Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef infection - please help


  • This topic is locked This topic is locked
22 replies to this topic

#1 kbscientist

kbscientist

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 17 July 2012 - 01:47 AM

Hello -

I've got a sirefef infection. The computer is a pretty new Dell 64-bit Win 7 computer that was using MSE as the AV. MSE finds win64/sirefef.W, sirefef.P, and win32/sirefef.AB. I had to disable MSE because of the 1 minute restart loop sirefef forces. It also randomly sends me to webpages and I can't turn on Windows Firewall. Except for working on this forum to try and fix it I'm keeping the computer off. I followed the instructions in the malware guide, and got logs from DDS. I'm posting the DDS.txt log and attaching the attach.txt log as instructed. Thanks in advance for all help!

- Kirk

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Kirk Bays at 23:37:10 on 2012-07-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8084.6629 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Cypress\TrackPad\CyCpIo.exe
C:\Program Files\Cypress\TrackPad\CyHidWin.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msconfig.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Kirk Bays\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KB00931105.exe] "C:\Users\Kirk Bays\AppData\Roaming\KB00931105.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
TCP: Interfaces\{00F98E50-63C2-4E40-9D5A-D936FD401B7F} : DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
TCP: Interfaces\{00F98E50-63C2-4E40-9D5A-D936FD401B7F}\350756369616C647973702556596C6C616765602055726C69636 : DhcpNameServer = 66.93.87.2 215.6.234.255
TCP: Interfaces\{00F98E50-63C2-4E40-9D5A-D936FD401B7F}\4527166756C6F646765693 : DhcpNameServer = 66.192.125.46 66.195.66.45
TCP: Interfaces\{00F98E50-63C2-4E40-9D5A-D936FD401B7F}\76F6563786 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{F6C38737-CEF7-478C-A0C6-5541B40027D2} : DhcpNameServer = 128.95.112.1 128.95.120.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kirk Bays\AppData\Roaming\Mozilla\Firefox\Profiles\8d74yqpc.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kirk Bays\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kirk Bays\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Kirk Bays\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kirk Bays\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\npdeployJava1.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-15 98208]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cyhid;Cypress Input Device;C:\Windows\system32\DRIVERS\cyhid.sys --> C:\Windows\system32\DRIVERS\cyhid.sys [?]
R3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\system32\DRIVERS\cykbfltr.sys --> C:\Windows\system32\DRIVERS\cykbfltr.sys [?]
R3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\system32\DRIVERS\cymfltr.sys --> C:\Windows\system32\DRIVERS\cymfltr.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-22 2348352]
S2 postgresql-x64-9.1;postgresql-x64-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N "postgresql-x64-9.1" -D "C:/Program Files/PostgreSQL/9.1/data" -w --> C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-x64-9.1 [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-15 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-3-23 131912]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown pxgkinov;pxgkinov; [x]
SUnknown vmylpiao;vmylpiao; [x]
.
=============== Created Last 30 ================
.
2012-07-17 06:34:11 328704 ----a-w- C:\Windows\System32\services.exe.3FD6C7039D768AA9
2012-07-17 06:31:14 328704 ----a-w- C:\Windows\System32\services.exe.EE2FE149D26381B3
2012-07-17 06:28:22 328704 ----a-w- C:\Windows\System32\services.exe.57537C368504998F
2012-07-17 06:25:11 328704 ----a-w- C:\Windows\System32\services.exe.5C07E30AF45A4FFE
2012-07-15 01:56:13 50392 ----a-w- C:\Windows\System32\drivers\traocpwr.sys
2012-07-15 01:56:13 328704 ----a-w- C:\Windows\System32\services.exe.4D7554F8534047D8
2012-07-15 01:53:05 328704 ----a-w- C:\Windows\System32\services.exe.13A966E9FAFF9C4C
2012-07-15 01:48:18 328704 ----a-w- C:\Windows\System32\services.exe.1A49A7F5849E4E0E
2012-07-15 01:46:01 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8ADBEB2-C433-4E6A-87C4-02421FA68519}\offreg.dll
2012-07-15 01:44:24 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8B6A6C6-1C43-4925-9215-6ECDF6DBF67D}\gapaengine.dll
2012-07-15 01:44:21 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8ADBEB2-C433-4E6A-87C4-02421FA68519}\mpengine.dll
2012-07-15 01:43:23 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-15 01:43:22 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-15 01:25:03 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-14 23:57:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-14 23:49:45 -------- d--h--w- C:\Users\Kirk Bays\AppData\Roaming\6444BDBE
2012-07-14 23:49:44 70656 ----a-w- C:\Users\Kirk Bays\AppData\Roaming\KB00931105.exe
2012-06-26 04:48:17 -------- d--h--w- C:\Windows\msdownld.tmp
2012-06-26 04:48:16 -------- d-----w- C:\Windows\SysWow64\directx
2012-06-23 08:10:40 -------- d-----w- C:\Program Files (x86)\PakkISO
2012-06-22 19:29:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 19:29:24 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 19:29:22 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 19:29:22 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 05:28:39 -------- d-----w- C:\Users\Kirk Bays\AppData\Roaming\SinisterDesign.TelepathRPGServantsOfGod.9734F53159B682152B7C442264602A0CEA7C53C9.1
2012-06-17 10:08:06 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\SSGB1pc.dll
2012-06-17 10:07:27 89600 ----a-w- C:\Windows\System32\SSGB1ci.dll
2012-06-17 10:07:27 151552 ----a-w- C:\Windows\System32\SSGB1ci.exe
2012-06-17 10:06:52 53816 ------w- C:\Windows\System32\drivers\DGIVECP.SYS
2012-06-17 10:06:52 11576 ------w- C:\Windows\System32\drivers\SSPORT.SYS
2012-06-17 10:06:51 -------- d-----w- C:\Program Files (x86)\SAMSUNG
.
==================== Find3M ====================
.
2012-07-15 01:25:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-15 01:25:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 23:37:24.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:58 AM

Posted 18 July 2012 - 01:45 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kbscientist

kbscientist
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 19 July 2012 - 01:57 AM

Thanks Gringo - here you go.

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 18-07-2012 23:54:42
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2375168 2011-11-08] (Cypress Semiconductor Corporation)
HKLM\...\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2354176 2011-10-18] (Cypress Semiconductor, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-05] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-05] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-05] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-11-01] (Intel® Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [482661 2011-11-03] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2011-12-31] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2829241 2011-11-03] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\Kirk Bays\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd)
HKU\Kirk Bays\...\Run: [Google Update] "C:\Users\Kirk Bays\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-04] (Google Inc.)
HKU\Kirk Bays\...\Run: [KB00931105.exe] "C:\Users\Kirk Bays\AppData\Roaming\KB00931105.exe" [70656 2012-07-17] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 71.9.127.107 68.190.192.35 24.205.224.36
AppInit_DLLs: C:\Windows\system32\nvinitx.dll

==================== Services (Whitelisted) ======

2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [936272 2011-10-18] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1354064 2011-10-18] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-10-18] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [135440 2011-10-20] (Intel® Corporation)
2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [162816 2011-10-26] (Dell Products, LP.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 postgresql-x64-9.1; C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N "postgresql-x64-9.1" -D "C:/Program Files/PostgreSQL/9.1/data" -w [x]

========================== Drivers (Whitelisted) =============

3 cyhid; C:\Windows\System32\Drivers\cyhid.sys [117248 2011-12-08] (Cypress Semiconductor, Inc.)
3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13824 2011-12-08] (Cypress Semiconductor, Inc.)
3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [79872 2011-12-08] (Cypress Semiconductor, Inc.)
2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-03-26] (DT Soft Ltd)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [60416 2011-12-09] (Intel Corporation)
1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2012-02-29] (NVIDIA Corporation)
1 upujcpfv; \??\C:\Windows\system32\drivers\upujcpfv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 23:54 - 2012-07-18 23:54 - 00000000 ____D C:\FRST
2012-07-17 01:48 - 2012-07-17 01:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D548FEE0F939F7B5
2012-07-17 01:41 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 01:40 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-17 01:40 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-17 01:40 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-17 01:40 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-17 01:40 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-17 01:40 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-17 01:40 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-17 01:40 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-17 01:40 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-17 01:40 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-17 01:39 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-17 01:39 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-17 01:39 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-17 01:39 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-17 01:39 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-17 01:39 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-17 01:39 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-17 01:39 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-17 01:39 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-17 01:39 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-17 01:39 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-17 01:39 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-17 01:39 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-17 01:39 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-17 01:39 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-17 01:39 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-17 01:39 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-17 01:39 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-17 01:37 - 2012-07-17 01:37 - 00025850 ____A C:\Users\Kirk Bays\Desktop\DDS.txt
2012-07-17 01:34 - 2012-07-17 01:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FD6C7039D768AA9
2012-07-17 01:31 - 2012-07-17 01:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE2FE149D26381B3
2012-07-17 01:29 - 2012-07-17 01:37 - 00009613 ____A C:\Users\Kirk Bays\Desktop\Attach.txt
2012-07-17 01:28 - 2012-07-17 01:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.57537C368504998F
2012-07-17 01:25 - 2012-07-17 01:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5C07E30AF45A4FFE
2012-07-17 01:24 - 2012-07-17 01:25 - 00607260 ____R (Swearware) C:\Users\Kirk Bays\Desktop\dds.scr
2012-07-14 20:56 - 2012-07-14 20:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D7554F8534047D8
2012-07-14 20:56 - 2012-07-14 20:56 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\traocpwr.sys
2012-07-14 20:53 - 2012-07-14 20:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13A966E9FAFF9C4C
2012-07-14 20:48 - 2012-07-14 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A49A7F5849E4E0E
2012-07-14 20:43 - 2012-07-14 20:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-14 20:43 - 2012-07-14 20:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-14 20:42 - 2012-07-14 20:42 - 12621696 ____A (Microsoft Corporation) C:\Users\Kirk Bays\Downloads\mseinstall.exe
2012-07-14 20:25 - 2012-07-14 20:25 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-14 18:57 - 2012-07-14 18:57 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-14 18:50 - 2012-07-14 20:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-14 18:49 - 2012-07-17 01:25 - 00000000 ___HD C:\Users\Kirk Bays\Application Data\6444BDBE
2012-07-14 18:49 - 2012-07-17 01:25 - 00000000 ___HD C:\Users\Kirk Bays\AppData\Roaming\6444BDBE
2012-07-14 18:49 - 2012-07-17 01:24 - 00070656 ____A C:\Users\Kirk Bays\Application Data\KB00931105.exe
2012-07-14 18:49 - 2012-07-17 01:24 - 00070656 ____A C:\Users\Kirk Bays\AppData\Roaming\KB00931105.exe
2012-07-11 22:37 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 22:37 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 22:37 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 22:37 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 22:37 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 22:37 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 22:37 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 22:37 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 22:37 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 22:37 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 22:37 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 22:37 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 22:37 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 22:37 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 22:37 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 22:37 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 22:37 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 22:37 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 22:37 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-04 23:27 - 2012-07-04 23:27 - 00093351 ____A C:\Users\Kirk Bays\Downloads\us_scd1_9210.zip
2012-07-04 23:26 - 2012-07-04 23:26 - 00092712 ____A C:\Users\Kirk Bays\Downloads\SegaCD_Model_2_BIOS_V2.00W_(U)_(Jun_1993).zip
2012-07-03 03:22 - 2012-07-03 04:26 - 344217175 ____A C:\Users\Kirk Bays\Downloads\Langrisser4EnglishPatched.7z
2012-07-03 03:21 - 2012-07-03 03:21 - 00047951 ____A C:\Users\Kirk Bays\Downloads\1.htm
2012-07-01 06:11 - 2012-07-01 07:25 - 497929653 ____A C:\Users\Kirk Bays\Downloads\Suikoden III (USA).rar(1).002
2012-07-01 00:24 - 2012-03-21 06:40 - 00001110 ____N C:\Users\Kirk Bays\Downloads\readme.txt
2012-07-01 00:23 - 2012-07-01 00:23 - 00048997 ____A C:\Users\Kirk Bays\Downloads\wnaspi32.zip
2012-06-30 01:07 - 2012-05-16 17:50 - 524288000 ____A C:\Users\Kirk Bays\Downloads\Suikoden III (USA).rar.001
2012-06-27 17:45 - 2012-06-27 17:45 - 00103724 ____A C:\Users\Kirk Bays\Downloads\Crosstalk Intensity.zip
2012-06-27 17:45 - 2012-06-27 17:45 - 00000000 ____D C:\Users\Kirk Bays\Downloads\Crosstalk Intensity
2012-06-27 04:05 - 2012-05-22 03:58 - 214613632 ____A (NVIDIA Corporation) C:\Users\Kirk Bays\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe
2012-06-26 01:16 - 2012-06-26 01:16 - 00000000 ____D C:\Users\Kirk Bays\Downloads\pcsx2-5228-windows-x86
2012-06-26 01:15 - 2012-06-26 01:15 - 04404817 ____A C:\Users\Kirk Bays\Downloads\pcsx2-5228-windows-x86.7z
2012-06-26 00:17 - 2010-06-02 06:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-06-26 00:17 - 2010-06-02 06:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-06-26 00:17 - 2010-06-02 06:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-06-26 00:17 - 2010-06-02 06:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-06-26 00:17 - 2010-06-02 06:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-06-26 00:17 - 2010-06-02 06:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-06-26 00:17 - 2010-05-26 13:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-06-26 00:17 - 2010-05-26 13:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-06-26 00:17 - 2010-05-26 13:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-06-26 00:17 - 2010-05-26 13:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2012-06-26 00:17 - 2010-05-26 13:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-06-26 00:17 - 2010-05-26 13:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-06-26 00:17 - 2010-05-26 13:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-06-26 00:17 - 2010-05-26 13:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-06-26 00:17 - 2010-05-26 13:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-06-26 00:17 - 2010-05-26 13:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-06-26 00:17 - 2010-02-04 12:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-06-26 00:17 - 2010-02-04 12:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-06-26 00:17 - 2010-02-04 12:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-06-26 00:17 - 2010-02-04 12:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-06-26 00:17 - 2010-02-04 12:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-06-26 00:17 - 2010-02-04 12:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-06-26 00:17 - 2010-02-04 12:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-06-26 00:17 - 2010-02-04 12:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-06-26 00:17 - 2009-09-04 19:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-06-26 00:17 - 2009-09-04 19:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-06-26 00:17 - 2009-09-04 19:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-06-26 00:17 - 2009-09-04 19:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-06-26 00:17 - 2009-09-04 19:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-06-26 00:17 - 2009-09-04 19:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-06-26 00:17 - 2009-09-04 19:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-06-26 00:17 - 2009-09-04 19:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-06-26 00:17 - 2009-09-04 19:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-06-26 00:17 - 2009-09-04 19:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-06-26 00:17 - 2009-03-16 16:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-06-26 00:17 - 2009-03-16 16:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-06-26 00:17 - 2009-03-16 16:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-06-26 00:17 - 2009-03-16 16:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-06-26 00:17 - 2009-03-16 16:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-06-26 00:17 - 2009-03-16 16:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-06-26 00:17 - 2009-03-09 17:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-06-26 00:17 - 2009-03-09 17:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-06-26 00:17 - 2009-03-09 17:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-06-26 00:17 - 2009-03-09 17:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-06-26 00:17 - 2008-10-27 12:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-06-26 00:17 - 2008-10-27 12:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-06-26 00:17 - 2008-10-27 12:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-06-26 00:17 - 2008-10-27 12:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-06-26 00:17 - 2008-10-27 12:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-06-26 00:17 - 2008-10-27 12:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-06-26 00:17 - 2008-10-27 12:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-06-26 00:17 - 2008-10-27 12:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-06-26 00:17 - 2008-10-10 06:52 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-06-26 00:17 - 2008-10-10 06:52 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-06-26 00:17 - 2008-10-10 06:52 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-06-26 00:17 - 2008-10-10 06:52 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-06-26 00:17 - 2008-10-10 06:52 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-06-26 00:17 - 2008-07-31 12:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-06-26 00:17 - 2008-07-31 12:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-06-26 00:17 - 2008-07-31 12:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-06-26 00:17 - 2008-07-31 12:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-06-26 00:17 - 2008-07-31 12:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-06-26 00:17 - 2008-07-31 12:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-06-26 00:17 - 2008-07-10 13:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-06-26 00:17 - 2008-07-10 13:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-06-26 00:17 - 2008-07-10 13:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-06-26 00:17 - 2008-07-10 13:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-06-26 00:17 - 2008-07-10 13:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-06-26 00:17 - 2008-07-10 13:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-06-26 00:17 - 2008-05-30 16:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-06-26 00:17 - 2008-05-30 16:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-06-26 00:17 - 2008-05-30 16:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-06-26 00:17 - 2008-05-30 16:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-06-26 00:17 - 2008-05-30 16:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-06-26 00:17 - 2008-05-30 16:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-06-26 00:17 - 2008-05-30 16:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-06-26 00:17 - 2008-05-30 16:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-06-26 00:17 - 2008-05-30 16:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-06-26 00:17 - 2008-05-30 16:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-06-26 00:17 - 2008-05-30 16:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-06-26 00:17 - 2008-05-30 16:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-06-26 00:17 - 2008-05-30 16:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-06-26 00:17 - 2008-05-30 16:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-06-26 00:17 - 2008-03-05 18:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-06-26 00:17 - 2008-03-05 18:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-06-26 00:17 - 2008-03-05 18:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-06-26 00:17 - 2008-03-05 18:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-06-26 00:17 - 2008-03-05 18:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-06-26 00:17 - 2008-03-05 18:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-06-26 00:17 - 2008-03-05 17:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-06-26 00:17 - 2008-03-05 17:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-06-26 00:17 - 2008-03-05 17:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-06-26 00:17 - 2008-03-05 17:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-06-26 00:17 - 2008-02-06 01:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-06-26 00:17 - 2008-02-06 01:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-06-25 23:49 - 2012-06-25 23:49 - 00000000 ____D C:\Users\Kirk Bays\My Documents\PCSX2
2012-06-25 23:49 - 2012-06-25 23:49 - 00000000 ____D C:\Users\Kirk Bays\Documents\PCSX2
2012-06-25 23:48 - 2012-06-26 00:18 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-06-25 23:48 - 2012-06-26 00:17 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-06-23 03:13 - 2012-07-04 23:21 - 00000000 ____D C:\Users\Kirk Bays\Downloads\ecm tools
2012-06-23 03:10 - 2012-06-23 03:10 - 00000000 ____D C:\Program Files (x86)\PakkISO
2012-06-23 00:01 - 2012-06-23 00:48 - 00000000 ____D C:\Users\Kirk Bays\Application Data\Skype
2012-06-23 00:01 - 2012-06-23 00:48 - 00000000 ____D C:\Users\Kirk Bays\AppData\Roaming\Skype
2012-06-22 14:29 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 14:29 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 14:29 - 2012-06-02 17:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 14:29 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 14:29 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 14:29 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 14:29 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 14:29 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 14:29 - 2012-06-02 17:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 00:28 - 2012-06-20 00:28 - 00000000 ____D C:\Users\Kirk Bays\Application Data\SinisterDesign.TelepathRPGServantsOfGod.9734F53159B682152B7C442264602A0CEA7C53C9.1
2012-06-20 00:28 - 2012-06-20 00:28 - 00000000 ____D C:\Users\Kirk Bays\AppData\Roaming\SinisterDesign.TelepathRPGServantsOfGod.9734F53159B682152B7C442264602A0CEA7C53C9.1

============ 3 Months Modified Files ========================

2012-07-19 01:50 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-19 01:50 - 2009-07-13 23:51 - 00056449 ____A C:\Windows\setupact.log
2012-07-19 01:50 - 2009-07-13 23:45 - 00483224 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-17 01:48 - 2012-07-17 01:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D548FEE0F939F7B5
2012-07-17 01:46 - 2012-03-15 08:29 - 02029430 ____A C:\Windows\WindowsUpdate.log
2012-07-17 01:43 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-17 01:43 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-17 01:40 - 2012-06-05 17:46 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-17 01:40 - 2012-04-17 15:02 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-17 01:40 - 2009-07-14 00:13 - 00782270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-17 01:37 - 2012-07-17 01:37 - 00025850 ____A C:\Users\Kirk Bays\Desktop\DDS.txt
2012-07-17 01:37 - 2012-07-17 01:29 - 00009613 ____A C:\Users\Kirk Bays\Desktop\Attach.txt
2012-07-17 01:34 - 2012-07-17 01:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FD6C7039D768AA9
2012-07-17 01:31 - 2012-07-17 01:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE2FE149D26381B3
2012-07-17 01:28 - 2012-07-17 01:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.57537C368504998F
2012-07-17 01:25 - 2012-07-17 01:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5C07E30AF45A4FFE
2012-07-17 01:25 - 2012-07-17 01:24 - 00607260 ____R (Swearware) C:\Users\Kirk Bays\Desktop\dds.scr
2012-07-17 01:24 - 2012-07-14 18:49 - 00070656 ____A C:\Users\Kirk Bays\Application Data\KB00931105.exe
2012-07-17 01:24 - 2012-07-14 18:49 - 00070656 ____A C:\Users\Kirk Bays\AppData\Roaming\KB00931105.exe
2012-07-14 20:56 - 2012-07-14 20:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D7554F8534047D8
2012-07-14 20:56 - 2012-07-14 20:56 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\traocpwr.sys
2012-07-14 20:53 - 2012-07-14 20:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13A966E9FAFF9C4C
2012-07-14 20:48 - 2012-07-14 20:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A49A7F5849E4E0E
2012-07-14 20:43 - 2012-03-21 17:51 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-14 20:43 - 2011-02-10 11:10 - 00796420 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-14 20:42 - 2012-07-14 20:42 - 12621696 ____A (Microsoft Corporation) C:\Users\Kirk Bays\Downloads\mseinstall.exe
2012-07-14 20:38 - 2012-07-14 18:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-14 20:25 - 2012-07-14 20:25 - 09822920 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-07-14 20:25 - 2012-03-29 16:05 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-14 20:25 - 2012-03-15 08:30 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-14 20:24 - 2012-06-04 11:15 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3083028813-376037329-742705685-1001UA.job
2012-07-14 18:22 - 2012-06-04 11:15 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3083028813-376037329-742705685-1001Core.job
2012-07-10 18:29 - 2012-03-21 18:25 - 00000600 ____A C:\Users\Kirk Bays\Local Settings\PUTTY.RND
2012-07-10 18:29 - 2012-03-21 18:25 - 00000600 ____A C:\Users\Kirk Bays\Local Settings\Application Data\PUTTY.RND
2012-07-10 18:29 - 2012-03-21 18:25 - 00000600 ____A C:\Users\Kirk Bays\AppData\Local\PUTTY.RND
2012-07-05 21:12 - 2012-04-17 15:02 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-07-05 16:53 - 2012-03-26 17:49 - 00008165 ____A C:\Users\Kirk Bays\gsview64.ini
2012-07-05 16:04 - 2012-03-21 18:19 - 00000600 ____A C:\Users\Kirk Bays\Application Data\winscp.rnd
2012-07-05 16:04 - 2012-03-21 18:19 - 00000600 ____A C:\Users\Kirk Bays\AppData\Roaming\winscp.rnd
2012-07-04 23:27 - 2012-07-04 23:27 - 00093351 ____A C:\Users\Kirk Bays\Downloads\us_scd1_9210.zip
2012-07-04 23:26 - 2012-07-04 23:26 - 00092712 ____A C:\Users\Kirk Bays\Downloads\SegaCD_Model_2_BIOS_V2.00W_(U)_(Jun_1993).zip
2012-07-03 04:26 - 2012-07-03 03:22 - 344217175 ____A C:\Users\Kirk Bays\Downloads\Langrisser4EnglishPatched.7z
2012-07-03 03:21 - 2012-07-03 03:21 - 00047951 ____A C:\Users\Kirk Bays\Downloads\1.htm
2012-07-02 03:32 - 2012-04-25 16:02 - 00001108 ____A C:\Users\Kirk Bays\Desktop\todo.txt
2012-07-01 07:25 - 2012-07-01 06:11 - 497929653 ____A C:\Users\Kirk Bays\Downloads\Suikoden III (USA).rar(1).002
2012-07-01 00:23 - 2012-07-01 00:23 - 00048997 ____A C:\Users\Kirk Bays\Downloads\wnaspi32.zip
2012-06-27 17:45 - 2012-06-27 17:45 - 00103724 ____A C:\Users\Kirk Bays\Downloads\Crosstalk Intensity.zip
2012-06-26 01:15 - 2012-06-26 01:15 - 04404817 ____A C:\Users\Kirk Bays\Downloads\pcsx2-5228-windows-x86.7z
2012-06-26 00:17 - 2012-03-15 08:57 - 00200396 ____A C:\Windows\DirectX.log
2012-06-25 05:09 - 2012-03-21 18:38 - 00002433 ____A C:\Users\Kirk Bays\.root_hist
2012-06-22 23:37 - 2012-04-30 19:17 - 00005416 ____A C:\Users\Kirk Bays\My Documents\pgadmin.log
2012-06-22 23:37 - 2012-04-30 19:17 - 00005416 ____A C:\Users\Kirk Bays\Documents\pgadmin.log
2012-06-11 22:08 - 2012-07-17 01:41 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 00:43 - 2012-07-11 22:37 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-11 22:37 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 01:06 - 2012-07-11 22:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-11 22:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-11 22:37 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-11 22:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-11 22:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-11 22:37 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 17:19 - 2012-06-22 14:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-22 14:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-22 14:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 17:19 - 2012-06-22 14:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-22 14:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-22 14:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-22 14:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-22 14:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 17:15 - 2012-06-22 14:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 07:49 - 2012-07-17 01:39 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 07:17 - 2012-07-17 01:39 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 07:12 - 2012-07-17 01:39 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 07:05 - 2012-07-17 01:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 07:05 - 2012-07-17 01:39 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 07:04 - 2012-07-17 01:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 07:04 - 2012-07-17 01:39 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 07:03 - 2012-07-17 01:39 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 07:01 - 2012-07-17 01:39 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 07:00 - 2012-07-17 01:39 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 06:59 - 2012-07-17 01:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 06:57 - 2012-07-17 01:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 06:57 - 2012-07-17 01:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 06:54 - 2012-07-17 01:39 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 04:07 - 2012-07-17 01:39 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 03:43 - 2012-07-17 01:39 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 03:33 - 2012-07-17 01:39 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 03:26 - 2012-07-17 01:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 03:25 - 2012-07-17 01:39 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 03:25 - 2012-07-17 01:39 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 03:23 - 2012-07-17 01:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 03:21 - 2012-07-17 01:39 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 03:20 - 2012-07-17 01:39 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 03:19 - 2012-07-17 01:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 03:19 - 2012-07-17 01:39 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 03:17 - 2012-07-17 01:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 03:16 - 2012-07-17 01:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 03:14 - 2012-07-17 01:39 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 00:50 - 2012-07-11 22:37 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-07-11 22:37 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-07-11 22:37 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-07-11 22:37 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-07-11 22:37 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-07-11 22:37 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-07-11 22:37 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-07-11 22:37 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-07-11 22:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-22 03:58 - 2012-06-27 04:05 - 214613632 ____A (NVIDIA Corporation) C:\Users\Kirk Bays\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe
2012-05-16 17:50 - 2012-06-30 01:07 - 524288000 ____A C:\Users\Kirk Bays\Downloads\Suikoden III (USA).rar.001
2012-05-15 18:01 - 2012-05-15 17:45 - 50445312 ____A C:\Users\Kirk Bays\Downloads\Komodo-Edit-7.0.2-9923.msi
2012-05-15 17:55 - 2012-05-15 17:46 - 32453040 ____A C:\Users\Kirk Bays\Downloads\CoffeeFreeHTML9.7.exe
2012-05-10 17:34 - 2010-11-20 22:47 - 00023024 ____A C:\Windows\PFRO.log
2012-05-04 06:06 - 2012-06-13 22:24 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-13 22:24 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-13 22:24 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 00:40 - 2012-06-13 22:24 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 18:52 - 2012-04-30 18:52 - 00000020 ___SH C:\Users\postgres\ntuser.ini
2012-04-27 22:55 - 2012-06-13 22:24 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:41 - 2012-06-13 22:24 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:41 - 2012-06-13 22:24 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:34 - 2012-06-13 22:24 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 00:37 - 2012-06-13 22:24 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:37 - 2012-06-13 22:24 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:37 - 2012-06-13 22:24 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:36 - 2012-06-13 22:24 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:36 - 2012-06-13 22:24 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:36 - 2012-06-13 22:24 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

ZeroAccess:
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}\@
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}\L
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}\n
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}\U
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}\L\00000004.@
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}\L\1afb2d56
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}\L\201d3dde
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}\U\00000004.@
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}\U\00000008.@
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}\U\000000cb.@

ZeroAccess:
C:\Users\Kirk Bays\AppData\Local\{9202bc77-d829-6578-2d8c-dfef68888d58}
C:\Users\Kirk Bays\AppData\Local\{9202bc77-d829-6578-2d8c-dfef68888d58}\@
C:\Users\Kirk Bays\AppData\Local\{9202bc77-d829-6578-2d8c-dfef68888d58}\L
C:\Users\Kirk Bays\AppData\Local\{9202bc77-d829-6578-2d8c-dfef68888d58}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8083.88 MB
Available physical RAM: 7290.59 MB
Total Pagefile: 8082.08 MB
Available Pagefile: 7292.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.84 GB) (Free:72.94 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.86 GB) (Free:1.75 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 238 GB 2048 KB
Disk 1 Online 1907 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 19 GB 104 MB
Partition 3 Primary 218 GB 19 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 101 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 19 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1907 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-09 13:35

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:58 AM

Posted 19 July 2012 - 02:03 AM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kbscientist

kbscientist
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 20 July 2012 - 12:55 AM

Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-19 22:54:28
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:58 AM

Posted 20 July 2012 - 01:59 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58}
C:\Users\Kirk Bays\AppData\Local\{9202bc77-d829-6578-2d8c-dfef68888d58}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kbscientist

kbscientist
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 20 July 2012 - 03:23 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-20 01:21:53 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\Installer\{9202bc77-d829-6578-2d8c-dfef68888d58} moved successfully.
C:\Users\Kirk Bays\AppData\Local\{9202bc77-d829-6578-2d8c-dfef68888d58} moved successfully.

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:58 AM

Posted 20 July 2012 - 03:47 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:58 AM

Posted 22 July 2012 - 11:12 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kbscientist

kbscientist
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 23 July 2012 - 05:38 PM

Sorry, was just away for the weekend. Combofix has been ran. I restarted afterwards, re-enabled MSE and did a quick scan. It found nothing. I haven't been using the computer long since then but so far no random website redirections, and windows firewall is back on. Thanks a ton for the help - is there anything else I should do to ensure I'm completely clean?

ComboFix 12-07-24.01 - Kirk Bays 07/23/2012 15:18:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8084.6664 [GMT -7:00]
Running from: c:\users\Kirk Bays\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\programdata\Roaming
c:\users\Kirk Bays\AppData\Roaming\KB00931105.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 22:20 . 2012-07-23 22:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-20 05:52 . 2012-07-20 05:52 328704 ----a-w- c:\windows\system32\services.exe.CA40A707E43EFCA0
2012-07-20 05:51 . 2012-07-23 22:21 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E46CD16-BA0E-4653-BEEE-A364F031D234}\offreg.dll
2012-07-19 04:54 . 2012-07-19 04:54 -------- d-----w- C:\FRST
2012-07-17 06:48 . 2012-07-17 06:48 328704 ----a-w- c:\windows\system32\services.exe.D548FEE0F939F7B5
2012-07-17 06:46 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E46CD16-BA0E-4653-BEEE-A364F031D234}\mpengine.dll
2012-07-17 06:41 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 06:39 . 2012-06-02 12:52 754808 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-07-17 06:34 . 2012-07-17 06:34 328704 ----a-w- c:\windows\system32\services.exe.3FD6C7039D768AA9
2012-07-17 06:31 . 2012-07-17 06:31 328704 ----a-w- c:\windows\system32\services.exe.EE2FE149D26381B3
2012-07-17 06:28 . 2012-07-17 06:28 328704 ----a-w- c:\windows\system32\services.exe.57537C368504998F
2012-07-17 06:25 . 2012-07-17 06:25 328704 ----a-w- c:\windows\system32\services.exe.5C07E30AF45A4FFE
2012-07-15 01:56 . 2012-07-15 01:56 50392 ----a-w- c:\windows\system32\drivers\traocpwr.sys
2012-07-15 01:56 . 2012-07-15 01:56 328704 ----a-w- c:\windows\system32\services.exe.4D7554F8534047D8
2012-07-15 01:53 . 2012-07-15 01:53 328704 ----a-w- c:\windows\system32\services.exe.13A966E9FAFF9C4C
2012-07-15 01:48 . 2012-07-15 01:48 328704 ----a-w- c:\windows\system32\services.exe.1A49A7F5849E4E0E
2012-07-15 01:44 . 2012-07-15 01:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8B6A6C6-1C43-4925-9215-6ECDF6DBF67D}\gapaengine.dll
2012-07-15 01:44 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-15 01:43 . 2012-07-15 01:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-15 01:43 . 2012-07-15 01:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-15 01:25 . 2012-07-15 01:25 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-14 23:57 . 2012-07-14 23:57 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-14 23:49 . 2012-07-17 06:25 -------- d--h--w- c:\users\Kirk Bays\AppData\Roaming\6444BDBE
2012-06-26 05:17 . 2010-06-02 11:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 06:40 . 2012-06-05 22:46 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-15 01:25 . 2012-03-29 21:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-15 01:25 . 2012-03-15 13:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 19:29 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 19:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 19:29 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 19:29 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 19:29 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 19:29 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 19:29 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 19:29 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 19:29 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-04 11:06 . 2012-06-14 03:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 03:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 03:24 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 03:24 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 03:24 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 03:24 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 03:24 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 03:24 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-12-31 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 upujcpfv;upujcpfv;c:\windows\system32\drivers\upujcpfv.sys [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 postgresql-x64-9.1;postgresql-x64-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-x64-9.1 -D C:/Program Files/PostgreSQL/9.1/data -w [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-06-07 131912]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-10-16 291648]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-26 283200]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-03-01 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-12-08 117248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-12-09 13824]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-12-09 79872]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-02 8615936]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-14 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-14 212992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 01:25]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3083028813-376037329-742705685-1001Core.job
- c:\users\Kirk Bays\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 16:15]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3083028813-376037329-742705685-1001UA.job
- c:\users\Kirk Bays\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 16:15]
.
2012-07-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-11-08 2375168]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-10-19 2354176]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-26 7214696]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-07-13 4146848]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 131.215.254.100 131.215.139.100 131.215.9.49
FF - ProfilePath - c:\users\Kirk Bays\AppData\Roaming\Mozilla\Firefox\Profiles\8d74yqpc.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KB00931105.exe - c:\users\Kirk Bays\AppData\Roaming\KB00931105.exe
Toolbar-Locked - (no file)
AddRemove-pcsx2-r4600 - c:\games\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.1]
"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.1]
"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-23 15:24:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 22:24
.
Pre-Run: 78,829,424,640 bytes free
Post-Run: 79,349,702,656 bytes free
.
- - End Of File - - 076197CF1BF96E09A161148CDF82F09F

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:58 AM

Posted 23 July 2012 - 06:52 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kbscientist

kbscientist
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 23 July 2012 - 07:29 PM

17:28:19.0657 5084 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
17:28:20.0242 5084 ============================================================
17:28:20.0242 5084 Current date / time: 2012/07/23 17:28:20.0242
17:28:20.0242 5084 SystemInfo:
17:28:20.0242 5084
17:28:20.0243 5084 OS Version: 6.1.7601 ServicePack: 1.0
17:28:20.0243 5084 Product type: Workstation
17:28:20.0243 5084 ComputerName: KIRKBAYS-LAPTOP
17:28:20.0243 5084 UserName: Kirk Bays
17:28:20.0243 5084 Windows directory: C:\Windows
17:28:20.0243 5084 System windows directory: C:\Windows
17:28:20.0243 5084 Running under WOW64
17:28:20.0243 5084 Processor architecture: Intel x64
17:28:20.0243 5084 Number of processors: 4
17:28:20.0243 5084 Page size: 0x1000
17:28:20.0243 5084 Boot type: Normal boot
17:28:20.0243 5084 ============================================================
17:28:20.0564 5084 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:28:20.0570 5084 ============================================================
17:28:20.0570 5084 \Device\Harddisk0\DR0:
17:28:20.0570 5084 MBR partitions:
17:28:20.0570 5084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
17:28:20.0570 5084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x1B5AEAB0
17:28:20.0570 5084 ============================================================
17:28:20.0572 5084 C: <-> \Device\Harddisk0\DR0\Partition1
17:28:20.0572 5084 ============================================================
17:28:20.0572 5084 Initialize success
17:28:20.0572 5084 ============================================================
17:28:21.0983 5792 ============================================================
17:28:21.0983 5792 Scan started
17:28:21.0983 5792 Mode: Manual;
17:28:21.0983 5792 ============================================================
17:28:22.0236 5792 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:28:22.0238 5792 1394ohci - ok
17:28:22.0241 5792 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
17:28:22.0241 5792 Acceler - ok
17:28:22.0252 5792 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:28:22.0254 5792 ACPI - ok
17:28:22.0258 5792 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:28:22.0258 5792 AcpiPmi - ok
17:28:22.0265 5792 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:28:22.0265 5792 AdobeARMservice - ok
17:28:22.0290 5792 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:28:22.0291 5792 AdobeFlashPlayerUpdateSvc - ok
17:28:22.0308 5792 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:28:22.0310 5792 adp94xx - ok
17:28:22.0322 5792 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:28:22.0324 5792 adpahci - ok
17:28:22.0333 5792 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:28:22.0334 5792 adpu320 - ok
17:28:22.0338 5792 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:28:22.0339 5792 AeLookupSvc - ok
17:28:22.0345 5792 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
17:28:22.0346 5792 AERTFilters - ok
17:28:22.0362 5792 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:28:22.0364 5792 AFD - ok
17:28:22.0368 5792 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:28:22.0368 5792 agp440 - ok
17:28:22.0372 5792 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:28:22.0373 5792 ALG - ok
17:28:22.0376 5792 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:28:22.0376 5792 aliide - ok
17:28:22.0380 5792 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:28:22.0380 5792 amdide - ok
17:28:22.0385 5792 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:28:22.0386 5792 AmdK8 - ok
17:28:22.0389 5792 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:28:22.0389 5792 AmdPPM - ok
17:28:22.0394 5792 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:28:22.0395 5792 amdsata - ok
17:28:22.0401 5792 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:28:22.0402 5792 amdsbs - ok
17:28:22.0405 5792 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:28:22.0405 5792 amdxata - ok
17:28:22.0412 5792 AMPPAL (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\AMPPAL.sys
17:28:22.0413 5792 AMPPAL - ok
17:28:22.0416 5792 AMPPALP (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\amppal.sys
17:28:22.0417 5792 AMPPALP - ok
17:28:22.0432 5792 AMPPALR3 (2cc0cbf2707be4d5b6ce6b87d9da2f97) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
17:28:22.0435 5792 AMPPALR3 - ok
17:28:22.0440 5792 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:28:22.0441 5792 AppID - ok
17:28:22.0444 5792 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:28:22.0444 5792 AppIDSvc - ok
17:28:22.0448 5792 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:28:22.0448 5792 Appinfo - ok
17:28:22.0454 5792 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:28:22.0455 5792 arc - ok
17:28:22.0459 5792 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:28:22.0459 5792 arcsas - ok
17:28:22.0469 5792 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:28:22.0470 5792 aspnet_state - ok
17:28:22.0473 5792 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:28:22.0473 5792 AsyncMac - ok
17:28:22.0476 5792 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:28:22.0476 5792 atapi - ok
17:28:22.0494 5792 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:28:22.0497 5792 AudioEndpointBuilder - ok
17:28:22.0501 5792 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:28:22.0503 5792 AudioSrv - ok
17:28:22.0511 5792 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:28:22.0511 5792 AxInstSV - ok
17:28:22.0526 5792 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:28:22.0528 5792 b06bdrv - ok
17:28:22.0539 5792 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:28:22.0540 5792 b57nd60a - ok
17:28:22.0551 5792 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:28:22.0554 5792 BBSvc - ok
17:28:22.0571 5792 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:28:22.0576 5792 BBUpdate - ok
17:28:22.0585 5792 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:28:22.0586 5792 BDESVC - ok
17:28:22.0588 5792 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:28:22.0589 5792 Beep - ok
17:28:22.0611 5792 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:28:22.0617 5792 BFE - ok
17:28:22.0648 5792 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:28:22.0658 5792 BITS - ok
17:28:22.0665 5792 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:28:22.0666 5792 blbdrive - ok
17:28:22.0696 5792 Bluetooth Device Monitor (0f46d2845bd7ddaca52340ecc2b65da3) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
17:28:22.0700 5792 Bluetooth Device Monitor - ok
17:28:22.0743 5792 Bluetooth Media Service (3341de556ec28252d603277609eef8bf) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
17:28:22.0755 5792 Bluetooth Media Service - ok
17:28:22.0784 5792 Bluetooth OBEX Service (5d5c3ec9be1107dedf0feb55b7f3bd77) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
17:28:22.0789 5792 Bluetooth OBEX Service - ok
17:28:22.0812 5792 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:28:22.0812 5792 bowser - ok
17:28:22.0815 5792 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:28:22.0815 5792 BrFiltLo - ok
17:28:22.0818 5792 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:28:22.0818 5792 BrFiltUp - ok
17:28:22.0825 5792 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:28:22.0826 5792 BridgeMP - ok
17:28:22.0833 5792 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:28:22.0834 5792 Browser - ok
17:28:22.0844 5792 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:28:22.0846 5792 Brserid - ok
17:28:22.0850 5792 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:28:22.0851 5792 BrSerWdm - ok
17:28:22.0853 5792 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:28:22.0853 5792 BrUsbMdm - ok
17:28:22.0857 5792 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:28:22.0857 5792 BrUsbSer - ok
17:28:22.0860 5792 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
17:28:22.0861 5792 BthEnum - ok
17:28:22.0864 5792 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:28:22.0864 5792 BTHMODEM - ok
17:28:22.0869 5792 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:28:22.0870 5792 BthPan - ok
17:28:22.0886 5792 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
17:28:22.0888 5792 BTHPORT - ok
17:28:22.0895 5792 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:28:22.0896 5792 bthserv - ok
17:28:22.0904 5792 BTHSSecurityMgr (d6ceec2f878149e4db9fe93fa5d8fe60) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
17:28:22.0905 5792 BTHSSecurityMgr - ok
17:28:22.0909 5792 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
17:28:22.0909 5792 BTHUSB - ok
17:28:22.0913 5792 btmaux (ab0a33001fe7ebb209d9d52ced11be1a) C:\Windows\system32\DRIVERS\btmaux.sys
17:28:22.0913 5792 btmaux - ok
17:28:22.0923 5792 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys
17:28:22.0924 5792 btmhsf - ok
17:28:22.0926 5792 catchme - ok
17:28:22.0932 5792 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:28:22.0933 5792 cdfs - ok
17:28:22.0938 5792 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:28:22.0939 5792 cdrom - ok
17:28:22.0945 5792 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:28:22.0945 5792 CertPropSvc - ok
17:28:22.0948 5792 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:28:22.0949 5792 circlass - ok
17:28:22.0959 5792 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:28:22.0961 5792 CLFS - ok
17:28:22.0967 5792 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:28:22.0968 5792 clr_optimization_v2.0.50727_32 - ok
17:28:22.0973 5792 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:28:22.0974 5792 clr_optimization_v2.0.50727_64 - ok
17:28:22.0982 5792 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:28:22.0983 5792 clr_optimization_v4.0.30319_32 - ok
17:28:22.0993 5792 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:28:22.0994 5792 clr_optimization_v4.0.30319_64 - ok
17:28:22.0996 5792 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:28:22.0997 5792 CmBatt - ok
17:28:22.0999 5792 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:28:23.0000 5792 cmdide - ok
17:28:23.0014 5792 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
17:28:23.0016 5792 CNG - ok
17:28:23.0019 5792 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:28:23.0020 5792 Compbatt - ok
17:28:23.0023 5792 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:28:23.0023 5792 CompositeBus - ok
17:28:23.0025 5792 COMSysApp - ok
17:28:23.0028 5792 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:28:23.0029 5792 crcdisk - ok
17:28:23.0038 5792 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:28:23.0039 5792 CryptSvc - ok
17:28:23.0047 5792 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:28:23.0048 5792 CtClsFlt - ok
17:28:23.0052 5792 cyhid (5858111ff43b8e87edd13667e5b29e51) C:\Windows\system32\DRIVERS\cyhid.sys
17:28:23.0053 5792 cyhid - ok
17:28:23.0055 5792 cykbfltrService (903c161e91a7f2678e7e8d775d3512b2) C:\Windows\system32\DRIVERS\cykbfltr.sys
17:28:23.0056 5792 cykbfltrService - ok
17:28:23.0061 5792 cymfltrService (ef5a7a27ac58672cf3b5ce91e99c43dc) C:\Windows\system32\DRIVERS\cymfltr.sys
17:28:23.0062 5792 cymfltrService - ok
17:28:23.0077 5792 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:28:23.0080 5792 DcomLaunch - ok
17:28:23.0090 5792 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:28:23.0092 5792 defragsvc - ok
17:28:23.0100 5792 DellDigitalDelivery (2050309bab03dfcee455dbf913bf91b1) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
17:28:23.0101 5792 DellDigitalDelivery - ok
17:28:23.0107 5792 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
17:28:23.0108 5792 Desura Install Service - ok
17:28:23.0112 5792 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:28:23.0113 5792 DfsC - ok
17:28:23.0116 5792 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
17:28:23.0117 5792 DgiVecp - ok
17:28:23.0128 5792 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:28:23.0129 5792 Dhcp - ok
17:28:23.0132 5792 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:28:23.0132 5792 discache - ok
17:28:23.0136 5792 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:28:23.0137 5792 Disk - ok
17:28:23.0144 5792 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:28:23.0145 5792 Dnscache - ok
17:28:23.0154 5792 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:28:23.0156 5792 dot3svc - ok
17:28:23.0162 5792 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:28:23.0163 5792 DPS - ok
17:28:23.0165 5792 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:28:23.0166 5792 drmkaud - ok
17:28:23.0177 5792 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:28:23.0178 5792 dtsoftbus01 - ok
17:28:23.0206 5792 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:28:23.0210 5792 DXGKrnl - ok
17:28:23.0216 5792 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:28:23.0217 5792 EapHost - ok
17:28:23.0325 5792 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:28:23.0349 5792 ebdrv - ok
17:28:23.0369 5792 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:28:23.0370 5792 EFS - ok
17:28:23.0393 5792 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:28:23.0397 5792 ehRecvr - ok
17:28:23.0404 5792 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:28:23.0405 5792 ehSched - ok
17:28:23.0423 5792 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:28:23.0426 5792 elxstor - ok
17:28:23.0428 5792 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:28:23.0429 5792 ErrDev - ok
17:28:23.0443 5792 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:28:23.0445 5792 EventSystem - ok
17:28:23.0496 5792 EvtEng (532b8ff8e07f3772b086620377654f95) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:28:23.0511 5792 EvtEng - ok
17:28:23.0536 5792 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:28:23.0537 5792 exfat - ok
17:28:23.0546 5792 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:28:23.0548 5792 fastfat - ok
17:28:23.0571 5792 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:28:23.0575 5792 Fax - ok
17:28:23.0578 5792 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:28:23.0578 5792 fdc - ok
17:28:23.0580 5792 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:28:23.0581 5792 fdPHost - ok
17:28:23.0584 5792 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:28:23.0584 5792 FDResPub - ok
17:28:23.0588 5792 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:28:23.0589 5792 FileInfo - ok
17:28:23.0592 5792 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:28:23.0592 5792 Filetrace - ok
17:28:23.0595 5792 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:28:23.0595 5792 flpydisk - ok
17:28:23.0605 5792 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:28:23.0607 5792 FltMgr - ok
17:28:23.0650 5792 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:28:23.0664 5792 FontCache - ok
17:28:23.0670 5792 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:28:23.0670 5792 FontCache3.0.0.0 - ok
17:28:23.0676 5792 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:28:23.0676 5792 FsDepends - ok
17:28:23.0679 5792 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:28:23.0680 5792 Fs_Rec - ok
17:28:23.0688 5792 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:28:23.0689 5792 fvevol - ok
17:28:23.0695 5792 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:28:23.0696 5792 gagp30kx - ok
17:28:23.0717 5792 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:28:23.0721 5792 gpsvc - ok
17:28:23.0724 5792 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:28:23.0725 5792 hcw85cir - ok
17:28:23.0730 5792 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:28:23.0731 5792 HDAudBus - ok
17:28:23.0734 5792 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:28:23.0735 5792 HidBatt - ok
17:28:23.0739 5792 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:28:23.0740 5792 HidBth - ok
17:28:23.0744 5792 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:28:23.0744 5792 HidIr - ok
17:28:23.0747 5792 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:28:23.0748 5792 hidserv - ok
17:28:23.0751 5792 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:28:23.0752 5792 HidUsb - ok
17:28:23.0756 5792 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:28:23.0757 5792 hkmsvc - ok
17:28:23.0765 5792 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:28:23.0767 5792 HomeGroupListener - ok
17:28:23.0773 5792 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:28:23.0775 5792 HomeGroupProvider - ok
17:28:23.0779 5792 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:28:23.0780 5792 HpSAMD - ok
17:28:23.0799 5792 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:28:23.0802 5792 HTTP - ok
17:28:23.0805 5792 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:28:23.0805 5792 hwpolicy - ok
17:28:23.0811 5792 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:28:23.0812 5792 i8042prt - ok
17:28:23.0826 5792 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
17:28:23.0828 5792 iaStor - ok
17:28:23.0840 5792 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:28:23.0843 5792 iaStorV - ok
17:28:23.0847 5792 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
17:28:23.0847 5792 iBtFltCoex - ok
17:28:23.0873 5792 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:28:23.0878 5792 idsvc - ok
17:28:24.0232 5792 igfx (0bd58366c86ef9ddc4f61afed0cada99) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:28:24.0277 5792 igfx - ok
17:28:24.0303 5792 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:28:24.0304 5792 iirsp - ok
17:28:24.0331 5792 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:28:24.0337 5792 IKEEXT - ok
17:28:24.0346 5792 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
17:28:24.0347 5792 Impcd - ok
17:28:24.0354 5792 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
17:28:24.0354 5792 intaud_WaveExtensible - ok
17:28:24.0445 5792 IntcAzAudAddService (a3c9367a02b2a1fc22536add3601b64f) C:\Windows\system32\drivers\RTKVHD64.sys
17:28:24.0456 5792 IntcAzAudAddService - ok
17:28:24.0483 5792 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:28:24.0484 5792 IntcDAud - ok
17:28:24.0487 5792 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:28:24.0487 5792 intelide - ok
17:28:24.0491 5792 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:28:24.0491 5792 intelppm - ok
17:28:24.0497 5792 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:28:24.0498 5792 IPBusEnum - ok
17:28:24.0501 5792 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:28:24.0502 5792 IpFilterDriver - ok
17:28:24.0518 5792 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:28:24.0520 5792 iphlpsvc - ok
17:28:24.0524 5792 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:28:24.0525 5792 IPMIDRV - ok
17:28:24.0530 5792 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:28:24.0531 5792 IPNAT - ok
17:28:24.0533 5792 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:28:24.0534 5792 IRENUM - ok
17:28:24.0536 5792 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:28:24.0536 5792 isapnp - ok
17:28:24.0545 5792 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:28:24.0546 5792 iScsiPrt - ok
17:28:24.0551 5792 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
17:28:24.0551 5792 iwdbus - ok
17:28:24.0555 5792 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:28:24.0555 5792 kbdclass - ok
17:28:24.0558 5792 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:28:24.0558 5792 kbdhid - ok
17:28:24.0562 5792 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:24.0563 5792 KeyIso - ok
17:28:24.0567 5792 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
17:28:24.0567 5792 KSecDD - ok
17:28:24.0572 5792 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
17:28:24.0573 5792 KSecPkg - ok
17:28:24.0576 5792 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:28:24.0577 5792 ksthunk - ok
17:28:24.0589 5792 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:28:24.0591 5792 KtmRm - ok
17:28:24.0595 5792 L1C (0219f13ab1664005adcba884c0eb975e) C:\Windows\system32\DRIVERS\L1C62x64.sys
17:28:24.0596 5792 L1C - ok
17:28:24.0604 5792 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:28:24.0606 5792 LanmanServer - ok
17:28:24.0612 5792 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:28:24.0613 5792 LanmanWorkstation - ok
17:28:24.0619 5792 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:28:24.0619 5792 lltdio - ok
17:28:24.0629 5792 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:28:24.0631 5792 lltdsvc - ok
17:28:24.0633 5792 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:28:24.0634 5792 lmhosts - ok
17:28:24.0649 5792 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:28:24.0650 5792 LMS - ok
17:28:24.0657 5792 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:28:24.0658 5792 LSI_FC - ok
17:28:24.0663 5792 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:28:24.0664 5792 LSI_SAS - ok
17:28:24.0668 5792 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:28:24.0668 5792 LSI_SAS2 - ok
17:28:24.0674 5792 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:28:24.0675 5792 LSI_SCSI - ok
17:28:24.0681 5792 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:28:24.0682 5792 luafv - ok
17:28:24.0686 5792 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:28:24.0687 5792 Mcx2Svc - ok
17:28:24.0690 5792 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:28:24.0691 5792 megasas - ok
17:28:24.0700 5792 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:28:24.0702 5792 MegaSR - ok
17:28:24.0706 5792 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:28:24.0707 5792 MEIx64 - ok
17:28:24.0713 5792 Microsoft SharePoint Workspace Audit Service - ok
17:28:24.0718 5792 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:28:24.0719 5792 MMCSS - ok
17:28:24.0722 5792 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:28:24.0722 5792 Modem - ok
17:28:24.0725 5792 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:28:24.0725 5792 monitor - ok
17:28:24.0730 5792 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:28:24.0730 5792 mouclass - ok
17:28:24.0734 5792 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:28:24.0734 5792 mouhid - ok
17:28:24.0738 5792 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:28:24.0739 5792 mountmgr - ok
17:28:24.0745 5792 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:28:24.0746 5792 MozillaMaintenance - ok
17:28:24.0754 5792 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:28:24.0755 5792 MpFilter - ok
17:28:24.0761 5792 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:28:24.0762 5792 mpio - ok
17:28:24.0765 5792 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:28:24.0766 5792 mpsdrv - ok
17:28:24.0792 5792 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:28:24.0795 5792 MpsSvc - ok
17:28:24.0802 5792 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:28:24.0803 5792 MRxDAV - ok
17:28:24.0811 5792 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:28:24.0812 5792 mrxsmb - ok
17:28:24.0823 5792 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:28:24.0825 5792 mrxsmb10 - ok
17:28:24.0832 5792 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:28:24.0833 5792 mrxsmb20 - ok
17:28:24.0836 5792 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:28:24.0837 5792 msahci - ok
17:28:24.0843 5792 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:28:24.0844 5792 msdsm - ok
17:28:24.0851 5792 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:28:24.0853 5792 MSDTC - ok
17:28:24.0859 5792 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:28:24.0860 5792 Msfs - ok
17:28:24.0863 5792 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:28:24.0863 5792 mshidkmdf - ok
17:28:24.0866 5792 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:28:24.0866 5792 msisadrv - ok
17:28:24.0875 5792 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:28:24.0876 5792 MSiSCSI - ok
17:28:24.0878 5792 msiserver - ok
17:28:24.0882 5792 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:28:24.0882 5792 MSKSSRV - ok
17:28:24.0888 5792 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:28:24.0888 5792 MsMpSvc - ok
17:28:24.0890 5792 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:28:24.0891 5792 MSPCLOCK - ok
17:28:24.0894 5792 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:28:24.0895 5792 MSPQM - ok
17:28:24.0907 5792 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:28:24.0908 5792 MsRPC - ok
17:28:24.0913 5792 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:28:24.0914 5792 mssmbios - ok
17:28:24.0916 5792 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:28:24.0916 5792 MSTEE - ok
17:28:24.0919 5792 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:28:24.0919 5792 MTConfig - ok
17:28:24.0923 5792 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:28:24.0924 5792 Mup - ok
17:28:24.0937 5792 MyWiFiDHCPDNS (265937bc59819df1dab65e27c60f94c0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:28:24.0939 5792 MyWiFiDHCPDNS - ok
17:28:24.0957 5792 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:28:24.0960 5792 napagent - ok
17:28:24.0973 5792 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:28:24.0975 5792 NativeWifiP - ok
17:28:24.0996 5792 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
17:28:25.0000 5792 NAUpdate - ok
17:28:25.0029 5792 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
17:28:25.0033 5792 NDIS - ok
17:28:25.0037 5792 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:28:25.0037 5792 NdisCap - ok
17:28:25.0040 5792 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:28:25.0041 5792 NdisTapi - ok
17:28:25.0044 5792 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:28:25.0045 5792 Ndisuio - ok
17:28:25.0052 5792 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:28:25.0053 5792 NdisWan - ok
17:28:25.0056 5792 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:28:25.0056 5792 NDProxy - ok
17:28:25.0059 5792 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:28:25.0060 5792 NetBIOS - ok
17:28:25.0069 5792 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:28:25.0070 5792 NetBT - ok
17:28:25.0074 5792 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:25.0075 5792 Netlogon - ok
17:28:25.0087 5792 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:28:25.0089 5792 Netman - ok
17:28:25.0099 5792 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:28:25.0100 5792 NetMsmqActivator - ok
17:28:25.0101 5792 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:28:25.0102 5792 NetPipeActivator - ok
17:28:25.0118 5792 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:28:25.0121 5792 netprofm - ok
17:28:25.0123 5792 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:28:25.0124 5792 NetTcpActivator - ok
17:28:25.0125 5792 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:28:25.0126 5792 NetTcpPortSharing - ok
17:28:25.0390 5792 NETwNs64 (774c9eccef83ab8a3d1466f19809c95f) C:\Windows\system32\DRIVERS\NETwNs64.sys
17:28:25.0421 5792 NETwNs64 - ok
17:28:25.0446 5792 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:28:25.0446 5792 nfrd960 - ok
17:28:25.0450 5792 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:28:25.0451 5792 NisDrv - ok
17:28:25.0460 5792 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:28:25.0462 5792 NisSrv - ok
17:28:25.0474 5792 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:28:25.0476 5792 NlaSvc - ok
17:28:25.0480 5792 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:28:25.0481 5792 Npfs - ok
17:28:25.0484 5792 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:28:25.0485 5792 nsi - ok
17:28:25.0488 5792 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:28:25.0488 5792 nsiproxy - ok
17:28:25.0541 5792 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:28:25.0553 5792 Ntfs - ok
17:28:25.0574 5792 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:28:25.0575 5792 Null - ok
17:28:25.0579 5792 nusb3hub (d584abb6a308933a5f72b46c9e5a783f) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:28:25.0580 5792 nusb3hub - ok
17:28:25.0587 5792 nusb3xhc (345b9c04e2036da4346e3249a5bdfd06) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:28:25.0589 5792 nusb3xhc - ok
17:28:25.0596 5792 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
17:28:25.0598 5792 NVHDA - ok
17:28:25.0607 5792 nvkflt (555ddbaf3d306154c553acbd6780fd1e) C:\Windows\system32\DRIVERS\nvkflt.sys
17:28:25.0609 5792 nvkflt - ok
17:28:26.0006 5792 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:28:26.0055 5792 nvlddmkm - ok
17:28:26.0081 5792 nvpciflt (3629b8c7257c6231a3cfb44359c68b1d) C:\Windows\system32\DRIVERS\nvpciflt.sys
17:28:26.0081 5792 nvpciflt - ok
17:28:26.0088 5792 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:28:26.0089 5792 nvraid - ok
17:28:26.0097 5792 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:28:26.0100 5792 nvstor - ok
17:28:26.0121 5792 NvStUSB (4dc87cda61d7b185e79618581f46b85a) C:\Windows\system32\drivers\nvstusb.sys
17:28:26.0123 5792 NvStUSB - ok
17:28:26.0150 5792 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
17:28:26.0154 5792 nvsvc - ok
17:28:26.0243 5792 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:28:26.0252 5792 nvUpdatusService - ok
17:28:26.0277 5792 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:28:26.0278 5792 nv_agp - ok
17:28:26.0284 5792 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:28:26.0285 5792 ohci1394 - ok
17:28:26.0294 5792 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:28:26.0295 5792 ose - ok
17:28:26.0438 5792 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:28:26.0463 5792 osppsvc - ok
17:28:26.0490 5792 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:28:26.0493 5792 p2pimsvc - ok
17:28:26.0506 5792 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:28:26.0509 5792 p2psvc - ok
17:28:26.0516 5792 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:28:26.0516 5792 Parport - ok
17:28:26.0520 5792 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:28:26.0520 5792 partmgr - ok
17:28:26.0527 5792 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:28:26.0528 5792 PcaSvc - ok
17:28:26.0535 5792 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:28:26.0536 5792 pci - ok
17:28:26.0539 5792 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:28:26.0539 5792 pciide - ok
17:28:26.0546 5792 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:28:26.0547 5792 pcmcia - ok
17:28:26.0551 5792 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:28:26.0551 5792 pcw - ok
17:28:26.0569 5792 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:28:26.0572 5792 PEAUTH - ok
17:28:26.0594 5792 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:28:26.0594 5792 PerfHost - ok
17:28:26.0645 5792 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:28:26.0660 5792 pla - ok
17:28:26.0678 5792 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:28:26.0680 5792 PlugPlay - ok
17:28:26.0684 5792 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:28:26.0686 5792 PNRPAutoReg - ok
17:28:26.0697 5792 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:28:26.0700 5792 PNRPsvc - ok
17:28:26.0717 5792 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:28:26.0720 5792 PolicyAgent - ok
17:28:26.0727 5792 postgresql-x64-9.1 - ok
17:28:26.0737 5792 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
17:28:26.0739 5792 Power - ok
17:28:26.0747 5792 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:28:26.0747 5792 PptpMiniport - ok
17:28:26.0752 5792 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:28:26.0753 5792 Processor - ok
17:28:26.0761 5792 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:28:26.0763 5792 ProfSvc - ok
17:28:26.0767 5792 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:26.0769 5792 ProtectedStorage - ok
17:28:26.0775 5792 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:28:26.0776 5792 Psched - ok
17:28:26.0780 5792 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:28:26.0781 5792 PxHlpa64 - ok
17:28:26.0825 5792 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:28:26.0833 5792 ql2300 - ok
17:28:26.0858 5792 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:28:26.0859 5792 ql40xx - ok
17:28:26.0867 5792 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:28:26.0869 5792 QWAVE - ok
17:28:26.0872 5792 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:28:26.0873 5792 QWAVEdrv - ok
17:28:26.0876 5792 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:28:26.0876 5792 RasAcd - ok
17:28:26.0883 5792 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:28:26.0884 5792 RasAgileVpn - ok
17:28:26.0890 5792 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:28:26.0891 5792 RasAuto - ok
17:28:26.0897 5792 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:28:26.0898 5792 Rasl2tp - ok
17:28:26.0910 5792 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:28:26.0912 5792 RasMan - ok
17:28:26.0918 5792 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:28:26.0919 5792 RasPppoe - ok
17:28:26.0923 5792 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:28:26.0923 5792 RasSstp - ok
17:28:26.0933 5792 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:28:26.0934 5792 rdbss - ok
17:28:26.0937 5792 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:28:26.0938 5792 rdpbus - ok
17:28:26.0940 5792 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:28:26.0941 5792 RDPCDD - ok
17:28:26.0945 5792 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:28:26.0945 5792 RDPENCDD - ok
17:28:26.0950 5792 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:28:26.0950 5792 RDPREFMP - ok
17:28:26.0958 5792 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:28:26.0959 5792 RDPWD - ok
17:28:26.0966 5792 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:28:26.0967 5792 rdyboost - ok
17:28:26.0993 5792 RegSrvc (7196be857e29007470ff9b689c7f29a7) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:28:26.0996 5792 RegSrvc - ok
17:28:27.0002 5792 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:28:27.0003 5792 RemoteAccess - ok
17:28:27.0009 5792 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:28:27.0011 5792 RemoteRegistry - ok
17:28:27.0020 5792 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:28:27.0020 5792 RFCOMM - ok
17:28:27.0067 5792 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
17:28:27.0083 5792 RoxMediaDB12OEM - ok
17:28:27.0091 5792 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
17:28:27.0092 5792 RoxWatch12 - ok
17:28:27.0112 5792 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:28:27.0114 5792 RpcEptMapper - ok
17:28:27.0118 5792 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:28:27.0119 5792 RpcLocator - ok
17:28:27.0137 5792 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:28:27.0141 5792 RpcSs - ok
17:28:27.0149 5792 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:28:27.0149 5792 rspndr - ok
17:28:27.0152 5792 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:27.0153 5792 SamSs - ok
17:28:27.0159 5792 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:28:27.0160 5792 sbp2port - ok
17:28:27.0167 5792 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:28:27.0169 5792 SCardSvr - ok
17:28:27.0171 5792 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:28:27.0172 5792 scfilter - ok
17:28:27.0202 5792 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:28:27.0210 5792 Schedule - ok
17:28:27.0216 5792 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:28:27.0217 5792 SCPolicySvc - ok
17:28:27.0224 5792 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:28:27.0227 5792 SDRSVC - ok
17:28:27.0234 5792 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:28:27.0234 5792 secdrv - ok
17:28:27.0237 5792 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:28:27.0238 5792 seclogon - ok
17:28:27.0242 5792 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:28:27.0243 5792 SENS - ok
17:28:27.0246 5792 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:28:27.0248 5792 SensrSvc - ok
17:28:27.0251 5792 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:28:27.0252 5792 Serenum - ok
17:28:27.0256 5792 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:28:27.0257 5792 Serial - ok
17:28:27.0260 5792 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:28:27.0260 5792 sermouse - ok
17:28:27.0270 5792 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:28:27.0271 5792 SessionEnv - ok
17:28:27.0273 5792 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:28:27.0274 5792 sffdisk - ok
17:28:27.0276 5792 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:28:27.0277 5792 sffp_mmc - ok
17:28:27.0279 5792 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:28:27.0280 5792 sffp_sd - ok
17:28:27.0283 5792 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:28:27.0283 5792 sfloppy - ok
17:28:27.0296 5792 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:28:27.0298 5792 SharedAccess - ok
17:28:27.0311 5792 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:28:27.0313 5792 ShellHWDetection - ok
17:28:27.0317 5792 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:28:27.0317 5792 SiSRaid2 - ok
17:28:27.0321 5792 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:28:27.0322 5792 SiSRaid4 - ok
17:28:27.0326 5792 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:28:27.0327 5792 Smb - ok
17:28:27.0332 5792 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:28:27.0333 5792 SNMPTRAP - ok
17:28:27.0337 5792 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:28:27.0338 5792 spldr - ok
17:28:27.0354 5792 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:28:27.0357 5792 Spooler - ok
17:28:27.0474 5792 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:28:27.0488 5792 sppsvc - ok
17:28:27.0510 5792 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:28:27.0512 5792 sppuinotify - ok
17:28:27.0530 5792 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:28:27.0532 5792 srv - ok
17:28:27.0548 5792 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:28:27.0550 5792 srv2 - ok
17:28:27.0557 5792 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:28:27.0558 5792 srvnet - ok
17:28:27.0568 5792 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:28:27.0569 5792 SSDPSRV - ok
17:28:27.0572 5792 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
17:28:27.0573 5792 SSPORT - ok
17:28:27.0577 5792 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:28:27.0578 5792 SstpSvc - ok
17:28:27.0581 5792 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
17:28:27.0582 5792 stdcfltn - ok
17:28:27.0588 5792 Steam Client Service - ok
17:28:27.0601 5792 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:28:27.0603 5792 Stereo Service - ok
17:28:27.0605 5792 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:28:27.0606 5792 stexstor - ok
17:28:27.0619 5792 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:28:27.0623 5792 stisvc - ok
17:28:27.0628 5792 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:28:27.0629 5792 stllssvr - ok
17:28:27.0631 5792 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:28:27.0631 5792 swenum - ok
17:28:27.0647 5792 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:28:27.0650 5792 swprv - ok
17:28:27.0713 5792 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:28:27.0720 5792 SysMain - ok
17:28:27.0742 5792 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:28:27.0744 5792 TabletInputService - ok
17:28:27.0755 5792 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:28:27.0757 5792 TapiSrv - ok
17:28:27.0762 5792 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:28:27.0763 5792 TBS - ok
17:28:27.0830 5792 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:28:27.0839 5792 Tcpip - ok
17:28:27.0922 5792 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:28:27.0929 5792 TCPIP6 - ok
17:28:27.0954 5792 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:28:27.0955 5792 tcpipreg - ok
17:28:27.0960 5792 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:28:27.0960 5792 TDPIPE - ok
17:28:27.0964 5792 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:28:27.0965 5792 TDTCP - ok
17:28:27.0972 5792 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:28:27.0973 5792 tdx - ok
17:28:27.0978 5792 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:28:27.0978 5792 TermDD - ok
17:28:27.0999 5792 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:28:28.0003 5792 TermService - ok
17:28:28.0007 5792 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:28:28.0008 5792 Themes - ok
17:28:28.0012 5792 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:28:28.0013 5792 THREADORDER - ok
17:28:28.0018 5792 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:28:28.0020 5792 TrkWks - ok
17:28:28.0027 5792 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:28:28.0028 5792 TrustedInstaller - ok
17:28:28.0032 5792 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:28:28.0032 5792 tssecsrv - ok
17:28:28.0036 5792 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:28:28.0037 5792 TsUsbFlt - ok
17:28:28.0040 5792 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:28:28.0040 5792 TsUsbGD - ok
17:28:28.0045 5792 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:28:28.0046 5792 tunnel - ok
17:28:28.0049 5792 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
17:28:28.0049 5792 TurboB - ok
17:28:28.0056 5792 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:28:28.0056 5792 TurboBoost - ok
17:28:28.0061 5792 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:28:28.0062 5792 uagp35 - ok
17:28:28.0072 5792 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:28:28.0073 5792 udfs - ok
17:28:28.0079 5792 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:28:28.0081 5792 UI0Detect - ok
17:28:28.0086 5792 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:28:28.0086 5792 uliagpkx - ok
17:28:28.0090 5792 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:28:28.0091 5792 umbus - ok
17:28:28.0093 5792 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:28:28.0094 5792 UmPass - ok
17:28:28.0195 5792 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:28:28.0204 5792 UNS - ok
17:28:28.0235 5792 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:28:28.0237 5792 upnphost - ok
17:28:28.0242 5792 upujcpfv - ok
17:28:28.0248 5792 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
17:28:28.0249 5792 usbccgp - ok
17:28:28.0254 5792 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:28:28.0254 5792 usbcir - ok
17:28:28.0258 5792 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:28:28.0258 5792 usbehci - ok
17:28:28.0270 5792 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:28:28.0271 5792 usbhub - ok
17:28:28.0275 5792 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:28:28.0276 5792 usbohci - ok
17:28:28.0279 5792 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:28:28.0280 5792 usbprint - ok
17:28:28.0284 5792 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:28:28.0285 5792 USBSTOR - ok
17:28:28.0289 5792 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:28:28.0289 5792 usbuhci - ok
17:28:28.0298 5792 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:28:28.0299 5792 usbvideo - ok
17:28:28.0303 5792 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:28:28.0304 5792 UxSms - ok
17:28:28.0308 5792 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:28.0309 5792 VaultSvc - ok
17:28:28.0312 5792 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:28:28.0313 5792 vdrvroot - ok
17:28:28.0331 5792 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:28:28.0334 5792 vds - ok
17:28:28.0338 5792 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:28:28.0339 5792 vga - ok
17:28:28.0343 5792 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:28:28.0343 5792 VgaSave - ok
17:28:28.0352 5792 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:28:28.0354 5792 vhdmp - ok
17:28:28.0357 5792 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:28:28.0357 5792 viaide - ok
17:28:28.0362 5792 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:28:28.0363 5792 volmgr - ok
17:28:28.0375 5792 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:28:28.0377 5792 volmgrx - ok
17:28:28.0387 5792 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:28:28.0388 5792 volsnap - ok
17:28:28.0396 5792 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:28:28.0397 5792 vsmraid - ok
17:28:28.0442 5792 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:28:28.0453 5792 VSS - ok
17:28:28.0478 5792 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:28:28.0478 5792 vwifibus - ok
17:28:28.0483 5792 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:28:28.0484 5792 vwififlt - ok
17:28:28.0490 5792 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:28:28.0490 5792 vwifimp - ok
17:28:28.0505 5792 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:28:28.0507 5792 W32Time - ok
17:28:28.0511 5792 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:28:28.0512 5792 WacomPen - ok
17:28:28.0517 5792 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:28:28.0518 5792 WANARP - ok
17:28:28.0520 5792 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:28:28.0521 5792 Wanarpv6 - ok
17:28:28.0561 5792 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:28:28.0571 5792 WatAdminSvc - ok
17:28:28.0611 5792 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:28:28.0618 5792 wbengine - ok
17:28:28.0645 5792 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:28:28.0648 5792 WbioSrvc - ok
17:28:28.0664 5792 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:28:28.0669 5792 wcncsvc - ok
17:28:28.0674 5792 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:28:28.0675 5792 WcsPlugInService - ok
17:28:28.0680 5792 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:28:28.0681 5792 Wd - ok
17:28:28.0699 5792 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:28:28.0702 5792 Wdf01000 - ok
17:28:28.0706 5792 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:28:28.0708 5792 WdiServiceHost - ok
17:28:28.0710 5792 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:28:28.0711 5792 WdiSystemHost - ok
17:28:28.0720 5792 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:28:28.0722 5792 WebClient - ok
17:28:28.0730 5792 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:28:28.0732 5792 Wecsvc - ok
17:28:28.0738 5792 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:28:28.0740 5792 wercplsupport - ok
17:28:28.0744 5792 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:28:28.0746 5792 WerSvc - ok
17:28:28.0751 5792 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:28:28.0752 5792 WfpLwf - ok
17:28:28.0760 5792 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
17:28:28.0761 5792 WimFltr - ok
17:28:28.0764 5792 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:28:28.0764 5792 WIMMount - ok
17:28:28.0769 5792 WinDefend - ok
17:28:28.0773 5792 WinHttpAutoProxySvc - ok
17:28:28.0784 5792 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:28:28.0786 5792 Winmgmt - ok
17:28:28.0853 5792 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:28:28.0861 5792 WinRM - ok
17:28:28.0887 5792 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:28:28.0888 5792 WinUsb - ok
17:28:28.0916 5792 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:28:28.0923 5792 Wlansvc - ok
17:28:28.0930 5792 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:28:28.0930 5792 wlcrasvc - ok
17:28:29.0006 5792 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:28:29.0015 5792 wlidsvc - ok
17:28:29.0037 5792 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:28:29.0037 5792 WmiAcpi - ok
17:28:29.0047 5792 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:28:29.0048 5792 wmiApSrv - ok
17:28:29.0053 5792 WMPNetworkSvc - ok
17:28:29.0056 5792 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:28:29.0057 5792 WPCSvc - ok
17:28:29.0063 5792 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:28:29.0064 5792 WPDBusEnum - ok
17:28:29.0067 5792 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:28:29.0068 5792 ws2ifsl - ok
17:28:29.0074 5792 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:28:29.0075 5792 wscsvc - ok
17:28:29.0077 5792 WSearch - ok
17:28:29.0155 5792 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:28:29.0165 5792 wuauserv - ok
17:28:29.0189 5792 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:28:29.0190 5792 WudfPf - ok
17:28:29.0201 5792 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:28:29.0202 5792 WUDFRd - ok
17:28:29.0209 5792 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:28:29.0210 5792 wudfsvc - ok
17:28:29.0218 5792 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:28:29.0220 5792 WwanSvc - ok
17:28:29.0233 5792 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:28:29.0317 5792 \Device\Harddisk0\DR0 - ok
17:28:29.0319 5792 Boot (0x1200) (327588abda7c37623f50c51c4c65012f) \Device\Harddisk0\DR0\Partition0
17:28:29.0320 5792 \Device\Harddisk0\DR0\Partition0 - ok
17:28:29.0323 5792 Boot (0x1200) (8d420ec441d3454762c1b001cd6ecf24) \Device\Harddisk0\DR0\Partition1
17:28:29.0325 5792 \Device\Harddisk0\DR0\Partition1 - ok
17:28:29.0325 5792 ============================================================
17:28:29.0325 5792 Scan finished
17:28:29.0325 5792 ============================================================
17:28:29.0340 4528 Detected object count: 0
17:28:29.0340 4528 Actual detected object count: 0

and

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 17:10:31
-----------------------------
17:10:31.218 OS Version: Windows x64 6.1.7601 Service Pack 1
17:10:31.218 Number of processors: 4 586 0x2A07
17:10:31.218 ComputerName: KIRKBAYS-LAPTOP UserName: Kirk Bays
17:10:31.573 Initialize success
17:13:15.018 AVAST engine defs: 12072302
17:13:33.200 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:13:33.205 Disk 0 Vendor: SAMSUNG_ CXM0 Size: 244198MB BusType: 3
17:13:33.213 Disk 0 MBR read successfully
17:13:33.220 Disk 0 MBR scan
17:13:33.232 Disk 0 Windows VISTA default MBR code
17:13:33.234 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
17:13:33.243 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
17:13:33.260 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 224093 MB offset 41172992
17:13:33.277 Disk 0 scanning C:\Windows\system32\drivers
17:13:38.027 Service scanning
17:13:52.504 Modules scanning
17:13:52.536 Disk 0 trace - called modules:
17:13:52.554 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
17:13:52.556 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008dd9060]
17:13:52.561 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8008cdec50]
17:13:52.564 5 stdcfltn.sys[fffff88001b6ec52] -> nt!IofCallDriver -> [0xfffffa800703b9f0]
17:13:52.567 7 ACPI.sys[fffff88000fb27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007041050]
17:13:52.916 AVAST engine scan C:\Windows
17:13:54.263 AVAST engine scan C:\Windows\system32
17:15:39.900 AVAST engine scan C:\Windows\system32\drivers
17:15:45.591 AVAST engine scan C:\Users\Kirk Bays
17:17:20.761 AVAST engine scan C:\ProgramData
17:17:41.065 Scan finished successfully
17:18:10.868 Disk 0 MBR has been saved successfully to "C:\Users\Kirk Bays\Desktop\MBR.dat"
17:18:10.875 The log file has been saved successfully to "C:\Users\Kirk Bays\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:58 AM

Posted 24 July 2012 - 06:45 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 kbscientist

kbscientist
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 24 July 2012 - 10:15 PM

It's been running fine, no more problems.

ComboFix 12-07-25.04 - Kirk Bays 07/24/2012 20:11:38.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8084.6506 [GMT -7:00]
Running from: c:\users\Kirk Bays\Desktop\ComboFix.exe
Command switches used :: c:\users\Kirk Bays\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 03:14 . 2012-07-25 03:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-25 03:14 . 2012-07-25 03:14 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-07-25 03:14 . 2012-07-25 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 02:37 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95EE3A4F-DA5D-4359-A9AD-0CB7791F3BDC}\mpengine.dll
2012-07-23 22:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 05:52 . 2012-07-20 05:52 328704 ----a-w- c:\windows\system32\services.exe.CA40A707E43EFCA0
2012-07-19 04:54 . 2012-07-19 04:54 -------- d-----w- C:\FRST
2012-07-17 06:48 . 2012-07-17 06:48 328704 ----a-w- c:\windows\system32\services.exe.D548FEE0F939F7B5
2012-07-17 06:41 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 06:39 . 2012-06-02 12:52 754808 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-07-17 06:34 . 2012-07-17 06:34 328704 ----a-w- c:\windows\system32\services.exe.3FD6C7039D768AA9
2012-07-17 06:31 . 2012-07-17 06:31 328704 ----a-w- c:\windows\system32\services.exe.EE2FE149D26381B3
2012-07-17 06:28 . 2012-07-17 06:28 328704 ----a-w- c:\windows\system32\services.exe.57537C368504998F
2012-07-17 06:25 . 2012-07-17 06:25 328704 ----a-w- c:\windows\system32\services.exe.5C07E30AF45A4FFE
2012-07-15 01:56 . 2012-07-15 01:56 50392 ----a-w- c:\windows\system32\drivers\traocpwr.sys
2012-07-15 01:56 . 2012-07-15 01:56 328704 ----a-w- c:\windows\system32\services.exe.4D7554F8534047D8
2012-07-15 01:53 . 2012-07-15 01:53 328704 ----a-w- c:\windows\system32\services.exe.13A966E9FAFF9C4C
2012-07-15 01:48 . 2012-07-15 01:48 328704 ----a-w- c:\windows\system32\services.exe.1A49A7F5849E4E0E
2012-07-15 01:44 . 2012-07-15 01:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8B6A6C6-1C43-4925-9215-6ECDF6DBF67D}\gapaengine.dll
2012-07-15 01:43 . 2012-07-15 01:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-15 01:43 . 2012-07-15 01:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-15 01:25 . 2012-07-15 01:25 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-14 23:57 . 2012-07-14 23:57 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-14 23:49 . 2012-07-17 06:25 -------- d--h--w- c:\users\Kirk Bays\AppData\Roaming\6444BDBE
2012-06-26 05:17 . 2010-06-02 11:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 06:40 . 2012-06-05 22:46 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-15 01:25 . 2012-03-29 21:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-15 01:25 . 2012-03-15 13:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 19:29 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 19:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 19:29 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 19:29 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 19:29 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 19:29 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 19:29 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 19:29 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 19:29 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-04 11:06 . 2012-06-14 03:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 03:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 03:24 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 03:24 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 03:24 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 03:24 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 03:24 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 03:24 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_22.22.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-22 09:16 . 2012-07-25 00:29 72878 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-11-21 03:09 . 2012-07-23 22:29 42386 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-24 22:16 39630 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-07-23 22:38 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-21 22:57 . 2012-07-24 22:16 3930 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3083028813-376037329-742705685-1001_UserData.bin
+ 2012-07-24 22:16 . 2012-07-24 22:16 9560 c:\windows\system32\NetworkList\Icons\{40A9029A-8034-430C-813E-C03C3D4D9615}_48.bin
+ 2012-07-24 22:16 . 2012-07-24 22:16 4280 c:\windows\system32\NetworkList\Icons\{40A9029A-8034-430C-813E-C03C3D4D9615}_32.bin
+ 2012-07-24 22:16 . 2012-07-24 22:16 2456 c:\windows\system32\NetworkList\Icons\{40A9029A-8034-430C-813E-C03C3D4D9615}_24.bin
+ 2012-03-15 16:26 . 2012-07-23 22:27 1829 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-03-15 16:26 . 2012-07-23 22:20 1829 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-07-23 22:27 . 2012-07-24 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 22:21 . 2012-07-23 22:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 22:21 . 2012-07-23 22:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-23 22:27 . 2012-07-24 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-07-24 22:17 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-23 22:18 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-25 04:17 . 2012-07-25 02:16 261910 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:36 . 2012-07-25 02:19 662446 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-23 22:19 662446 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-23 22:19 122242 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-25 02:19 122242 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-23 22:20 442192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-23 22:27 442192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-24 22:17 1851392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-23 22:18 1851392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-23 22:18 1064960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-24 22:17 1064960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-12-31 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 upujcpfv;upujcpfv;c:\windows\system32\drivers\upujcpfv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-10-26 162816]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-06-07 131912]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-10-16 291648]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-26 283200]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-03-01 249152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 postgresql-x64-9.1;postgresql-x64-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-x64-9.1 -D C:/Program Files/PostgreSQL/9.1/data -w [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-12-08 117248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-12-09 13824]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-12-09 79872]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-02 8615936]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-14 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-14 212992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 01:25]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3083028813-376037329-742705685-1001Core.job
- c:\users\Kirk Bays\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 16:15]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3083028813-376037329-742705685-1001UA.job
- c:\users\Kirk Bays\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 16:15]
.
2012-07-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-11-08 2375168]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-10-19 2354176]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-26 7214696]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
FF - ProfilePath - c:\users\Kirk Bays\AppData\Roaming\Mozilla\Firefox\Profiles\8d74yqpc.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.1]
"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.1]
"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-24 20:15:14
ComboFix-quarantined-files.txt 2012-07-25 03:15
ComboFix2.txt 2012-07-23 22:24
.
Pre-Run: 78,730,960,896 bytes free
Post-Run: 78,550,925,312 bytes free
.
- - End Of File - - 81813093F7E6764B9AC72AFFB969A7DC

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:58 AM

Posted 24 July 2012 - 10:46 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 7 Update 3
JavaFX 2.0.3
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users