Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero Access rootkit --> can't reinstall Microsoft Security Essentials


  • This topic is locked This topic is locked
115 replies to this topic

#1 TAB4

TAB4

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 14 May 2013 - 10:31 PM

Here is the link to previous post as requested: 

http://www.bleepingcomputer.com/forums/t/494411/cant-reinstall-microsoft-security-essentials-error-code-0x80070643/

 

Start of problem: 

5/12/13 – Some false internet security program popped up.  My husband either closed it or hit cancel but then Microsoft Security Essentials (MSE) quit working.

 

Steps taken 5/12 and 5/13 (yesterday):

  • System restore.  Restore succeeded.  MSE still didn’t work.

 

  • Tried to uninstall MSE.  Couldn’t do it using Add/Remove Programs. 

 

  • Error box was labeled Microsoft Security Client and said “An error has occurred in the program during initialization.  If this problem continues, please contact your administrator.  Error Code:  0x80073b01.”

 

  • Downloaded Malwarebytes.  It found some Trojan (didn’t write it down).  Still couldn’t uninstall MSE.

 

  • Finally able to uninstall MSE Microsoft Security Essentials using Microsoft article at support.microsoft.com/kb/2483120.  However, not able to reinstall MSE. 

 

  • Removed Malwarebytes in case it was the problem - conflicting AV software - even though I run both on my other computer. 

 

  • Went through all the steps in windows.microsoft.com/en-us/windows/i-cant-install-microsoft-security-essentials.  Still can't install MSE.  Error code is 0x80070643. 

 

  • One Microsoft Support answer I read said that I needed to run updates in windows.  Tried this and found I can't run updates either. Error code 0x80096001.  (Today Microsoft directed me to a Windows update Fix-it that fixed this.  14 critical security updates came through.)

 

  • Reinstalled Malwarebytes and ran full scan.  Nothing.

 

  • Read another question/answer in Microsoft Support that recommended running several anti-virus/spyware programs:
  1. Hitman Pro:  It said I had malicious software called Zero Access in the recycle bin plus some tracking cookies elsewhere.  It seemed to want me to buy the program to delete these.  I deleted everything in the recycle bin and just left the cookies.  When I rerun Hitman Pro, it still says I have everything it said before.  (Today I redownloaded and picked the trial version.  I could delete the files.)

 

  1. TDSS Killer:  Said I had a locked file, Service: rpcld, and categorized it as suspicious object, medium risk.  I couldn't find a clear answer on the web to see it this was a virus.  I quarantined it.  (No longer quarantined – found out this belongs to Absolute – our LoJack.)

 

  1. MS Scanner:  No viruses detected.

 

  • Posted on Microsoft  Support and received two replies.  First reply said to follow “Install Microsoft Security Essentials Checklist” at social.technet.microsoft.com/wiki/content/articles/15844.install-microsoft-security-essentials-checklist…. 

 

This has 5 cases:

 

Case 1: Made Windows Defender Offline boot disc. Found nothing in quick scan.  Ran the full scan overnight.  Still nothing.

 

Case 2: Doesn’t apply.  My Windows IS genuine.

 

Case 3: Another anti-virus was not installed.  Learned with previous computer that you have to use uninstallers.  Have used MSE on this computer for about a year.  Also, I used support.microsoft.com/kb/2483120 to uninstall MSE. 

 

Case 4:  If error message during installation, window updates recommended.  I get clear to the install window for MSE, it looks good (like it's installing), and then ... failure (refers me to error 0x80070643).  Windows updates is a problem (as I mentioned above). I can't get the last two critical updates to run.  I get error code 80096001. (Fixed today by Microsoft Fix-it as mentioned above.)

 

Case 5:  Windows 8 doesn’t use MSE.  Doesn’t apply as I'm using Windows 7.

 

  • 2nd Microsoft Support reply recommended Malwarebytes, Hitman Pro (already had run these) and SUPERAntispyware.  It found 50 file items (tracking cookies I believe - which surprised me after all the other programs that I’ve run).

 

  • Also, Support recommended MSE uninstall methods. 
  1. I had already done the kb/248120 fix (using the fix-it button for the registry) but I did it again.
  2. I followed the 5/7/12 added instructions (answers.microsoft.com/en-us/protect/forum/mse-protect_start/uninstalling-mse/…) but I neither Microsoft Security Client or Microsoft Antimalware show up so I can’t uninstall them.
  3. Also, per the above instructions, I saved and ran mseremoval.bat
  4. Also, per the above instructions, I redownloaded MSE for Windows 7 64-bit system (Out of desperation, I also tried the 32-bit version but it said it was wrong version for my computer.)

 

All this and same error 0x80070643.

 

So last evening, we were on the phone with HP.  They recommended another system restore.  That took me back to square one.  MSE on there but not working – error code 0x80073b01.  In the hope that I would get a different result running through the same steps (insanity), last night and today I did this:

 

  • Windows Defender Offline – Full scan overnight – nothing found.
  • Hitman Pro – 31 day trial version.  Deleted 4 Zero Access files, 8 total threats.  Rebooted – same error:  0x80073b01
  • Malwarebytes – unchecked trial version.  No malicious items detected.  Rebooted – same error: 0x80073b01.
  • SUPERAntispyware – 4 tracking cookies
  • TDSS Killer – Locked file

                        Service:  rpcld

                        Suspicious object, medium risk

                        Skipped this as read it is Absolute file – we do have LoJack.

 

  • Norton – uninstaller again – just in case.  Reboot. Same error.
  • Microsoft Safety Scanner – no viruses, spyware, or other potentially unwanted software were detected.

 

Then, I found out that bleepingcomputer had responded.  I know you guys know your stuff.  (So saw a bit of light at the end of the tunnel.)  The post I linked back to at the beginning of this post has the log results of

 

  1. SecurityCheck.exe – couldn’t run it as it said not a valid Win32 application.
  2. Farbar Service Scanner
  3. MiniToolBox
  4. MBAM
  5. MBAM Anti-Rootkit
  6. Rkill

 

One of these latter programs found something but, as instructed, I did not clean them.

 

 

Now I’m attaching the requested logs from the Prep Guide started at step 6 as instructed.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.17.2

Run by Walter at 21:48:22 on 2013-05-14

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.3843 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files\IB Updater\ExtensionUpdaterService.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Windows\SysWOW64\rpcnet.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\ProgramData\Rpcnet\Bin\rpcld.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\WerFault.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
C:\Users\Walter\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.81\oberontb.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: GamesBar: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.81\oberontb.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [cdloader] "C:\Users\Walter\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Walter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Walter\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEM~1.LNK - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxp://mailsrv3.tps.org/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C2D0ED1A-5797-41A7-9A04-8B6ED0E10B44} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C2D0ED1A-5797-41A7-9A04-8B6ED0E10B44}\352434 : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{C2D0ED1A-5797-41A7-9A04-8B6ED0E10B44}\37B6164756C616E646 : DHCPNameServer = 208.40.1.6 168.92.1.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-5-10 10920]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-2-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-6-2 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-7 249672]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-12 13592]
R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2012-12-1 188760]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-26 2413056]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-14 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-14 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-12 2656280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2012-2-7 33888]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-5-12 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-5-12 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-12 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-6-2 12289472]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-14 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-26 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-26 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-15 428136]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/11 21:17:32;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2012-2-7 33888]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\System32\drivers\hcw72ADFilter.sys [2010-4-23 38656]
S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\System32\drivers\hcw72ATV.sys [2010-4-23 1631488]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\System32\drivers\hcw72DTV.sys [2010-4-23 1634176]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-24 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-14 18:43:44 -------- d-----w- C:\Users\Walter\AppData\Roaming\Malwarebytes
2013-05-14 18:43:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-14 18:43:09 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-14 18:43:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-14 18:07:02 15012 ----a-w- C:\FixitRegBackup.reg
2013-05-13 19:33:16 -------- d-----w- C:\Windows\Microsoft Antimalware
2013-05-13 13:52:55 -------- d-----w- C:\Program Files\HitmanPro
2013-05-13 13:51:47 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-13 13:30:12 -------- d-----w- C:\ProgramData\HitmanPro
2013-05-13 03:03:43 -------- d-----w- C:\Windows\pss
2013-05-13 01:59:35 -------- d-----w- C:\Users\Walter\AppData\Local\Programs
2013-05-13 00:09:39 -------- d-----w- C:\ProgramData\52A8738BF730CF48000052A820E9D547
2013-05-03 23:37:01 -------- d-----w- C:\Acordex
2013-05-01 16:09:04 -------- d-----w- C:\Users\Walter\AppData\Local\{48B31B98-F466-4983-B8DB-085C08876B9D}
2013-04-23 20:12:15 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-15 01:26:29 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2013-05-15 01:26:27 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2013-05-14 06:26:19 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2013-05-14 06:25:28 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2013-05-02 15:29:56 278800 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-04-24 12:16:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-24 12:16:46 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 05:51:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2013-04-10 05:08:12 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-03-29 15:18:54 69792 ------w- C:\Windows\SysWow64\rpcnet.exe
2013-03-23 19:42:44 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-23 19:42:38 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-23 19:42:37 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-28 12:03:52 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-28 11:38:43 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
.
============= FINISH: 21:48:55.75 ===============
 

 

 

 

Thank you so much in advance for your help!

Attached Files


Edited by TAB4, 14 May 2013 - 10:42 PM.


BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,041 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 15 May 2013 - 05:29 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, TAB4

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------


Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

---------------------------------------------------------------------------------------------------

Edited by Conspire, 15 May 2013 - 05:29 AM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 TAB4

TAB4
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 15 May 2013 - 10:34 AM

Sorry for the delay.  I was checking to make sure all my files were backed up.  Also, I did uninstall Dropbox.  I use it for work and didn't want the company's files to disappear or be affected in any way.  I hope that was ok.

 

Here's log from aswMBR.  The .dat file is attached.  I did not tell it to fix anything as instructed.

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-15 10:50:15
-----------------------------
10:50:15.941    OS Version: Windows x64 6.1.7601 Service Pack 1
10:50:15.941    Number of processors: 8 586 0x2A07
10:50:15.941    ComputerName: WALTER-HP  UserName: Walter
10:50:17.454    Initialize success
10:55:04.461    AVAST engine defs: 13051500
10:55:54.303    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:55:54.303    Disk 0 Vendor: TOSHIBA_ GL00 Size: 953869MB BusType: 3
10:55:54.428    Disk 0 MBR read successfully
10:55:54.428    Disk 0 MBR scan
10:55:54.443    Disk 0 Windows 7 default MBR code
10:55:54.443    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
10:55:54.443    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       936271 MB offset 409600
10:55:54.475    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        17295 MB offset 1917892608
10:55:54.506    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      102 MB offset 1953312768
10:55:54.646    Disk 0 scanning C:\Windows\system32\drivers
10:56:05.098    Service scanning
10:56:54.394    Modules scanning
10:56:54.394    Disk 0 trace - called modules:
10:56:54.426    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
10:56:54.441    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b49790]
10:56:54.441    3 CLASSPNP.SYS[fffff880019ac43f] -> nt!IofCallDriver -> [0xfffffa8006a53890]
10:56:54.441    5 hpdskflt.sys[fffff88001bbd189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006918050]
10:56:55.954    AVAST engine scan C:\Windows
10:56:58.232    AVAST engine scan C:\Windows\system32
10:59:33.249    AVAST engine scan C:\Windows\system32\drivers
10:59:46.119    AVAST engine scan C:\Users\Walter
11:03:06.346    Disk 0 MBR has been saved successfully to "C:\Users\Walter\Desktop\MBR.dat"
11:03:06.346    The log file has been saved successfully to "C:\Users\Walter\Desktop\aswMBR.txt"

 

Here is the TDSS Killer log.  Please note that I have run this several times previous to your request.  I'd have to go back and look at my notes to see if I ever said fix.  I know that it always finds the rcpld file which I determined belongs to our Absolute LoJack.  At first, I didn't realize that and I quarantined it.  I thought when I did another restore point based on HP's advice that the quarantine went away but I saw the quarantine folder when I went to get the log.  I also saw the previous run logs right by the current log if you want them.  For now, here is the latest run log:

 

11:14:40.0340 3996  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:14:40.0761 3996  ============================================================
11:14:40.0761 3996  Current date / time: 2013/05/15 11:14:40.0761
11:14:40.0761 3996  SystemInfo:
11:14:40.0761 3996 
11:14:40.0761 3996  OS Version: 6.1.7601 ServicePack: 1.0
11:14:40.0761 3996  Product type: Workstation
11:14:40.0761 3996  ComputerName: WALTER-HP
11:14:40.0761 3996  UserName: Walter
11:14:40.0761 3996  Windows directory: C:\Windows
11:14:40.0761 3996  System windows directory: C:\Windows
11:14:40.0761 3996  Running under WOW64
11:14:40.0761 3996  Processor architecture: Intel x64
11:14:40.0761 3996  Number of processors: 8
11:14:40.0761 3996  Page size: 0x1000
11:14:40.0761 3996  Boot type: Normal boot
11:14:40.0761 3996  ============================================================
11:14:41.0167 3996  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:14:41.0167 3996  ============================================================
11:14:41.0167 3996  \Device\Harddisk0\DR0:
11:14:41.0167 3996  MBR partitions:
11:14:41.0167 3996  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:14:41.0167 3996  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x724A7800
11:14:41.0167 3996  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7250B800, BlocksNum 0x21C7800
11:14:41.0167 3996  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x746D3000, BlocksNum 0x335B0
11:14:41.0167 3996  ============================================================
11:14:41.0198 3996  C: <-> \Device\Harddisk0\DR0\Partition2
11:14:41.0245 3996  D: <-> \Device\Harddisk0\DR0\Partition3
11:14:41.0260 3996  F: <-> \Device\Harddisk0\DR0\Partition4
11:14:41.0260 3996  ============================================================
11:14:41.0260 3996  Initialize success
11:14:41.0260 3996  ============================================================
11:14:42.0633 4432  ============================================================
11:14:42.0633 4432  Scan started
11:14:42.0633 4432  Mode: Manual;
11:14:42.0633 4432  ============================================================
11:14:43.0210 4432  ================ Scan system memory ========================
11:14:43.0210 4432  System memory - ok
11:14:43.0210 4432  ================ Scan services =============================
11:14:43.0413 4432  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:14:43.0413 4432  1394ohci - ok
11:14:43.0522 4432  [ 28D79AAA4E1C15577A86F930E8DA5E50 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
11:14:43.0522 4432  AbsoluteNotifier - ok
11:14:43.0553 4432  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
11:14:43.0553 4432  Accelerometer - ok
11:14:43.0616 4432  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:14:43.0616 4432  ACPI - ok
11:14:43.0663 4432  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:14:43.0663 4432  AcpiPmi - ok
11:14:43.0881 4432  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:14:43.0881 4432  AdobeFlashPlayerUpdateSvc - ok
11:14:43.0943 4432  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:14:43.0959 4432  adp94xx - ok
11:14:43.0990 4432  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:14:43.0990 4432  adpahci - ok
11:14:44.0037 4432  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:14:44.0037 4432  adpu320 - ok
11:14:44.0068 4432  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:14:44.0068 4432  AeLookupSvc - ok
11:14:44.0177 4432  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
11:14:44.0177 4432  AESTFilters - ok
11:14:44.0240 4432  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:14:44.0255 4432  AFD - ok
11:14:44.0287 4432  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:14:44.0287 4432  agp440 - ok
11:14:44.0333 4432  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:14:44.0349 4432  ALG - ok
11:14:44.0396 4432  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:14:44.0396 4432  aliide - ok
11:14:44.0474 4432  [ C53D784D7303C463D004C0D5782917B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:14:44.0474 4432  AMD External Events Utility - ok
11:14:44.0521 4432  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:14:44.0521 4432  amdide - ok
11:14:44.0567 4432  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:14:44.0567 4432  AmdK8 - ok
11:14:44.0848 4432  [ 06778049A44C316E8D016039B9D14667 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:14:45.0035 4432  amdkmdag - ok
11:14:45.0098 4432  [ 94B4028F0EEA1F166D78186A254676B5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
11:14:45.0098 4432  amdkmdap - ok
11:14:45.0129 4432  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:14:45.0145 4432  AmdPPM - ok
11:14:45.0176 4432  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:14:45.0176 4432  amdsata - ok
11:14:45.0238 4432  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:14:45.0238 4432  amdsbs - ok
11:14:45.0285 4432  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:14:45.0285 4432  amdxata - ok
11:14:45.0332 4432  [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
11:14:45.0332 4432  AMPPAL - ok
11:14:45.0347 4432  [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
11:14:45.0347 4432  AMPPALP - ok
11:14:45.0488 4432  [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
11:14:45.0488 4432  AMPPALR3 - ok
11:14:45.0566 4432  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:14:45.0566 4432  AppID - ok
11:14:45.0597 4432  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:14:45.0597 4432  AppIDSvc - ok
11:14:45.0644 4432  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
11:14:45.0644 4432  Appinfo - ok
11:14:45.0706 4432  [ 0EEFF7103E4F3E783F3D2B870AF67F1C ] appliand        C:\Windows\system32\DRIVERS\appliand.sys
11:14:45.0706 4432  appliand - ok
11:14:45.0722 4432  [ 0EEFF7103E4F3E783F3D2B870AF67F1C ] appliandMP      C:\Windows\system32\DRIVERS\appliand.sys
11:14:45.0722 4432  appliandMP - ok
11:14:45.0769 4432  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:14:45.0769 4432  arc - ok
11:14:45.0784 4432  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:14:45.0784 4432  arcsas - ok
11:14:45.0925 4432  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:14:45.0925 4432  aspnet_state - ok
11:14:45.0971 4432  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:14:45.0971 4432  AsyncMac - ok
11:14:46.0003 4432  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:14:46.0003 4432  atapi - ok
11:14:46.0065 4432  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:14:46.0081 4432  AudioEndpointBuilder - ok
11:14:46.0081 4432  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:14:46.0081 4432  AudioSrv - ok
11:14:46.0143 4432  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:14:46.0143 4432  AxInstSV - ok
11:14:46.0190 4432  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
11:14:46.0205 4432  b06bdrv - ok
11:14:46.0252 4432  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:14:46.0252 4432  b57nd60a - ok
11:14:46.0377 4432  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
11:14:46.0377 4432  BBSvc - ok
11:14:46.0439 4432  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
11:14:46.0439 4432  BBUpdate - ok
11:14:46.0486 4432  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:14:46.0486 4432  BDESVC - ok
11:14:46.0517 4432  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:14:46.0517 4432  Beep - ok
11:14:46.0580 4432  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:14:46.0580 4432  BFE - ok
11:14:46.0642 4432  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:14:46.0658 4432  BITS - ok
11:14:46.0705 4432  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:14:46.0705 4432  blbdrive - ok
11:14:46.0751 4432  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:14:46.0751 4432  bowser - ok
11:14:46.0783 4432  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:14:46.0783 4432  BrFiltLo - ok
11:14:46.0798 4432  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:14:46.0798 4432  BrFiltUp - ok
11:14:46.0845 4432  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:14:46.0845 4432  Browser - ok
11:14:46.0876 4432  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:14:46.0876 4432  Brserid - ok
11:14:46.0923 4432  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:14:46.0923 4432  BrSerWdm - ok
11:14:46.0954 4432  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:14:46.0954 4432  BrUsbMdm - ok
11:14:46.0985 4432  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:14:46.0985 4432  BrUsbSer - ok
11:14:47.0048 4432  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
11:14:47.0048 4432  BthEnum - ok
11:14:47.0095 4432  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:14:47.0095 4432  BTHMODEM - ok
11:14:47.0126 4432  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:14:47.0126 4432  BthPan - ok
11:14:47.0173 4432  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
11:14:47.0188 4432  BTHPORT - ok
11:14:47.0251 4432  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:14:47.0251 4432  bthserv - ok
11:14:47.0266 4432  [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
11:14:47.0266 4432  BTHSSecurityMgr - ok
11:14:47.0313 4432  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:14:47.0313 4432  BTHUSB - ok
11:14:47.0375 4432  [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
11:14:47.0375 4432  btwampfl - ok
11:14:47.0391 4432  [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:14:47.0391 4432  btwaudio - ok
11:14:47.0438 4432  [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
11:14:47.0438 4432  btwavdt - ok
11:14:47.0531 4432  [ 692F8648D7686D91E34A65AC698019D8 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:14:47.0547 4432  btwdins - ok
11:14:47.0578 4432  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
11:14:47.0578 4432  btwl2cap - ok
11:14:47.0609 4432  [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:14:47.0609 4432  btwrchid - ok
11:14:47.0641 4432  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:14:47.0641 4432  cdfs - ok
11:14:47.0703 4432  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:14:47.0719 4432  cdrom - ok
11:14:47.0765 4432  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:14:47.0765 4432  CertPropSvc - ok
11:14:47.0828 4432  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:14:47.0828 4432  circlass - ok
11:14:47.0890 4432  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:14:47.0890 4432  CLFS - ok
11:14:48.0015 4432  [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
11:14:48.0015 4432  CLKMSVC10_38F51D56 - ok
11:14:48.0077 4432  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:14:48.0077 4432  clr_optimization_v2.0.50727_32 - ok
11:14:48.0109 4432  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:14:48.0124 4432  clr_optimization_v2.0.50727_64 - ok
11:14:48.0187 4432  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:14:48.0187 4432  clr_optimization_v4.0.30319_32 - ok
11:14:48.0218 4432  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:14:48.0233 4432  clr_optimization_v4.0.30319_64 - ok
11:14:48.0280 4432  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
11:14:48.0280 4432  clwvd - ok
11:14:48.0327 4432  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:14:48.0327 4432  CmBatt - ok
11:14:48.0358 4432  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:14:48.0358 4432  cmdide - ok
11:14:48.0405 4432  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
11:14:48.0421 4432  CNG - ok
11:14:48.0467 4432  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:14:48.0467 4432  Compbatt - ok
11:14:48.0530 4432  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:14:48.0530 4432  CompositeBus - ok
11:14:48.0545 4432  COMSysApp - ok
11:14:48.0592 4432  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:14:48.0592 4432  crcdisk - ok
11:14:48.0639 4432  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:14:48.0639 4432  CryptSvc - ok
11:14:48.0764 4432  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:14:48.0764 4432  cvhsvc - ok
11:14:48.0826 4432  [ B1C55A95006D621D04FE4A23F86C0A54 ] DCamUSBEMPIA    C:\Windows\system32\DRIVERS\emDevice64.sys
11:14:48.0826 4432  DCamUSBEMPIA - ok
11:14:48.0904 4432  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:14:48.0904 4432  DcomLaunch - ok
11:14:48.0967 4432  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:14:48.0967 4432  defragsvc - ok
11:14:49.0013 4432  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:14:49.0013 4432  DfsC - ok
11:14:49.0060 4432  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:14:49.0060 4432  Dhcp - ok
11:14:49.0107 4432  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:14:49.0107 4432  discache - ok
11:14:49.0169 4432  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:14:49.0169 4432  Disk - ok
11:14:49.0201 4432  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:14:49.0201 4432  Dnscache - ok
11:14:49.0232 4432  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:14:49.0247 4432  dot3svc - ok
11:14:49.0263 4432  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:14:49.0263 4432  DPS - ok
11:14:49.0310 4432  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:14:49.0310 4432  drmkaud - ok
11:14:49.0372 4432  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:14:49.0372 4432  DXGKrnl - ok
11:14:49.0419 4432  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:14:49.0419 4432  EapHost - ok
11:14:49.0481 4432  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
11:14:49.0544 4432  ebdrv - ok
11:14:49.0591 4432  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:14:49.0591 4432  EFS - ok
11:14:49.0669 4432  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:14:49.0684 4432  ehRecvr - ok
11:14:49.0700 4432  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:14:49.0700 4432  ehSched - ok
11:14:49.0747 4432  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:14:49.0762 4432  elxstor - ok
11:14:49.0809 4432  [ 8543BB84CD5872CD1619183F5CBBE3F9 ] emAudio         C:\Windows\system32\drivers\emAudio64.sys
11:14:49.0809 4432  emAudio - ok
11:14:49.0840 4432  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:14:49.0840 4432  ErrDev - ok
11:14:49.0887 4432  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:14:49.0887 4432  EventSystem - ok
11:14:49.0981 4432  [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:14:49.0996 4432  EvtEng - ok
11:14:50.0043 4432  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:14:50.0043 4432  exfat - ok
11:14:50.0043 4432  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:14:50.0059 4432  fastfat - ok
11:14:50.0105 4432  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:14:50.0121 4432  Fax - ok
11:14:50.0152 4432  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:14:50.0152 4432  fdc - ok
11:14:50.0199 4432  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:14:50.0215 4432  fdPHost - ok
11:14:50.0215 4432  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:14:50.0215 4432  FDResPub - ok
11:14:50.0261 4432  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:14:50.0261 4432  FileInfo - ok
11:14:50.0277 4432  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:14:50.0277 4432  Filetrace - ok
11:14:50.0324 4432  [ 73FBB50C4D92ADC30A9D57A269489A0B ] FiltUSBEMPIA    C:\Windows\system32\DRIVERS\emFilter64.sys
11:14:50.0324 4432  FiltUSBEMPIA - ok
11:14:50.0371 4432  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:14:50.0371 4432  flpydisk - ok
11:14:50.0402 4432  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:14:50.0417 4432  FltMgr - ok
11:14:50.0480 4432  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
11:14:50.0480 4432  FontCache - ok
11:14:50.0542 4432  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:14:50.0542 4432  FontCache3.0.0.0 - ok
11:14:50.0605 4432  [ CDC54DB949D1E2BBF86B0C7AB86B912E ] FPLService      C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
11:14:50.0605 4432  FPLService - ok
11:14:50.0620 4432  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:14:50.0620 4432  FsDepends - ok
11:14:50.0667 4432  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:14:50.0667 4432  Fs_Rec - ok
11:14:50.0729 4432  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:14:50.0729 4432  fvevol - ok
11:14:50.0761 4432  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:14:50.0761 4432  gagp30kx - ok
11:14:50.0854 4432  [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:14:50.0854 4432  GameConsoleService - ok
11:14:50.0901 4432  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:14:50.0917 4432  gpsvc - ok
11:14:51.0041 4432  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:14:51.0041 4432  gupdate - ok
11:14:51.0057 4432  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:14:51.0057 4432  gupdatem - ok
11:14:51.0088 4432  [ F531C096D13A9E12B143DB770814DE92 ] hcw72ADFilter   C:\Windows\system32\DRIVERS\hcw72ADFilter.sys
11:14:51.0088 4432  hcw72ADFilter - ok
11:14:51.0135 4432  [ 0496F2A26A9B45412C5CC096D451AA22 ] hcw72ATV        C:\Windows\system32\DRIVERS\hcw72ATV.sys
11:14:51.0151 4432  hcw72ATV - ok
11:14:51.0229 4432  [ 13D8E1F19E5F461F99C24E50BC987B58 ] hcw72DTV        C:\Windows\system32\DRIVERS\hcw72DTV.sys
11:14:51.0244 4432  hcw72DTV - ok
11:14:51.0275 4432  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:14:51.0275 4432  hcw85cir - ok
11:14:51.0322 4432  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:14:51.0338 4432  HdAudAddService - ok
11:14:51.0369 4432  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:14:51.0369 4432  HDAudBus - ok
11:14:51.0385 4432  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:14:51.0385 4432  HidBatt - ok
11:14:51.0416 4432  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:14:51.0416 4432  HidBth - ok
11:14:51.0463 4432  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:14:51.0463 4432  HidIr - ok
11:14:51.0478 4432  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:14:51.0494 4432  hidserv - ok
11:14:51.0541 4432  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:14:51.0541 4432  HidUsb - ok
11:14:51.0603 4432  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:14:51.0603 4432  hkmsvc - ok
11:14:51.0650 4432  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:14:51.0650 4432  HomeGroupListener - ok
11:14:51.0665 4432  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:14:51.0681 4432  HomeGroupProvider - ok
11:14:51.0759 4432  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:14:51.0759 4432  HP Support Assistant Service - ok
11:14:51.0821 4432  [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
11:14:51.0821 4432  HP Wireless Assistant Service - ok
11:14:51.0853 4432  [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:14:51.0868 4432  HPClientSvc - ok
11:14:51.0899 4432  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
11:14:51.0899 4432  hpdskflt - ok
11:14:51.0993 4432  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:14:51.0993 4432  hpqwmiex - ok
11:14:52.0055 4432  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:14:52.0055 4432  HpSAMD - ok
11:14:52.0102 4432  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
11:14:52.0102 4432  hpsrv - ok
11:14:52.0165 4432  [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:14:52.0165 4432  HPWMISVC - ok
11:14:52.0227 4432  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:14:52.0227 4432  HTTP - ok
11:14:52.0258 4432  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:14:52.0258 4432  hwpolicy - ok
11:14:52.0321 4432  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:14:52.0321 4432  i8042prt - ok
11:14:52.0352 4432  [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:14:52.0352 4432  iaStor - ok
11:14:52.0430 4432  [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:14:52.0430 4432  IAStorDataMgrSvc - ok
11:14:52.0492 4432  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:14:52.0492 4432  iaStorV - ok
11:14:52.0555 4432  [ 5DAD4CB1A0C197A5B0CC2A74F33F2A79 ] IB Updater      C:\Program Files\IB Updater\ExtensionUpdaterService.exe
11:14:52.0555 4432  IB Updater - ok
11:14:52.0711 4432  [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:14:52.0711 4432  IconMan_R - ok
11:14:52.0773 4432  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:14:52.0773 4432  idsvc - ok
11:14:52.0991 4432  [ 33FAA40B288002C89529DBD14F3AB72C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:14:53.0179 4432  igfx - ok
11:14:53.0210 4432  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:14:53.0210 4432  iirsp - ok
11:14:53.0257 4432  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:14:53.0272 4432  IKEEXT - ok
11:14:53.0319 4432  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
11:14:53.0319 4432  IntcDAud - ok
11:14:53.0366 4432  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:14:53.0366 4432  intelide - ok
11:14:53.0615 4432  [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
11:14:53.0803 4432  intelkmd - ok
11:14:53.0834 4432  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:14:53.0834 4432  intelppm - ok
11:14:53.0943 4432  [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:14:53.0943 4432  IntuitUpdateService - ok
11:14:53.0990 4432  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:14:53.0990 4432  IPBusEnum - ok
11:14:54.0021 4432  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:14:54.0021 4432  IpFilterDriver - ok
11:14:54.0083 4432  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:14:54.0083 4432  iphlpsvc - ok
11:14:54.0115 4432  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:14:54.0115 4432  IPMIDRV - ok
11:14:54.0130 4432  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:14:54.0146 4432  IPNAT - ok
11:14:54.0193 4432  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:14:54.0193 4432  IRENUM - ok
11:14:54.0239 4432  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:14:54.0239 4432  isapnp - ok
11:14:54.0271 4432  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:14:54.0271 4432  iScsiPrt - ok
11:14:54.0302 4432  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
11:14:54.0302 4432  kbdclass - ok
11:14:54.0364 4432  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:14:54.0364 4432  kbdhid - ok
11:14:54.0395 4432  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:14:54.0395 4432  KeyIso - ok
11:14:54.0427 4432  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:14:54.0442 4432  KSecDD - ok
11:14:54.0442 4432  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:14:54.0442 4432  KSecPkg - ok
11:14:54.0489 4432  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:14:54.0489 4432  ksthunk - ok
11:14:54.0520 4432  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:14:54.0536 4432  KtmRm - ok
11:14:54.0598 4432  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:14:54.0598 4432  LanmanServer - ok
11:14:54.0629 4432  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:14:54.0645 4432  LanmanWorkstation - ok
11:14:54.0707 4432  [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:14:54.0707 4432  LightScribeService - ok
11:14:54.0739 4432  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:14:54.0739 4432  lltdio - ok
11:14:54.0770 4432  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:14:54.0785 4432  lltdsvc - ok
11:14:54.0817 4432  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:14:54.0817 4432  lmhosts - ok
11:14:54.0863 4432  [ C463A25F01C6237295917417C5E9E344 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:14:54.0863 4432  LMS - ok
11:14:54.0941 4432  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:14:54.0941 4432  LSI_FC - ok
11:14:54.0973 4432  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:14:54.0973 4432  LSI_SAS - ok
11:14:55.0019 4432  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:14:55.0019 4432  LSI_SAS2 - ok
11:14:55.0019 4432  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:14:55.0035 4432  LSI_SCSI - ok
11:14:55.0097 4432  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:14:55.0097 4432  luafv - ok
11:14:55.0160 4432  [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus64.sys
11:14:55.0160 4432  MarvinBus - ok
11:14:55.0222 4432  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:14:55.0222 4432  MBAMProtector - ok
11:14:55.0316 4432  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:14:55.0331 4432  MBAMScheduler - ok
11:14:55.0409 4432  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:14:55.0409 4432  MBAMService - ok
11:14:55.0472 4432  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:14:55.0472 4432  Mcx2Svc - ok
11:14:55.0503 4432  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:14:55.0503 4432  megasas - ok
11:14:55.0519 4432  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:14:55.0534 4432  MegaSR - ok
11:14:55.0581 4432  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
11:14:55.0581 4432  MEIx64 - ok
11:14:55.0597 4432  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:14:55.0597 4432  MMCSS - ok
11:14:55.0628 4432  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:14:55.0628 4432  Modem - ok
11:14:55.0675 4432  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:14:55.0675 4432  monitor - ok
11:14:55.0721 4432  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:14:55.0721 4432  mouclass - ok
11:14:55.0737 4432  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:14:55.0737 4432  mouhid - ok
11:14:55.0784 4432  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:14:55.0784 4432  mountmgr - ok
11:14:55.0862 4432  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
11:14:55.0877 4432  MpFilter - ok
11:14:55.0909 4432  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:14:55.0909 4432  mpio - ok
11:14:55.0940 4432  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:14:55.0940 4432  mpsdrv - ok
11:14:55.0987 4432  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:14:55.0987 4432  MpsSvc - ok
11:14:56.0018 4432  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:14:56.0018 4432  MRxDAV - ok
11:14:56.0065 4432  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:14:56.0065 4432  mrxsmb - ok
11:14:56.0096 4432  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:14:56.0096 4432  mrxsmb10 - ok
11:14:56.0111 4432  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:14:56.0111 4432  mrxsmb20 - ok
11:14:56.0143 4432  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:14:56.0143 4432  msahci - ok
11:14:56.0158 4432  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:14:56.0158 4432  msdsm - ok
11:14:56.0174 4432  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:14:56.0174 4432  MSDTC - ok
11:14:56.0236 4432  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:14:56.0236 4432  Msfs - ok
11:14:56.0267 4432  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:14:56.0267 4432  mshidkmdf - ok
11:14:56.0299 4432  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:14:56.0299 4432  msisadrv - ok
11:14:56.0345 4432  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:14:56.0345 4432  MSiSCSI - ok
11:14:56.0345 4432  msiserver - ok
11:14:56.0392 4432  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:14:56.0392 4432  MSKSSRV - ok
11:14:56.0486 4432  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:14:56.0486 4432  MsMpSvc - ok
11:14:56.0533 4432  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:14:56.0533 4432  MSPCLOCK - ok
11:14:56.0533 4432  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:14:56.0533 4432  MSPQM - ok
11:14:56.0564 4432  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:14:56.0564 4432  MsRPC - ok
11:14:56.0595 4432  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:14:56.0595 4432  mssmbios - ok
11:14:56.0642 4432  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:14:56.0642 4432  MSTEE - ok
11:14:56.0642 4432  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:14:56.0642 4432  MTConfig - ok
11:14:56.0657 4432  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:14:56.0657 4432  Mup - ok
11:14:56.0735 4432  [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:14:56.0735 4432  MyWiFiDHCPDNS - ok
11:14:56.0767 4432  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:14:56.0782 4432  napagent - ok
11:14:56.0829 4432  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:14:56.0829 4432  NativeWifiP - ok
11:14:56.0891 4432  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:14:56.0907 4432  NDIS - ok
11:14:56.0954 4432  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:14:56.0954 4432  NdisCap - ok
11:14:56.0985 4432  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:14:56.0985 4432  NdisTapi - ok
11:14:57.0032 4432  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:14:57.0032 4432  Ndisuio - ok
11:14:57.0079 4432  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:14:57.0079 4432  NdisWan - ok
11:14:57.0110 4432  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:14:57.0110 4432  NDProxy - ok
11:14:57.0141 4432  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:14:57.0141 4432  NetBIOS - ok
11:14:57.0172 4432  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:14:57.0172 4432  NetBT - ok
11:14:57.0203 4432  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:14:57.0203 4432  Netlogon - ok
11:14:57.0266 4432  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:14:57.0266 4432  Netman - ok
11:14:57.0297 4432  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:14:57.0297 4432  NetMsmqActivator - ok
11:14:57.0297 4432  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:14:57.0297 4432  NetPipeActivator - ok
11:14:57.0344 4432  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:14:57.0344 4432  netprofm - ok
11:14:57.0422 4432  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:14:57.0422 4432  NetTcpActivator - ok
11:14:57.0422 4432  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:14:57.0422 4432  NetTcpPortSharing - ok
11:14:57.0562 4432  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
11:14:57.0671 4432  netw5v64 - ok
11:14:57.0843 4432  [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
11:14:57.0983 4432  NETwNs64 - ok
11:14:58.0015 4432  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:14:58.0015 4432  nfrd960 - ok
11:14:58.0077 4432  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:14:58.0077 4432  NisDrv - ok
11:14:58.0139 4432  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
11:14:58.0139 4432  NisSrv - ok
11:14:58.0171 4432  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:14:58.0171 4432  NlaSvc - ok
11:14:58.0202 4432  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:14:58.0202 4432  Npfs - ok
11:14:58.0217 4432  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:14:58.0217 4432  nsi - ok
11:14:58.0233 4432  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:14:58.0233 4432  nsiproxy - ok
11:14:58.0295 4432  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:14:58.0311 4432  Ntfs - ok
11:14:58.0342 4432  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:14:58.0342 4432  Null - ok
11:14:58.0389 4432  [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
11:14:58.0389 4432  nusb3hub - ok
11:14:58.0405 4432  [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:14:58.0405 4432  nusb3xhc - ok
11:14:58.0436 4432  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:14:58.0436 4432  nvraid - ok
11:14:58.0467 4432  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:14:58.0467 4432  nvstor - ok
11:14:58.0514 4432  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:14:58.0514 4432  nv_agp - ok
11:14:58.0545 4432  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:14:58.0545 4432  ohci1394 - ok
11:14:58.0592 4432  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:14:58.0592 4432  ose - ok
11:14:58.0732 4432  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:14:58.0748 4432  osppsvc - ok
11:14:58.0763 4432  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:14:58.0779 4432  p2pimsvc - ok
11:14:58.0810 4432  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:14:58.0810 4432  p2psvc - ok
11:14:58.0826 4432  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:14:58.0826 4432  Parport - ok
11:14:58.0857 4432  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:14:58.0857 4432  partmgr - ok
11:14:58.0888 4432  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:14:58.0888 4432  PcaSvc - ok
11:14:58.0935 4432  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:14:58.0935 4432  pci - ok
11:14:58.0966 4432  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:14:58.0966 4432  pciide - ok
11:14:58.0982 4432  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:14:58.0982 4432  pcmcia - ok
11:14:59.0013 4432  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:14:59.0013 4432  pcw - ok
11:14:59.0029 4432  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:14:59.0029 4432  PEAUTH - ok
11:14:59.0091 4432  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:14:59.0091 4432  PerfHost - ok
11:14:59.0138 4432  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:14:59.0153 4432  pla - ok
11:14:59.0200 4432  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:14:59.0216 4432  PlugPlay - ok
11:14:59.0231 4432  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:14:59.0231 4432  PNRPAutoReg - ok
11:14:59.0263 4432  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:14:59.0263 4432  PNRPsvc - ok
11:14:59.0294 4432  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:14:59.0309 4432  PolicyAgent - ok
11:14:59.0325 4432  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:14:59.0325 4432  Power - ok
11:14:59.0372 4432  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:14:59.0372 4432  PptpMiniport - ok
11:14:59.0387 4432  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:14:59.0387 4432  Processor - ok
11:14:59.0419 4432  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:14:59.0419 4432  ProfSvc - ok
11:14:59.0434 4432  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:14:59.0434 4432  ProtectedStorage - ok
11:14:59.0481 4432  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:14:59.0481 4432  Psched - ok
11:14:59.0559 4432  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:14:59.0559 4432  ql2300 - ok
11:14:59.0621 4432  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:14:59.0621 4432  ql40xx - ok
11:14:59.0653 4432  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:14:59.0653 4432  QWAVE - ok
11:14:59.0684 4432  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:14:59.0684 4432  QWAVEdrv - ok
11:14:59.0684 4432  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:14:59.0684 4432  RasAcd - ok
11:14:59.0746 4432  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:14:59.0746 4432  RasAgileVpn - ok
11:14:59.0762 4432  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:14:59.0762 4432  RasAuto - ok
11:14:59.0809 4432  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:14:59.0809 4432  Rasl2tp - ok
11:14:59.0855 4432  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:14:59.0871 4432  RasMan - ok
11:14:59.0902 4432  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:14:59.0902 4432  RasPppoe - ok
11:14:59.0949 4432  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:14:59.0949 4432  RasSstp - ok
11:14:59.0996 4432  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:14:59.0996 4432  rdbss - ok
11:15:00.0011 4432  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:15:00.0011 4432  rdpbus - ok
11:15:00.0058 4432  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:15:00.0058 4432  RDPCDD - ok
11:15:00.0074 4432  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:15:00.0074 4432  RDPENCDD - ok
11:15:00.0089 4432  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:15:00.0089 4432  RDPREFMP - ok
11:15:00.0121 4432  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:15:00.0121 4432  RDPWD - ok
11:15:00.0183 4432  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:15:00.0183 4432  rdyboost - ok
11:15:00.0230 4432  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
11:15:00.0245 4432  RealNetworks Downloader Resolver Service - ok
11:15:00.0355 4432  [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:15:00.0370 4432  RegSrvc - ok
11:15:00.0386 4432  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:15:00.0386 4432  RemoteAccess - ok
11:15:00.0433 4432  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:15:00.0433 4432  RemoteRegistry - ok
11:15:00.0479 4432  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:15:00.0479 4432  RFCOMM - ok
11:15:00.0557 4432  [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:15:00.0557 4432  RoxioNow Service - ok
11:15:00.0589 4432  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:15:00.0589 4432  RpcEptMapper - ok
11:15:00.0713 4432  [ B1574DCB4AE3EFACC24AA87B4AE6FC55 ] rpcld           C:\ProgramData\Rpcnet\Bin\rpcld.exe
11:15:00.0713 4432  Suspicious file (NoAccess): C:\ProgramData\Rpcnet\Bin\rpcld.exe. md5: B1574DCB4AE3EFACC24AA87B4AE6FC55
11:15:00.0713 4432  rpcld ( LockedFile.Multi.Generic ) - warning
11:15:00.0713 4432  rpcld - detected LockedFile.Multi.Generic (1)
11:15:00.0745 4432  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:15:00.0745 4432  RpcLocator - ok
11:15:00.0791 4432  [ 675C575444AAFD56B4E8A99EF8A570CD ] rpcnet          C:\Windows\SysWOW64\rpcnet.exe
11:15:00.0791 4432  rpcnet - ok
11:15:00.0838 4432  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:15:00.0838 4432  RpcSs - ok
11:15:00.0869 4432  [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
11:15:00.0885 4432  RSPCIESTOR - ok
11:15:00.0932 4432  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:15:00.0932 4432  rspndr - ok
11:15:01.0025 4432  [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:15:01.0041 4432  RTL8167 - ok
11:15:01.0041 4432  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:15:01.0041 4432  SamSs - ok
11:15:01.0072 4432  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:15:01.0072 4432  sbp2port - ok
11:15:01.0119 4432  [ EECBBF7D76300E5558D316983961FFC1 ] ScanUSBEMPIA    C:\Windows\system32\DRIVERS\emScan64.sys
11:15:01.0119 4432  ScanUSBEMPIA - ok
11:15:01.0150 4432  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:15:01.0166 4432  SCardSvr - ok
11:15:01.0197 4432  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:15:01.0197 4432  scfilter - ok
11:15:01.0244 4432  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:15:01.0244 4432  Schedule - ok
11:15:01.0275 4432  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:15:01.0275 4432  SCPolicySvc - ok
11:15:01.0322 4432  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
11:15:01.0322 4432  sdbus - ok
11:15:01.0337 4432  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:15:01.0353 4432  SDRSVC - ok
11:15:01.0400 4432  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:15:01.0400 4432  secdrv - ok
11:15:01.0431 4432  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:15:01.0431 4432  seclogon - ok
11:15:01.0478 4432  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:15:01.0478 4432  SENS - ok
11:15:01.0509 4432  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:15:01.0509 4432  SensrSvc - ok
11:15:01.0556 4432  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:15:01.0556 4432  Serenum - ok
11:15:01.0571 4432  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:15:01.0571 4432  Serial - ok
11:15:01.0618 4432  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:15:01.0618 4432  sermouse - ok
11:15:01.0681 4432  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:15:01.0681 4432  SessionEnv - ok
11:15:01.0712 4432  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:15:01.0712 4432  sffdisk - ok
11:15:01.0712 4432  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:15:01.0727 4432  sffp_mmc - ok
11:15:01.0727 4432  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:15:01.0727 4432  sffp_sd - ok
11:15:01.0774 4432  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:15:01.0774 4432  sfloppy - ok
11:15:01.0837 4432  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
11:15:01.0837 4432  Sftfs - ok
11:15:01.0899 4432  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:15:01.0899 4432  sftlist - ok
11:15:01.0915 4432  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:15:01.0915 4432  Sftplay - ok
11:15:01.0961 4432  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:15:01.0961 4432  Sftredir - ok
11:15:01.0977 4432  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
11:15:01.0977 4432  Sftvol - ok
11:15:01.0993 4432  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:15:01.0993 4432  sftvsa - ok
11:15:02.0039 4432  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:15:02.0039 4432  SharedAccess - ok
11:15:02.0071 4432  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:15:02.0086 4432  ShellHWDetection - ok
11:15:02.0133 4432  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:15:02.0133 4432  SiSRaid2 - ok
11:15:02.0149 4432  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:15:02.0164 4432  SiSRaid4 - ok
11:15:02.0195 4432  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:15:02.0195 4432  Smb - ok
11:15:02.0227 4432  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:15:02.0242 4432  SNMPTRAP - ok
11:15:02.0258 4432  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:15:02.0258 4432  spldr - ok
11:15:02.0289 4432  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:15:02.0305 4432  Spooler - ok
11:15:02.0367 4432  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:15:02.0429 4432  sppsvc - ok
11:15:02.0445 4432  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:15:02.0445 4432  sppuinotify - ok
11:15:02.0476 4432  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:15:02.0476 4432  srv - ok
11:15:02.0523 4432  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:15:02.0523 4432  srv2 - ok
11:15:02.0570 4432  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:15:02.0570 4432  SrvHsfHDA - ok
11:15:02.0601 4432  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:15:02.0617 4432  SrvHsfV92 - ok
11:15:02.0632 4432  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:15:02.0648 4432  SrvHsfWinac - ok
11:15:02.0663 4432  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:15:02.0663 4432  srvnet - ok
11:15:02.0710 4432  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:15:02.0710 4432  SSDPSRV - ok
11:15:02.0726 4432  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:15:02.0726 4432  SstpSvc - ok
11:15:02.0819 4432  [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
11:15:02.0835 4432  STacSV - ok
11:15:02.0851 4432  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:15:02.0851 4432  stexstor - ok
11:15:02.0897 4432  [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
11:15:02.0897 4432  STHDA - ok
11:15:02.0944 4432  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:15:02.0960 4432  stisvc - ok
11:15:02.0991 4432  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:15:02.0991 4432  swenum - ok
11:15:03.0007 4432  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:15:03.0022 4432  swprv - ok
11:15:03.0085 4432  [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:15:03.0100 4432  SynTP - ok
11:15:03.0147 4432  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:15:03.0163 4432  SysMain - ok
11:15:03.0194 4432  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:15:03.0194 4432  TabletInputService - ok
11:15:03.0225 4432  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:15:03.0225 4432  TapiSrv - ok
11:15:03.0256 4432  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:15:03.0256 4432  TBS - ok
11:15:03.0334 4432  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:15:03.0350 4432  Tcpip - ok
11:15:03.0412 4432  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:15:03.0428 4432  TCPIP6 - ok
11:15:03.0459 4432  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:15:03.0459 4432  tcpipreg - ok
11:15:03.0506 4432  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:15:03.0506 4432  TDPIPE - ok
11:15:03.0537 4432  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:15:03.0537 4432  TDTCP - ok
11:15:03.0568 4432  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:15:03.0568 4432  tdx - ok
11:15:03.0631 4432  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:15:03.0631 4432  TermDD - ok
11:15:03.0662 4432  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:15:03.0677 4432  TermService - ok
11:15:03.0709 4432  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:15:03.0709 4432  Themes - ok
11:15:03.0724 4432  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:15:03.0724 4432  THREADORDER - ok
11:15:03.0755 4432  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:15:03.0755 4432  TrkWks - ok
11:15:03.0802 4432  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:15:03.0802 4432  TrustedInstaller - ok
11:15:03.0833 4432  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:15:03.0833 4432  tssecsrv - ok
11:15:03.0896 4432  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:15:03.0896 4432  TsUsbFlt - ok
11:15:03.0943 4432  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:15:03.0943 4432  tunnel - ok
11:15:03.0974 4432  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:15:03.0974 4432  uagp35 - ok
11:15:04.0005 4432  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:15:04.0005 4432  udfs - ok
11:15:04.0021 4432  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:15:04.0021 4432  UI0Detect - ok
11:15:04.0052 4432  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:15:04.0052 4432  uliagpkx - ok
11:15:04.0099 4432  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
11:15:04.0099 4432  umbus - ok
11:15:04.0114 4432  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:15:04.0114 4432  UmPass - ok
11:15:04.0208 4432  [ 3A1ECEF8D49FC1A786A6CCD5A86A8878 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:15:04.0223 4432  UNS - ok
11:15:04.0255 4432  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:15:04.0255 4432  upnphost - ok
11:15:04.0317 4432  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:15:04.0317 4432  usbaudio - ok
11:15:04.0348 4432  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:15:04.0348 4432  usbccgp - ok
11:15:04.0379 4432  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:15:04.0379 4432  usbcir - ok
11:15:04.0411 4432  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:15:04.0411 4432  usbehci - ok
11:15:04.0457 4432  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:15:04.0457 4432  usbhub - ok
11:15:04.0473 4432  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:15:04.0473 4432  usbohci - ok
11:15:04.0489 4432  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:15:04.0489 4432  usbprint - ok
11:15:04.0520 4432  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:15:04.0520 4432  USBSTOR - ok
11:15:04.0567 4432  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:15:04.0567 4432  usbuhci - ok
11:15:04.0613 4432  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:15:04.0613 4432  usbvideo - ok
11:15:04.0645 4432  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:15:04.0645 4432  UxSms - ok
11:15:04.0660 4432  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:15:04.0660 4432  VaultSvc - ok
11:15:04.0691 4432  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:15:04.0691 4432  vdrvroot - ok
11:15:04.0738 4432  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:15:04.0738 4432  vds - ok
11:15:04.0769 4432  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:15:04.0769 4432  vga - ok
11:15:04.0769 4432  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:15:04.0769 4432  VgaSave - ok
11:15:04.0801 4432  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:15:04.0801 4432  vhdmp - ok
11:15:04.0847 4432  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:15:04.0847 4432  viaide - ok
11:15:04.0879 4432  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:15:04.0879 4432  volmgr - ok
11:15:04.0910 4432  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:15:04.0925 4432  volmgrx - ok
11:15:04.0957 4432  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:15:04.0957 4432  volsnap - ok
11:15:05.0003 4432  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:15:05.0003 4432  vsmraid - ok
11:15:05.0081 4432  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:15:05.0097 4432  VSS - ok
11:15:05.0113 4432  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:15:05.0113 4432  vwifibus - ok
11:15:05.0159 4432  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:15:05.0159 4432  vwififlt - ok
11:15:05.0175 4432  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
11:15:05.0175 4432  vwifimp - ok
11:15:05.0206 4432  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:15:05.0222 4432  W32Time - ok
11:15:05.0253 4432  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:15:05.0253 4432  WacomPen - ok
11:15:05.0315 4432  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:15:05.0315 4432  WANARP - ok
11:15:05.0331 4432  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:15:05.0331 4432  Wanarpv6 - ok
11:15:05.0378 4432  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:15:05.0393 4432  WatAdminSvc - ok
11:15:05.0440 4432  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:15:05.0456 4432  wbengine - ok
11:15:05.0471 4432  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:15:05.0471 4432  WbioSrvc - ok
11:15:05.0518 4432  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:15:05.0518 4432  wcncsvc - ok
11:15:05.0534 4432  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:15:05.0549 4432  WcsPlugInService - ok
11:15:05.0565 4432  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:15:05.0581 4432  Wd - ok
11:15:05.0627 4432  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:15:05.0627 4432  Wdf01000 - ok
11:15:05.0659 4432  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:15:05.0659 4432  WdiServiceHost - ok
11:15:05.0659 4432  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:15:05.0659 4432  WdiSystemHost - ok
11:15:05.0721 4432  [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd           C:\Windows\system32\DRIVERS\WDKMD.sys
11:15:05.0721 4432  wdkmd - ok
11:15:05.0768 4432  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:15:05.0768 4432  WebClient - ok
11:15:05.0799 4432  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:15:05.0799 4432  Wecsvc - ok
11:15:05.0815 4432  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:15:05.0815 4432  wercplsupport - ok
11:15:05.0861 4432  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:15:05.0861 4432  WerSvc - ok
11:15:05.0908 4432  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:15:05.0908 4432  WfpLwf - ok
11:15:05.0924 4432  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:15:05.0924 4432  WIMMount - ok
11:15:05.0924 4432  WinDefend - ok
11:15:05.0955 4432  WinHttpAutoProxySvc - ok
11:15:06.0002 4432  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:15:06.0002 4432  Winmgmt - ok
11:15:06.0064 4432  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:15:06.0080 4432  WinRM - ok
11:15:06.0142 4432  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
11:15:06.0142 4432  WinUsb - ok
11:15:06.0173 4432  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:15:06.0173 4432  Wlansvc - ok
11:15:06.0236 4432  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:15:06.0236 4432  wlcrasvc - ok
11:15:06.0329 4432  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:15:06.0345 4432  wlidsvc - ok
11:15:06.0376 4432  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:15:06.0376 4432  WmiAcpi - ok
11:15:06.0392 4432  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:15:06.0407 4432  wmiApSrv - ok
11:15:06.0454 4432  WMPNetworkSvc - ok
11:15:06.0485 4432  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:15:06.0485 4432  WPCSvc - ok
11:15:06.0517 4432  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:15:06.0517 4432  WPDBusEnum - ok
11:15:06.0532 4432  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:15:06.0532 4432  ws2ifsl - ok
11:15:06.0563 4432  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:15:06.0563 4432  wscsvc - ok
11:15:06.0563 4432  WSearch - ok
11:15:06.0626 4432  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:15:06.0641 4432  wuauserv - ok
11:15:06.0688 4432  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:15:06.0688 4432  WudfPf - ok
11:15:06.0719 4432  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:15:06.0719 4432  wudfsvc - ok
11:15:06.0766 4432  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:15:06.0766 4432  WwanSvc - ok
11:15:06.0797 4432  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
11:15:06.0797 4432  yukonw7 - ok
11:15:06.0829 4432  ================ Scan global ===============================
11:15:06.0844 4432  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:15:06.0891 4432  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:15:06.0891 4432  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:15:06.0922 4432  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:15:06.0938 4432  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:15:06.0953 4432  [Global] - ok
11:15:06.0953 4432  ================ Scan MBR ==================================
11:15:06.0969 4432  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:15:07.0141 4432  \Device\Harddisk0\DR0 - ok
11:15:07.0141 4432  ================ Scan VBR ==================================
11:15:07.0156 4432  [ 8FC9CBBA6D228B33925296DAE2E55BCE ] \Device\Harddisk0\DR0\Partition1
11:15:07.0156 4432  \Device\Harddisk0\DR0\Partition1 - ok
11:15:07.0187 4432  [ 7B4AACB5BBB40C7232FDB7D8FB8C2034 ] \Device\Harddisk0\DR0\Partition2
11:15:07.0187 4432  \Device\Harddisk0\DR0\Partition2 - ok
11:15:07.0219 4432  [ A4BE253A550940B3256D8ACB8CC5769F ] \Device\Harddisk0\DR0\Partition3
11:15:07.0219 4432  \Device\Harddisk0\DR0\Partition3 - ok
11:15:07.0219 4432  [ 79946E09F8F59C29B38C104EDBFBDE95 ] \Device\Harddisk0\DR0\Partition4
11:15:07.0219 4432  \Device\Harddisk0\DR0\Partition4 - ok
11:15:07.0219 4432  ============================================================
11:15:07.0219 4432  Scan finished
11:15:07.0219 4432  ============================================================
11:15:07.0234 4564  Detected object count: 1
11:15:07.0234 4564  Actual detected object count: 1
11:15:29.0507 4564  rpcld ( LockedFile.Multi.Generic ) - skipped by user
11:15:29.0507 4564  rpcld ( LockedFile.Multi.Generic ) - User select action: Skip
11:15:46.0340 8060  Deinitialize success
 

 

I noticed today that the error code seems to have gone back to 0x80070002. It happens when I go to programs and click on MSE (I thought I removed it yesterday again!  Not sure how it came back or I'm just starting to forget.)  It's a Microsoft Security Client labeled box saying "An error has occurred in the program during initialization.  If this problem continues, please contact your system administrator."

 

Also, the Action Center in the bottom right corner of screen (flag with red x) says that I need to turn on my MSE.  It wants to run a program:  c:\program files\microsoft security client\msseces.exe.  When I ask to verify the identity of the publisher, the details say the certificate was valid from 9/4/12 to 3/4/13.  I'm too afraid that this might be the fake/virus MSE that I read has recently been going around -- especially since the certificate is expired.  AND the installation file that I previously downloaded from Micrsoft for MSE was called mseinstall.exe.

 

Thank you in advance for your help!

Attached Files

  • Attached File  MBR.zip   580bytes   1 downloads

Edited by TAB4, 15 May 2013 - 11:01 AM.


#4 Conspire

Conspire

  • Malware Response Team
  • 1,041 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 15 May 2013 - 12:00 PM

Thanks for the feedback.

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 TAB4

TAB4
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 15 May 2013 - 01:12 PM

I'm running combofix as instructed.  At Stage 3, there is a pop-up:  "pev.3XE has stopped working.  A problem caused the program to stop working correctly.  Windows will close the program and notify you if a solution is available."  I know that I'm not supposed to touch the computer right now (I'm typing this on another computer), but I think Combofix is stuck until I push the button in the pop-up that says "Close Program."  Is this ok to do?



#6 TAB4

TAB4
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 15 May 2013 - 02:12 PM

I waited about half an hour hoping Combofix would eventually start back up after Windows closed the program like it said it would.  Apparently Windows didn't close the program as the pop up just stayed there.  So I evenutally pushed the "close program" button.  Combofix then finished running. 

 

When I opened Internet Explorer to post this, I kept getting security warnings -- one after the other.  One would say I'm leaving a secure site and the other I'm entering one, did I want to continue.  This was a new thing -- pop-up after pop-up.

 

 

 

ComboFix 13-05-15.01 - Walter 05/15/2013  13:58:54.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.4290 [GMT -4:00]
Running from: c:\users\Walter\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Public\Documents\~WRL0005.tmp
c:\users\Walter\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Walter\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Walter\Documents\~WRL0005.tmp
c:\users\Walter\Documents\~WRL0006.tmp
c:\users\Walter\Documents\~WRL1281.tmp
c:\users\Walter\Documents\~WRL1290.tmp
c:\users\Walter\Documents\~WRL2053.tmp
c:\users\Walter\Documents\~WRL3223.tmp
c:\users\Walter\Documents\~WRL3419.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-15 to 2013-05-15  )))))))))))))))))))))))))))))))
.
.
2013-05-15 18:58 . 2013-05-15 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 18:43 . 2013-05-14 18:43 -------- d-----w- c:\users\Walter\AppData\Roaming\Malwarebytes
2013-05-14 18:43 . 2013-05-14 18:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-14 18:43 . 2013-05-14 18:43 -------- d-----w- c:\programdata\Malwarebytes
2013-05-14 18:43 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-14 18:07 . 2013-05-14 18:07 15012 ----a-w- C:\FixitRegBackup.reg
2013-05-13 19:33 . 2013-05-14 05:28 -------- d-----w- c:\windows\Microsoft Antimalware
2013-05-13 16:19 . 2013-05-14 00:37 -------- d-----w- c:\program files (x86)\Google
2013-05-13 13:52 . 2013-05-14 17:11 -------- d-----w- c:\program files\HitmanPro
2013-05-13 13:51 . 2013-05-13 13:51 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-13 13:30 . 2013-05-14 00:07 -------- d-----w- c:\programdata\HitmanPro
2013-05-13 01:59 . 2013-05-13 01:59 -------- d-----w- c:\users\Walter\AppData\Local\Programs
2013-05-13 00:09 . 2013-05-13 01:21 -------- d-----w- c:\programdata\52A8738BF730CF48000052A820E9D547
2013-05-03 23:37 . 2013-05-03 23:37 -------- d-----w- C:\Acordex
2013-04-23 20:12 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 17:39 . 2011-06-29 13:25 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-05-15 17:39 . 2011-06-21 02:21 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-05-15 02:05 . 2012-04-12 12:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 02:05 . 2011-06-07 13:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 17:42 . 2011-05-24 22:11 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 06:26 . 2011-06-29 13:26 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2013-05-14 06:25 . 2011-06-29 13:25 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2013-05-02 15:29 . 2011-05-19 20:48 278800 ----a-w- c:\windows\system32\MpSigStub.exe
2013-05-01 15:30 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-14 17:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 17:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 17:34 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 17:34 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 17:34 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 17:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-29 15:18 . 2011-06-21 02:21 69792 ------w- c:\windows\SysWow64\rpcnet.exe
2013-03-23 19:42 . 2013-03-23 19:43 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-23 19:42 . 2012-09-10 11:08 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-23 19:42 . 2011-01-11 03:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 11:29 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 11:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:29 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:29 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:29 112640 ----a-w- c:\windows\system32\smss.exe
2013-02-28 12:03 . 2013-03-13 22:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-28 11:38 . 2013-03-13 22:35 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-16 16:33 . 2013-02-16 16:36 528384 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2013-02-16 16:33 . 2011-05-12 13:44 1128448 ----a-w- c:\windows\sttray64.exe
2013-02-16 16:33 . 2013-02-16 16:36 431616 ----a-w- c:\windows\system32\stcplx64.dll
2013-02-16 16:33 . 2011-05-12 13:44 4779520 ----a-w- c:\windows\system32\stlang64.dll
2013-02-16 16:33 . 2013-02-16 16:36 654336 ------w- c:\windows\system32\stapi64.dll
2013-02-16 16:33 . 2013-02-16 16:36 1965056 ----a-w- c:\windows\system32\stapo64.dll
2013-02-16 16:33 . 2011-05-12 13:44 224256 ----a-w- c:\windows\system32\staco64.dll
2013-02-16 16:33 . 2011-05-12 13:44 6382080 ----a-w- c:\windows\system32\IDTNGUI.exe
2013-02-16 16:33 . 2011-05-12 13:44 4933120 ----a-w- c:\windows\system32\IDTNHP.dll
2013-02-16 16:33 . 2011-05-12 13:44 212480 ----a-w- c:\windows\system32\IDTNJ.exe
2013-02-16 16:33 . 2011-05-12 13:44 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2013-02-16 16:33 . 2011-05-12 13:44 1029120 ----a-w- c:\windows\system32\IDTNX.dll
2013-02-16 16:33 . 2011-05-12 13:44 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2013-02-16 16:33 . 2011-05-12 13:44 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2013-02-16 16:33 . 2011-05-12 13:44 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2013-02-16 16:33 . 2011-05-12 13:44 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2013-02-16 16:33 . 2011-05-12 13:44 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2013-02-15 06:08 . 2013-04-10 11:29 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 11:29 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 11:29 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 11:29 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 11:29 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 11:29 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-11-20 20:09 170840 ----a-w- c:\program files\IB Updater\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
2010-12-29 10:43 783760 ----a-w- c:\program files (x86)\GamesBar\2.0.1.81\oberontb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"= "c:\program files (x86)\GamesBar\2.0.1.81\oberontb.dll" [2010-12-29 783760]
.
[HKEY_CLASSES_ROOT\clsid\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}]
[HKEY_CLASSES_ROOT\Oberontb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}]
[HKEY_CLASSES_ROOT\Oberontb.Band]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"SearchEngineProtection"="c:\program files (x86)\Gamesbar\SearchEngineProtection.exe" [2010-12-29 591248]
"cdloader"="c:\users\Walter\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-11-26 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-11-12 75048]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-12-30 295072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2011-5-30 537968]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/11 21:17;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2010-04-23 38656]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2010-04-23 1631488]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2010-04-23 1634176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-24 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2013-02-16 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-03 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2012-11-20 188760]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-26 2413056]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-06-03 12289472]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-11-26 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-11-26 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-11-26 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-10-15 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-14 00:37 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:05]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 00:32]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 00:32]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193389188-1243022491-604975418-1000Core.job
- c:\users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-28 14:03]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193389188-1243022491-604975418-1000UA.job
- c:\users\Walter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-28 14:03]
.
2013-05-14 c:\windows\Tasks\HPCeeScheduleForWALTER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-05-14 c:\windows\Tasks\HPCeeScheduleForWalter.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-03 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-02-16 1128448]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files (x86)\GamesBar\2.0.1.81\oberontb.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-15  15:00:52
ComboFix-quarantined-files.txt  2013-05-15 19:00
.
Pre-Run: 698,864,574,464 bytes free
Post-Run: 699,329,847,296 bytes free
.
- - End Of File - - 8994D94DA5C48CF40D23EA2EC6753808
 



#7 Conspire

Conspire

  • Malware Response Team
  • 1,041 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 15 May 2013 - 10:04 PM

Hi,

Sorry for the delayed response. I was asleep(on the other side of the world) by the time you posted a question on the error pertaining to ComboFix. Since ComboFix is able to run until a log is generated, we will continue moving on.

We've got some more things to do.

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

On your next reply please post :
FRST log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Edited by Conspire, 15 May 2013 - 10:04 PM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 TAB4

TAB4
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 16 May 2013 - 08:21 AM

Before I do this, is this a system restore (i.e. wiping out computer and putting it back to factory settings) or is this simply a log?  Just want to make sure I understand what I'm doing.  (Before I do a complete restore, I want my husband to double check me on the back up of the files -- don't want to miss anything.)



#9 Conspire

Conspire

  • Malware Response Team
  • 1,041 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 16 May 2013 - 08:55 AM

No it's not. We're getting logs outside Windows.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 TAB4

TAB4
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 16 May 2013 - 09:10 AM

  • Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013

  • Ran by SYSTEM on 16-05-2013 10:09:04
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery
    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-12-15] (Synaptics Incorporated)
    HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
    HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2710856 2009-11-01] (CANON INC.)
    HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [767312 2009-09-03] (CANON INC.)
    HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel® Corporation)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2013-02-16] (IDT, Inc.)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2011-11-26] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
    HKLM-x32\...\Run: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [85672 2011-05-10] (Absolute Software)
    HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2011-03-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-11-11] (cyberlink)
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-30] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2012-12-30] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKU\Walter\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
    HKU\Walter\...\Run: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe [591248 2010-12-29] (Oberon Media )
    HKU\Walter\...\Run: [cdloader] "C:\Users\Walter\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk
    ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

    ==================== Services (Whitelisted) =================

    S2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software)
    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)
    S2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2012-11-20] ()
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
    S2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [179120 2011-09-28] (Absolute Software Corp.)

    ==================== Drivers (Whitelisted) ====================

    S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-25] (Applian Technologies Inc.)
    S3 hcw72ADFilter; C:\Windows\System32\DRIVERS\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.)
    S3 hcw72ATV; C:\Windows\System32\DRIVERS\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.)
    S3 hcw72DTV; C:\Windows\System32\DRIVERS\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2013-05-16 10:08 - 2013-05-16 10:08 - 00000000 ____D C:\FRST
    2013-05-15 11:00 - 2013-05-15 11:00 - 00029203 ____A C:\ComboFix.txt
    2013-05-15 09:57 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-05-15 09:57 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-05-15 09:57 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-05-15 09:57 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-05-15 09:57 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-05-15 09:57 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2013-05-15 09:57 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2013-05-15 09:57 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2013-05-15 09:56 - 2013-05-15 11:00 - 00000000 ____D C:\Qoobox
    2013-05-15 09:56 - 2013-05-15 10:59 - 00000000 ____D C:\Windows\erdnt
    2013-05-15 09:46 - 2013-05-15 09:46 - 05066276 ____R (Swearware) C:\Users\Walter\Desktop\ComboFix.exe
    2013-05-15 07:10 - 2013-05-15 07:10 - 00000580 ____A C:\Users\Walter\Desktop\MBR.zip
    2013-05-15 07:03 - 2013-05-15 07:03 - 00002020 ____A C:\Users\Walter\Desktop\aswMBR.txt
    2013-05-15 07:03 - 2013-05-15 07:03 - 00000512 ____A C:\Users\Walter\Desktop\MBR.dat
    2013-05-15 06:47 - 2013-05-15 06:47 - 04745728 ____A (AVAST Software) C:\Users\Walter\Desktop\aswMBR.exe
    2013-05-15 05:54 - 2013-05-15 05:54 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
    2013-05-14 17:49 - 2013-05-14 17:49 - 00038171 ____A C:\Users\Walter\Desktop\attach.txt
    2013-05-14 17:49 - 2013-05-14 17:48 - 00028337 ____A C:\Users\Walter\Desktop\dds.txt
    2013-05-14 17:44 - 2013-05-14 17:45 - 00688992 ____R (Swearware) C:\Users\Walter\Desktop\dds.com
    2013-05-14 17:26 - 2013-05-14 17:26 - 00849576 ____A C:\Windows\Minidump\051413-51651-01.dmp
    2013-05-14 11:55 - 2013-05-14 11:55 - 00002174 ____A C:\Users\Walter\Desktop\Rkill.txt
    2013-05-14 11:55 - 2013-05-14 11:55 - 00000000 ____D C:\Users\Walter\Desktop\rkill
    2013-05-14 11:11 - 2013-05-14 11:11 - 00000000 ____D C:\Users\Walter\Desktop\mbar-1.05.0.1001
    2013-05-14 10:43 - 2013-05-14 10:43 - 00001146 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-14 10:43 - 2013-05-14 10:43 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Malwarebytes
    2013-05-14 10:43 - 2013-05-14 10:43 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-14 10:43 - 2013-05-14 10:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-14 10:43 - 2013-04-04 10:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-05-14 10:41 - 2013-05-14 10:41 - 00037728 ____A C:\Users\Walter\Desktop\MiniToolBox - Result.txt
    2013-05-14 10:39 - 2013-05-14 10:39 - 00037728 ____A C:\Users\Walter\Desktop\Result.txt
    2013-05-14 10:34 - 2013-05-14 10:34 - 00002574 ____A C:\Users\Walter\Desktop\FSS.txt
    2013-05-14 10:22 - 2013-05-14 10:17 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\Walter\Desktop\rkill - iExplore.exe
    2013-05-14 10:22 - 2013-05-14 10:15 - 12917756 ____A C:\Users\Walter\Desktop\mbar-1.05.0.1001.zip
    2013-05-14 10:21 - 2013-05-14 10:16 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\Walter\Desktop\rkill.exe
    2013-05-14 10:21 - 2013-05-14 10:13 - 00760723 ____A (Farbar) C:\Users\Walter\Desktop\MiniToolBox.exe
    2013-05-14 10:21 - 2013-05-14 10:10 - 00354299 ____A (Farbar) C:\Users\Walter\Desktop\FSS.exe
    2013-05-14 10:20 - 2013-05-14 10:09 - 00218953 ____A C:\Users\Walter\Desktop\SecurityCheck.exe
    2013-05-14 10:07 - 2013-05-14 10:07 - 00015012 ____A C:\FixitRegBackup.reg
    2013-05-14 10:05 - 2013-05-14 10:05 - 409468930 ____A C:\Users\Walter\Desktop\Registry backup.reg
    2013-05-14 10:01 - 2013-05-14 10:00 - 13475464 ____A (Microsoft Corporation) C:\Users\Walter\Desktop\mseinstall.exe
    2013-05-14 10:01 - 2013-05-13 09:06 - 00002578 ____A C:\Users\Walter\Desktop\mseremoval.bat
    2013-05-14 09:34 - 2013-05-06 05:39 - 09060352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-14 09:34 - 2013-05-06 05:04 - 06033408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-14 09:34 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-14 09:34 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2013-05-14 09:34 - 2013-04-09 21:51 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-14 09:34 - 2013-04-09 21:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-14 09:34 - 2013-04-09 21:51 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-14 09:34 - 2013-04-09 21:47 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-14 09:34 - 2013-04-09 21:47 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-14 09:34 - 2013-04-09 21:46 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-14 09:34 - 2013-04-09 21:46 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-14 09:34 - 2013-04-09 21:46 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-14 09:34 - 2013-04-09 21:46 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-14 09:34 - 2013-04-09 21:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-14 09:34 - 2013-04-09 21:07 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-14 09:34 - 2013-04-09 21:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-14 09:34 - 2013-04-09 21:03 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-14 09:34 - 2013-04-09 21:03 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-14 09:34 - 2013-04-09 21:03 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-14 09:34 - 2013-04-09 21:02 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-14 09:34 - 2013-04-09 21:02 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-14 09:34 - 2013-04-09 21:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-14 09:34 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-05-14 09:34 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
    2013-05-14 09:34 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
    2013-05-14 09:34 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-14 09:34 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-14 09:34 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-14 09:34 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-05-14 09:34 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-14 09:34 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-14 09:34 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-14 09:34 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-05-14 09:34 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2013-05-14 09:07 - 2013-05-13 12:52 - 00290816 ____A (SUPERAntiSpyware.com) C:\Users\Walter\Desktop\SUPERAntispyware removal - SASUNINST64.EXE
    2013-05-14 09:07 - 2013-05-13 12:51 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Walter\Desktop\mbam-clean-1.60.2.0003.exe
    2013-05-13 17:19 - 2013-05-13 17:20 - 03191888 ____A (McAfee, Inc.) C:\Users\Walter\Downloads\MCPR.exe
    2013-05-13 17:05 - 2013-05-13 04:57 - 86303504 ____A (Microsoft Corporation) C:\Users\Walter\Desktop\MS Scanner - msert.exe
    2013-05-13 17:01 - 2013-05-13 17:01 - 00866592 ____A C:\Users\Walter\Downloads\Norton_Removal_Tool.exe
    2013-05-13 17:01 - 2013-05-13 17:01 - 00866592 ____A C:\Users\Walter\Downloads\Norton_Removal_Tool (1).exe
    2013-05-13 16:43 - 2013-05-15 07:14 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Walter\Desktop\tdsskiller.exe
    2013-05-13 16:37 - 2013-05-13 16:37 - 00002292 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-05-13 16:32 - 2013-05-16 06:00 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-05-13 16:32 - 2013-05-16 05:10 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-05-13 16:31 - 2013-05-13 08:15 - 25598792 ____A (SUPERAntiSpyware.com) C:\Users\Walter\Desktop\SUPERAntiSpyware.exe
    2013-05-13 16:16 - 2013-05-12 17:59 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Walter\Desktop\mbam-setup-1.75.0.1300.exe
    2013-05-13 16:12 - 2013-05-13 16:12 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Mozilla
    2013-05-13 16:01 - 2013-05-13 04:44 - 09741664 ____A (SurfRight B.V.) C:\Users\Walter\Desktop\HitmanPro_x64.exe
    2013-05-13 11:33 - 2013-05-13 21:28 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2013-05-13 08:19 - 2013-05-13 16:37 - 00000000 ____D C:\Program Files (x86)\Google
    2013-05-13 05:52 - 2013-05-14 09:11 - 00000000 ____D C:\Program Files\HitmanPro
    2013-05-13 05:51 - 2013-05-13 05:51 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-05-13 05:30 - 2013-05-13 16:07 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-05-12 19:03 - 2013-05-13 13:13 - 00000000 ____D C:\Windows\pss
    2013-05-12 16:09 - 2013-05-12 17:21 - 00000000 ____D C:\ProgramData\52A8738BF730CF48000052A820E9D547
    2013-05-08 09:41 - 2013-05-08 09:41 - 00875352 ____A C:\Windows\Minidump\050813-17955-01.dmp
    2013-05-05 12:17 - 2013-05-05 12:17 - 00960008 ____A C:\Windows\Minidump\050513-20092-01.dmp
    2013-05-03 15:37 - 2013-05-03 15:37 - 00000000 ____D C:\Acordex
    2013-05-01 08:09 - 2013-05-01 08:09 - 00000000 ____D C:\Users\Walter\AppData\Local\{48B31B98-F466-4983-B8DB-085C08876B9D}
    2013-04-28 05:11 - 2013-04-28 05:11 - 00846352 ____A C:\Windows\Minidump\042813-34819-01.dmp
    2013-04-24 08:18 - 2013-04-24 08:18 - 00100047 ____A C:\Users\Walter\Desktop\Condo Sales Analysis.xlsx
    2013-04-24 04:10 - 2013-04-24 04:10 - 00860312 ____A C:\Windows\Minidump\042413-19063-01.dmp
    2013-04-23 12:12 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-23 03:13 - 2013-04-23 03:14 - 00884568 ____A C:\Windows\Minidump\042313-18392-01.dmp
    2013-04-22 03:46 - 2013-04-22 03:46 - 00913272 ____A C:\Windows\Minidump\042213-21418-01.dmp

    ==================== One Month Modified Files and Folders =======

    2013-05-16 10:08 - 2013-05-16 10:08 - 00000000 ____D C:\FRST
    2013-05-16 06:01 - 2011-05-12 05:30 - 01065129 ____A C:\Windows\WindowsUpdate.log
    2013-05-16 06:00 - 2013-05-13 16:32 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-05-16 06:00 - 2011-06-29 05:25 - 00017920 ____A C:\Windows\System32\rpcnetp.exe
    2013-05-16 05:16 - 2011-05-28 06:03 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193389188-1243022491-604975418-1000UA.job
    2013-05-16 05:16 - 2011-05-28 06:03 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1193389188-1243022491-604975418-1000Core.job
    2013-05-16 05:16 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-16 05:16 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-16 05:10 - 2013-05-13 16:32 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-05-16 05:09 - 2011-06-20 18:21 - 00069792 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
    2013-05-16 05:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-16 05:08 - 2009-07-13 20:51 - 00121317 ____A C:\Windows\setupact.log
    2013-05-15 14:13 - 2011-05-12 05:56 - 00552506 ____A C:\Windows\PFRO.log
    2013-05-15 11:03 - 2012-04-12 04:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-15 11:00 - 2013-05-15 11:00 - 00029203 ____A C:\ComboFix.txt
    2013-05-15 11:00 - 2013-05-15 09:56 - 00000000 ____D C:\Qoobox
    2013-05-15 11:00 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
    2013-05-15 10:59 - 2013-05-15 09:56 - 00000000 ____D C:\Windows\erdnt
    2013-05-15 10:59 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2013-05-15 10:48 - 2011-05-31 16:43 - 00000000 ____D C:\Users\Walter\AppData\Local\CrashDumps
    2013-05-15 09:46 - 2013-05-15 09:46 - 05066276 ____R (Swearware) C:\Users\Walter\Desktop\ComboFix.exe
    2013-05-15 09:39 - 2012-05-14 04:45 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Dropbox
    2013-05-15 07:41 - 2009-07-13 21:13 - 00006446 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-15 07:14 - 2013-05-13 16:43 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Walter\Desktop\tdsskiller.exe
    2013-05-15 07:10 - 2013-05-15 07:10 - 00000580 ____A C:\Users\Walter\Desktop\MBR.zip
    2013-05-15 07:03 - 2013-05-15 07:03 - 00002020 ____A C:\Users\Walter\Desktop\aswMBR.txt
    2013-05-15 07:03 - 2013-05-15 07:03 - 00000512 ____A C:\Users\Walter\Desktop\MBR.dat
    2013-05-15 06:47 - 2013-05-15 06:47 - 04745728 ____A (AVAST Software) C:\Users\Walter\Desktop\aswMBR.exe
    2013-05-15 05:54 - 2013-05-15 05:54 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
    2013-05-15 05:07 - 2012-05-14 04:48 - 00000000 ___RD C:\Users\Walter\Dropbox
    2013-05-14 18:05 - 2012-04-12 04:47 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-05-14 18:05 - 2011-06-07 05:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-05-14 17:49 - 2013-05-14 17:49 - 00038171 ____A C:\Users\Walter\Desktop\attach.txt
    2013-05-14 17:48 - 2013-05-14 17:49 - 00028337 ____A C:\Users\Walter\Desktop\dds.txt
    2013-05-14 17:45 - 2013-05-14 17:44 - 00688992 ____R (Swearware) C:\Users\Walter\Desktop\dds.com
    2013-05-14 17:26 - 2013-05-14 17:26 - 00849576 ____A C:\Windows\Minidump\051413-51651-01.dmp
    2013-05-14 17:26 - 2011-06-21 17:36 - 00000000 ____D C:\Windows\Minidump
    2013-05-14 17:25 - 2011-06-21 17:36 - 769146612 ____A C:\Windows\MEMORY.DMP
    2013-05-14 12:34 - 2011-08-20 17:08 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForWALTER-HP$.job
    2013-05-14 11:55 - 2013-05-14 11:55 - 00002174 ____A C:\Users\Walter\Desktop\Rkill.txt
    2013-05-14 11:55 - 2013-05-14 11:55 - 00000000 ____D C:\Users\Walter\Desktop\rkill
    2013-05-14 11:11 - 2013-05-14 11:11 - 00000000 ____D C:\Users\Walter\Desktop\mbar-1.05.0.1001
    2013-05-14 10:43 - 2013-05-14 10:43 - 00001146 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-05-14 10:43 - 2013-05-14 10:43 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Malwarebytes
    2013-05-14 10:43 - 2013-05-14 10:43 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-05-14 10:43 - 2013-05-14 10:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-05-14 10:41 - 2013-05-14 10:41 - 00037728 ____A C:\Users\Walter\Desktop\MiniToolBox - Result.txt
    2013-05-14 10:39 - 2013-05-14 10:39 - 00037728 ____A C:\Users\Walter\Desktop\Result.txt
    2013-05-14 10:34 - 2013-05-14 10:34 - 00002574 ____A C:\Users\Walter\Desktop\FSS.txt
    2013-05-14 10:19 - 2012-10-21 09:29 - 00002150 ____A C:\Windows\epplauncher.mif
    2013-05-14 10:17 - 2013-05-14 10:22 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\Walter\Desktop\rkill - iExplore.exe
    2013-05-14 10:16 - 2013-05-14 10:21 - 01761408 ____A (Bleeping Computer, LLC) C:\Users\Walter\Desktop\rkill.exe
    2013-05-14 10:15 - 2013-05-14 10:22 - 12917756 ____A C:\Users\Walter\Desktop\mbar-1.05.0.1001.zip
    2013-05-14 10:13 - 2013-05-14 10:21 - 00760723 ____A (Farbar) C:\Users\Walter\Desktop\MiniToolBox.exe
    2013-05-14 10:12 - 2012-10-21 09:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-05-14 10:10 - 2013-05-14 10:21 - 00354299 ____A (Farbar) C:\Users\Walter\Desktop\FSS.exe
    2013-05-14 10:09 - 2013-05-14 10:20 - 00218953 ____A C:\Users\Walter\Desktop\SecurityCheck.exe
    2013-05-14 10:07 - 2013-05-14 10:07 - 00015012 ____A C:\FixitRegBackup.reg
    2013-05-14 10:05 - 2013-05-14 10:05 - 409468930 ____A C:\Users\Walter\Desktop\Registry backup.reg
    2013-05-14 10:00 - 2013-05-14 10:01 - 13475464 ____A (Microsoft Corporation) C:\Users\Walter\Desktop\mseinstall.exe
    2013-05-14 09:48 - 2009-07-13 20:45 - 00517728 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-14 09:44 - 2011-05-30 10:24 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-05-14 09:42 - 2011-05-24 14:11 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-14 09:11 - 2013-05-13 05:52 - 00000000 ____D C:\Program Files\HitmanPro
    2013-05-13 22:26 - 2011-06-29 05:26 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.dll
    2013-05-13 22:25 - 2011-06-29 05:25 - 00017920 ____A C:\Windows\SysWOW64\rpcnetp.exe
    2013-05-13 21:28 - 2013-05-13 11:33 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2013-05-13 17:20 - 2013-05-13 17:19 - 03191888 ____A (McAfee, Inc.) C:\Users\Walter\Downloads\MCPR.exe
    2013-05-13 17:01 - 2013-05-13 17:01 - 00866592 ____A C:\Users\Walter\Downloads\Norton_Removal_Tool.exe
    2013-05-13 17:01 - 2013-05-13 17:01 - 00866592 ____A C:\Users\Walter\Downloads\Norton_Removal_Tool (1).exe
    2013-05-13 16:37 - 2013-05-13 16:37 - 00002292 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-05-13 16:37 - 2013-05-13 08:19 - 00000000 ____D C:\Program Files (x86)\Google
    2013-05-13 16:15 - 2011-05-28 06:52 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForWalter.job
    2013-05-13 16:12 - 2013-05-13 16:12 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Mozilla
    2013-05-13 16:07 - 2013-05-13 05:30 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-05-13 15:54 - 2011-10-29 05:23 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2013-05-13 15:54 - 2011-05-28 04:33 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2013-05-13 15:42 - 2011-05-19 12:41 - 00000000 ____D C:\users\Walter
    2013-05-13 15:40 - 2012-10-21 09:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-05-13 15:40 - 2011-05-19 12:43 - 00000000 ____D C:\Users\Walter\AppData\Local\Hewlett-Packard
    2013-05-13 15:40 - 2011-01-10 19:45 - 00000000 ____D C:\ProgramData\RoxioNow
    2013-05-13 15:40 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
    2013-05-13 15:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
    2013-05-13 15:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-05-13 15:38 - 2012-09-10 03:08 - 00000000 ____D C:\Program Files (x86)\Java
    2013-05-13 15:38 - 2012-02-14 16:47 - 00000000 ____D C:\ProgramData\Real
    2013-05-13 15:38 - 2011-08-15 04:39 - 00000000 ___HD C:\ProgramData\Rpcnet
    2013-05-13 15:37 - 2011-05-25 17:31 - 00000000 ___RD C:\MSOCache
    2013-05-13 13:13 - 2013-05-12 19:03 - 00000000 ____D C:\Windows\pss
    2013-05-13 12:52 - 2013-05-14 09:07 - 00290816 ____A (SUPERAntiSpyware.com) C:\Users\Walter\Desktop\SUPERAntispyware removal - SASUNINST64.EXE
    2013-05-13 12:51 - 2013-05-14 09:07 - 00080456 ____A (Malwarebytes Corporation) C:\Users\Walter\Desktop\mbam-clean-1.60.2.0003.exe
    2013-05-13 09:06 - 2013-05-14 10:01 - 00002578 ____A C:\Users\Walter\Desktop\mseremoval.bat
    2013-05-13 08:15 - 2013-05-13 16:31 - 25598792 ____A (SUPERAntiSpyware.com) C:\Users\Walter\Desktop\SUPERAntiSpyware.exe
    2013-05-13 05:51 - 2013-05-13 05:51 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-05-13 04:57 - 2013-05-13 17:05 - 86303504 ____A (Microsoft Corporation) C:\Users\Walter\Desktop\MS Scanner - msert.exe
    2013-05-13 04:44 - 2013-05-13 16:01 - 09741664 ____A (SurfRight B.V.) C:\Users\Walter\Desktop\HitmanPro_x64.exe
    2013-05-12 17:59 - 2013-05-13 16:16 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Walter\Desktop\mbam-setup-1.75.0.1300.exe
    2013-05-12 17:21 - 2013-05-12 16:09 - 00000000 ____D C:\ProgramData\52A8738BF730CF48000052A820E9D547
    2013-05-08 09:41 - 2013-05-08 09:41 - 00875352 ____A C:\Windows\Minidump\050813-17955-01.dmp
    2013-05-06 05:39 - 2013-05-14 09:34 - 09060352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-06 05:04 - 2013-05-14 09:34 - 06033408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-06 03:12 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2013-05-05 12:17 - 2013-05-05 12:17 - 00960008 ____A C:\Windows\Minidump\050513-20092-01.dmp
    2013-05-03 15:37 - 2013-05-03 15:37 - 00000000 ____D C:\Acordex
    2013-05-02 07:29 - 2011-05-19 12:48 - 00278800 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2013-05-01 08:09 - 2013-05-01 08:09 - 00000000 ____D C:\Users\Walter\AppData\Local\{48B31B98-F466-4983-B8DB-085C08876B9D}
    2013-04-28 05:11 - 2013-04-28 05:11 - 00846352 ____A C:\Windows\Minidump\042813-34819-01.dmp
    2013-04-24 08:18 - 2013-04-24 08:18 - 00100047 ____A C:\Users\Walter\Desktop\Condo Sales Analysis.xlsx
    2013-04-24 04:17 - 2011-01-10 19:51 - 00000000 ____D C:\ProgramData\Adobe
    2013-04-24 04:10 - 2013-04-24 04:10 - 00860312 ____A C:\Windows\Minidump\042413-19063-01.dmp
    2013-04-23 03:14 - 2013-04-23 03:13 - 00884568 ____A C:\Windows\Minidump\042313-18392-01.dmp
    2013-04-22 03:46 - 2013-04-22 03:46 - 00913272 ____A C:\Windows\Minidump\042213-21418-01.dmp
    2013-04-20 14:30 - 2012-12-01 17:50 - 00000000 ____D C:\Users\Walter\AppData\Roaming\Smilebox
    2013-04-20 09:26 - 2011-01-10 19:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard

    ==================== Known DLLs (Whitelisted) ================

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points  =========================

    Restore point made on: 2013-05-06 12:22:51
    Restore point made on: 2013-05-10 08:09:25
    Restore point made on: 2013-05-12 17:34:15
    Restore point made on: 2013-05-12 18:22:58
    Restore point made on: 2013-05-13 08:38:43
    Restore point made on: 2013-05-13 08:40:34
    Restore point made on: 2013-05-13 08:57:39
    Restore point made on: 2013-05-13 09:09:30
    Restore point made on: 2013-05-13 09:42:34
    Restore point made on: 2013-05-13 09:59:27
    Restore point made on: 2013-05-13 10:19:03
    Restore point made on: 2013-05-13 10:27:49
    Restore point made on: 2013-05-13 12:43:46
    Restore point made on: 2013-05-13 13:21:35
    Restore point made on: 2013-05-13 14:48:10
    Restore point made on: 2013-05-13 15:29:27
    Restore point made on: 2013-05-13 16:08:24
    Restore point made on: 2013-05-14 09:34:52
    Restore point made on: 2013-05-14 10:06:47

    ==================== Memory info ===========================

    Percentage of memory in use: 13%
    Total physical RAM: 6091.86 MB
    Available physical RAM: 5254.36 MB
    Total Pagefile: 6090.01 MB
    Available Pagefile: 5245.8 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:914.33 GB) (Free:651.31 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
    Drive e: (RECOVERY) (Fixed) (Total:16.89 GB) (Free:2.11 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 (Disk=0 Partition=4)
    Drive h: () (Removable) (Total:0.48 GB) (Free:0.29 GB) FAT (Disk=1 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: DA73E482)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ========================================================
    Disk: 1 (Size: 489 MB) (Disk ID: 00000000)
    Partition 1: (Active) - (Size=489 MB) - (Type=0E)

    Last Boot: 2013-05-14 12:46

    ==================== End Of Log ============================

     



#11 Conspire

Conspire

  • Malware Response Team
  • 1,041 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 16 May 2013 - 09:38 AM

Seems ok. Can you use MSE now?

Run these in normal mode.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
===================================================

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
===================================================

On your next reply please post :
AdwCleaner log
JRT log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 TAB4

TAB4
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 16 May 2013 - 10:16 AM

I'm running the AdwCleaner and JRT now, but in answer to your first question, no I still can't use MSE.  When I click it in the start>programs menu>MSE, I get error 0x80070002 -- an error has occurred during initialization.  If I go to the lower right corner of my desktop and pick the flag that alerts me to updates, it still wants me to turn on MSE by running that file I mentioned before (one with expired cert).  However, I do now see that another option with the flag is now available -- it looks like I can pick MSE and turn it on.  Don't know if it will work but should I try that?

 

Remember in this process that I said all of a sudden I'm getting messages now in internet explorer?  That is still happening.  (Maybe due to no AV software on right now???)  Here are the details. 

1. I click to open Internet Explorer.  It opens to yahoo.

2. I put bleeping computer in the search bar and select bleepingcomputer.com from the results page.

3. Security Alert:  You are about to leave a secure Internet connection.  It will be possible for others to view information you send.  Do you want to continue?  (I say yes.)

4. Security Alert:  (leaving, same as in #3)

5. Security Alert:  You are about to view pages over  a secure connection.  Any info you exchance with this site cannot be viewed by anyone else [....can't read my writing].  Do you want to continue?  (I say yes.  I think this is a wrong message though -- bleeping computer isn't secure site, is it?)

6. Same alert as in #3 (leaving).

7. Same alert as in #5 (entering).

 

Logs are finished and are pasted below.  I just noticed now that hardly any icons show in in the lower right corner of my desktop now.  There used to be ones for my printer, showing bluetooth was on, internet connected, etc -- like 9 icons.  Now there's the flag with the red x and blue tooth.  I don't know if this is a problem or not.  Just thought I'd mention it.

 

 

# AdwCleaner v2.300 - Logfile created 05/16/2013 at 10:52:50
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Walter - WALTER-HP
# Boot Mode : Normal
# Running from : C:\Users\Walter\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : IB Updater

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\GamesBar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Walter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3367 octets] - [16/05/2013 10:52:50]

########## EOF - C:\AdwCleaner[S1].txt - [3427 octets] ##########

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Walter on Thu 05/16/2013 at 10:58:53.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchengineprotection

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E2F62894-A5D4-4D92-AD5F-B01D81A353B6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

 

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho73F7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho89DC.tmp

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{03F07181-7E69-46F4-97EC-4B5CF0B37D63}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{06101FD6-CFF0-46E6-B97D-273B8D33AF71}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{0B36E4EE-E89A-4B6A-BE79-816B85CE7C17}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{12687918-6AEC-4F5E-AF28-07D3D61F2A03}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{152C05D4-B46E-46B7-AA7B-28CF0580D0A9}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{1AE039A5-C689-4390-BEB2-864F324F5F67}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{20C4A6AB-0233-4ACE-B35D-484E182679D0}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{2783FE5D-506A-4A7F-A41B-6F760C8719A1}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{2BB109EB-34FA-4F7A-AFD4-EB6383F6A5F3}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{32247ECE-C6F2-4E8B-BFAC-48B93314018D}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{3F5810C9-4506-4D56-A1DE-D97D6ECD9E7C}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{42899F1D-A52B-407D-A3A3-E83E1E888CF2}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{48B31B98-F466-4983-B8DB-085C08876B9D}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{5210DC7F-F7B4-4854-BD5D-200B8773F31E}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{52680C7E-6654-4970-B19F-5B0F7FB772B2}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{53D625F8-C9E0-41FC-81EE-6757189BBFBC}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{562F17F3-CE35-407E-B354-7DBA7B5619E0}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{5B7B58F7-3740-400A-AAF7-CEFE460D082A}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{61E7DC63-48C3-4607-A096-85A0F2B155A7}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{67337AE1-E46B-477A-BBC7-2249423F00CF}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{68417F39-20D0-4863-BCB4-2E637646BA8D}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{6C6D4C75-578C-45B9-8952-6E007C5CA1D9}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{6D15339A-0154-4AB5-822D-B92A9891679A}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{776A1944-DD82-490D-A782-1949F73615E6}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{779EE93E-2FE0-4AAB-A00D-E7820D7ADF40}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{7CA3B488-F257-4E2F-AC9D-E1C83E3E4F8A}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{7E129F2E-F4CA-4A4E-8D43-53EDB05D1D13}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{7F5A4C82-2478-437E-AD50-A519D1C70D9E}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{85ADC520-B3FB-44BE-8A73-4FDDA8E2BA4B}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{87662F0E-FFBE-47C8-8CE7-A9AE7FFFAC81}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{907049A6-57E8-4630-AE57-AFB3937E99A2}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{92363B16-4E5F-49B5-B8E9-F4A8D6A529E9}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{9285B659-E57A-4161-864D-5CFFD3CCD55B}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{A0552874-FF65-41C9-A1D1-432E78A241FA}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{A09BF760-4FCB-42C9-8319-0C8CC4805BE4}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{A1C71494-CEBF-4CB6-AAA0-D95EEBB455F5}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{A77CB75D-B186-49D1-80B8-9F03C4DA4E86}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{AE971A2F-94EB-42BA-B262-B47F56712334}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{B3FD5800-AA7C-4388-A291-D62DE60E651B}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{B491827C-ED67-471E-84A2-0C6A58B47AA2}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{BF7362C8-91C9-48F8-A642-818C49A0E9F8}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{BFF15669-1FFA-449B-B9A5-3E86C3E9C81E}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{C4517376-CC94-4EE1-8FF1-BB9B5DE8F3B3}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{C9D8AB52-CDAF-4F8A-83EE-C0D5E03AE809}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{D0C11C2E-6A0F-4927-820A-136973124352}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{D7AC2FA4-B4DC-49A4-A219-7F294F551ED1}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{E7FD8FCF-EE99-47D0-B204-69942FC18707}
Successfully deleted: [Empty Folder] C:\Users\Walter\appdata\local\{EACEA739-B34E-4F10-BA03-2B16D1C032FE}

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Walter\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/16/2013 at 11:03:51.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#13 TAB4

TAB4
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 16 May 2013 - 10:35 AM

I just rebooted.  All the icons in the lower right corner of the desktop are back. 


Edited by TAB4, 16 May 2013 - 10:36 AM.


#14 TAB4

TAB4
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 16 May 2013 - 10:57 AM

I don't know what to make of that msseces.exe file with the expired cert (that I mentioned shows up as an option to run when I click the update flag with the red x).  I have NOT run it.  I've just been looking it up on the web (on my clean computer).  Some sites say it's an MSE file, others that it's a threat.


Edited by TAB4, 16 May 2013 - 10:59 AM.


#15 Conspire

Conspire

  • Malware Response Team
  • 1,041 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 16 May 2013 - 11:32 AM

Let me investigate this issue. I will get back to you in the next morning.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users