Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus infection???


  • This topic is locked This topic is locked
25 replies to this topic

#1 lhffre

lhffre

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 04 July 2012 - 07:19 AM

Hello. I am trying to help a friend with their laptop. Their child had been using the compter and seems to have infected it. It seems that the premissions have been changed. Can not run antivirus software, get to many parts of control panel, and run many programs.

The PC is running Win7.

I started out by downloading Malewarebytes. It installed, but whn run responds with an error message "Run-time error 372. failed to load control 'vbalgrid' from vbalsgrid.ocx...."

After searching for fixes, in spite of the warnings i ran combofix in hopes of an easy solution. (sorry) It did not seem to help.

I ran the DDS program, but when i tried to save the text file an error message appeared and closed out notepad w/o saving.

Any assistance would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 AM

Posted 08 July 2012 - 06:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
And

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#3 lhffre

lhffre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 09 July 2012 - 09:02 PM

No problem on the delay.

The OTL scan ran fine. posted below.

The aswMBR scan ran, but crashed when saving the log file. Ran several times crashed each time.


OTL.txt

OTL logfile created on: 7/9/2012 6:41:43 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Wyatt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.74 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 61.70% Memory free
5.48 Gb Paging File | 4.30 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 232.85 Gb Free Space | 81.70% Space Free | Partition Type: NTFS

Computer Name: WYATT-PC | User Name: Wyatt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Wyatt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Registry Mechanic\Upgrade.exe (PC Tools)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Windows\PLFSetI.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GREGService) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys (Symantec Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110224.038\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110224.038\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110224.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv55c&r=27361210m465l0414z155a4792j25q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=adknlg&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{47E70B16-857D-1F50-ADFB-8839257B41A4}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z160&form=ZGAIDF&install_date=20111024&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS411US411
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte.com/i/playbryte/search/redirect/?type=default-ie&user_id=ce32f52e-2022-43d6-aaaf-37daf32a8683&query={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Wyatt\AppData\Local\Roblox\Versions\version-5ce51d8367464075\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Wyatt\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wyatt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2011/01/17 18:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wyatt\AppData\Roaming\Mozilla\Extensions
[2012/07/04 05:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wyatt\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Wyatt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Wyatt\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Wyatt\AppData\Local\Roblox\Versions\version-5ce51d8367464075\\NPRobloxProxy.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/07/04 06:20:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (RebateRobot BHO) - {66616350-A70C-4FF5-912E-A92B8076F6F7} - C:\Program Files\RebateRobot\RebateRobot.dll (RebateRobot)
O2 - BHO: (no name) - {FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B02880-FF0E-446F-BDED-B26AC3E641FF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/09 18:36:27 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Wyatt\Desktop\aswMBR.exe
[2012/07/09 18:35:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Wyatt\Desktop\OTL.exe
[2012/07/04 07:05:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Wyatt\Desktop\dds.scr
[2012/07/04 06:20:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/04 06:20:41 | 000,000,000 | ---D | C] -- \$RECYCLE.BIN
[2012/07/04 06:09:11 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/04 06:09:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/04 06:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/04 06:09:10 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Roaming\Malwarebytes
[2012/07/04 05:24:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/04 05:24:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/04 05:24:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/04 05:23:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/04 05:23:52 | 000,000,000 | ---D | C] -- \Qoobox
[2012/07/04 05:23:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/04 05:20:53 | 004,570,624 | R--- | C] (Swearware) -- C:\Users\Wyatt\Desktop\Cf123.exe
[2012/07/03 18:25:43 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/03 18:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/06/24 10:36:47 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/24 10:36:47 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/24 10:36:47 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/24 10:36:34 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/24 10:36:34 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/24 10:36:34 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/24 10:36:13 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/24 10:36:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/13 23:11:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 23:11:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 23:11:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 23:11:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 23:11:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 23:11:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 23:11:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 23:11:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 23:11:28 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 23:11:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 23:11:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 23:11:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 23:11:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 21:39:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 21:39:32 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 21:39:32 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 21:39:24 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 21:39:20 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 21:39:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 21:39:10 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 21:39:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 21:39:00 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

========== Files - Modified Within 30 Days ==========

[2012/07/09 18:37:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Wyatt\Desktop\aswMBR.exe
[2012/07/09 18:35:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Wyatt\Desktop\OTL.exe
[2012/07/09 18:17:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/09 18:16:48 | 000,749,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/09 18:16:48 | 000,641,006 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/09 18:16:48 | 000,112,924 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/09 18:15:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/09 17:14:13 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/09 17:12:21 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/07/09 17:12:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 07:05:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Wyatt\Desktop\dds.scr
[2012/07/04 06:37:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 06:37:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 06:29:09 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 06:20:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/04 06:09:11 | 000,000,921 | ---- | M] () -- C:\Users\Wyatt\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/04 05:21:11 | 004,570,624 | R--- | M] (Swearware) -- C:\Users\Wyatt\Desktop\Cf123.exe
[2012/07/03 18:25:43 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/03 15:31:52 | 000,711,240 | ---- | M] () -- C:\Windows\is-SVH3J.exe
[2012/07/03 15:31:52 | 000,010,498 | ---- | M] () -- C:\Windows\is-SVH3J.msg
[2012/07/03 15:31:52 | 000,000,491 | ---- | M] () -- C:\Windows\is-SVH3J.lst
[2012/06/15 17:42:05 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/04 06:09:11 | 000,000,921 | ---- | C] () -- C:\Users\Wyatt\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/04 05:24:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/04 05:24:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/04 05:24:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/04 05:24:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/04 05:24:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/03 15:31:52 | 000,711,240 | ---- | C] () -- C:\Windows\is-SVH3J.exe
[2012/07/03 15:31:52 | 000,010,498 | ---- | C] () -- C:\Windows\is-SVH3J.msg
[2012/07/03 15:31:52 | 000,000,491 | ---- | C] () -- C:\Windows\is-SVH3J.lst
[2012/01/05 22:34:03 | 000,001,420 | ---- | C] () -- \install.rdf
[2012/01/05 22:34:03 | 000,000,811 | ---- | C] () -- \compile.bat
[2011/06/25 22:49:49 | 000,000,000 | ---- | C] () -- C:\Users\Wyatt\AppData\Local\{2520907E-B0CD-4BED-92D7-6AE612756107}
[2011/05/08 11:30:09 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\sutil32.dll
[2011/02/11 06:56:20 | 000,000,599 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/17 12:04:36 | 000,033,864 | ---- | C] () -- \{AA9E1651-1D59-4AAD-979A-FDEE3EA9FE3F}
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/22 20:43:03 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/22 20:43:03 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010/08/22 20:34:48 | 2207,285,248 | -HS- | C] () -- \hiberfil.sys
[2010/07/23 02:32:42 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2010/07/23 02:31:20 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/07/23 02:31:20 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/23 02:31:20 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2011/11/11 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\DriverCure
[2011/01/02 14:46:35 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\SNS
[2011/11/11 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\SpeedyPC Software
[2011/10/23 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\WeatherBug
[2011/01/13 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\Windows Live Writer
[2012/07/09 17:12:21 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012/06/02 21:44:53 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/09 17:14:13 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/04/30 05:44:14 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

extra.txt

OTL Extras logfile created on: 7/9/2012 6:41:43 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Wyatt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.74 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 61.70% Memory free
5.48 Gb Paging File | 4.30 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 232.85 Gb Free Space | 81.70% Space Free | Partition Type: NTFS

Computer Name: WYATT-PC | User Name: Wyatt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe" = C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe:*:Enabled:iBryteDesktop -- (iBryte)
"C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe" = C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe:*:Enabled:iBryteDesktop -- (iBryte)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C3F179-4AE2-4B72-8DCD-C7996B4CFAEF}" = rport=445 | protocol=6 | dir=out | app=system |
"{07DA7817-363F-417D-8BDE-7187200D34B6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{135CDC68-E280-4D4C-8376-84361025408B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FC4D40F-0967-4903-9CAE-DDA14D5AC83D}" = lport=445 | protocol=6 | dir=in | app=system |
"{278ABD8A-69AD-4474-BB40-C87B83AD75C0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2811A615-1A07-485C-A6F1-3081657E0483}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B72D4CB-105E-452F-B6A7-6AF64E18E2E6}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A1C58B7-66DD-4126-86D5-8E7B5AEC4CF7}" = lport=138 | protocol=17 | dir=in | app=system |
"{4AFF9BBE-3EF7-4344-9216-315A22D37DD3}" = rport=139 | protocol=6 | dir=out | app=system |
"{5B3A6F1F-E22C-4931-85DA-D462D167BF10}" = lport=139 | protocol=6 | dir=in | app=system |
"{5D43B3A1-A34D-4E00-8B1D-A33D2B1ED7BA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7B72A1C6-62BD-4816-8B3A-38B27B1E8122}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A4FD093C-786A-4888-A490-A7704B4E94E2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8F22773-C4B2-4E66-A427-F3FB9C1BEEC7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B06E981B-0262-4E7D-B1BC-4991C6A32F53}" = rport=138 | protocol=17 | dir=out | app=system |
"{BD2DAF5F-AE55-42A2-AF89-FFDC4A09330B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C91F4278-166C-4857-B7D3-C11BBD76FAF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA32D77E-64CC-4967-864B-CDDED5E9F42F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D194A4C4-77FE-4556-B5A6-19769E253B28}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F319F016-65C9-4463-8534-CD481D294CCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F641721A-2A56-417D-9C9B-7922B2128855}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7B28318-E13A-4F4B-856C-98DD8FAD7666}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F8AAD6DD-BC49-4BA5-8723-DEC097D3959F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E1BF9B-BCAA-4C9C-863E-346FBF6DDE3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C08294C-FCB0-47D2-A342-9E38402D1A87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{10C96FFE-BF4E-408E-96FD-E0B51CCD5DF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{11B51674-2C74-4010-B198-8DDD1257A1BD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{1DA7149E-E7E4-4527-B44C-38E1569F0E9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{26E71F9C-A45B-4CF5-9344-A34E7A018DC7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{28A56E37-95FB-4C5A-B951-77780D43A417}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{324A62E3-3E14-4E92-ADEB-29572026C341}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{33059D62-73BA-434F-8AD3-83D8E6585987}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C0144D2-8B8C-4CEE-860B-DC44611BF707}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{500A34B4-DCF9-4C1A-BBFD-0E33FF3E9CEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{59E5F4AA-5BBB-4418-86FC-74ADC2A75136}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A9220CE-961D-4705-8D7C-85CE5149286B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8C0A6B3D-8DC5-402E-9672-AB52110DCA44}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{92BB55D0-38B0-4F11-A6E1-9A59E6C24085}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A6311C35-1B49-42F9-98EF-17904F04702F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1A0751F-C426-493D-9D49-3122760F3E4A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8EB14A5-1A8D-4BD6-974C-4730ABF3BBCF}" = protocol=6 | dir=out | app=system |
"{CD8BD2D0-3A54-4AF8-92B9-B69417E16620}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF066C70-0C57-4ACB-9996-0380196EFDA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DEFE916C-C81F-450D-B129-2CB0B7DD354D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EBEE64E7-D4D2-4F12-A4A1-A2D19F052335}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE641EA4-42CF-433B-A79A-209646C6CD65}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{EFE4D411-2A83-4AE2-BD02-5AACEF8B74F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F30B91B4-01F5-4236-8CE3-6C27FB4349D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCF5AD6E-8A7E-427C-8917-8D8DA1AF0451}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E10A7CC-B4B4-4BF0-A75E-9F960D58AAC4}_is1" = RebateRobot for Online Shopping version 1.0.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"facemoods" = Facemoods Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Wyatt
"48e4cff94f039634" = Best Buy pc app
"SOE-Clone Wars" = Clone Wars
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2012 5:13:59 PM | Computer Name = Wyatt-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The keyset is not defined. .

Error - 7/3/2012 8:36:23 PM | Computer Name = Wyatt-PC | Source = Application Hang | ID = 1002
Description = The program rkill.scr version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1010 Start Time:
01cd597cdecb5016 Termination Time: 40 Application Path: C:\Users\Wyatt\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\51CQ67R3\rkill.scr Report Id:

Error - 7/3/2012 8:37:52 PM | Computer Name = Wyatt-PC | Source = Application Hang | ID = 1002
Description = The program rkill.com version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e14 Start Time:
01cd597d20a81f46 Termination Time: 0 Application Path: C:\Users\Wyatt\Downloads\rkill.com

Report
Id:

Error - 7/3/2012 8:37:51 PM | Computer Name = Wyatt-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The keyset is not defined. .

Error - 7/3/2012 8:37:51 PM | Computer Name = Wyatt-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The keyset is not defined. .

Error - 7/3/2012 8:37:51 PM | Computer Name = Wyatt-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The keyset is not defined. .

Error - 7/4/2012 8:04:26 AM | Computer Name = Wyatt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bc60f Faulting module name: mscoree.dll, version: 4.0.40305.0, time
stamp: 0x4b90752b Exception code: 0xc0000005 Fault offset: 0x00034524 Faulting process
id: 0x734 Faulting application start time: 0x01cd59dc95e5b775 Faulting application
path: C:\Windows\SysWOW64\NOTEPAD.EXE Faulting module path: C:\Windows\SysWOW64\mscoree.dll
Report
Id: 6602ca10-c5d0-11e1-8c14-88ae1d7e5ede

Error - 7/4/2012 8:06:43 AM | Computer Name = Wyatt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bc60f Faulting module name: mscoree.dll, version: 4.0.40305.0, time
stamp: 0x4b90752b Exception code: 0xc0000005 Fault offset: 0x00034524 Faulting process
id: 0xed4 Faulting application start time: 0x01cd59dd72fc53ab Faulting application
path: C:\Windows\SysWOW64\NOTEPAD.EXE Faulting module path: C:\Windows\SysWOW64\mscoree.dll
Report
Id: b7fc9ae3-c5d0-11e1-8c14-88ae1d7e5ede

Error - 7/9/2012 6:52:00 PM | Computer Name = Wyatt-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/9/2012 6:52:30 PM | Computer Name = Wyatt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 4/11/2012 9:52:09 PM | Computer Name = Wyatt-PC | Source = MCUpdate | ID = 0
Description = 8:52:08 PM - Error connecting to the internet. 8:52:09 PM - Unable
to contact server..

Error - 5/17/2012 9:52:20 PM | Computer Name = Wyatt-PC | Source = MCUpdate | ID = 0
Description = 8:52:19 PM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 5/18/2012 11:30:52 PM | Computer Name = Wyatt-PC | Source = MCUpdate | ID = 0
Description = 10:30:52 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/19/2012 8:37:26 AM | Computer Name = Wyatt-PC | Source = MCUpdate | ID = 0
Description = 7:37:26 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/19/2012 10:37:15 PM | Computer Name = Wyatt-PC | Source = MCUpdate | ID = 0
Description = 9:37:10 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/19/2012 11:37:32 PM | Computer Name = Wyatt-PC | Source = MCUpdate | ID = 0
Description = 10:37:31 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 6:43:02 AM | Computer Name = Wyatt-PC | Source = MCUpdate | ID = 0
Description = 5:43:02 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 8:07:20 PM | Computer Name = Wyatt-PC | Source = MCUpdate | ID = 0
Description = 7:07:15 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 10:08:38 PM | Computer Name = Wyatt-PC | Source = MCUpdate | ID = 0
Description = 9:08:32 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 11:09:25 PM | Computer Name = Wyatt-PC | Source = MCUpdate | ID = 0
Description = 10:09:23 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ System Events ]
Error - 7/4/2012 7:29:29 AM | Computer Name = Wyatt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
Mobile Device service to connect.

Error - 7/4/2012 7:29:29 AM | Computer Name = Wyatt-PC | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%1053

Error - 7/4/2012 7:29:29 AM | Computer Name = Wyatt-PC | Source = Service Control Manager | ID = 7024
Description = The Norton Internet Security service terminated with service-specific
error %%-1.

Error - 7/4/2012 7:29:59 AM | Computer Name = Wyatt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Updater
Service service to connect.

Error - 7/4/2012 7:29:59 AM | Computer Name = Wyatt-PC | Source = Service Control Manager | ID = 7000
Description = The Updater Service service failed to start due to the following error:
%%1053

Error - 7/4/2012 7:32:02 AM | Computer Name = Wyatt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
Update Service (gupdate) service to connect.

Error - 7/4/2012 7:32:02 AM | Computer Name = Wyatt-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 7/4/2012 7:32:02 AM | Computer Name = Wyatt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel®
Rapid Storage Technology service to connect.

Error - 7/4/2012 7:32:02 AM | Computer Name = Wyatt-PC | Source = Service Control Manager | ID = 7000
Description = The Intel® Rapid Storage Technology service failed to start due
to the following error: %%1053

Error - 7/4/2012 7:32:11 AM | Computer Name = Wyatt-PC | Source = Service Control Manager | ID = 7023
Description = The Intel® Management & Security Application User Notification Service
service terminated with the following error: %%-2146893799


< End of report >


OTL

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 AM

Posted 10 July 2012 - 07:31 AM

aswMBR crashing is usually a sign of a rootkit. Let's try this, otherwise we may have to go undercover

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 lhffre

lhffre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 10 July 2012 - 05:18 PM

I ran TDDSKiller as instructed. No threats found.

Log:

17:15:17.0340 3368 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
17:15:17.0698 3368 ============================================================
17:15:17.0698 3368 Current date / time: 2012/07/10 17:15:17.0698
17:15:17.0698 3368 SystemInfo:
17:15:17.0698 3368
17:15:17.0698 3368 OS Version: 6.1.7601 ServicePack: 1.0
17:15:17.0698 3368 Product type: Workstation
17:15:17.0698 3368 ComputerName: WYATT-PC
17:15:17.0698 3368 UserName: Wyatt
17:15:17.0698 3368 Windows directory: C:\Windows
17:15:17.0698 3368 System windows directory: C:\Windows
17:15:17.0698 3368 Running under WOW64
17:15:17.0698 3368 Processor architecture: Intel x64
17:15:17.0698 3368 Number of processors: 2
17:15:17.0698 3368 Page size: 0x1000
17:15:17.0698 3368 Boot type: Normal boot
17:15:17.0698 3368 ============================================================
17:15:18.0213 3368 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:15:18.0213 3368 ============================================================
17:15:18.0213 3368 \Device\Harddisk0\DR0:
17:15:18.0213 3368 MBR partitions:
17:15:18.0213 3368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
17:15:18.0213 3368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
17:15:18.0213 3368 ============================================================
17:15:18.0244 3368 C: <-> \Device\Harddisk0\DR0\Partition1
17:15:18.0244 3368 ============================================================
17:15:18.0244 3368 Initialize success
17:15:18.0244 3368 ============================================================
17:15:23.0798 2088 ============================================================
17:15:23.0798 2088 Scan started
17:15:23.0798 2088 Mode: Manual;
17:15:23.0798 2088 ============================================================
17:15:24.0204 2088 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:15:24.0204 2088 1394ohci - ok
17:15:24.0282 2088 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:15:24.0282 2088 ACPI - ok
17:15:24.0328 2088 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:15:24.0328 2088 AcpiPmi - ok
17:15:24.0406 2088 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:15:24.0406 2088 adp94xx - ok
17:15:24.0453 2088 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:15:24.0453 2088 adpahci - ok
17:15:24.0484 2088 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:15:24.0484 2088 adpu320 - ok
17:15:24.0625 2088 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:15:24.0625 2088 AeLookupSvc - ok
17:15:24.0703 2088 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:15:24.0718 2088 AFD - ok
17:15:24.0750 2088 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:15:24.0750 2088 agp440 - ok
17:15:24.0765 2088 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:15:24.0765 2088 ALG - ok
17:15:24.0812 2088 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:15:24.0812 2088 aliide - ok
17:15:24.0828 2088 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:15:24.0828 2088 amdide - ok
17:15:24.0859 2088 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:15:24.0874 2088 AmdK8 - ok
17:15:24.0890 2088 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:15:24.0890 2088 AmdPPM - ok
17:15:24.0921 2088 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:15:24.0921 2088 amdsata - ok
17:15:24.0937 2088 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:15:24.0937 2088 amdsbs - ok
17:15:24.0984 2088 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:15:24.0984 2088 amdxata - ok
17:15:25.0030 2088 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:15:25.0030 2088 AppID - ok
17:15:25.0062 2088 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:15:25.0062 2088 AppIDSvc - ok
17:15:25.0093 2088 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:15:25.0108 2088 Appinfo - ok
17:15:25.0202 2088 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:15:25.0202 2088 Apple Mobile Device - ok
17:15:25.0218 2088 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:15:25.0233 2088 arc - ok
17:15:25.0233 2088 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:15:25.0233 2088 arcsas - ok
17:15:25.0280 2088 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:15:25.0280 2088 AsyncMac - ok
17:15:25.0327 2088 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:15:25.0327 2088 atapi - ok
17:15:25.0561 2088 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
17:15:25.0576 2088 athr - ok
17:15:25.0748 2088 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:15:25.0764 2088 AudioEndpointBuilder - ok
17:15:25.0764 2088 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:15:25.0764 2088 AudioSrv - ok
17:15:25.0842 2088 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:15:25.0842 2088 AxInstSV - ok
17:15:25.0920 2088 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:15:25.0920 2088 b06bdrv - ok
17:15:25.0998 2088 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:15:25.0998 2088 b57nd60a - ok
17:15:26.0044 2088 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:15:26.0044 2088 BDESVC - ok
17:15:26.0076 2088 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:15:26.0076 2088 Beep - ok
17:15:26.0185 2088 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:15:26.0200 2088 BFE - ok
17:15:26.0419 2088 BHDrvx64 (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys
17:15:26.0434 2088 BHDrvx64 - ok
17:15:26.0559 2088 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:15:26.0575 2088 BITS - ok
17:15:26.0606 2088 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:15:26.0606 2088 blbdrive - ok
17:15:26.0746 2088 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:15:26.0746 2088 Bonjour Service - ok
17:15:26.0793 2088 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:15:26.0793 2088 bowser - ok
17:15:26.0809 2088 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:15:26.0809 2088 BrFiltLo - ok
17:15:26.0840 2088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:15:26.0840 2088 BrFiltUp - ok
17:15:26.0856 2088 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:15:26.0856 2088 BridgeMP - ok
17:15:26.0902 2088 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:15:26.0918 2088 Browser - ok
17:15:26.0949 2088 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:15:26.0949 2088 Brserid - ok
17:15:26.0965 2088 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:15:26.0965 2088 BrSerWdm - ok
17:15:26.0980 2088 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:15:26.0980 2088 BrUsbMdm - ok
17:15:26.0996 2088 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:15:26.0996 2088 BrUsbSer - ok
17:15:27.0012 2088 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:15:27.0012 2088 BTHMODEM - ok
17:15:27.0058 2088 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:15:27.0058 2088 bthserv - ok
17:15:27.0105 2088 catchme - ok
17:15:27.0121 2088 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:15:27.0121 2088 cdfs - ok
17:15:27.0183 2088 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:15:27.0183 2088 cdrom - ok
17:15:27.0246 2088 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:15:27.0246 2088 CertPropSvc - ok
17:15:27.0261 2088 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:15:27.0261 2088 circlass - ok
17:15:27.0324 2088 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:15:27.0324 2088 CLFS - ok
17:15:27.0386 2088 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:27.0386 2088 clr_optimization_v2.0.50727_32 - ok
17:15:27.0433 2088 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:15:27.0433 2088 clr_optimization_v2.0.50727_64 - ok
17:15:27.0495 2088 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:15:27.0495 2088 clr_optimization_v4.0.30319_32 - ok
17:15:27.0542 2088 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:15:27.0542 2088 clr_optimization_v4.0.30319_64 - ok
17:15:27.0558 2088 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:15:27.0558 2088 CmBatt - ok
17:15:27.0604 2088 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:15:27.0604 2088 cmdide - ok
17:15:27.0667 2088 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:15:27.0682 2088 CNG - ok
17:15:27.0714 2088 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:15:27.0714 2088 Compbatt - ok
17:15:27.0760 2088 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:15:27.0760 2088 CompositeBus - ok
17:15:27.0776 2088 COMSysApp - ok
17:15:27.0792 2088 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:15:27.0792 2088 crcdisk - ok
17:15:27.0870 2088 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:15:27.0870 2088 CryptSvc - ok
17:15:27.0963 2088 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:15:27.0979 2088 DcomLaunch - ok
17:15:28.0026 2088 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:15:28.0026 2088 defragsvc - ok
17:15:28.0072 2088 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:15:28.0072 2088 DfsC - ok
17:15:28.0150 2088 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:15:28.0150 2088 Dhcp - ok
17:15:28.0166 2088 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:15:28.0166 2088 discache - ok
17:15:28.0182 2088 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:15:28.0197 2088 Disk - ok
17:15:28.0228 2088 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:15:28.0228 2088 Dnscache - ok
17:15:28.0291 2088 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:15:28.0291 2088 dot3svc - ok
17:15:28.0353 2088 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:15:28.0353 2088 DPS - ok
17:15:28.0384 2088 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:15:28.0384 2088 drmkaud - ok
17:15:28.0525 2088 DsiWMIService (1fca854cedfc2ccd0c22e46ea4ea18f1) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:15:28.0525 2088 DsiWMIService - ok
17:15:28.0665 2088 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:15:28.0681 2088 DXGKrnl - ok
17:15:28.0743 2088 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:15:28.0743 2088 EapHost - ok
17:15:29.0008 2088 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:15:29.0040 2088 ebdrv - ok
17:15:29.0149 2088 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:15:29.0164 2088 EFS - ok
17:15:29.0242 2088 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:15:29.0242 2088 ehRecvr - ok
17:15:29.0289 2088 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:15:29.0289 2088 ehSched - ok
17:15:29.0367 2088 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:15:29.0367 2088 elxstor - ok
17:15:29.0554 2088 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
17:15:29.0570 2088 ePowerSvc - ok
17:15:29.0664 2088 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:15:29.0664 2088 ErrDev - ok
17:15:29.0742 2088 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:15:29.0742 2088 EventSystem - ok
17:15:29.0773 2088 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:15:29.0773 2088 exfat - ok
17:15:29.0820 2088 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:15:29.0820 2088 fastfat - ok
17:15:29.0913 2088 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:15:29.0929 2088 Fax - ok
17:15:29.0944 2088 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:15:29.0944 2088 fdc - ok
17:15:29.0960 2088 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:15:29.0960 2088 fdPHost - ok
17:15:29.0960 2088 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:15:29.0960 2088 FDResPub - ok
17:15:29.0976 2088 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:15:29.0976 2088 FileInfo - ok
17:15:29.0991 2088 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:15:29.0991 2088 Filetrace - ok
17:15:30.0007 2088 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:15:30.0007 2088 flpydisk - ok
17:15:30.0069 2088 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:15:30.0069 2088 FltMgr - ok
17:15:30.0194 2088 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:15:30.0210 2088 FontCache - ok
17:15:30.0272 2088 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:15:30.0272 2088 FontCache3.0.0.0 - ok
17:15:30.0288 2088 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:15:30.0288 2088 FsDepends - ok
17:15:30.0319 2088 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:15:30.0319 2088 Fs_Rec - ok
17:15:30.0381 2088 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:15:30.0381 2088 fvevol - ok
17:15:30.0412 2088 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:15:30.0412 2088 gagp30kx - ok
17:15:30.0459 2088 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:15:30.0459 2088 GEARAspiWDM - ok
17:15:30.0553 2088 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:15:30.0568 2088 gpsvc - ok
17:15:30.0662 2088 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
17:15:30.0662 2088 GREGService - ok
17:15:30.0709 2088 gupdate - ok
17:15:30.0740 2088 gupdatem - ok
17:15:30.0771 2088 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:15:30.0771 2088 gusvc - ok
17:15:30.0802 2088 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:15:30.0802 2088 hcw85cir - ok
17:15:30.0880 2088 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:15:30.0880 2088 HdAudAddService - ok
17:15:30.0943 2088 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:15:30.0943 2088 HDAudBus - ok
17:15:30.0974 2088 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:15:30.0974 2088 HECIx64 - ok
17:15:30.0990 2088 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:15:30.0990 2088 HidBatt - ok
17:15:31.0005 2088 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:15:31.0005 2088 HidBth - ok
17:15:31.0005 2088 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:15:31.0005 2088 HidIr - ok
17:15:31.0036 2088 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:15:31.0036 2088 hidserv - ok
17:15:31.0052 2088 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:15:31.0052 2088 HidUsb - ok
17:15:31.0099 2088 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:15:31.0099 2088 hkmsvc - ok
17:15:31.0146 2088 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:15:31.0161 2088 HomeGroupListener - ok
17:15:31.0192 2088 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:15:31.0192 2088 HomeGroupProvider - ok
17:15:31.0208 2088 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:15:31.0208 2088 HpSAMD - ok
17:15:31.0302 2088 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:15:31.0317 2088 HTTP - ok
17:15:31.0348 2088 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:15:31.0348 2088 hwpolicy - ok
17:15:31.0395 2088 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:15:31.0411 2088 i8042prt - ok
17:15:31.0473 2088 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
17:15:31.0489 2088 iaStor - ok
17:15:31.0567 2088 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:15:31.0567 2088 IAStorDataMgrSvc - ok
17:15:31.0614 2088 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:15:31.0614 2088 iaStorV - ok
17:15:31.0770 2088 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:15:31.0785 2088 idsvc - ok
17:15:31.0941 2088 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110224.001\IDSvia64.sys
17:15:31.0941 2088 IDSVia64 - ok
17:15:32.0752 2088 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:15:32.0815 2088 igfx - ok
17:15:32.0924 2088 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:15:32.0924 2088 iirsp - ok
17:15:33.0033 2088 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:15:33.0049 2088 IKEEXT - ok
17:15:33.0096 2088 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
17:15:33.0096 2088 Impcd - ok
17:15:33.0314 2088 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
17:15:33.0330 2088 IntcAzAudAddService - ok
17:15:33.0454 2088 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:15:33.0454 2088 IntcDAud - ok
17:15:33.0486 2088 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:15:33.0486 2088 intelide - ok
17:15:33.0501 2088 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:15:33.0501 2088 intelppm - ok
17:15:33.0548 2088 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:15:33.0548 2088 IPBusEnum - ok
17:15:33.0595 2088 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:15:33.0595 2088 IpFilterDriver - ok
17:15:33.0673 2088 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:15:33.0688 2088 iphlpsvc - ok
17:15:33.0720 2088 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:15:33.0720 2088 IPMIDRV - ok
17:15:33.0735 2088 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:15:33.0735 2088 IPNAT - ok
17:15:33.0876 2088 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
17:15:33.0891 2088 iPod Service - ok
17:15:33.0922 2088 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:15:33.0922 2088 IRENUM - ok
17:15:33.0954 2088 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:15:33.0954 2088 isapnp - ok
17:15:34.0000 2088 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:15:34.0000 2088 iScsiPrt - ok
17:15:34.0063 2088 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
17:15:34.0063 2088 k57nd60a - ok
17:15:34.0094 2088 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:15:34.0094 2088 kbdclass - ok
17:15:34.0141 2088 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:15:34.0141 2088 kbdhid - ok
17:15:34.0188 2088 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:15:34.0188 2088 KeyIso - ok
17:15:34.0219 2088 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:15:34.0219 2088 KSecDD - ok
17:15:34.0250 2088 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:15:34.0250 2088 KSecPkg - ok
17:15:34.0266 2088 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:15:34.0266 2088 ksthunk - ok
17:15:34.0328 2088 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:15:34.0328 2088 KtmRm - ok
17:15:34.0406 2088 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:15:34.0406 2088 LanmanServer - ok
17:15:34.0437 2088 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:15:34.0437 2088 LanmanWorkstation - ok
17:15:34.0500 2088 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:15:34.0500 2088 lltdio - ok
17:15:34.0546 2088 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:15:34.0562 2088 lltdsvc - ok
17:15:34.0578 2088 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:15:34.0578 2088 lmhosts - ok
17:15:34.0687 2088 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:15:34.0702 2088 LMS - ok
17:15:34.0765 2088 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:15:34.0765 2088 LSI_FC - ok
17:15:34.0780 2088 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:15:34.0780 2088 LSI_SAS - ok
17:15:34.0796 2088 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:15:34.0796 2088 LSI_SAS2 - ok
17:15:34.0796 2088 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:15:34.0796 2088 LSI_SCSI - ok
17:15:34.0827 2088 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:15:34.0827 2088 luafv - ok
17:15:34.0890 2088 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:15:34.0890 2088 MBAMProtector - ok
17:15:35.0030 2088 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:15:35.0030 2088 MBAMService - ok
17:15:35.0061 2088 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:15:35.0061 2088 Mcx2Svc - ok
17:15:35.0077 2088 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:15:35.0077 2088 megasas - ok
17:15:35.0124 2088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:15:35.0139 2088 MegaSR - ok
17:15:35.0186 2088 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:15:35.0186 2088 MMCSS - ok
17:15:35.0186 2088 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:15:35.0186 2088 Modem - ok
17:15:35.0217 2088 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:15:35.0217 2088 monitor - ok
17:15:35.0248 2088 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:15:35.0248 2088 mouclass - ok
17:15:35.0264 2088 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:15:35.0264 2088 mouhid - ok
17:15:35.0295 2088 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:15:35.0295 2088 mountmgr - ok
17:15:35.0358 2088 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:15:35.0358 2088 mpio - ok
17:15:35.0389 2088 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:15:35.0389 2088 mpsdrv - ok
17:15:35.0498 2088 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:15:35.0498 2088 MpsSvc - ok
17:15:35.0560 2088 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:15:35.0560 2088 MRxDAV - ok
17:15:35.0607 2088 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:15:35.0607 2088 mrxsmb - ok
17:15:35.0670 2088 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:15:35.0670 2088 mrxsmb10 - ok
17:15:35.0685 2088 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:15:35.0701 2088 mrxsmb20 - ok
17:15:35.0748 2088 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:15:35.0748 2088 msahci - ok
17:15:35.0794 2088 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:15:35.0794 2088 msdsm - ok
17:15:35.0841 2088 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:15:35.0841 2088 MSDTC - ok
17:15:35.0888 2088 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:15:35.0888 2088 Msfs - ok
17:15:35.0904 2088 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:15:35.0904 2088 mshidkmdf - ok
17:15:35.0935 2088 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:15:35.0935 2088 msisadrv - ok
17:15:35.0982 2088 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:15:35.0997 2088 MSiSCSI - ok
17:15:35.0997 2088 msiserver - ok
17:15:36.0060 2088 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:15:36.0060 2088 MSKSSRV - ok
17:15:36.0075 2088 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:15:36.0075 2088 MSPCLOCK - ok
17:15:36.0091 2088 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:15:36.0091 2088 MSPQM - ok
17:15:36.0153 2088 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:15:36.0153 2088 MsRPC - ok
17:15:36.0184 2088 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:15:36.0184 2088 mssmbios - ok
17:15:36.0200 2088 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:15:36.0200 2088 MSTEE - ok
17:15:36.0216 2088 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:15:36.0216 2088 MTConfig - ok
17:15:36.0247 2088 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:15:36.0247 2088 Mup - ok
17:15:36.0325 2088 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:15:36.0340 2088 napagent - ok
17:15:36.0403 2088 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:15:36.0403 2088 NativeWifiP - ok
17:15:36.0543 2088 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110224.038\ENG64.SYS
17:15:36.0559 2088 NAVENG - ok
17:15:36.0746 2088 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110224.038\EX64.SYS
17:15:36.0762 2088 NAVEX15 - ok
17:15:36.0949 2088 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:15:36.0964 2088 NDIS - ok
17:15:36.0996 2088 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:15:36.0996 2088 NdisCap - ok
17:15:37.0042 2088 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:15:37.0042 2088 NdisTapi - ok
17:15:37.0074 2088 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:15:37.0089 2088 Ndisuio - ok
17:15:37.0120 2088 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:15:37.0120 2088 NdisWan - ok
17:15:37.0152 2088 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:15:37.0152 2088 NDProxy - ok
17:15:37.0323 2088 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:15:37.0339 2088 Nero BackItUp Scheduler 4.0 - ok
17:15:37.0370 2088 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:15:37.0370 2088 NetBIOS - ok
17:15:37.0401 2088 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:15:37.0401 2088 NetBT - ok
17:15:37.0448 2088 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:15:37.0464 2088 Netlogon - ok
17:15:37.0526 2088 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:15:37.0526 2088 Netman - ok
17:15:37.0573 2088 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:15:37.0588 2088 netprofm - ok
17:15:37.0666 2088 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:15:37.0666 2088 NetTcpPortSharing - ok
17:15:37.0698 2088 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:15:37.0698 2088 nfrd960 - ok
17:15:37.0791 2088 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
17:15:37.0791 2088 NIS - ok
17:15:37.0854 2088 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:15:37.0854 2088 NlaSvc - ok
17:15:37.0900 2088 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:15:37.0900 2088 Npfs - ok
17:15:37.0916 2088 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:15:37.0932 2088 nsi - ok
17:15:37.0947 2088 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:15:37.0947 2088 nsiproxy - ok
17:15:38.0119 2088 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:15:38.0134 2088 Ntfs - ok
17:15:38.0212 2088 NTI IScheduleSvc (6fd534ede2905d3c3257cfdd881f9705) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
17:15:38.0212 2088 NTI IScheduleSvc - ok
17:15:38.0322 2088 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
17:15:38.0322 2088 NTIDrvr - ok
17:15:38.0337 2088 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:15:38.0337 2088 Null - ok
17:15:38.0368 2088 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:15:38.0384 2088 nvraid - ok
17:15:38.0400 2088 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:15:38.0400 2088 nvstor - ok
17:15:38.0462 2088 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:15:38.0462 2088 nv_agp - ok
17:15:38.0509 2088 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:15:38.0524 2088 ohci1394 - ok
17:15:38.0587 2088 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:15:38.0587 2088 p2pimsvc - ok
17:15:38.0649 2088 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:15:38.0665 2088 p2psvc - ok
17:15:38.0680 2088 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:15:38.0696 2088 Parport - ok
17:15:38.0743 2088 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:15:38.0743 2088 partmgr - ok
17:15:38.0774 2088 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:15:38.0774 2088 PcaSvc - ok
17:15:38.0805 2088 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:15:38.0805 2088 pci - ok
17:15:38.0821 2088 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:15:38.0821 2088 pciide - ok
17:15:38.0852 2088 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:15:38.0852 2088 pcmcia - ok
17:15:38.0992 2088 PCToolsSSDMonitorSvc (e6e503845208a148a9e3e7faa63b97a4) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
17:15:38.0992 2088 PCToolsSSDMonitorSvc - ok
17:15:39.0008 2088 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:15:39.0008 2088 pcw - ok
17:15:39.0086 2088 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:15:39.0086 2088 PEAUTH - ok
17:15:39.0180 2088 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:15:39.0180 2088 PerfHost - ok
17:15:39.0351 2088 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:15:39.0382 2088 pla - ok
17:15:39.0538 2088 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:15:39.0554 2088 PlugPlay - ok
17:15:39.0585 2088 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:15:39.0585 2088 PNRPAutoReg - ok
17:15:39.0632 2088 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:15:39.0632 2088 PNRPsvc - ok
17:15:39.0741 2088 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:15:39.0757 2088 PolicyAgent - ok
17:15:39.0819 2088 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:15:39.0819 2088 Power - ok
17:15:39.0897 2088 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:15:39.0897 2088 PptpMiniport - ok
17:15:39.0928 2088 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:15:39.0928 2088 Processor - ok
17:15:39.0991 2088 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:15:39.0991 2088 ProfSvc - ok
17:15:40.0038 2088 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:15:40.0038 2088 ProtectedStorage - ok
17:15:40.0084 2088 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:15:40.0084 2088 Psched - ok
17:15:40.0287 2088 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:15:40.0303 2088 ql2300 - ok
17:15:40.0428 2088 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:15:40.0428 2088 ql40xx - ok
17:15:40.0474 2088 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:15:40.0474 2088 QWAVE - ok
17:15:40.0490 2088 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:15:40.0490 2088 QWAVEdrv - ok
17:15:40.0506 2088 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:15:40.0506 2088 RasAcd - ok
17:15:40.0552 2088 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:15:40.0552 2088 RasAgileVpn - ok
17:15:40.0584 2088 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:15:40.0584 2088 RasAuto - ok
17:15:40.0630 2088 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:15:40.0630 2088 Rasl2tp - ok
17:15:40.0724 2088 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:15:40.0724 2088 RasMan - ok
17:15:40.0771 2088 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:15:40.0771 2088 RasPppoe - ok
17:15:40.0802 2088 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:15:40.0802 2088 RasSstp - ok
17:15:40.0849 2088 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:15:40.0849 2088 rdbss - ok
17:15:40.0864 2088 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:15:40.0864 2088 rdpbus - ok
17:15:40.0880 2088 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:15:40.0880 2088 RDPCDD - ok
17:15:40.0911 2088 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:15:40.0927 2088 RDPENCDD - ok
17:15:40.0942 2088 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:15:40.0942 2088 RDPREFMP - ok
17:15:40.0989 2088 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:15:41.0005 2088 RDPWD - ok
17:15:41.0052 2088 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:15:41.0067 2088 rdyboost - ok
17:15:41.0098 2088 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:15:41.0098 2088 RemoteAccess - ok
17:15:41.0145 2088 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:15:41.0145 2088 RemoteRegistry - ok
17:15:41.0176 2088 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:15:41.0192 2088 RpcEptMapper - ok
17:15:41.0208 2088 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:15:41.0208 2088 RpcLocator - ok
17:15:41.0286 2088 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:15:41.0301 2088 RpcSs - ok
17:15:41.0317 2088 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:15:41.0317 2088 rspndr - ok
17:15:41.0379 2088 RSUSBSTOR (44ed82612403021e36998e1ecb1198f1) C:\Windows\system32\Drivers\RtsUStor.sys
17:15:41.0379 2088 RSUSBSTOR - ok
17:15:41.0410 2088 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:15:41.0410 2088 SamSs - ok
17:15:41.0457 2088 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:15:41.0457 2088 sbp2port - ok
17:15:41.0488 2088 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:15:41.0504 2088 SCardSvr - ok
17:15:41.0535 2088 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:15:41.0535 2088 scfilter - ok
17:15:41.0660 2088 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:15:41.0676 2088 Schedule - ok
17:15:41.0738 2088 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:15:41.0738 2088 SCPolicySvc - ok
17:15:41.0800 2088 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:15:41.0800 2088 SDRSVC - ok
17:15:41.0832 2088 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:15:41.0847 2088 secdrv - ok
17:15:41.0863 2088 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:15:41.0878 2088 seclogon - ok
17:15:41.0894 2088 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:15:41.0894 2088 SENS - ok
17:15:41.0925 2088 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:15:41.0925 2088 SensrSvc - ok
17:15:41.0941 2088 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:15:41.0941 2088 Serenum - ok
17:15:41.0972 2088 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:15:41.0972 2088 Serial - ok
17:15:42.0003 2088 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:15:42.0003 2088 sermouse - ok
17:15:42.0066 2088 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:15:42.0066 2088 SessionEnv - ok
17:15:42.0112 2088 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:15:42.0112 2088 sffdisk - ok
17:15:42.0128 2088 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:15:42.0128 2088 sffp_mmc - ok
17:15:42.0144 2088 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:15:42.0144 2088 sffp_sd - ok
17:15:42.0159 2088 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:15:42.0159 2088 sfloppy - ok
17:15:42.0222 2088 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:15:42.0237 2088 SharedAccess - ok
17:15:42.0300 2088 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:15:42.0315 2088 ShellHWDetection - ok
17:15:42.0362 2088 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:15:42.0362 2088 SiSRaid2 - ok
17:15:42.0378 2088 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:15:42.0378 2088 SiSRaid4 - ok
17:15:42.0393 2088 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:15:42.0393 2088 Smb - ok
17:15:42.0424 2088 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:15:42.0424 2088 SNMPTRAP - ok
17:15:42.0440 2088 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:15:42.0440 2088 spldr - ok
17:15:42.0502 2088 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:15:42.0518 2088 Spooler - ok
17:15:42.0814 2088 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:15:42.0846 2088 sppsvc - ok
17:15:42.0955 2088 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:15:42.0955 2088 sppuinotify - ok
17:15:43.0220 2088 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
17:15:43.0236 2088 SRTSP - ok
17:15:43.0236 2088 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
17:15:43.0236 2088 SRTSPX - ok
17:15:43.0314 2088 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:15:43.0329 2088 srv - ok
17:15:43.0376 2088 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:15:43.0376 2088 srv2 - ok
17:15:43.0423 2088 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:15:43.0423 2088 srvnet - ok
17:15:43.0454 2088 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:15:43.0470 2088 SSDPSRV - ok
17:15:43.0485 2088 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:15:43.0501 2088 SstpSvc - ok
17:15:43.0532 2088 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:15:43.0532 2088 stexstor - ok
17:15:43.0626 2088 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:15:43.0626 2088 stisvc - ok
17:15:43.0657 2088 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:15:43.0657 2088 swenum - ok
17:15:43.0704 2088 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:15:43.0704 2088 swprv - ok
17:15:43.0797 2088 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
17:15:43.0797 2088 SymDS - ok
17:15:43.0906 2088 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
17:15:43.0906 2088 SymEFA - ok
17:15:43.0969 2088 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:15:43.0969 2088 SymEvent - ok
17:15:44.0016 2088 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
17:15:44.0016 2088 SymIRON - ok
17:15:44.0062 2088 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
17:15:44.0062 2088 SymNetS - ok
17:15:44.0140 2088 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
17:15:44.0140 2088 SynTP - ok
17:15:44.0328 2088 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:15:44.0343 2088 SysMain - ok
17:15:44.0484 2088 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:15:44.0484 2088 TabletInputService - ok
17:15:44.0530 2088 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:15:44.0546 2088 TapiSrv - ok
17:15:44.0562 2088 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:15:44.0562 2088 TBS - ok
17:15:44.0764 2088 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:15:44.0796 2088 Tcpip - ok
17:15:45.0030 2088 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:15:45.0045 2088 TCPIP6 - ok
17:15:45.0139 2088 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:15:45.0139 2088 tcpipreg - ok
17:15:45.0170 2088 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:15:45.0170 2088 TDPIPE - ok
17:15:45.0201 2088 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:15:45.0201 2088 TDTCP - ok
17:15:45.0264 2088 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:15:45.0264 2088 tdx - ok
17:15:45.0295 2088 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:15:45.0295 2088 TermDD - ok
17:15:45.0404 2088 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:15:45.0420 2088 TermService - ok
17:15:45.0435 2088 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:15:45.0435 2088 Themes - ok
17:15:45.0482 2088 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:15:45.0482 2088 THREADORDER - ok
17:15:45.0513 2088 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:15:45.0513 2088 TrkWks - ok
17:15:45.0576 2088 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:15:45.0576 2088 TrustedInstaller - ok
17:15:45.0622 2088 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:15:45.0638 2088 tssecsrv - ok
17:15:45.0716 2088 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:15:45.0716 2088 TsUsbFlt - ok
17:15:45.0778 2088 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:15:45.0778 2088 tunnel - ok
17:15:45.0825 2088 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:15:45.0825 2088 uagp35 - ok
17:15:45.0841 2088 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
17:15:45.0841 2088 UBHelper - ok
17:15:45.0903 2088 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:15:45.0903 2088 udfs - ok
17:15:45.0934 2088 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:15:45.0934 2088 UI0Detect - ok
17:15:45.0966 2088 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:15:45.0966 2088 uliagpkx - ok
17:15:46.0012 2088 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:15:46.0012 2088 umbus - ok
17:15:46.0028 2088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:15:46.0028 2088 UmPass - ok
17:15:46.0293 2088 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:15:46.0324 2088 UNS - ok
17:15:46.0418 2088 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
17:15:46.0434 2088 Updater Service - ok
17:15:46.0543 2088 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:15:46.0558 2088 upnphost - ok
17:15:46.0621 2088 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:15:46.0621 2088 USBAAPL64 - ok
17:15:46.0652 2088 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:15:46.0652 2088 usbccgp - ok
17:15:46.0699 2088 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:15:46.0699 2088 usbcir - ok
17:15:46.0714 2088 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:15:46.0730 2088 usbehci - ok
17:15:46.0761 2088 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:15:46.0777 2088 usbhub - ok
17:15:46.0792 2088 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:15:46.0792 2088 usbohci - ok
17:15:46.0824 2088 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:15:46.0824 2088 usbprint - ok
17:15:46.0855 2088 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:15:46.0855 2088 USBSTOR - ok
17:15:46.0886 2088 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:15:46.0886 2088 usbuhci - ok
17:15:46.0917 2088 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:15:46.0933 2088 usbvideo - ok
17:15:46.0948 2088 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:15:46.0948 2088 UxSms - ok
17:15:46.0980 2088 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:15:46.0980 2088 VaultSvc - ok
17:15:47.0026 2088 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:15:47.0026 2088 vdrvroot - ok
17:15:47.0104 2088 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:15:47.0120 2088 vds - ok
17:15:47.0120 2088 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:15:47.0120 2088 vga - ok
17:15:47.0151 2088 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:15:47.0167 2088 VgaSave - ok
17:15:47.0198 2088 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:15:47.0198 2088 vhdmp - ok
17:15:47.0214 2088 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:15:47.0214 2088 viaide - ok
17:15:47.0229 2088 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:15:47.0229 2088 volmgr - ok
17:15:47.0292 2088 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:15:47.0292 2088 volmgrx - ok
17:15:47.0338 2088 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:15:47.0338 2088 volsnap - ok
17:15:47.0370 2088 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:15:47.0370 2088 vsmraid - ok
17:15:47.0541 2088 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:15:47.0557 2088 VSS - ok
17:15:47.0666 2088 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:15:47.0666 2088 vwifibus - ok
17:15:47.0697 2088 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:15:47.0697 2088 vwififlt - ok
17:15:47.0760 2088 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:15:47.0775 2088 W32Time - ok
17:15:47.0806 2088 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:15:47.0806 2088 WacomPen - ok
17:15:47.0838 2088 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:15:47.0838 2088 WANARP - ok
17:15:47.0869 2088 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:15:47.0869 2088 Wanarpv6 - ok
17:15:48.0072 2088 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:15:48.0087 2088 WatAdminSvc - ok
17:15:48.0243 2088 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:15:48.0259 2088 wbengine - ok
17:15:48.0368 2088 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:15:48.0368 2088 WbioSrvc - ok
17:15:48.0430 2088 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:15:48.0446 2088 wcncsvc - ok
17:15:48.0462 2088 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:15:48.0462 2088 WcsPlugInService - ok
17:15:48.0493 2088 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:15:48.0493 2088 Wd - ok
17:15:48.0555 2088 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:15:48.0571 2088 Wdf01000 - ok
17:15:48.0586 2088 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:15:48.0602 2088 WdiServiceHost - ok
17:15:48.0602 2088 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:15:48.0602 2088 WdiSystemHost - ok
17:15:48.0664 2088 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:15:48.0680 2088 WebClient - ok
17:15:48.0711 2088 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:15:48.0711 2088 Wecsvc - ok
17:15:48.0742 2088 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:15:48.0742 2088 wercplsupport - ok
17:15:48.0758 2088 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:15:48.0774 2088 WerSvc - ok
17:15:48.0789 2088 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:15:48.0789 2088 WfpLwf - ok
17:15:48.0805 2088 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:15:48.0820 2088 WIMMount - ok
17:15:48.0867 2088 WinDefend - ok
17:15:48.0867 2088 WinHttpAutoProxySvc - ok
17:15:49.0039 2088 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:15:49.0039 2088 Winmgmt - ok
17:15:49.0242 2088 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:15:49.0257 2088 WinRM - ok
17:15:49.0398 2088 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:15:49.0398 2088 WinUsb - ok
17:15:49.0507 2088 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:15:49.0522 2088 Wlansvc - ok
17:15:49.0554 2088 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:15:49.0554 2088 WmiAcpi - ok
17:15:49.0585 2088 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:15:49.0600 2088 wmiApSrv - ok
17:15:49.0616 2088 WMPNetworkSvc - ok
17:15:49.0632 2088 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:15:49.0632 2088 WPCSvc - ok
17:15:49.0678 2088 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:15:49.0694 2088 WPDBusEnum - ok
17:15:49.0725 2088 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:15:49.0725 2088 ws2ifsl - ok
17:15:49.0756 2088 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:15:49.0756 2088 wscsvc - ok
17:15:49.0772 2088 WSearch - ok
17:15:50.0006 2088 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:15:50.0037 2088 wuauserv - ok
17:15:50.0115 2088 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:15:50.0115 2088 WudfPf - ok
17:15:50.0162 2088 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:15:50.0178 2088 WUDFRd - ok
17:15:50.0224 2088 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:15:50.0224 2088 wudfsvc - ok
17:15:50.0271 2088 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:15:50.0271 2088 WwanSvc - ok
17:15:50.0302 2088 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:15:50.0614 2088 \Device\Harddisk0\DR0 - ok
17:15:50.0630 2088 Boot (0x1200) (0e459a9cae66649cb67bc73b79fab8e5) \Device\Harddisk0\DR0\Partition0
17:15:50.0630 2088 \Device\Harddisk0\DR0\Partition0 - ok
17:15:50.0630 2088 Boot (0x1200) (1f0682f2bf206b7ee90b356a5c6d4dcb) \Device\Harddisk0\DR0\Partition1
17:15:50.0630 2088 \Device\Harddisk0\DR0\Partition1 - ok
17:15:50.0630 2088 ============================================================
17:15:50.0630 2088 Scan finished
17:15:50.0630 2088 ============================================================
17:15:50.0646 3496 Detected object count: 0
17:15:50.0646 3496 Actual detected object count: 0

Thanks.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 AM

Posted 10 July 2012 - 08:01 PM

Let's run FRST, this will work outside normal boot

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#7 lhffre

lhffre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 10 July 2012 - 11:04 PM

here is frst.txt

Scan result of Farbar Recovery Scan Tool Version: 10-07-01
Ran by SYSTEM at 10-07-01 :5:
Running from G:\
Windows 7 Home Premium (X6) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl6.exe -s [109055 010-06-] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [0608 010-06-09] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 009-1-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [86116 010-06-11] (Acer Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system\igfxtray.exe [1610 010-08-5] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system\hkcmd.exe [8658 010-08-5] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system\igfxpers.exe [1556 010-08-5] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system\rundll.exe C:\Windows\System\LogiLDA.dll,LogiFetch [158068 010-11-0] (Logitech, Inc.)
HKLM-x\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [608 01-0-0] (Malwarebytes Corporation)
HKU\Wyatt\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [908 010-07-] (Google Inc.)
HKU\Wyatt\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [16576 010-0-9] (AWS Convergence Technologies, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 19.168.1.1
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ======

DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [110 010-06-1] (Dritek System Inc.)
GREGService; C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [58 010-01-08] (Acer Incorporated)
MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [6508 01-0-0] (Malwarebytes Corporation)
NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.9\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.9\diMaster.dll" /prefetch:1 [658 011-0-1] (Symantec Corporation)
NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [557 010-05-] (NewTech Infosystems, Inc.)
PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [5860 010-08-05] (PC Tools)
UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [090 010-0-17] (Intel Corporation)

========================== Drivers (Whitelisted) =============

19ohci; C:\Windows\System\Drivers\19ohci.sys [9888 010-11-0] (Microsoft Corporation)
0 ACPI; C:\Windows\System\Drivers\ACPI.sys [08 010-11-0] (Microsoft Corporation)
AcpiPmi; C:\Windows\System\Drivers\AcpiPmi.sys [1800 010-11-0] (Microsoft Corporation)
adp9xx; C:\Windows\System\Drivers\adp9xx.sys [91088 009-07-1] (Adaptec, Inc.)
adpahci; C:\Windows\System\Drivers\adpahci.sys [956 009-07-1] (Adaptec, Inc.)
adpu0; C:\Windows\System\Drivers\adpu0.sys [1886 009-07-1] (Adaptec, Inc.)
1 AFD; C:\Windows\System\Drivers\AFD.sys [98688 011-1-7] (Microsoft Corporation)
agp0; C:\Windows\System\Drivers\agp0.sys [61008 009-07-1] (Microsoft Corporation)
amdide; C:\Windows\System\Drivers\amdide.sys [150 009-07-1] (Microsoft Corporation)
AmdK8; C:\Windows\System\Drivers\AmdK8.sys [651 009-07-1] (Microsoft Corporation)
AmdPPM; C:\Windows\System\Drivers\AmdPPM.sys [6098 009-07-1] (Microsoft Corporation)
amdsata; C:\Windows\System\Drivers\amdsata.sys [10790 011-0-10] (Advanced Micro Devices)
0 amdxata; C:\Windows\System\Drivers\amdxata.sys [7008 011-0-10] (Advanced Micro Devices)
AppID; C:\Windows\System\Drivers\AppID.sys [610 010-11-0] (Microsoft Corporation)
arc; C:\Windows\System\Drivers\arc.sys [876 009-07-1] (Adaptec, Inc.)
arcsas; C:\Windows\System\Drivers\arcsas.sys [97856 009-07-1] (Adaptec, Inc.)
AsyncMac; C:\Windows\System\Drivers\AsyncMac.sys [00 009-07-1] (Microsoft Corporation)
0 atapi; C:\Windows\System\Drivers\atapi.sys [18 009-07-1] (Microsoft Corporation)
b06bdrv; C:\Windows\system\DRIVERS\bxvbda.sys [6880 009-06-10] (Broadcom Corporation)
b57nd60a; C:\Windows\System\Drivers\b57nd60a.sys [7088 009-06-10] (Broadcom Corporation)
1 Beep; C:\Windows\System\Drivers\Beep.sys [6656 009-07-1] (Microsoft Corporation)
1 BHDrvx6; \??\C:\ProgramData\Norton\{0C55C096-0F1D-F8-AAA-85EF59116E7}\NIS_18.0.0.18\Definitions\BASHDefs\011011.001\BHDrvx6.sys [9590 010-11-] (Symantec Corporation)
1 blbdrive; C:\Windows\System\Drivers\blbdrive.sys [5056 009-07-1] (Microsoft Corporation)
bowser; C:\Windows\System\Drivers\bowser.sys [906 011-0-] (Microsoft Corporation)
BrFiltLo; C:\Windows\System\Drivers\BrFiltLo.sys [18 009-06-10] (Brother Industries, Ltd.)
BrFiltUp; C:\Windows\System\Drivers\BrFiltUp.sys [870 009-06-10] (Brother Industries, Ltd.)
BridgeMP; C:\Windows\System\DRIVERS\bridge.sys [95 009-07-1] (Microsoft Corporation)
Brserid; C:\Windows\System\Drivers\Brserid.sys [8670 009-07-1] (Brother Industries Ltd.)
BrSerWdm; C:\Windows\System\Drivers\BrSerWdm.sys [710 009-06-10] (Brother Industries Ltd.)
BrUsbMdm; C:\Windows\System\Drivers\BrUsbMdm.sys [1976 009-06-10] (Brother Industries Ltd.)
BrUsbSer; C:\Windows\System\Drivers\BrUsbSer.sys [170 009-06-10] (Brother Industries Ltd.)
BTHMODEM; C:\Windows\System\Drivers\BTHMODEM.sys [719 009-07-1] (Microsoft Corporation)
cdfs; C:\Windows\System\Drivers\cdfs.sys [9160 009-07-1] (Microsoft Corporation)
1 cdrom; C:\Windows\System\Drivers\cdrom.sys [1756 010-11-0] (Microsoft Corporation)
circlass; C:\Windows\System\Drivers\circlass.sys [5568 009-07-1] (Microsoft Corporation)
CmBatt; C:\Windows\System\Drivers\CmBatt.sys [1766 009-07-1] (Microsoft Corporation)
0 CNG; C:\Windows\System\Drivers\CNG.sys [59 011-11-16] (Microsoft Corporation)
0 Compbatt; C:\Windows\System\Drivers\Compbatt.sys [158 009-07-1] (Microsoft Corporation)
CompositeBus; C:\Windows\System\Drivers\CompositeBus.sys [891 010-11-0] (Microsoft Corporation)
crcdisk; C:\Windows\System\Drivers\crcdisk.sys [1 009-07-1] (Microsoft Corporation)
1 DfsC; C:\Windows\System\Drivers\DfsC.sys [1000 010-11-0] (Microsoft Corporation)
1 discache; C:\Windows\System\Drivers\discache.sys [08 009-07-1] (Microsoft Corporation)
0 Disk; C:\Windows\System\Drivers\Disk.sys [780 009-07-1] (Microsoft Corporation)
drmkaud; C:\Windows\System\Drivers\drmkaud.sys [56 009-07-1] (Microsoft Corporation)
DXGKrnl; C:\Windows\System\Drivers\DXGKrnl.sys [9891 010-11-0] (Microsoft Corporation)
ebdrv; C:\Windows\system\DRIVERS\evbda.sys [86016 009-06-10] (Broadcom Corporation)
ErrDev; C:\Windows\System\Drivers\ErrDev.sys [978 009-07-1] (Microsoft Corporation)
exfat; C:\Windows\System\Drivers\exfat.sys [19507 009-07-1] (Microsoft Corporation)
fastfat; C:\Windows\System\Drivers\fastfat.sys [0800 009-07-1] (Microsoft Corporation)
fdc; C:\Windows\System\Drivers\fdc.sys [9696 009-07-1] (Microsoft Corporation)
0 FileInfo; C:\Windows\System\Drivers\FileInfo.sys [70 009-07-1] (Microsoft Corporation)
Filetrace; C:\Windows\System\Drivers\Filetrace.sys [0 009-07-1] (Microsoft Corporation)
flpydisk; C:\Windows\System\Drivers\flpydisk.sys [576 009-07-1] (Microsoft Corporation)
0 FltMgr; C:\Windows\System\Drivers\FltMgr.sys [8966 010-11-0] (Microsoft Corporation)
FsDepends; C:\Windows\System\Drivers\FsDepends.sys [5576 009-07-1] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System\Drivers\Fs_Rec.sys [08 01-0-9] (Microsoft Corporation)
0 fvevol; C:\Windows\System\Drivers\fvevol.sys [8 010-11-0] (Microsoft Corporation)
gagp0kx; C:\Windows\System\Drivers\gagp0kx.sys [65088 009-07-1] (Microsoft Corporation)
HdAudAddService; C:\Windows\system\drivers\HdAudio.sys [5008 010-11-0] (Microsoft Corporation)
HDAudBus; C:\Windows\System\Drivers\HDAudBus.sys [168 010-11-0] (Microsoft Corporation)
HECIx6; C:\Windows\System\Drivers\HECIx6.sys [56 009-09-16] (Intel Corporation)
HidBatt; C:\Windows\System\Drivers\HidBatt.sys [66 009-07-1] (Microsoft Corporation)
HidBth; C:\Windows\System\Drivers\HidBth.sys [10086 009-07-1] (Microsoft Corporation)
HidIr; C:\Windows\System\Drivers\HidIr.sys [659 009-07-1] (Microsoft Corporation)
HidUsb; C:\Windows\System\Drivers\HidUsb.sys [008 010-11-0] (Microsoft Corporation)
HpSAMD; C:\Windows\System\Drivers\HpSAMD.sys [7870 010-11-0] (Hewlett-Packard Company)
HTTP; C:\Windows\System\Drivers\HTTP.sys [7566 010-11-0] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System\Drivers\hwpolicy.sys [170 010-11-0] (Microsoft Corporation)
i80prt; C:\Windows\System\Drivers\i80prt.sys [1057 009-07-1] (Microsoft Corporation)
0 iaStor; C:\Windows\System\Drivers\iaStor.sys [50696 010-0-1] (Intel Corporation)
iaStorV; C:\Windows\System\Drivers\iaStorV.sys [1096 011-0-10] (Intel Corporation)
1 IDSVia6; \??\C:\ProgramData\Norton\{0C55C096-0F1D-F8-AAA-85EF59116E7}\NIS_18.0.0.18\Definitions\IPSDefs\0110.001\IDSvia6.sys [7679 010-11-08] (Symantec Corporation)
igfx; C:\Windows\System\DRIVERS\igdkmd6.sys [1061155 010-08-5] (Intel Corporation)
iirsp; C:\Windows\System\Drivers\iirsp.sys [11 009-07-1] (Intel Corp./ICP vortex GmbH)
Impcd; C:\Windows\System\Drivers\Impcd.sys [158976 010-0-6] (Intel Corporation)
IntcAzAudAddService; C:\Windows\System\drivers\RTKVHD6.sys [9988 010-06-] (Realtek Semiconductor Corp.)
IntcDAud; C:\Windows\System\Drivers\IntcDAud.sys [7187 010-0-0] (Intel® Corporation)
intelide; C:\Windows\System\Drivers\intelide.sys [16960 009-07-1] (Microsoft Corporation)
intelppm; C:\Windows\System\Drivers\intelppm.sys [66 009-07-1] (Microsoft Corporation)
IpFilterDriver; C:\Windows\System\DRIVERS\ipfltdrv.sys [89 010-11-0] (Microsoft Corporation)
IPMIDRV; C:\Windows\System\Drivers\IPMIDRV.sys [7888 010-11-0] (Microsoft Corporation)
IPNAT; C:\Windows\System\Drivers\IPNAT.sys [116 009-07-1] (Microsoft Corporation)
IRENUM; C:\Windows\System\Drivers\IRENUM.sys [1790 009-07-1] (Microsoft Corporation)
isapnp; C:\Windows\System\Drivers\isapnp.sys [05 009-07-1] (Microsoft Corporation)
iScsiPrt; C:\Windows\system\drivers\msiscsi.sys [779 010-11-0] (Microsoft Corporation)
k57nd60a; C:\Windows\System\Drivers\k57nd60a.sys [800 010-05-15] (Broadcom Corporation)
kbdclass; C:\Windows\System\Drivers\kbdclass.sys [50768 009-07-1] (Microsoft Corporation)
kbdhid; C:\Windows\System\Drivers\kbdhid.sys [80 010-11-0] (Microsoft Corporation)
0 KSecDD; C:\Windows\System\Drivers\KSecDD.sys [95600 011-11-16] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System\Drivers\KSecPkg.sys [15 011-11-16] (Microsoft Corporation)
ksthunk; C:\Windows\System\Drivers\ksthunk.sys [099 009-07-1] (Microsoft Corporation)
lltdio; C:\Windows\System\Drivers\lltdio.sys [6098 009-07-1] (Microsoft Corporation)
LSI_FC; C:\Windows\System\Drivers\LSI_FC.sys [1175 009-07-1] (LSI Corporation)
LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [106560 009-07-1] (LSI Corporation)
LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [65600 009-07-1] (LSI Corporation)
LSI_SCSI; C:\Windows\System\Drivers\LSI_SCSI.sys [115776 009-07-1] (LSI Corporation)
luafv; C:\Windows\System\Drivers\luafv.sys [1115 009-07-1] (Microsoft Corporation)
MBAMProtector; \??\C:\Windows\system\drivers\mbam.sys [90 01-0-0] (Malwarebytes Corporation)
megasas; C:\Windows\System\Drivers\megasas.sys [59 009-07-1] (LSI Corporation)
MegaSR; C:\Windows\System\Drivers\MegaSR.sys [876 009-07-1] (LSI Corporation, Inc.)
Modem; C:\Windows\System\Drivers\Modem.sys [08 009-07-1] (Microsoft Corporation)
monitor; C:\Windows\System\Drivers\monitor.sys [008 009-07-1] (Microsoft Corporation)
mouclass; C:\Windows\System\Drivers\mouclass.sys [916 009-07-1] (Microsoft Corporation)
mouhid; C:\Windows\System\Drivers\mouhid.sys [1 009-07-1] (Microsoft Corporation)
0 mountmgr; C:\Windows\System\Drivers\mountmgr.sys [959 010-11-0] (Microsoft Corporation)
mpio; C:\Windows\System\Drivers\mpio.sys [155008 010-11-0] (Microsoft Corporation)
mpsdrv; C:\Windows\System\Drivers\mpsdrv.sys [771 009-07-1] (Microsoft Corporation)
MRxDAV; C:\Windows\System\Drivers\MRxDAV.sys [10800 010-11-0] (Microsoft Corporation)
mrxsmb; C:\Windows\System\Drivers\mrxsmb.sys [15808 011-0-6] (Microsoft Corporation)
mrxsmb10; C:\Windows\System\Drivers\mrxsmb10.sys [88768 011-07-08] (Microsoft Corporation)
mrxsmb0; C:\Windows\System\Drivers\mrxsmb0.sys [18000 011-0-6] (Microsoft Corporation)
msahci; C:\Windows\System\Drivers\msahci.sys [110 010-11-0] (Microsoft Corporation)
msdsm; C:\Windows\System\Drivers\msdsm.sys [1067 010-11-0] (Microsoft Corporation)
1 Msfs; C:\Windows\System\Drivers\Msfs.sys [611 009-07-1] (Microsoft Corporation)
mshidkmdf; C:\Windows\System\Drivers\mshidkmdf.sys [819 009-07-1] (Microsoft Corporation)
0 msisadrv; C:\Windows\System\Drivers\msisadrv.sys [15 009-07-1] (Microsoft Corporation)
MSKSSRV; C:\Windows\System\Drivers\MSKSSRV.sys [1116 009-07-1] (Microsoft Corporation)
MSPCLOCK; C:\Windows\System\Drivers\MSPCLOCK.sys [7168 009-07-1] (Microsoft Corporation)
MSPQM; C:\Windows\System\Drivers\MSPQM.sys [678 009-07-1] (Microsoft Corporation)
MsRPC; C:\Windows\System\Drivers\MsRPC.sys [66976 010-11-0] (Microsoft Corporation)
1 mssmbios; C:\Windows\System\Drivers\mssmbios.sys [0 009-07-1] (Microsoft Corporation)
MSTEE; C:\Windows\System\Drivers\MSTEE.sys [806 009-07-1] (Microsoft Corporation)
MTConfig; C:\Windows\System\Drivers\MTConfig.sys [1560 009-07-1] (Microsoft Corporation)
0 Mup; C:\Windows\System\Drivers\Mup.sys [6096 009-07-1] (Microsoft Corporation)
NativeWifiP; C:\Windows\System\DRIVERS\nwifi.sys [18976 009-07-1] (Microsoft Corporation)
NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-F8-AAA-85EF59116E7}\NIS_18.0.0.18\Definitions\VirusDefs\0110.08\ENG6.SYS [117880 010-1-8] (Symantec Corporation)
NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-F8-AAA-85EF59116E7}\NIS_18.0.0.18\Definitions\VirusDefs\0110.08\EX6.SYS [1791096 010-1-8] (Symantec Corporation)
0 NDIS; C:\Windows\System\Drivers\NDIS.sys [951680 010-11-0] (Microsoft Corporation)
NdisCap; C:\Windows\System\Drivers\NdisCap.sys [58 009-07-1] (Microsoft Corporation)
NdisTapi; C:\Windows\System\Drivers\NdisTapi.sys [06 009-07-1] (Microsoft Corporation)
Ndisuio; C:\Windows\System\Drivers\Ndisuio.sys [568 010-11-0] (Microsoft Corporation)
NdisWan; C:\Windows\System\Drivers\NdisWan.sys [165 010-11-0] (Microsoft Corporation)
NDProxy; C:\Windows\System\Drivers\NDProxy.sys [57856 010-11-0] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System\Drivers\NetBIOS.sys [5 009-07-1] (Microsoft Corporation)
1 NetBT; C:\Windows\System\Drivers\NetBT.sys [616 010-11-0] (Microsoft Corporation)
1 Npfs; C:\Windows\System\Drivers\Npfs.sys [0 009-07-1] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System\Drivers\nsiproxy.sys [576 009-07-1] (Microsoft Corporation)
Ntfs; C:\Windows\System\Drivers\Ntfs.sys [1659776 011-0-10] (Microsoft Corporation)
NTIDrvr; C:\Windows\System\Drivers\NTIDrvr.sys [18 009-05-05] (NewTech Infosystems, Inc.)
1 Null; C:\Windows\System\Drivers\Null.sys [61 009-07-1] (Microsoft Corporation)
nvraid; C:\Windows\System\Drivers\nvraid.sys [185 011-0-10] (NVIDIA Corporation)
nvstor; C:\Windows\System\Drivers\nvstor.sys [1667 011-0-10] (NVIDIA Corporation)
nv_agp; C:\Windows\System\Drivers\nv_agp.sys [1960 009-07-1] (Microsoft Corporation)
ohci19; C:\Windows\System\Drivers\ohci19.sys [78 009-07-1] (Microsoft Corporation)
Parport; C:\Windows\System\Drivers\Parport.sys [9780 009-07-1] (Microsoft Corporation)
0 partmgr; C:\Windows\System\Drivers\partmgr.sys [7510 01-0-16] (Microsoft Corporation)
0 pci; C:\Windows\System\Drivers\pci.sys [1870 010-11-0] (Microsoft Corporation)
pciide; C:\Windows\System\Drivers\pciide.sys [15 009-07-1] (Microsoft Corporation)
pcmcia; C:\Windows\System\Drivers\pcmcia.sys [075 009-07-1] (Microsoft Corporation)
0 pcw; C:\Windows\System\Drivers\pcw.sys [50768 009-07-1] (Microsoft Corporation)
PEAUTH; C:\Windows\System\Drivers\PEAUTH.sys [6516 009-07-1] (Microsoft Corporation)
PptpMiniport; C:\Windows\System\DRIVERS\raspptp.sys [11110 010-11-0] (Microsoft Corporation)
Processor; C:\Windows\system\DRIVERS\processr.sys [6016 009-07-1] (Microsoft Corporation)
1 Psched; C:\Windows\System\DRIVERS\pacer.sys [1158 010-11-0] (Microsoft Corporation)
QWAVEdrv; C:\Windows\System\Drivers\QWAVEdrv.sys [659 009-07-1] (Microsoft Corporation)
RasAcd; C:\Windows\System\Drivers\RasAcd.sys [188 009-07-1] (Microsoft Corporation)
RasAgileVpn; C:\Windows\System\DRIVERS\AgileVpn.sys [6016 009-07-1] (Microsoft Corporation)
Rasltp; C:\Windows\System\Drivers\Rasltp.sys [1956 010-11-0] (Microsoft Corporation)
RasPppoe; C:\Windows\System\Drivers\RasPppoe.sys [967 009-07-1] (Microsoft Corporation)
RasSstp; C:\Windows\System\Drivers\RasSstp.sys [8968 009-07-1] (Microsoft Corporation)
1 rdbss; C:\Windows\System\Drivers\rdbss.sys [098 010-11-0] (Microsoft Corporation)
rdpbus; C:\Windows\System\Drivers\rdpbus.sys [06 009-07-1] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System\Drivers\RDPCDD.sys [7680 009-07-1] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System\Drivers\RDPENCDD.sys [7680 009-07-1] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System\Drivers\RDPREFMP.sys [819 009-07-1] (Microsoft Corporation)
RDPWD; C:\Windows\System\Drivers\RDPWD.sys [109 01-0-7] (Microsoft Corporation)
0 rdyboost; C:\Windows\System\Drivers\rdyboost.sys [1888 010-11-0] (Microsoft Corporation)
rspndr; C:\Windows\System\Drivers\rspndr.sys [76800 009-07-1] (Microsoft Corporation)
RSUSBSTOR; C:\Windows\System\Drivers\RtsUStor.sys [60 010-05-] (Realtek Semiconductor Corp.)
sbpport; C:\Windows\System\Drivers\sbpport.sys [10808 010-11-0] (Microsoft Corporation)
scfilter; C:\Windows\System\Drivers\scfilter.sys [9696 010-11-0] (Microsoft Corporation)
Serenum; C:\Windows\System\Drivers\Serenum.sys [55 009-07-1] (Microsoft Corporation)
Serial; C:\Windows\System\Drivers\Serial.sys [908 009-07-1] (Microsoft Corporation)
sermouse; C:\Windows\System\Drivers\sermouse.sys [66 009-07-1] (Microsoft Corporation)
sffdisk; C:\Windows\System\Drivers\sffdisk.sys [16 009-07-1] (Microsoft Corporation)
sffp_mmc; C:\Windows\System\Drivers\sffp_mmc.sys [18 009-07-1] (Microsoft Corporation)
sffp_sd; C:\Windows\System\Drivers\sffp_sd.sys [16 010-11-0] (Microsoft Corporation)
sfloppy; C:\Windows\System\Drivers\sfloppy.sys [16896 009-07-1] (Microsoft Corporation)
Smb; C:\Windows\System\Drivers\Smb.sys [918 009-07-1] (Microsoft Corporation)
0 spldr; C:\Windows\System\Drivers\spldr.sys [19008 009-07-1] (Microsoft Corporation)
SRTSP; C:\Windows\System\Drivers\NISx6\106000.01D\SRTSP6.SYS [7568 011-0-0] (Symantec Corporation)
1 SRTSPX; C:\Windows\system\drivers\NISx6\106000.01D\SRTSPX6.SYS [0568 011-0-0] (Symantec Corporation)
srv; C:\Windows\System\Drivers\srv.sys [6756 011-0-8] (Microsoft Corporation)
srv; C:\Windows\System\Drivers\srv.sys [1011 011-0-8] (Microsoft Corporation)
srvnet; C:\Windows\System\Drivers\srvnet.sys [1688 011-0-8] (Microsoft Corporation)
swenum; C:\Windows\System\Drivers\swenum.sys [196 009-07-1] (Microsoft Corporation)
0 SymDS; C:\Windows\System\drivers\NISx6\106000.01D\SYMDS6.SYS [50680 011-01-6] (Symantec Corporation)
0 SymEFA; C:\Windows\System\drivers\NISx6\106000.01D\SYMEFA6.SYS [9150 011-0-1] (Symantec Corporation)
SymEvent; \??\C:\Windows\system\Drivers\SYMEVENT6x86.SYS [1700 011-05-11] (Symantec Corporation)
1 SymIRON; C:\Windows\system\drivers\NISx6\106000.01D\Ironx6.SYS [17118 011-01-6] (Symantec Corporation)
1 SymNetS; C:\Windows\System\Drivers\NISx6\106000.01D\SYMNETS.SYS [86168 011-07-08] (Symantec Corporation)
0 Tcpip; C:\Windows\System\Drivers\Tcpip.sys [19180 01-0-0] (Microsoft Corporation)
TCPIP6; C:\Windows\System\DRIVERS\tcpip.sys [19180 01-0-0] (Microsoft Corporation)
tcpipreg; C:\Windows\System\Drivers\tcpipreg.sys [5056 010-11-0] (Microsoft Corporation)
TDPIPE; C:\Windows\System\Drivers\TDPIPE.sys [1587 009-07-1] (Microsoft Corporation)
TDTCP; C:\Windows\System\Drivers\TDTCP.sys [55 01-0-16] (Microsoft Corporation)
1 tdx; C:\Windows\System\Drivers\tdx.sys [11996 010-11-0] (Microsoft Corporation)
1 TermDD; C:\Windows\System\Drivers\TermDD.sys [660 010-11-0] (Microsoft Corporation)
tssecsrv; C:\Windows\System\Drivers\tssecsrv.sys [9 010-11-0] (Microsoft Corporation)
TsUsbFlt; C:\Windows\System\Drivers\TsUsbFlt.sys [599 010-11-0] (Microsoft Corporation)
tunnel; C:\Windows\System\Drivers\tunnel.sys [150 010-11-0] (Microsoft Corporation)
uagp5; C:\Windows\System\Drivers\uagp5.sys [6080 009-07-1] (Microsoft Corporation)
UBHelper; C:\Windows\System\Drivers\UBHelper.sys [16896 009-05-05] (NewTech Infosystems Corporation)
udfs; C:\Windows\System\Drivers\udfs.sys [819 010-11-0] (Microsoft Corporation)
uliagpkx; C:\Windows\System\Drivers\uliagpkx.sys [659 009-07-1] (Microsoft Corporation)
umbus; C:\Windows\System\Drivers\umbus.sys [860 010-11-0] (Microsoft Corporation)
UmPass; C:\Windows\System\Drivers\UmPass.sys [978 009-07-1] (Microsoft Corporation)
USBAAPL6; C:\Windows\System\Drivers\USBAAPL6.sys [5171 011-05-10] (Apple, Inc.)
usbccgp; C:\Windows\System\Drivers\usbccgp.sys [98816 011-0-] (Microsoft Corporation)
usbcir; C:\Windows\System\Drivers\usbcir.sys [1005 009-07-1] (Microsoft Corporation)
usbehci; C:\Windows\System\Drivers\usbehci.sys [576 011-0-] (Microsoft Corporation)
usbhub; C:\Windows\System\Drivers\usbhub.sys [00 011-0-] (Microsoft Corporation)
usbohci; C:\Windows\System\Drivers\usbohci.sys [5600 011-0-] (Microsoft Corporation)
usbprint; C:\Windows\System\Drivers\usbprint.sys [5088 009-07-1] (Microsoft Corporation)
USBSTOR; C:\Windows\System\Drivers\USBSTOR.sys [9168 011-0-10] (Microsoft Corporation)
usbuhci; C:\Windows\System\Drivers\usbuhci.sys [070 011-0-] (Microsoft Corporation)
usbvideo; C:\Windows\System\Drivers\usbvideo.sys [18960 010-11-0] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System\Drivers\vdrvroot.sys [6 009-07-1] (Microsoft Corporation)
vga; C:\Windows\System\Drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
1 VgaSave; C:\Windows\System\drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
vhdmp; C:\Windows\System\Drivers\vhdmp.sys [1596 010-11-0] (Microsoft Corporation)
0 volmgr; C:\Windows\System\Drivers\volmgr.sys [7155 010-11-0] (Microsoft Corporation)
0 volmgrx; C:\Windows\System\Drivers\volmgrx.sys [69 010-11-0] (Microsoft Corporation)
vwifibus; C:\Windows\System\Drivers\vwifibus.sys [576 009-07-1] (Microsoft Corporation)
1 vwififlt; C:\Windows\System\Drivers\vwififlt.sys [5990 009-07-1] (Microsoft Corporation)
WacomPen; C:\Windows\System\Drivers\WacomPen.sys [7776 009-07-1] (Microsoft Corporation)
WANARP; C:\Windows\System\Drivers\WANARP.sys [88576 010-11-0] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System\DRIVERS\wanarp.sys [88576 010-11-0] (Microsoft Corporation)
Wd; C:\Windows\System\Drivers\Wd.sys [1056 009-07-1] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System\Drivers\Wdf01000.sys [6598 009-07-1] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System\Drivers\WfpLwf.sys [1800 009-07-1] (Microsoft Corporation)
WIMMount; C:\Windows\System\Drivers\WIMMount.sys [096 009-07-1] (Microsoft Corporation)
WIMMount; C:\Windows\SysWow6\Drivers\WIMMount.sys [19008 009-07-1] (Microsoft Corporation)
WinUsb; C:\Windows\System\Drivers\WinUsb.sys [198 010-11-0] (Microsoft Corporation)
1 wsifsl; C:\Windows\System\Drivers\wsifsl.sys [150 009-07-1] (Microsoft Corporation)
WudfPf; C:\Windows\System\Drivers\WudfPf.sys [1118 010-11-0] (Microsoft Corporation)
WUDFRd; C:\Windows\System\Drivers\WUDFRd.sys [175 010-11-0] (Microsoft Corporation)
catchme; \??\C:\Cf1\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

01-07-10 1:1 - 01-07-10 1:19 - 001586 ____A C:\Users\Wyatt\Desktop\report.txt
01-07-10 1:07 - 01-07-10 1:08 - 0115791 ____A C:\Users\Wyatt\Desktop\tdsskiller.zip
01-07-09 15:8 - 01-07-09 15:8 - 000799 ____A C:\Users\Wyatt\Desktop\Extras.Txt
01-07-09 15:6 - 01-07-09 15:6 - 000969 ____A C:\Users\Wyatt\Desktop\OTL.Txt
01-07-09 15:6 - 01-07-09 15:7 - 0719 ____A (AVAST Software) C:\Users\Wyatt\Desktop\aswMBR.exe
01-07-09 15:5 - 01-07-09 15:5 - 00595968 ____A (OldTimer Tools) C:\Users\Wyatt\Desktop\OTL.exe
01-07-09 09:8 - 01-07-10 1:11 - 01560 ____A (Kaspersky Lab ZAO) C:\Users\Wyatt\Desktop\TDSSKiller.exe
01-07-0 0:05 - 01-07-0 0:05 - 0060760 ____R (Swearware) C:\Users\Wyatt\Desktop\dds.scr
01-07-0 0:5 - 01-07-0 0:5 - 0001169 ____A C:\ComboFix.txt
01-07-0 0:09 - 01-07-0 0:09 - 0000091 ____A C:\Users\Wyatt\Desktop\Malwarebytes Anti-Malware.lnk
01-07-0 0:09 - 01-07-0 0:09 - 00000000 ____D C:\Users\Wyatt\AppData\Roaming\Malwarebytes
01-07-0 0:09 - 01-07-0 0:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
01-07-0 0:09 - 01-0-0 1:56 - 00090 ____A (Malwarebytes Corporation) C:\Windows\System\Drivers\mbam.sys
01-07-0 0: - 011-06-5 :5 - 0056000 ____A C:\Windows\PEV.exe
01-07-0 0: - 010-11-07 09:0 - 0008896 ____A C:\Windows\MBR.exe
01-07-0 0: - 009-0-19 0:56 - 0006016 ____A (NirSoft) C:\Windows\NIRCMD.exe
01-07-0 0: - 000-08-0 16:00 - 005181 ____A (SteelWerX) C:\Windows\SWREG.exe
01-07-0 0: - 000-08-0 16:00 - 000658 ____A (SteelWerX) C:\Windows\SWSC.exe
01-07-0 0: - 000-08-0 16:00 - 00098816 ____A C:\Windows\sed.exe
01-07-0 0: - 000-08-0 16:00 - 000801 ____A C:\Windows\grep.exe
01-07-0 0: - 000-08-0 16:00 - 00068096 ____A C:\Windows\zip.exe
01-07-0 0: - 01-07-0 0:5 - 00000000 ____D C:\Qoobox
01-07-0 0: - 01-07-0 0:1 - 00000000 ____D C:\Windows\erdnt
01-07-0 0:0 - 01-07-0 0:1 - 05706 ____R (Swearware) C:\Users\Wyatt\Desktop\Cf1.exe
01-07-0 15:1 - 01-07-0 15:1 - 0000001 ___RH C:\Users\Wyatt\Downloads\stinger.opt
01-07-0 15:5 - 01-07-0 15:1 - 00000000 ____D C:\Program Files (x86)\stinger
01-07-0 15:5 - 01-07-0 15:5 - 0001600 ____A (McAfee, Inc.) C:\Windows\stinger.sys
01-07-0 1:1 - 01-07-0 1:1 - 007110 ____A C:\Windows\is-SVHJ.exe
01-07-0 1:1 - 01-07-0 1:1 - 0001098 ____A C:\Windows\is-SVHJ.msg
01-07-0 1:1 - 01-07-0 1:1 - 0000091 ____A C:\Windows\is-SVHJ.lst
01-06- 07:6 - 01-06-0 1:19 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
01-06- 07:6 - 01-06-0 1:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
01-06- 07:6 - 01-06-0 1:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
01-06- 07:6 - 01-06-0 1:19 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06- 07:6 - 01-06-0 1:19 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06- 07:6 - 01-06-0 1:15 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
01-06- 07:6 - 01-06-0 1:15 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
01-06- 07:6 - 01-06-0 1:19 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
01-06- 07:6 - 01-06-0 1:15 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
01-06-1 0:11 - 01-05-17 18:7 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
01-06-1 0:11 - 01-05-17 18:16 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
01-06-1 0:11 - 01-05-17 18:06 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
01-06-1 0:11 - 01-05-17 17:59 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
01-06-1 0:11 - 01-05-17 17:59 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
01-06-1 0:11 - 01-05-17 17:58 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
01-06-1 0:11 - 01-05-17 17:58 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
01-06-1 0:11 - 01-05-17 17:56 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
01-06-1 0:11 - 01-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
01-06-1 0:11 - 01-05-17 17:55 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
01-06-1 0:11 - 01-05-17 17:5 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
01-06-1 0:11 - 01-05-17 17:51 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
01-06-1 0:11 - 01-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
01-06-1 0:11 - 01-05-17 17:7 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
01-06-1 0:11 - 01-05-17 15:11 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
01-06-1 0:11 - 01-05-17 1:8 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
01-06-1 0:11 - 01-05-17 1:5 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
01-06-1 0:11 - 01-05-17 1:6 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
01-06-1 0:11 - 01-05-17 1:5 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
01-06-1 0:11 - 01-05-17 1:5 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
01-06-1 0:11 - 01-05-17 1: - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
01-06-1 0:11 - 01-05-17 1:1 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
01-06-1 0:11 - 01-05-17 1:9 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
01-06-1 0:11 - 01-05-17 1:9 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
01-06-1 0:11 - 01-05-17 1:7 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
01-06-1 0:11 - 01-05-17 1:5 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
01-06-1 0:11 - 01-05-17 1: - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
01-06-1 0:11 - 01-05-17 1:0 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
01-06-1 18:9 - 01-05-1 17: - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
01-06-1 18:9 - 01-05-0 0:06 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
01-06-1 18:9 - 01-05-0 0:0 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
01-06-1 18:9 - 01-05-0 0:0 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
01-06-1 18:9 - 01-0-0 1:0 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
01-06-1 18:9 - 01-0-5 1:1 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
01-06-1 18:9 - 01-0-5 1:1 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
01-06-1 18:9 - 01-0-5 1: - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
01-06-1 18:9 - 01-0- 1:7 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
01-06-1 18:9 - 01-0- 1:7 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
01-06-1 18:9 - 01-0- 1:7 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
01-06-1 18:9 - 01-0- 0:6 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
01-06-1 18:9 - 01-0- 0:6 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
01-06-1 18:9 - 01-0- 0:6 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
01-06-1 18:9 - 01-0-07 0:1 - 0168 ____A (Microsoft Corporation) C:\Windows\System\msi.dll
01-06-1 18:8 - 01-0-7 19:55 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
01-06-1 18:8 - 01-0-07 0:6 - 000 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msi.dll


============ Months Modified Files ========================

01-07-10 19:7 - 010-08- 17:7 - 01955 ____A C:\Windows\WindowsUpdate.log
01-07-10 19:7 - 009-07-1 0:51 - 001656 ____A C:\Windows\setupact.log
01-07-10 19:8 - 009-07-1 1:1 - 007967 ____A C:\Windows\System\PerfStringBackup.INI
01-07-10 19:7 - 011-0-1 1:59 - 0000066 ____A C:\Windows\Tasks\RMSchedule.job
01-07-10 19:7 - 010-1-1 17:59 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
01-07-10 1:19 - 01-07-10 1:1 - 001586 ____A C:\Users\Wyatt\Desktop\report.txt
01-07-10 1:11 - 01-07-09 09:8 - 01560 ____A (Kaspersky Lab ZAO) C:\Users\Wyatt\Desktop\TDSSKiller.exe
01-07-10 1:08 - 01-07-10 1:07 - 0115791 ____A C:\Users\Wyatt\Desktop\tdsskiller.zip
01-07-10 1:0 - 009-07-1 0:5 - 0000990 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-1.C7856-A89-9d-8115-6016D005A0
01-07-10 1:0 - 009-07-1 0:5 - 0000990 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-0.C7856-A89-9d-8115-6016D005A0
01-07-10 1:59 - 011-11-11 18:51 - 0000096 ____A C:\Windows\Tasks\SpeedyPC Pro.job
01-07-10 1:56 - 010-1-1 17:59 - 0000089 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
01-07-09 15:8 - 01-07-09 15:8 - 000799 ____A C:\Users\Wyatt\Desktop\Extras.Txt
01-07-09 15:6 - 01-07-09 15:6 - 000969 ____A C:\Users\Wyatt\Desktop\OTL.Txt
01-07-09 15:7 - 01-07-09 15:6 - 0719 ____A (AVAST Software) C:\Users\Wyatt\Desktop\aswMBR.exe
01-07-09 15:5 - 01-07-09 15:5 - 00595968 ____A (OldTimer Tools) C:\Users\Wyatt\Desktop\OTL.exe
01-07-0 0:05 - 01-07-0 0:05 - 0060760 ____R (Swearware) C:\Users\Wyatt\Desktop\dds.scr
01-07-0 0:9 - 009-07-1 1:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
01-07-0 0:5 - 01-07-0 0:5 - 0001169 ____A C:\ComboFix.txt
01-07-0 0:0 - 009-07-1 18: - 0000015 ____A C:\Windows\system.ini
01-07-0 0:19 - 010-07- :00 - 001508 ____A C:\Windows\PFRO.log
01-07-0 0:09 - 01-07-0 0:09 - 0000091 ____A C:\Users\Wyatt\Desktop\Malwarebytes Anti-Malware.lnk
01-07-0 0:5 - 009-07-1 18: - 57179 ____A C:\Windows\System\config\SOFTWARE.bak
01-07-0 0:5 - 009-07-1 18: - 1850080 ____A C:\Windows\System\config\SYSTEM.bak
01-07-0 0:5 - 009-07-1 18: - 0061 ____A C:\Windows\System\config\SECURITY.bak
01-07-0 0:5 - 009-07-1 18: - 0061 ____A C:\Windows\System\config\SAM.bak
01-07-0 0:5 - 009-07-1 18: - 0061 ____A C:\Windows\System\config\DEFAULT.bak
01-07-0 0:1 - 01-07-0 0:0 - 05706 ____R (Swearware) C:\Users\Wyatt\Desktop\Cf1.exe
01-07-0 15:1 - 01-07-0 15:1 - 0000001 ___RH C:\Users\Wyatt\Downloads\stinger.opt
01-07-0 15:5 - 01-07-0 15:5 - 0001600 ____A (McAfee, Inc.) C:\Windows\stinger.sys
01-07-0 1:1 - 01-07-0 1:1 - 007110 ____A C:\Windows\is-SVHJ.exe
01-07-0 1:1 - 01-07-0 1:1 - 0001098 ____A C:\Windows\is-SVHJ.msg
01-07-0 1:1 - 01-07-0 1:1 - 0000091 ____A C:\Windows\is-SVHJ.lst
01-06-15 1:8 - 011-10-5 17: - 589578 ____A (Microsoft Corporation) C:\Windows\System\MRT.exe
01-06-15 1: - 009-07-1 0:5 - 0070 ____A C:\Windows\System\FNTCACHE.DAT
01-06-0 18: - 009-07-1 1:08 - 000596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
01-06-0 1:19 - 01-06- 07:6 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
01-06-0 1:19 - 01-06- 07:6 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
01-06-0 1:19 - 01-06- 07:6 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
01-06-0 1:19 - 01-06- 07:6 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-0 1:19 - 01-06- 07:6 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-0 1:15 - 01-06- 07:6 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
01-06-0 1:15 - 01-06- 07:6 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
01-06-0 1:19 - 01-06- 07:6 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
01-06-0 1:15 - 01-06- 07:6 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
01-05-17 18:7 - 01-06-1 0:11 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
01-05-17 18:16 - 01-06-1 0:11 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
01-05-17 18:06 - 01-06-1 0:11 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
01-05-17 17:59 - 01-06-1 0:11 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
01-05-17 17:59 - 01-06-1 0:11 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
01-05-17 17:58 - 01-06-1 0:11 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
01-05-17 17:58 - 01-06-1 0:11 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
01-05-17 17:56 - 01-06-1 0:11 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
01-05-17 17:55 - 01-06-1 0:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
01-05-17 17:55 - 01-06-1 0:11 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
01-05-17 17:5 - 01-06-1 0:11 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
01-05-17 17:51 - 01-06-1 0:11 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
01-05-17 17:51 - 01-06-1 0:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
01-05-17 17:7 - 01-06-1 0:11 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
01-05-17 15:11 - 01-06-1 0:11 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
01-05-17 1:8 - 01-06-1 0:11 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
01-05-17 1:5 - 01-06-1 0:11 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
01-05-17 1:6 - 01-06-1 0:11 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
01-05-17 1:5 - 01-06-1 0:11 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
01-05-17 1:5 - 01-06-1 0:11 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
01-05-17 1: - 01-06-1 0:11 - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
01-05-17 1:1 - 01-06-1 0:11 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
01-05-17 1:9 - 01-06-1 0:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
01-05-17 1:9 - 01-06-1 0:11 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
01-05-17 1:7 - 01-06-1 0:11 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
01-05-17 1:5 - 01-06-1 0:11 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
01-05-17 1: - 01-06-1 0:11 - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
01-05-17 1:0 - 01-06-1 0:11 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
01-05-1 17: - 01-06-1 18:9 - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
01-05-08 18:11 - 01-05-08 18:10 - 0079708 ____A (Solid State Networks) C:\Users\Wyatt\Downloads\install_flashplayer11x6ax_gtbp_chra_aih (1).exe
01-05-0 0:06 - 01-06-1 18:9 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
01-05-0 0:0 - 01-06-1 18:9 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
01-05-0 0:0 - 01-06-1 18:9 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
01-05-01 16:10 - 01-05-01 16:10 - 0079708 ____A (Solid State Networks) C:\Users\Wyatt\Downloads\install_flashplayer11x6ax_gtbp_chra_aih.exe
01-0-0 1:0 - 01-06-1 18:9 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
01-0-0 0: - 011-11-11 18:51 - 000000 ____A C:\Windows\Tasks\SpeedyPC Update Version.job
01-0-7 19:55 - 01-06-1 18:8 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
01-0-5 1:1 - 01-06-1 18:9 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
01-0-5 1:1 - 01-06-1 18:9 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
01-0-5 1: - 01-06-1 18:9 - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
01-0- 15:15 - 01-0- 15:15 - 0079000 ____A C:\Windows\Minidump\01-15-01.dmp
01-0- 15:15 - 011-0-6 1:57 - 5681185 ____A C:\Windows\MEMORY.DMP
01-0- 1:7 - 01-06-1 18:9 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
01-0- 1:7 - 01-06-1 18:9 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
01-0- 1:7 - 01-06-1 18:9 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
01-0- 0:6 - 01-06-1 18:9 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
01-0- 0:6 - 01-06-1 18:9 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
01-0- 0:6 - 01-06-1 18:9 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll


========================= Known DLLs (Whitelisted) ============

[009-07-1 16:00] - [009-07-1 17:0] - 06077 ____A (Microsoft Corporation) C:\Windows\System\clbcatq.dll
[009-07-1 15:] - [009-07-1 17:15] - 050 ____A (Microsoft Corporation) C:\Windows\SysWOW6\clbcatq.dll
[011-06-06 18:51] - [010-11-0 05:7] - 08691 ____A (Microsoft Corporation) C:\Windows\System\ole.dll
[011-06-06 18:51] - [010-11-0 0:0] - 111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ole.dll
[009-07-1 16:1] - [009-07-1 17:0] - 0877056 ____A (Microsoft Corporation) C:\Windows\System\advapi.dll
[011-06-06 18:51] - [010-11-0 0:18] - 06051 ____A (Microsoft Corporation) C:\Windows\SysWOW6\advapi.dll
[011-06-06 18:51] - [010-11-0 05:5] - 059 ____A (Microsoft Corporation) C:\Windows\System\COMDLG.dll
[011-06-06 18:51] - [010-11-0 0:18] - 085888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\COMDLG.dll
[011-06-06 18:51] - [010-11-0 05:6] - 00968 ____A (Microsoft Corporation) C:\Windows\System\gdi.dll
[011-06-06 18:50] - [010-11-0 0:08] - 01196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\gdi.dll
[01-06-1 0:11] - [01-05-17 17:5] - 1768 ____A (Microsoft Corporation) C:\Windows\System\IERTUTIL.dll
[01-06-1 0:11] - [01-05-17 1:7] - 1790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IERTUTIL.dll
[01-0-11 17:8] - [01-0-9 :] - 008108 ____A (Microsoft Corporation) C:\Windows\System\IMAGEHLP.dll
[01-0-11 17:8] - [01-0-9 1:] - 0159 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMAGEHLP.dll
[009-07-1 15:8] - [009-07-1 17:1] - 0167 ____A (Microsoft Corporation) C:\Windows\System\IMM.dll
[011-06-06 18:9] - [010-11-0 0:08] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMM.dll
[011-08-10 0:9] - [011-07-15 1:7] - 11675 ____A (Microsoft Corporation) C:\Windows\System\kernel.dll
[011-08-10 0:9] - [011-07-15 0:] - 11111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\kernel.dll
[009-07-1 15:8] - [009-07-1 17:1] - 00198 ____A (Microsoft Corporation) C:\Windows\System\LPK.dll
[009-07-1 15:5] - [009-07-1 17:11] - 005600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\LPK.dll
[009-07-1 15:0] - [009-07-1 17:1] - 1067008 ____A (Microsoft Corporation) C:\Windows\System\MSCTF.dll
[009-07-1 15:8] - [009-07-1 17:15] - 08898 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSCTF.dll
[01-0-1 18:11] - [011-1-16 00:6] - 06880 ____A (Microsoft Corporation) C:\Windows\System\MSVCRT.dll
[01-0-1 18:11] - [011-1-15 :5] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSVCRT.dll
[009-07-1 15:6] - [009-07-1 17:1] - 000560 ____A (Microsoft Corporation) C:\Windows\System\NORMALIZ.dll
[009-07-1 15:15] - [009-07-1 17:09] - 00008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NORMALIZ.dll
[009-07-1 15:1] - [009-07-1 17:1] - 0018 ____A (Microsoft Corporation) C:\Windows\System\NSI.dll
[009-07-1 15:1] - [009-07-1 17:16] - 000870 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NSI.dll
[011-10-1 0:5] - [011-08-6 1:7] - 0861696 ____A (Microsoft Corporation) C:\Windows\System\OLEAUT.dll
[011-10-1 0:5] - [011-08-6 0:6] - 057190 ____A (Microsoft Corporation) C:\Windows\SysWOW6\OLEAUT.dll
[009-07-1 15:6] - [009-07-1 17:1] - 000916 ____A (Microsoft Corporation) C:\Windows\System\PSAPI.dll
[009-07-1 15:15] - [009-07-1 17:16] - 00061 ____A (Microsoft Corporation) C:\Windows\SysWOW6\PSAPI.dll
[011-06-06 18:51] - [010-11-0 05:7] - 11958 ____A (Microsoft Corporation) C:\Windows\System\rpcrt.dll
[011-06-06 18:50] - [010-11-0 0:08] - 06600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\rpcrt.dll
[009-07-1 15:0] - [009-07-1 17:1] - 01166 ____A (Microsoft Corporation) C:\Windows\System\sechost.dll
[009-07-1 15:11] - [009-07-1 17:16] - 009160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\sechost.dll
[011-06-06 18:51] - [010-11-0 05:7] - 19005 ____A (Microsoft Corporation) C:\Windows\System\Setupapi.dll
[011-06-06 18:51] - [010-11-0 0:1] - 166758 ____A (Microsoft Corporation) C:\Windows\SysWOW6\Setupapi.dll
[01-0-1 18:1] - [01-01-0 0:] - 11767 ____A (Microsoft Corporation) C:\Windows\System\SHELL.dll
[01-0-1 18:1] - [01-01-0 00:59] - 18770 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHELL.dll
[011-06-06 18:51] - [010-11-0 05:7] - 0851 ____A (Microsoft Corporation) C:\Windows\System\SHLWAPI.dll
[011-06-06 18:51] - [010-11-0 0:1] - 05008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHLWAPI.dll
[01-06-1 0:11] - [01-05-17 17:59] - 1608 ____A (Microsoft Corporation) C:\Windows\System\URLMON.dll
[01-06-1 0:11] - [01-05-17 1:6] - 11087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\URLMON.dll
[011-06-06 18:51] - [010-11-0 05:7] - 100818 ____A (Microsoft Corporation) C:\Windows\System\user.dll
[011-06-06 18:51] - [010-11-0 0:08] - 080 ____A (Microsoft Corporation) C:\Windows\SysWOW6\user.dll
[011-06-06 18:51] - [010-11-0 05:7] - 080056 ____A (Microsoft Corporation) C:\Windows\System\USP10.dll
[011-06-06 18:51] - [010-11-0 0:1] - 066176 ____A (Microsoft Corporation) C:\Windows\SysWOW6\USP10.dll
[01-06-1 0:11] - [01-05-17 17:59] - 1918 ____A (Microsoft Corporation) C:\Windows\System\WININET.dll
[01-06-1 0:11] - [01-05-17 1:5] - 1197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WININET.dll
[011-06-06 18:51] - [010-11-0 05:7] - 018 ____A (Microsoft Corporation) C:\Windows\System\WLDAP.dll
[011-06-06 18:51] - [010-11-0 0:1] - 0698 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WLDAP.dll
[011-06-06 18:51] - [010-11-0 05:7] - 09798 ____A (Microsoft Corporation) C:\Windows\System\WS_.dll
[011-06-06 18:50] - [010-11-0 0:1] - 00688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WS_.dll
[009-07-1 15:7] - [009-07-1 17:0] - 0500 ____A (Microsoft Corporation) C:\Windows\System\DifxApi.dll
[009-07-1 15:16] - [009-07-1 17:15] - 01590 ____A (Microsoft Corporation) C:\Windows\SysWOW6\DifxApi.dll

========================= Bamital & volsnap Check ============

C:\Windows\System\winlogon.exe => MD5 is legit
C:\Windows\System\wininit.exe => MD5 is legit
C:\Windows\SysWOW6\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW6\explorer.exe => MD5 is legit
C:\Windows\System\svchost.exe => MD5 is legit
C:\Windows\SysWOW6\svchost.exe => MD5 is legit
C:\Windows\System\services.exe => MD5 is legit
C:\Windows\System\User.dll => MD5 is legit
C:\Windows\SysWOW6\User.dll => MD5 is legit
C:\Windows\System\userinit.exe => MD5 is legit
C:\Windows\SysWOW6\userinit.exe => MD5 is legit
C:\Windows\System\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 2806.71 MB
Available physical RAM: 2143.14 MB
Total Pagefile: 2804.86 MB
Available Pagefile: 2130.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:232.43 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:2.96 GB) NTFS
4 Drive g: (USB20FD) (Removable) (Total:15.1 GB) (Free:4.24 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 284 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 284 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB20FD FAT32 Removable 15 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-09 14:51

======================= End Of Log ==========================

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 AM

Posted 11 July 2012 - 07:18 PM

I can't find anything in the log that states that a rootkit has a grip on the machine so let's boot back into normal mode and test this fully

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 lhffre

lhffre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 11 July 2012 - 10:24 PM

Here is the combofix log;

ComboFix 12-07-11.03 - Wyatt 07/11/2012 22:02:23.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2807.1596 [GMT -5:00]
Running from: c:\users\Wyatt\Desktop\ComFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 03:07 . 2012-07-12 03:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 06:53 . 2012-07-11 06:53 -------- d-----w- C:\FRST
2012-07-04 11:09 . 2012-07-04 11:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-04 11:09 . 2012-07-04 11:09 -------- d-----w- c:\users\Wyatt\AppData\Roaming\Malwarebytes
2012-07-04 11:09 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 23:25 . 2012-07-03 23:25 16200 ----a-w- c:\windows\stinger.sys
2012-07-03 23:25 . 2012-07-03 23:41 -------- d-----w- c:\program files (x86)\stinger
2012-07-03 20:31 . 2012-07-03 20:31 711240 ----a-w- c:\windows\is-SVH3J.exe
2012-06-24 15:36 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 15:36 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 15:36 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 15:36 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 15:36 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 15:36 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 15:36 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 15:36 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 15:36 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 02:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 02:38 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 02:38 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-04_10.37.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-23 06:41 . 2012-07-04 11:31 65784 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-11 04:00 51350 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-22 01:21 . 2012-07-11 04:00 16952 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-911688466-1197993092-2983463466-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-07-04 10:56 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-10-25 10:29 86016 c:\windows\system32\DriverStore\infpub.dat
- 2010-08-23 02:08 . 2012-06-12 01:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-23 02:08 . 2012-07-10 21:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-23 02:08 . 2012-06-12 01:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-23 02:08 . 2012-07-10 21:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-10 21:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-12 01:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-09 22:14 . 2012-07-09 22:14 9560 c:\windows\system32\NetworkList\Icons\{F1ABB00B-B332-4087-8C39-050C0695A36E}_48.bin
+ 2012-07-09 22:14 . 2012-07-09 22:14 4280 c:\windows\system32\NetworkList\Icons\{F1ABB00B-B332-4087-8C39-050C0695A36E}_32.bin
+ 2012-07-09 22:14 . 2012-07-09 22:14 2456 c:\windows\system32\NetworkList\Icons\{F1ABB00B-B332-4087-8C39-050C0695A36E}_24.bin
+ 2012-07-12 03:08 . 2012-07-12 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-04 10:36 . 2012-07-04 10:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-12 03:08 . 2012-07-12 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-04 10:36 . 2012-07-04 10:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-25 19:22 . 2012-07-12 02:48 275558 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-07-12 02:49 641006 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-04 10:15 641006 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-12 02:49 112924 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-04 10:15 112924 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-10-25 10:29 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-04 10:56 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-10-25 10:29 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-07-04 10:56 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-07-12 03:07 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-04 10:35 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-28 22:12 . 2012-07-12 03:07 864072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-911688466-1197993092-2983463466-1000-8192.dat
+ 2012-04-24 10:50 . 2012-07-11 03:47 300004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-911688466-1197993092-2983463466-1000-12288.dat
+ 2010-11-04 02:50 . 2010-11-04 02:50 1580368 c:\windows\system32\LogiLDA.DLL
+ 2010-11-04 02:50 . 2010-11-04 02:50 1580368 c:\windows\system32\DriverStore\FileRepository\unifhid.inf_amd64_neutral_211d890bd625b5dc\x64\LogiLDA.DLL
+ 2012-02-28 22:12 . 2012-07-12 03:07 23635376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-911688466-1197993092-2983463466-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{66616350-A70C-4FF5-912E-A92B8076F6F7}]
2011-12-03 23:56 88576 ----a-w- c:\program files\RebateRobot\RebateRobot.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-23 39408]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-04-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-22 135664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
R2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-22 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-24 246304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2010-11-23 953904]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110224.001\IDSvia64.sys [2010-11-09 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [2011-07-08 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-05-25 255744]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-22 01:59]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-22 01:59]
.
2012-07-12 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-03-13 13:46]
.
2012-07-10 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
2012-04-30 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401} - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-11 22:14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 03:14
ComboFix2.txt 2012-07-04 11:25
ComboFix3.txt 2012-07-04 10:52
.
Pre-Run: 249,393,094,656 bytes free
Post-Run: 249,443,520,512 bytes free
.
- - End Of File - - E140F7B09EDAB527929E877DC1EB7343

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 AM

Posted 12 July 2012 - 05:25 PM

That looks absolutely fine. One more scan to do - this will find any other remnants or leftovers from any infection

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#11 lhffre

lhffre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 12 July 2012 - 10:44 PM

I ran the ESET scanner. It reported finding 47 items. But when i went to look at the log it only contained:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 AM

Posted 13 July 2012 - 06:32 PM

It reported finding 47 items


If you saw the logs findings and remember the number it's likely to have completed and dealt with the problems it found. Not sure why the log creation failed though.

How is the machine running?
Posted Image
m0le is a proud member of UNITE

#13 lhffre

lhffre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 13 July 2012 - 09:27 PM

The original reason that i was looking at the pc for my friend was that flash player would not install. After attempting to instal it report "certificate authentication failed". I downloaded the install files again, and i still get the same message.

I also uninstalled malwarebytes, downloaded new install files, installed agin. I still recieved the "run time error 372..."

I also still can not get to the uninstall screen in control panel.

I ran the ESET scanner again, just to see if there was something that did not remove correctly. This time it reported no threats found.

Any ideas?

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:19 AM

Posted 15 July 2012 - 07:09 PM

Have you seen this on the Malwarebytes site?

Can you run FSS so we can check your updates

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Posted Image
m0le is a proud member of UNITE

#15 lhffre

lhffre
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 16 July 2012 - 05:08 PM

FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by Wyatt (administrator) on 16-07-2012 at 17:06:11
Running from "C:\Users\Wyatt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZ31RMZB"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\System32\nsisvc.dll
[2009-07-13 18:21] - [2009-07-13 20:41] - 0025600 ____A (Microsoft Corporation)

C:\Windows\System32\drivers\nsiproxy.sys
[2009-07-13 18:21] - [2009-07-13 18:21] - 0024576 ____A (Microsoft Corporation)

C:\Windows\System32\dhcpcore.dll
[2011-06-06 21:51] - [2010-11-20 08:26] - 0317952 ____A (Microsoft Corporation)

C:\Windows\System32\drivers\afd.sys
[2012-02-14 21:12] - [2011-12-27 22:59] - 0498688 ____A (Microsoft Corporation)

C:\Windows\System32\drivers\tdx.sys
[2011-06-06 21:51] - [2010-11-20 04:21] - 0119296 ____A (Microsoft Corporation)

C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 20:22] - [2012-03-30 06:35] - 1918320 ____A (Microsoft Corporation)

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 14:32] - [2011-03-03 01:24] - 0183296 ____A (Microsoft Corporation)

C:\Windows\System32\mpssvc.dll
[2011-06-06 21:51] - [2010-11-20 08:26] - 0828416 ____A (Microsoft Corporation)

C:\Windows\System32\bfe.dll
[2011-06-06 21:51] - [2010-11-20 08:25] - 0705024 ____A (Microsoft Corporation)

C:\Windows\System32\drivers\mpsdrv.sys
[2009-07-13 19:08] - [2009-07-13 19:08] - 0077312 ____A (Microsoft Corporation)

C:\Windows\System32\SDRSVC.dll
[2011-06-06 21:50] - [2010-11-20 08:27] - 0170496 ____A (Microsoft Corporation)

C:\Windows\System32\vssvc.exe
[2011-06-06 21:51] - [2010-11-20 08:25] - 1600512 ____A (Microsoft Corporation)

C:\Windows\System32\wscsvc.dll
[2009-07-13 18:48] - [2009-07-13 20:41] - 0097280 ____A (Microsoft Corporation)

C:\Windows\System32\wbem\WMIsvc.dll
[2009-07-13 18:47] - [2009-07-13 20:41] - 0242688 ____A (Microsoft Corporation)

C:\Windows\System32\wuaueng.dll
[2012-06-24 10:36] - [2012-06-02 17:19] - 2428952 ____A (Microsoft Corporation)

C:\Windows\System32\qmgr.dll
[2011-06-06 21:51] - [2010-11-20 08:27] - 0849920 ____A (Microsoft Corporation)

C:\Windows\System32\es.dll
[2009-07-13 19:00] - [2009-07-13 20:40] - 0402944 ____A (Microsoft Corporation)

C:\Windows\System32\cryptsvc.dll
[2012-06-13 21:39] - [2012-04-24 00:37] - 0184320 ____A (Microsoft Corporation)

C:\Windows\System32\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation)

C:\Windows\System32\rpcss.dll
[2011-06-06 21:51] - [2010-11-20 08:27] - 0512000 ____A (Microsoft Corporation)



**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users