

11:55:19.0431 7036 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

11:55:19.0431 7036 WmiAcpi - ok

11:55:19.0447 7036 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

11:55:19.0447 7036 wmiApSrv - ok

11:55:19.0463 7036 WMPNetworkSvc - ok

11:55:19.0463 7036 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

11:55:19.0463 7036 WPCSvc - ok

11:55:19.0463 7036 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

11:55:19.0478 7036 WPDBusEnum - ok

11:55:19.0478 7036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

11:55:19.0478 7036 ws2ifsl - ok

11:55:19.0478 7036 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

11:55:19.0494 7036 wscsvc - ok

11:55:19.0509 7036 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

11:55:19.0509 7036 WSDPrintDevice - ok

11:55:19.0509 7036 WSearch - ok

11:55:19.0541 7036 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

11:55:19.0556 7036 wuauserv - ok

11:55:19.0572 7036 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

11:55:19.0572 7036 WudfPf - ok

11:55:19.0572 7036 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

11:55:19.0572 7036 WUDFRd - ok

11:55:19.0572 7036 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

11:55:19.0587 7036 wudfsvc - ok

11:55:19.0587 7036 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

11:55:19.0603 7036 WwanSvc - ok

11:55:19.0634 7036 [ 118C018DF1C53B94F8C06D2CABBBDA52 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

11:55:19.0650 7036 ZeroConfigService - ok

11:55:19.0665 7036 ================ Scan global ===============================

11:55:19.0665 7036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

11:55:19.0665 7036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

11:55:19.0681 7036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

11:55:19.0697 7036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

11:55:19.0697 7036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

11:55:19.0712 7036 [Global] - ok

11:55:19.0712 7036 ================ Scan MBR ==================================

11:55:19.0712 7036 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

11:55:19.0853 7036 \Device\Harddisk0\DR0 - ok

11:55:19.0853 7036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

11:55:19.0853 7036 \Device\Harddisk1\DR1 - ok

11:55:19.0853 7036 ================ Scan VBR ==================================

11:55:19.0853 7036 [ 4C8335483DD1CE4A1B10ABBF3A6E9607 ] \Device\Harddisk0\DR0\Partition1

11:55:19.0853 7036 \Device\Harddisk0\DR0\Partition1 - ok

11:55:19.0868 7036 [ FAA87E1E84F0E5B7839F1530DC733455 ] \Device\Harddisk0\DR0\Partition2

11:55:19.0868 7036 \Device\Harddisk0\DR0\Partition2 - ok

11:55:19.0868 7036 ============================================================

11:55:19.0868 7036 Scan finished

11:55:19.0868 7036 ============================================================

11:55:19.0868 7124 Detected object count: 0

11:55:19.0868 7124 Actual detected object count: 0

11:55:33.0066 5792 Deinitialize success

================================================================================

Link to post
Share on other sites

It is totally up to you if you want to wipe / erase/ nuke and re-install the O.S. and all your apps from scratch.

Let me know if that is your decision.

As to Trend Micro, -you- need to do research on how to turn it off. Suggest you check the vendor's support website.

The link at BC that I cite is a generic one, and from time to time the a-v & security vendors come out with new ways.

I would suggest you do the full MBAM scan.

Link to post
Share on other sites

Malwarebytes log:

==============================================

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.14.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: TRINUS-LAPTOP [administrator]

14/02/2013 1:24:58 PM

mbam-log-2013-02-14 (13-24-58).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 351194

Time elapsed: 10 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

================================================

Link to post
Share on other sites

Try not to judge different Roguekiller reports. It's easy for the non-experienced to get off-base.

I do -not- think this system is infected.

The MBAM result is a very good clue.

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cute default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • While in NOTEPAD, do a CTRL+A to Copy all to clipboard.
  • You should be able to get back to your forum topic, start a new reply,
    click 1 time in the box
    and do a CTRL+V (Paste}
    into reply.
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Cureit.log you saved previously in your next reply.
    ONLY if the log is too large, then you may "attach" it.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

To Welta, about Trend Micro:

To control Trend Micro and the real-time protection, one -may- use this as a "generic" template.

caveat emptor: I am not a user of TrendMicro a-v so do not hold this against me.

To turn off:

Start by double clicking the TrendMicro icon on your Taskbar by the notification area.

On next screen, On the left panel, click Virus & Spyware Controls. Under Protection Against Viruses & Spywaresection, click Settings.

see this image http://esupport.trendmicro.com/media/10299598/EN-1036481-4.gif

On next screen, look at top left-side.

Uncheck (un-tick) the check box marked Activate real-time protection

Click OK

Exit / close

When all done with your other tasks, go back and re-Activate the real-time protection.

Link to post
Share on other sites

You have told me the following:

Total 8687509300 bytes in 23684 files scanned (33819 objects)

Total 23647 files (33776 objects) are clean

There are no infected objects detected

Total 33 files are raised error condition

Scan time is 00:06:43.459

Now, the question for you, How is the system ?

My personal view is that there is no infection aboard and that we can Close this case.

Link to post
Share on other sites

You told me

The system is working perfectly, I dont believe there is an infection either after running these tests. Thank you very much for your help.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

aswMBR.exe

Tdsskiller.exe

jrt.exe

Dr Web Cure-It

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.