Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Boot.Pihar.C - TddsKiller - Win 7 boot problem


  • This topic is locked This topic is locked
15 replies to this topic

#1 ripawheelie

ripawheelie

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 22 July 2012 - 05:26 PM

Hi. My lovely gf's computer was infected. I used TddsKiller to remove the root kit, but now the computer will not boot. I am sure you are familiar with all that has happened thus far so I will post the info you require and patiently wait for your gracious response.

FRST64:
Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 22-07-2012 17:10:24
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [357376 2009-09-16] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe [886752 2010-11-01] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe" [x]
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Deb\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\Deb\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
2 mozybackup; "C:\Mozy Home\mozybackup.exe" [x]

========================== Drivers (Whitelisted) =============

1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [66552 2011-08-04] (Mozy, Inc.)
3 prwntdrv; \??\C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-22 17:10 - 2012-07-22 17:10 - 00000000 ____D C:\FRST
2012-07-22 11:50 - 2012-07-22 11:50 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-22 11:48 - 2012-07-22 11:48 - 02117152 ____A C:\Users\Deb\Desktop\tdsskiller.zip
2012-07-21 17:20 - 2012-07-21 18:06 - 00000000 ____D C:\Windows\pss
2012-07-21 15:38 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-21 15:16 - 2012-07-21 19:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-21 15:10 - 2012-07-21 19:18 - 00000000 ____D C:\Users\Deb\AppData\Local\Dell Edoc Viewer
2012-07-20 20:53 - 2012-07-20 20:53 - 00000000 ____D C:\Users\Deb\AppData\Roaming\QuickScan
2012-07-20 20:32 - 2012-07-20 20:32 - 00001288 ____A C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2012-07-20 20:32 - 2012-07-20 20:32 - 00000000 ____D C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.5
2012-07-20 20:32 - 2012-06-18 10:34 - 02966720 ____A C:\Windows\System32\pwNative.exe
2012-07-20 20:32 - 2012-06-18 10:34 - 00019032 ____A C:\Windows\System32\pwdrvio.sys
2012-07-20 20:32 - 2012-06-18 10:34 - 00012384 ____A C:\Windows\System32\pwdspio.sys
2012-07-20 19:27 - 2012-07-20 19:27 - 00476976 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-07-20 19:27 - 2012-07-20 19:27 - 00157488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-20 19:27 - 2012-07-20 19:27 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-20 19:27 - 2012-07-20 19:27 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-07-20 19:24 - 2012-07-20 19:24 - 00001357 ____A C:\Users\Public\Desktop\EASEUS Partition Recovery 5.0.1.lnk
2012-07-20 19:24 - 2012-07-20 19:24 - 00000000 ____D C:\Program Files (x86)\EASEUS
2012-07-20 19:24 - 2010-08-26 06:32 - 00098696 ____A C:\Windows\SysWOW64\setupprwdrv03.exe
2012-07-20 19:24 - 2010-08-26 06:32 - 00096648 ____A C:\Windows\System32\setupprwdrvx64.exe
2012-07-20 19:24 - 2010-08-25 16:39 - 00016776 ____A C:\Windows\System32\prwntdrv.sys
2012-07-20 19:24 - 2010-08-25 16:39 - 00013704 ____A C:\Windows\SysWOW64\prwntdrv.sys
2012-07-20 19:23 - 2012-07-20 19:23 - 08785352 ____A (EASEUS ) C:\Users\Deb\Downloads\partition_recovery.exe
2012-07-17 13:38 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-17 13:38 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-14 10:10 - 2012-07-14 10:10 - 12562920 ____A (Mozy, Inc.) C:\Users\All Users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
2012-07-12 11:22 - 2012-07-12 11:22 - 00000000 ____D C:\Users\Deb\AppData\Roaming\Leader Technologies
2012-07-12 11:22 - 2012-07-12 11:22 - 00000000 ____D C:\Users\Deb\AppData\Roaming\Epson
2012-07-12 00:10 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 00:03 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 00:03 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 00:03 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 00:03 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 00:03 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 00:03 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 00:03 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 00:03 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 00:03 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 00:03 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 00:03 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 00:03 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 00:03 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 00:03 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 00:03 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 00:03 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 00:03 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 00:03 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 00:03 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 00:03 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 00:03 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 00:03 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 00:03 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 00:03 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 00:03 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 00:03 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 00:03 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 00:03 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 17:44 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 17:44 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 17:44 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 17:44 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 17:44 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 17:44 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 17:44 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 17:44 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 17:44 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 17:44 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 17:44 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 17:44 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 17:44 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 17:44 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 17:44 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 17:44 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 17:44 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 17:44 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 17:44 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-01 21:02 - 2012-07-01 21:02 - 00000000 ____D C:\Windows\PCHEALTH
2012-07-01 21:02 - 2012-07-01 21:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-07-01 20:56 - 2012-07-01 20:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-07-01 20:55 - 2012-07-01 20:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

============ 3 Months Modified Files ========================

2012-07-22 11:51 - 2009-07-13 21:10 - 02091529 ____A C:\Windows\WindowsUpdate.log
2012-07-22 11:48 - 2012-07-22 11:48 - 02117152 ____A C:\Users\Deb\Desktop\tdsskiller.zip
2012-07-22 11:42 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-22 11:42 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-22 11:35 - 2010-10-31 10:23 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-22 11:35 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-22 11:34 - 2009-07-13 20:51 - 00039098 ____A C:\Windows\setupact.log
2012-07-21 18:09 - 2012-06-16 08:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-21 16:26 - 2010-10-31 10:23 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-20 20:32 - 2012-07-20 20:32 - 00001288 ____A C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2012-07-20 19:27 - 2012-07-20 19:27 - 00476976 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-07-20 19:27 - 2012-07-20 19:27 - 00157488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-20 19:27 - 2012-07-20 19:27 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-20 19:27 - 2012-07-20 19:27 - 00149296 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-07-20 19:27 - 2010-07-03 19:22 - 00472880 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-07-20 19:24 - 2012-07-20 19:24 - 00001357 ____A C:\Users\Public\Desktop\EASEUS Partition Recovery 5.0.1.lnk
2012-07-20 19:23 - 2012-07-20 19:23 - 08785352 ____A (EASEUS ) C:\Users\Deb\Downloads\partition_recovery.exe
2012-07-18 19:36 - 2011-08-04 12:15 - 00003784 ____A C:\Windows\mozy.blk
2012-07-18 19:36 - 2011-08-04 12:15 - 00003526 ____A C:\Windows\mozy.flt
2012-07-14 10:10 - 2012-07-14 10:10 - 12562920 ____A (Mozy, Inc.) C:\Users\All Users\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
2012-07-13 20:38 - 2009-07-13 21:13 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 00:30 - 2009-07-13 20:45 - 00425616 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 00:29 - 2010-04-14 15:52 - 00536174 ____A C:\Windows\PFRO.log
2012-07-12 00:05 - 2010-07-03 18:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 19:56 - 2012-06-16 08:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 19:56 - 2011-05-31 22:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 17:46 - 2010-10-31 10:26 - 00002346 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-04 11:08 - 2010-04-23 18:53 - 00111224 ____A C:\Users\Deb\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-03 00:08 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-06-20 18:18 - 2012-06-20 18:18 - 00383731 ____A C:\Users\Deb\Downloads\Longaberger at Home and Online Specials! (1)
2012-06-20 18:16 - 2012-06-20 18:16 - 00383731 ____A C:\Users\Deb\Downloads\Longaberger at Home and Online Specials!
2012-06-18 10:34 - 2012-07-20 20:32 - 02966720 ____A C:\Windows\System32\pwNative.exe
2012-06-18 10:34 - 2012-07-20 20:32 - 00019032 ____A C:\Windows\System32\pwdrvio.sys
2012-06-18 10:34 - 2012-07-20 20:32 - 00012384 ____A C:\Windows\System32\pwdspio.sys
2012-06-16 12:59 - 2012-06-16 12:36 - 00000088 ____A C:\Windows\ENX530.ini
2012-06-16 12:56 - 2012-06-16 12:56 - 00002076 ____A C:\Users\Public\Desktop\Epson Stylus NX530 User's Guide.lnk
2012-06-16 12:38 - 2012-06-16 12:38 - 00000936 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
2012-06-15 00:24 - 2012-06-15 00:24 - 12557904 ____A (Mozy, Inc.) C:\Users\All Users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
2012-06-11 20:37 - 2011-08-07 18:42 - 00001013 ____A C:\Users\Deb\Desktop\Dropbox.lnk
2012-06-11 19:08 - 2012-07-12 00:10 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 18:18 - 2012-06-10 18:18 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-10 18:16 - 2012-06-10 18:16 - 00001568 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-08 21:43 - 2012-07-11 17:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 17:44 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-11 17:44 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 17:44 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 17:44 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 17:44 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 17:44 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 17:44 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-08 17:30 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 17:30 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 17:30 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 17:30 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 17:30 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 17:30 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 17:30 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-08 17:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-08 17:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 00:03 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 00:03 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 00:03 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 00:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 00:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 00:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 00:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 00:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 00:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 00:03 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 00:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 00:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 00:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 00:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 00:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 00:03 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 00:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 00:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 00:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 00:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 00:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 00:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 00:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 00:03 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 00:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 00:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 17:44 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 17:44 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 17:44 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 17:44 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 17:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 17:44 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 17:44 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 17:44 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 17:44 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 17:32 - 2012-05-31 17:31 - 86088777 ____A C:\Users\Deb\Downloads\Summer Digital Additions.package
2012-05-30 11:11 - 2012-05-30 11:11 - 00000881 ____A C:\Users\Deb\Desktop\Mail Form_asp.htm
2012-05-29 15:48 - 2012-05-29 15:47 - 00015584 ____A C:\Users\Deb\Downloads\Secret Sale & Horizon of Hope!
2012-05-29 15:45 - 2012-05-29 15:45 - 00237730 ____A C:\Users\Deb\Downloads\Longaberger Last Chance (1)
2012-05-29 15:44 - 2012-05-29 15:44 - 00237730 ____A C:\Users\Deb\Downloads\Longaberger Last Chance
2012-05-04 03:06 - 2012-06-14 17:34 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-07-17 13:38 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-14 17:33 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 17:33 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-07-17 13:38 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-01 00:02 - 2012-04-11 21:58 - 00001945 ____A C:\Windows\epplauncher.mif
2012-05-01 00:01 - 2012-04-11 21:58 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-30 21:40 - 2012-06-14 17:33 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 21:15 - 2012-04-28 21:12 - 12271944 ____A (Mozy, Inc.) C:\Users\Deb\Downloads\mozy-2_12_1_160.exe
2012-04-27 19:55 - 2012-06-14 17:33 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-14 17:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 17:34 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 17:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


Possible MBR infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3956.52 MB
Available physical RAM: 3385.46 MB
Total Pagefile: 3954.67 MB
Available Pagefile: 3383.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:58.59 GB) (Free:7.45 GB) NTFS
2 Drive d: () (Fixed) (Total:397.3 GB) (Free:281.58 GB) NTFS
3 Drive f: (GRMCULXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:0.95 GB) (Free:0.93 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:3.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 2048 KB
Disk 1 Online 977 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 9 GB 101 MB
Partition 3 Primary 58 GB 9 GB
Partition 0 Extended 397 GB 68 GB
Partition 4 Logical 397 GB 68 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 100 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 9 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 58 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 397 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 976 MB 122 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 976 MB Healthy

==================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-07-21 16:50

======================= End Of Log ==========================

tddskiller:
14:49:15.0680 4152 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
14:49:16.0004 4152 ============================================================
14:49:16.0004 4152 Current date / time: 2012/07/22 14:49:16.0004
14:49:16.0004 4152 SystemInfo:
14:49:16.0004 4152
14:49:16.0004 4152 OS Version: 6.1.7601 ServicePack: 1.0
14:49:16.0004 4152 Product type: Workstation
14:49:16.0004 4152 ComputerName: DEB-PC
14:49:16.0004 4152 UserName: Deb
14:49:16.0004 4152 Windows directory: C:\Windows
14:49:16.0004 4152 System windows directory: C:\Windows
14:49:16.0004 4152 Running under WOW64
14:49:16.0004 4152 Processor architecture: Intel x64
14:49:16.0004 4152 Number of processors: 4
14:49:16.0004 4152 Page size: 0x1000
14:49:16.0004 4152 Boot type: Normal boot
14:49:16.0004 4152 ============================================================
14:49:18.0898 4152 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:49:18.0990 4152 ============================================================
14:49:18.0990 4152 \Device\Harddisk0\DR0:
14:49:18.0990 4152 MBR partitions:
14:49:18.0990 4152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
14:49:18.0991 4152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
14:49:18.0991 4152 ============================================================
14:49:19.0078 4152 C: <-> \Device\Harddisk0\DR0\Partition1
14:49:19.0078 4152 ============================================================
14:49:19.0078 4152 Initialize success
14:49:19.0078 4152 ============================================================
14:49:25.0301 3016 ============================================================
14:49:25.0301 3016 Scan started
14:49:25.0301 3016 Mode: Manual;
14:49:25.0301 3016 ============================================================
14:49:27.0951 3016 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:49:27.0965 3016 1394ohci - ok
14:49:28.0004 3016 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:49:28.0021 3016 ACPI - ok
14:49:28.0042 3016 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:49:28.0044 3016 AcpiPmi - ok
14:49:28.0192 3016 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:49:28.0206 3016 AdobeFlashPlayerUpdateSvc - ok
14:49:28.0265 3016 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:49:28.0281 3016 adp94xx - ok
14:49:28.0325 3016 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:49:28.0341 3016 adpahci - ok
14:49:28.0379 3016 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:49:28.0383 3016 adpu320 - ok
14:49:28.0436 3016 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:49:28.0438 3016 AeLookupSvc - ok
14:49:28.0492 3016 AERTFilters (3ac22a3dfa8a050e35f0e3cd99d0cdf2) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:49:28.0494 3016 AERTFilters - ok
14:49:28.0560 3016 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:49:28.0579 3016 AFD - ok
14:49:28.0622 3016 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:49:28.0624 3016 agp440 - ok
14:49:28.0653 3016 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:49:28.0657 3016 ALG - ok
14:49:28.0682 3016 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:49:28.0684 3016 aliide - ok
14:49:28.0730 3016 AMD External Events Utility (16d2883ea6296333435df0c8b7d164b8) C:\Windows\system32\atiesrxx.exe
14:49:28.0740 3016 AMD External Events Utility - ok
14:49:28.0752 3016 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:49:28.0754 3016 amdide - ok
14:49:28.0788 3016 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:49:28.0791 3016 AmdK8 - ok
14:49:28.0807 3016 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:49:28.0810 3016 AmdPPM - ok
14:49:29.0062 3016 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:49:29.0101 3016 amdsata - ok
14:49:29.0120 3016 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:49:29.0123 3016 amdsbs - ok
14:49:29.0143 3016 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:49:29.0145 3016 amdxata - ok
14:49:29.0198 3016 ApfiltrService (8b522286c8d6a20133d12225b7759596) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:49:29.0211 3016 ApfiltrService - ok
14:49:29.0256 3016 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:49:29.0258 3016 AppID - ok
14:49:29.0295 3016 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:49:29.0297 3016 AppIDSvc - ok
14:49:29.0339 3016 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:49:29.0341 3016 Appinfo - ok
14:49:29.0466 3016 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:49:29.0469 3016 Apple Mobile Device - ok
14:49:29.0506 3016 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:49:29.0510 3016 arc - ok
14:49:29.0527 3016 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:49:29.0529 3016 arcsas - ok
14:49:29.0556 3016 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:49:29.0558 3016 AsyncMac - ok
14:49:29.0587 3016 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:49:29.0587 3016 atapi - ok
14:49:29.0658 3016 AtiHdmiService (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
14:49:29.0665 3016 AtiHdmiService - ok
14:49:30.0042 3016 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:49:30.0179 3016 atikmdag - ok
14:49:30.0326 3016 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:49:30.0358 3016 AudioEndpointBuilder - ok
14:49:30.0365 3016 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:49:30.0369 3016 AudioSrv - ok
14:49:30.0428 3016 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:49:30.0432 3016 AxInstSV - ok
14:49:30.0515 3016 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:49:30.0531 3016 b06bdrv - ok
14:49:30.0583 3016 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:49:30.0598 3016 b57nd60a - ok
14:49:30.0631 3016 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
14:49:30.0633 3016 BCM42RLY - ok
14:49:30.0813 3016 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:49:30.0884 3016 BCM43XX - ok
14:49:31.0026 3016 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:49:31.0043 3016 BDESVC - ok
14:49:31.0104 3016 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:49:31.0136 3016 Beep - ok
14:49:31.0222 3016 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:49:31.0265 3016 BFE - ok
14:49:31.0318 3016 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:49:31.0357 3016 BITS - ok
14:49:31.0411 3016 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:49:31.0413 3016 blbdrive - ok
14:49:31.0530 3016 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:49:31.0547 3016 Bonjour Service - ok
14:49:31.0582 3016 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:49:31.0585 3016 bowser - ok
14:49:31.0606 3016 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:49:31.0608 3016 BrFiltLo - ok
14:49:31.0633 3016 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:49:31.0635 3016 BrFiltUp - ok
14:49:31.0673 3016 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:49:31.0676 3016 Browser - ok
14:49:31.0710 3016 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:49:31.0722 3016 Brserid - ok
14:49:31.0741 3016 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:49:31.0743 3016 BrSerWdm - ok
14:49:31.0762 3016 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:49:31.0764 3016 BrUsbMdm - ok
14:49:31.0783 3016 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:49:31.0785 3016 BrUsbSer - ok
14:49:31.0798 3016 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:49:31.0801 3016 BTHMODEM - ok
14:49:31.0822 3016 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:49:31.0825 3016 bthserv - ok
14:49:31.0848 3016 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:49:31.0851 3016 cdfs - ok
14:49:31.0900 3016 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:49:31.0904 3016 cdrom - ok
14:49:31.0956 3016 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:49:31.0959 3016 CertPropSvc - ok
14:49:31.0991 3016 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:49:31.0993 3016 circlass - ok
14:49:32.0025 3016 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:49:32.0046 3016 CLFS - ok
14:49:32.0116 3016 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:49:32.0119 3016 clr_optimization_v2.0.50727_32 - ok
14:49:32.0166 3016 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:49:32.0169 3016 clr_optimization_v2.0.50727_64 - ok
14:49:32.0256 3016 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:49:32.0259 3016 clr_optimization_v4.0.30319_32 - ok
14:49:32.0291 3016 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:49:32.0295 3016 clr_optimization_v4.0.30319_64 - ok
14:49:32.0334 3016 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:49:32.0336 3016 CmBatt - ok
14:49:32.0366 3016 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:49:32.0368 3016 cmdide - ok
14:49:32.0422 3016 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:49:32.0437 3016 CNG - ok
14:49:32.0461 3016 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:49:32.0463 3016 Compbatt - ok
14:49:32.0519 3016 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:49:32.0522 3016 CompositeBus - ok
14:49:32.0530 3016 COMSysApp - ok
14:49:32.0551 3016 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:49:32.0553 3016 crcdisk - ok
14:49:32.0610 3016 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:49:32.0623 3016 CryptSvc - ok
14:49:32.0676 3016 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:49:32.0680 3016 CtClsFlt - ok
14:49:32.0758 3016 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:49:32.0773 3016 DcomLaunch - ok
14:49:32.0812 3016 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:49:32.0824 3016 defragsvc - ok
14:49:32.0870 3016 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:49:32.0891 3016 DfsC - ok
14:49:32.0950 3016 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:49:32.0969 3016 Dhcp - ok
14:49:32.0985 3016 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:49:32.0989 3016 discache - ok
14:49:33.0029 3016 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:49:33.0031 3016 Disk - ok
14:49:33.0077 3016 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:49:33.0081 3016 Dnscache - ok
14:49:33.0174 3016 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
14:49:33.0178 3016 DockLoginService - ok
14:49:33.0222 3016 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:49:33.0235 3016 dot3svc - ok
14:49:33.0280 3016 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:49:33.0285 3016 DPS - ok
14:49:33.0306 3016 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:49:33.0308 3016 drmkaud - ok
14:49:33.0411 3016 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:49:33.0444 3016 DXGKrnl - ok
14:49:33.0472 3016 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:49:33.0476 3016 EapHost - ok
14:49:33.0680 3016 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:49:33.0766 3016 ebdrv - ok
14:49:33.0890 3016 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:49:33.0893 3016 EFS - ok
14:49:34.0336 3016 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:49:34.0345 3016 ehRecvr - ok
14:49:34.0375 3016 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:49:34.0378 3016 ehSched - ok
14:49:34.0459 3016 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:49:34.0485 3016 elxstor - ok
14:49:34.0610 3016 EpsonCustomerParticipation (757305c7ad34222f4a46d86fe0bee241) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
14:49:34.0628 3016 EpsonCustomerParticipation - ok
14:49:34.0657 3016 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:49:34.0659 3016 ErrDev - ok
14:49:34.0724 3016 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:49:34.0743 3016 EventSystem - ok
14:49:34.0778 3016 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:49:34.0782 3016 exfat - ok
14:49:34.0813 3016 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:49:34.0817 3016 fastfat - ok
14:49:34.0884 3016 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:49:34.0907 3016 Fax - ok
14:49:34.0921 3016 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:49:34.0923 3016 fdc - ok
14:49:34.0959 3016 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:49:34.0962 3016 fdPHost - ok
14:49:34.0976 3016 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:49:34.0979 3016 FDResPub - ok
14:49:35.0009 3016 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:49:35.0012 3016 FileInfo - ok
14:49:35.0019 3016 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:49:35.0021 3016 Filetrace - ok
14:49:35.0040 3016 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:49:35.0043 3016 flpydisk - ok
14:49:35.0107 3016 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:49:35.0125 3016 FltMgr - ok
14:49:35.0211 3016 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:49:35.0240 3016 FontCache - ok
14:49:35.0330 3016 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:49:35.0333 3016 FontCache3.0.0.0 - ok
14:49:35.0384 3016 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:49:35.0386 3016 FsDepends - ok
14:49:35.0417 3016 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:49:35.0419 3016 Fs_Rec - ok
14:49:35.0472 3016 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:49:35.0487 3016 fvevol - ok
14:49:35.0521 3016 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:49:35.0523 3016 gagp30kx - ok
14:49:35.0642 3016 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
14:49:35.0653 3016 GameConsoleService - ok
14:49:35.0679 3016 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:49:35.0681 3016 GEARAspiWDM - ok
14:49:35.0700 3016 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
14:49:35.0701 3016 GoToAssist - ok
14:49:35.0819 3016 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:49:35.0841 3016 gpsvc - ok
14:49:35.0961 3016 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:49:35.0965 3016 gupdate - ok
14:49:35.0987 3016 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:49:35.0988 3016 gupdatem - ok
14:49:36.0012 3016 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:49:36.0014 3016 hcw85cir - ok
14:49:36.0065 3016 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:49:36.0071 3016 HDAudBus - ok
14:49:36.0104 3016 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:49:36.0106 3016 HECIx64 - ok
14:49:36.0119 3016 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:49:36.0121 3016 HidBatt - ok
14:49:36.0138 3016 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:49:36.0140 3016 HidBth - ok
14:49:36.0162 3016 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:49:36.0164 3016 HidIr - ok
14:49:36.0200 3016 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:49:36.0203 3016 hidserv - ok
14:49:36.0242 3016 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:49:36.0245 3016 HidUsb - ok
14:49:36.0280 3016 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:49:36.0283 3016 hkmsvc - ok
14:49:36.0330 3016 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:49:36.0343 3016 HomeGroupListener - ok
14:49:36.0378 3016 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:49:36.0383 3016 HomeGroupProvider - ok
14:49:36.0419 3016 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:49:36.0422 3016 HpSAMD - ok
14:49:36.0492 3016 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:49:36.0534 3016 HTTP - ok
14:49:36.0567 3016 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:49:36.0568 3016 hwpolicy - ok
14:49:36.0585 3016 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:49:36.0588 3016 i8042prt - ok
14:49:36.0634 3016 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:49:36.0653 3016 iaStorV - ok
14:49:36.0782 3016 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:49:36.0818 3016 idsvc - ok
14:49:36.0856 3016 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:49:36.0859 3016 iirsp - ok
14:49:36.0937 3016 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:49:36.0973 3016 IKEEXT - ok
14:49:37.0108 3016 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys
14:49:37.0166 3016 IntcAzAudAddService - ok
14:49:37.0261 3016 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:49:37.0262 3016 intelide - ok
14:49:37.0298 3016 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:49:37.0299 3016 intelppm - ok
14:49:37.0332 3016 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:49:37.0335 3016 IPBusEnum - ok
14:49:37.0389 3016 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:49:37.0392 3016 IpFilterDriver - ok
14:49:37.0435 3016 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:49:37.0460 3016 iphlpsvc - ok
14:49:37.0493 3016 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:49:37.0496 3016 IPMIDRV - ok
14:49:37.0534 3016 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:49:37.0537 3016 IPNAT - ok
14:49:37.0675 3016 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:49:37.0712 3016 iPod Service - ok
14:49:37.0744 3016 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:49:37.0746 3016 IRENUM - ok
14:49:37.0790 3016 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:49:37.0792 3016 isapnp - ok
14:49:37.0842 3016 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:49:37.0854 3016 iScsiPrt - ok
14:49:37.0877 3016 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:49:37.0879 3016 kbdclass - ok
14:49:37.0945 3016 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:49:37.0948 3016 kbdhid - ok
14:49:38.0005 3016 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:49:38.0007 3016 KeyIso - ok
14:49:38.0048 3016 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:49:38.0051 3016 KSecDD - ok
14:49:38.0097 3016 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:49:38.0101 3016 KSecPkg - ok
14:49:38.0142 3016 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:49:38.0144 3016 ksthunk - ok
14:49:38.0190 3016 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:49:38.0211 3016 KtmRm - ok
14:49:38.0265 3016 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:49:38.0278 3016 LanmanServer - ok
14:49:38.0315 3016 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:49:38.0319 3016 LanmanWorkstation - ok
14:49:38.0350 3016 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:49:38.0352 3016 lltdio - ok
14:49:38.0394 3016 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:49:38.0413 3016 lltdsvc - ok
14:49:38.0431 3016 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:49:38.0434 3016 lmhosts - ok
14:49:38.0524 3016 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:49:38.0540 3016 LMS - ok
14:49:38.0604 3016 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:49:38.0606 3016 LSI_FC - ok
14:49:38.0630 3016 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:49:38.0633 3016 LSI_SAS - ok
14:49:38.0652 3016 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:49:38.0655 3016 LSI_SAS2 - ok
14:49:38.0672 3016 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:49:38.0675 3016 LSI_SCSI - ok
14:49:38.0713 3016 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:49:38.0716 3016 luafv - ok
14:49:38.0753 3016 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:49:38.0757 3016 Mcx2Svc - ok
14:49:38.0781 3016 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:49:38.0783 3016 megasas - ok
14:49:38.0809 3016 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:49:38.0823 3016 MegaSR - ok
14:49:38.0918 3016 Microsoft SharePoint Workspace Audit Service - ok
14:49:38.0959 3016 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:49:38.0962 3016 MMCSS - ok
14:49:38.0975 3016 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:49:38.0977 3016 Modem - ok
14:49:39.0014 3016 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:49:39.0015 3016 monitor - ok
14:49:39.0047 3016 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:49:39.0049 3016 mouclass - ok
14:49:39.0079 3016 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:49:39.0082 3016 mouhid - ok
14:49:39.0127 3016 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:49:39.0130 3016 mountmgr - ok
14:49:39.0160 3016 mozybackup - ok
14:49:39.0196 3016 mozyFilter (a5c8838b68eddd5c738308b3a50cb350) C:\Windows\system32\DRIVERS\mozy.sys
14:49:39.0198 3016 mozyFilter - ok
14:49:39.0260 3016 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
14:49:39.0264 3016 MpFilter - ok
14:49:39.0310 3016 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:49:39.0314 3016 mpio - ok
14:49:39.0344 3016 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:49:39.0347 3016 mpsdrv - ok
14:49:39.0423 3016 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:49:39.0450 3016 MpsSvc - ok
14:49:39.0492 3016 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:49:39.0497 3016 MRxDAV - ok
14:49:39.0535 3016 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:49:39.0539 3016 mrxsmb - ok
14:49:39.0622 3016 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:49:39.0696 3016 mrxsmb10 - ok
14:49:39.0719 3016 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:49:39.0722 3016 mrxsmb20 - ok
14:49:39.0751 3016 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:49:39.0752 3016 msahci - ok
14:49:39.0779 3016 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:49:39.0782 3016 msdsm - ok
14:49:39.0816 3016 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:49:39.0820 3016 MSDTC - ok
14:49:39.0859 3016 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:49:39.0861 3016 Msfs - ok
14:49:39.0875 3016 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:49:39.0877 3016 mshidkmdf - ok
14:49:39.0919 3016 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:49:39.0933 3016 msisadrv - ok
14:49:39.0974 3016 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:49:39.0979 3016 MSiSCSI - ok
14:49:39.0986 3016 msiserver - ok
14:49:40.0029 3016 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:49:40.0031 3016 MSKSSRV - ok
14:49:40.0105 3016 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:49:40.0105 3016 MsMpSvc - ok
14:49:40.0129 3016 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:49:40.0131 3016 MSPCLOCK - ok
14:49:40.0146 3016 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:49:40.0149 3016 MSPQM - ok
14:49:40.0206 3016 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:49:40.0225 3016 MsRPC - ok
14:49:40.0257 3016 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:49:40.0257 3016 mssmbios - ok
14:49:40.0270 3016 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:49:40.0272 3016 MSTEE - ok
14:49:40.0288 3016 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:49:40.0291 3016 MTConfig - ok
14:49:40.0307 3016 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:49:40.0310 3016 Mup - ok
14:49:40.0360 3016 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:49:40.0381 3016 napagent - ok
14:49:40.0460 3016 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:49:40.0477 3016 NativeWifiP - ok
14:49:40.0560 3016 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:49:40.0601 3016 NDIS - ok
14:49:40.0652 3016 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:49:40.0654 3016 NdisCap - ok
14:49:40.0676 3016 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:49:40.0678 3016 NdisTapi - ok
14:49:40.0720 3016 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:49:40.0722 3016 Ndisuio - ok
14:49:40.0763 3016 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:49:40.0767 3016 NdisWan - ok
14:49:40.0806 3016 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:49:40.0809 3016 NDProxy - ok
14:49:40.0879 3016 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:49:40.0881 3016 NetBIOS - ok
14:49:40.0925 3016 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:49:40.0937 3016 NetBT - ok
14:49:40.0976 3016 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:49:40.0977 3016 Netlogon - ok
14:49:41.0029 3016 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:49:41.0052 3016 Netman - ok
14:49:41.0088 3016 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:49:41.0104 3016 netprofm - ok
14:49:41.0188 3016 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:49:41.0191 3016 NetTcpPortSharing - ok
14:49:41.0234 3016 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:49:41.0237 3016 nfrd960 - ok
14:49:41.0298 3016 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:49:41.0301 3016 NisDrv - ok
14:49:41.0393 3016 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
14:49:41.0405 3016 NisSrv - ok
14:49:41.0458 3016 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:49:41.0476 3016 NlaSvc - ok
14:49:41.0500 3016 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:49:41.0502 3016 Npfs - ok
14:49:41.0531 3016 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:49:41.0534 3016 nsi - ok
14:49:41.0544 3016 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:49:41.0546 3016 nsiproxy - ok
14:49:41.0682 3016 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:49:41.0718 3016 Ntfs - ok
14:49:41.0822 3016 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:49:41.0824 3016 Null - ok
14:49:41.0874 3016 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:49:41.0879 3016 nvraid - ok
14:49:41.0904 3016 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:49:41.0909 3016 nvstor - ok
14:49:41.0934 3016 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:49:41.0938 3016 nv_agp - ok
14:49:41.0978 3016 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:49:41.0982 3016 ohci1394 - ok
14:49:42.0090 3016 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:49:42.0094 3016 ose - ok
14:49:42.0459 3016 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:49:42.0556 3016 osppsvc - ok
14:49:42.0791 3016 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:49:42.0813 3016 p2pimsvc - ok
14:49:42.0869 3016 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:49:42.0887 3016 p2psvc - ok
14:49:42.0950 3016 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:49:42.0953 3016 Parport - ok
14:49:42.0986 3016 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:49:42.0988 3016 partmgr - ok
14:49:43.0026 3016 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:49:43.0031 3016 PcaSvc - ok
14:49:43.0072 3016 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:49:43.0076 3016 pci - ok
14:49:43.0090 3016 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:49:43.0092 3016 pciide - ok
14:49:43.0124 3016 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:49:43.0139 3016 pcmcia - ok
14:49:43.0161 3016 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:49:43.0164 3016 pcw - ok
14:49:43.0210 3016 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:49:43.0241 3016 PEAUTH - ok
14:49:43.0311 3016 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:49:43.0314 3016 PerfHost - ok
14:49:43.0437 3016 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:49:43.0491 3016 pla - ok
14:49:43.0551 3016 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:49:43.0571 3016 PlugPlay - ok
14:49:43.0591 3016 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:49:43.0591 3016 PNRPAutoReg - ok
14:49:43.0621 3016 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:49:43.0631 3016 PNRPsvc - ok
14:49:43.0701 3016 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:49:43.0731 3016 PolicyAgent - ok
14:49:43.0761 3016 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:49:43.0771 3016 Power - ok
14:49:43.0851 3016 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:49:43.0851 3016 PptpMiniport - ok
14:49:43.0891 3016 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:49:43.0891 3016 Processor - ok
14:49:44.0091 3016 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:49:44.0091 3016 ProfSvc - ok
14:49:44.0131 3016 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:49:44.0131 3016 ProtectedStorage - ok
14:49:44.0181 3016 prwntdrv (577c79b8f5c6a6925f6ef0ae1b0d4051) C:\Windows\system32\prwntdrv.sys
14:49:44.0191 3016 prwntdrv - ok
14:49:44.0241 3016 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:49:44.0251 3016 Psched - ok
14:49:44.0291 3016 pwdrvio (d8589a43b352e7f2317194c98447149f) C:\Windows\system32\pwdrvio.sys
14:49:44.0311 3016 pwdrvio - ok
14:49:44.0331 3016 pwdspio (4b8fda635f4d2e7d638b2b3817b5afc8) C:\Windows\system32\pwdspio.sys
14:49:44.0341 3016 pwdspio - ok
14:49:44.0371 3016 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:49:44.0371 3016 PxHlpa64 - ok
14:49:44.0491 3016 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:49:44.0551 3016 ql2300 - ok
14:49:44.0701 3016 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:49:44.0711 3016 ql40xx - ok
14:49:44.0741 3016 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:49:44.0751 3016 QWAVE - ok
14:49:44.0771 3016 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:49:44.0781 3016 QWAVEdrv - ok
14:49:44.0791 3016 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:49:44.0791 3016 RasAcd - ok
14:49:44.0841 3016 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:49:44.0841 3016 RasAgileVpn - ok
14:49:44.0871 3016 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:49:44.0881 3016 RasAuto - ok
14:49:44.0921 3016 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:49:44.0921 3016 Rasl2tp - ok
14:49:44.0971 3016 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:49:44.0991 3016 RasMan - ok
14:49:45.0021 3016 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:49:45.0021 3016 RasPppoe - ok
14:49:45.0051 3016 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:49:45.0051 3016 RasSstp - ok
14:49:45.0091 3016 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:49:45.0111 3016 rdbss - ok
14:49:45.0121 3016 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:49:45.0131 3016 rdpbus - ok
14:49:45.0141 3016 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:49:45.0151 3016 RDPCDD - ok
14:49:45.0181 3016 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:49:45.0181 3016 RDPENCDD - ok
14:49:45.0201 3016 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:49:45.0201 3016 RDPREFMP - ok
14:49:45.0251 3016 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:49:45.0261 3016 RDPWD - ok
14:49:45.0421 3016 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:49:45.0431 3016 rdyboost - ok
14:49:45.0471 3016 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:49:45.0471 3016 RemoteAccess - ok
14:49:45.0511 3016 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:49:45.0521 3016 RemoteRegistry - ok
14:49:45.0541 3016 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:49:45.0541 3016 RpcEptMapper - ok
14:49:45.0571 3016 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:49:45.0571 3016 RpcLocator - ok
14:49:45.0631 3016 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:49:45.0641 3016 RpcSs - ok
14:49:45.0701 3016 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:49:45.0711 3016 rspndr - ok
14:49:45.0781 3016 RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
14:49:45.0801 3016 RSUSBSTOR - ok
14:49:45.0871 3016 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:49:45.0901 3016 RTL8167 - ok
14:49:45.0941 3016 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:49:45.0941 3016 SamSs - ok
14:49:45.0971 3016 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:49:45.0971 3016 sbp2port - ok
14:49:46.0011 3016 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:49:46.0021 3016 SCardSvr - ok
14:49:46.0061 3016 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:49:46.0071 3016 scfilter - ok
14:49:46.0171 3016 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:49:46.0211 3016 Schedule - ok
14:49:46.0251 3016 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:49:46.0251 3016 SCPolicySvc - ok
14:49:46.0281 3016 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:49:46.0281 3016 SDRSVC - ok
14:49:46.0341 3016 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:49:46.0341 3016 secdrv - ok
14:49:46.0381 3016 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:49:46.0381 3016 seclogon - ok
14:49:46.0411 3016 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:49:46.0411 3016 SENS - ok
14:49:46.0441 3016 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:49:46.0441 3016 SensrSvc - ok
14:49:46.0461 3016 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:49:46.0461 3016 Serenum - ok
14:49:46.0481 3016 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:49:46.0491 3016 Serial - ok
14:49:46.0531 3016 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:49:46.0541 3016 sermouse - ok
14:49:46.0581 3016 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:49:46.0581 3016 SessionEnv - ok
14:49:46.0621 3016 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:49:46.0621 3016 sffdisk - ok
14:49:46.0631 3016 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:49:46.0631 3016 sffp_mmc - ok
14:49:46.0651 3016 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:49:46.0651 3016 sffp_sd - ok
14:49:46.0681 3016 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:49:46.0681 3016 sfloppy - ok
14:49:46.0741 3016 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:49:46.0761 3016 SharedAccess - ok
14:49:46.0811 3016 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:49:46.0831 3016 ShellHWDetection - ok
14:49:46.0861 3016 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:49:46.0861 3016 SiSRaid2 - ok
14:49:46.0891 3016 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:49:46.0891 3016 SiSRaid4 - ok
14:49:46.0931 3016 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:49:46.0931 3016 Smb - ok
14:49:46.0971 3016 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:49:46.0971 3016 SNMPTRAP - ok
14:49:46.0981 3016 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:49:46.0981 3016 spldr - ok
14:49:47.0051 3016 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:49:47.0091 3016 Spooler - ok
14:49:47.0341 3016 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:49:47.0431 3016 sppsvc - ok
14:49:47.0561 3016 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:49:47.0561 3016 sppuinotify - ok
14:49:47.0661 3016 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
14:49:47.0671 3016 sprtsvc_DellSupportCenter - ok
14:49:47.0771 3016 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:49:47.0791 3016 srv - ok
14:49:47.0821 3016 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:49:47.0841 3016 srv2 - ok
14:49:47.0861 3016 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:49:47.0861 3016 srvnet - ok
14:49:47.0911 3016 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:49:47.0941 3016 SSDPSRV - ok
14:49:48.0071 3016 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:49:48.0081 3016 SstpSvc - ok
14:49:48.0111 3016 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:49:48.0111 3016 stexstor - ok
14:49:48.0181 3016 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:49:48.0211 3016 stisvc - ok
14:49:48.0251 3016 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:49:48.0251 3016 swenum - ok
14:49:48.0301 3016 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:49:48.0331 3016 swprv - ok
14:49:48.0461 3016 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:49:48.0531 3016 SysMain - ok
14:49:48.0651 3016 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:49:48.0661 3016 TabletInputService - ok
14:49:48.0731 3016 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:49:48.0741 3016 TapiSrv - ok
14:49:48.0791 3016 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:49:48.0791 3016 TBS - ok
14:49:48.0961 3016 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:49:49.0021 3016 Tcpip - ok
14:49:49.0261 3016 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:49:49.0271 3016 TCPIP6 - ok
14:49:49.0411 3016 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:49:49.0411 3016 tcpipreg - ok
14:49:49.0441 3016 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:49:49.0441 3016 TDPIPE - ok
14:49:49.0461 3016 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:49:49.0471 3016 TDTCP - ok
14:49:49.0511 3016 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:49:49.0511 3016 tdx - ok
14:49:49.0541 3016 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:49:49.0551 3016 TermDD - ok
14:49:49.0591 3016 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:49:49.0611 3016 TermService - ok
14:49:49.0641 3016 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:49:49.0641 3016 Themes - ok
14:49:49.0661 3016 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:49:49.0661 3016 THREADORDER - ok
14:49:49.0681 3016 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:49:49.0681 3016 TrkWks - ok
14:49:49.0761 3016 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:49:49.0771 3016 TrustedInstaller - ok
14:49:49.0801 3016 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:49:49.0811 3016 tssecsrv - ok
14:49:49.0871 3016 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:49:49.0881 3016 TsUsbFlt - ok
14:49:50.0111 3016 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:49:50.0111 3016 tunnel - ok
14:49:50.0151 3016 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:49:50.0151 3016 uagp35 - ok
14:49:50.0211 3016 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:49:50.0221 3016 udfs - ok
14:49:50.0251 3016 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:49:50.0261 3016 UI0Detect - ok
14:49:50.0291 3016 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:49:50.0291 3016 uliagpkx - ok
14:49:50.0321 3016 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:49:50.0331 3016 umbus - ok
14:49:50.0361 3016 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:49:50.0361 3016 UmPass - ok
14:49:50.0581 3016 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:49:50.0661 3016 UNS - ok
14:49:50.0811 3016 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:49:50.0821 3016 upnphost - ok
14:49:50.0871 3016 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:49:50.0881 3016 USBAAPL64 - ok
14:49:50.0911 3016 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:49:50.0911 3016 usbccgp - ok
14:49:50.0941 3016 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:49:50.0951 3016 usbcir - ok
14:49:50.0961 3016 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:49:50.0971 3016 usbehci - ok
14:49:51.0011 3016 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:49:51.0031 3016 usbhub - ok
14:49:51.0051 3016 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:49:51.0051 3016 usbohci - ok
14:49:51.0081 3016 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:49:51.0081 3016 usbprint - ok
14:49:51.0121 3016 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:49:51.0121 3016 usbscan - ok
14:49:51.0161 3016 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:49:51.0171 3016 USBSTOR - ok
14:49:51.0191 3016 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:49:51.0191 3016 usbuhci - ok
14:49:51.0241 3016 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:49:51.0251 3016 usbvideo - ok
14:49:51.0281 3016 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:49:51.0281 3016 UxSms - ok
14:49:51.0321 3016 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:49:51.0321 3016 VaultSvc - ok
14:49:51.0371 3016 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:49:51.0381 3016 vdrvroot - ok
14:49:51.0441 3016 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:49:51.0471 3016 vds - ok
14:49:51.0501 3016 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:49:51.0501 3016 vga - ok
14:49:51.0521 3016 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:49:51.0521 3016 VgaSave - ok
14:49:51.0571 3016 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:49:51.0581 3016 vhdmp - ok
14:49:51.0601 3016 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:49:51.0601 3016 viaide - ok
14:49:51.0621 3016 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:49:51.0621 3016 volmgr - ok
14:49:51.0681 3016 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:49:51.0701 3016 volmgrx - ok
14:49:51.0761 3016 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:49:51.0761 3016 volsnap - ok
14:49:51.0811 3016 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:49:51.0811 3016 vsmraid - ok
14:49:51.0991 3016 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:49:52.0201 3016 VSS - ok
14:49:52.0381 3016 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:49:52.0381 3016 vwifibus - ok
14:49:52.0411 3016 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:49:52.0411 3016 vwififlt - ok
14:49:52.0451 3016 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:49:52.0471 3016 W32Time - ok
14:49:52.0491 3016 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:49:52.0491 3016 WacomPen - ok
14:49:52.0551 3016 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:49:52.0551 3016 WANARP - ok
14:49:52.0551 3016 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:49:52.0551 3016 Wanarpv6 - ok
14:49:52.0681 3016 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:49:52.0721 3016 WatAdminSvc - ok
14:49:52.0851 3016 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:49:52.0911 3016 wbengine - ok
14:49:53.0021 3016 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:49:53.0041 3016 WbioSrvc - ok
14:49:53.0091 3016 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:49:53.0111 3016 wcncsvc - ok
14:49:53.0131 3016 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:49:53.0131 3016 WcsPlugInService - ok
14:49:53.0191 3016 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:49:53.0191 3016 Wd - ok
14:49:53.0251 3016 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:49:53.0281 3016 Wdf01000 - ok
14:49:53.0311 3016 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:49:53.0321 3016 WdiServiceHost - ok
14:49:53.0321 3016 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:49:53.0321 3016 WdiSystemHost - ok
14:49:53.0371 3016 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:49:53.0381 3016 WebClient - ok
14:49:53.0411 3016 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:49:53.0421 3016 Wecsvc - ok
14:49:53.0441 3016 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:49:53.0441 3016 wercplsupport - ok
14:49:53.0471 3016 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:49:53.0471 3016 WerSvc - ok
14:49:53.0531 3016 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:49:53.0541 3016 WfpLwf - ok
14:49:53.0551 3016 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:49:53.0561 3016 WIMMount - ok
14:49:53.0591 3016 WinDefend - ok
14:49:53.0591 3016 WinHttpAutoProxySvc - ok
14:49:53.0651 3016 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:49:53.0671 3016 Winmgmt - ok
14:49:53.0841 3016 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:49:53.0901 3016 WinRM - ok
14:49:54.0111 3016 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS
14:49:54.0111 3016 winusb - ok
14:49:54.0191 3016 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:49:54.0221 3016 Wlansvc - ok
14:49:54.0531 3016 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:49:54.0621 3016 wlidsvc - ok
14:49:54.0681 3016 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
14:49:54.0691 3016 wltrysvc - ok
14:49:54.0821 3016 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:49:54.0821 3016 WmiAcpi - ok
14:49:54.0881 3016 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:49:54.0891 3016 wmiApSrv - ok
14:49:54.0941 3016 WMPNetworkSvc - ok
14:49:54.0971 3016 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:49:54.0971 3016 WPCSvc - ok
14:49:55.0011 3016 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:49:55.0011 3016 WPDBusEnum - ok
14:49:55.0041 3016 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:49:55.0041 3016 ws2ifsl - ok
14:49:55.0061 3016 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:49:55.0061 3016 wscsvc - ok
14:49:55.0061 3016 WSearch - ok
14:49:55.0231 3016 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:49:55.0311 3016 wuauserv - ok
14:49:55.0411 3016 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:49:55.0421 3016 WudfPf - ok
14:49:55.0451 3016 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:49:55.0471 3016 WUDFRd - ok
14:49:55.0501 3016 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:49:55.0511 3016 wudfsvc - ok
14:49:55.0541 3016 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:49:55.0551 3016 WwanSvc - ok
14:49:55.0581 3016 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:49:55.0601 3016 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:49:55.0601 3016 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:49:55.0621 3016 Boot (0x1200) (d6882cab9992beb45569aaef134498eb) \Device\Harddisk0\DR0\Partition0
14:49:55.0631 3016 \Device\Harddisk0\DR0\Partition0 - ok
14:49:55.0641 3016 Boot (0x1200) (648a5e096581ccef30c7bbc0de874e61) \Device\Harddisk0\DR0\Partition1
14:49:55.0641 3016 \Device\Harddisk0\DR0\Partition1 - ok
14:49:55.0641 3016 ============================================================
14:49:55.0641 3016 Scan finished
14:49:55.0641 3016 ============================================================
14:49:55.0651 5616 Detected object count: 1
14:49:55.0651 5616 Actual detected object count: 1
14:50:59.0185 5616 \Device\Harddisk0\DR0\# - copied to quarantine
14:50:59.0498 5616 \Device\Harddisk0\DR0 - copied to quarantine
14:51:01.0028 5616 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:51:01.0140 5616 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:51:01.0220 5616 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:51:01.0318 5616 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:51:01.0422 5616 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:51:02.0740 5616 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:51:02.0786 5616 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:51:02.0792 5616 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:51:02.0798 5616 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:51:02.0976 5616 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:51:03.0262 5616 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:51:03.0282 5616 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:51:03.0290 5616 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:51:03.0293 5616 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:51:03.0323 5616 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:51:03.0396 5616 \Device\Harddisk0\DR0 - ok
14:51:03.0399 5616 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:51:10.0684 3560 Deinitialize success

Edited by ripawheelie, 23 July 2012 - 10:32 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:22 AM

Posted 23 July 2012 - 11:52 AM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-07-21 15:38 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
C:\Windows\svchost.exe
TDL4: custom:26000022 <===== ATTENTION!
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ripawheelie

ripawheelie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 23 July 2012 - 06:46 PM

ComboFix 12-07-24.01 - Deb 07/23/2012 18:21:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2383 [GMT -5:00]
Running from: c:\users\Deb\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SelectRebates
c:\program files (x86)\SelectRebates\FFToolbar\chrome.manifest
c:\program files (x86)\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files (x86)\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files (x86)\SelectRebates\FFToolbar\install.rdf
c:\program files (x86)\SelectRebates\SahImages\alert.png
c:\program files (x86)\SelectRebates\SahImages\check.png
c:\program files (x86)\SelectRebates\SahImages\close.png
c:\program files (x86)\SelectRebates\SelectAlerts.dat
c:\program files (x86)\SelectRebates\SelectRebates.exe
c:\program files (x86)\SelectRebates\SelectRebates.ini
c:\program files (x86)\SelectRebates\SelectRebatesA.dat
c:\program files (x86)\SelectRebates\SelectRebatesApi.exe
c:\program files (x86)\SelectRebates\SelectRebatesB.dat
c:\program files (x86)\SelectRebates\SelectRebatesBT.dat
c:\program files (x86)\SelectRebates\SelectRebatesDownload.exe
c:\program files (x86)\SelectRebates\SelectRebatesH.dat
c:\program files (x86)\SelectRebates\SelectRebatesUninstall.exe
c:\program files (x86)\SelectRebates\SRebates.dll
c:\program files (x86)\SelectRebates\SRFF3.dll
c:\program files (x86)\SelectRebates\Toolbar\AddtoList.bmp
c:\program files (x86)\SelectRebates\Toolbar\basis.xml
c:\program files (x86)\SelectRebates\Toolbar\Basis.xml.dym
c:\program files (x86)\SelectRebates\Toolbar\Blank.bmp
c:\program files (x86)\SelectRebates\Toolbar\CashBack.bmp
c:\program files (x86)\SelectRebates\Toolbar\Coupons.bmp
c:\program files (x86)\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files (x86)\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files (x86)\SelectRebates\Toolbar\icons.bmp
c:\program files (x86)\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files (x86)\SelectRebates\Toolbar\logo.bmp
c:\program files (x86)\SelectRebates\Toolbar\logo_24.bmp
c:\program files (x86)\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files (x86)\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files (x86)\SelectRebates\Toolbar\RightControls.dym
c:\program files (x86)\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files (x86)\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files (x86)\SelectRebates\Toolbar\Scissors.bmp
c:\program files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\users\Deb\Documents\~WRL2512.tmp
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 01:10 . 2012-07-23 01:10 -------- d-----w- C:\FRST
2012-07-22 19:50 . 2012-07-22 19:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-22 19:45 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-21 23:16 . 2012-07-22 03:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 23:10 . 2012-07-22 03:18 -------- d-----w- c:\users\Deb\AppData\Local\Dell Edoc Viewer
2012-07-21 04:53 . 2012-07-21 04:53 -------- d-----w- c:\users\Deb\AppData\Roaming\QuickScan
2012-07-21 04:32 . 2012-06-18 18:34 19032 ----a-w- c:\windows\system32\pwdrvio.sys
2012-07-21 04:32 . 2012-06-18 18:34 2966720 ----a-w- c:\windows\system32\pwNative.exe
2012-07-21 04:32 . 2012-06-18 18:34 12384 ----a-w- c:\windows\system32\pwdspio.sys
2012-07-21 04:32 . 2012-07-21 04:32 -------- d-----w- c:\program files (x86)\MiniTool Partition Wizard Home Edition 7.5
2012-07-21 03:27 . 2012-07-21 03:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-21 03:27 . 2012-07-21 03:27 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-21 03:24 . 2010-08-26 14:32 98696 ----a-w- c:\windows\SysWow64\setupprwdrv03.exe
2012-07-21 03:24 . 2010-08-26 14:32 96648 ----a-w- c:\windows\system32\setupprwdrvx64.exe
2012-07-21 03:24 . 2010-08-26 00:39 16776 ----a-w- c:\windows\system32\prwntdrv.sys
2012-07-21 03:24 . 2010-08-26 00:39 13704 ----a-w- c:\windows\SysWow64\prwntdrv.sys
2012-07-21 03:24 . 2012-07-21 03:24 -------- d-----w- c:\program files (x86)\EASEUS
2012-07-21 03:23 . 2012-07-21 03:23 -------- d--h--w- c:\programdata\Common Files
2012-07-20 04:27 . 2012-07-20 04:27 114688 ----a-w- c:\programdata\Microsoft\Windows\DRM\96A7.tmp.dat
2012-07-17 21:38 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-17 21:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-14 18:10 . 2012-07-14 18:10 12562920 ----a-w- c:\programdata\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
2012-07-12 19:22 . 2012-07-12 19:22 -------- d-----w- c:\users\Deb\AppData\Roaming\Epson
2012-07-12 19:22 . 2012-07-12 19:22 -------- d-----w- c:\users\Deb\AppData\Roaming\Leader Technologies
2012-07-12 08:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 01:44 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-04 18:36 . 2012-04-12 05:59 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60DEB573-F500-4448-ABC5-094A2057B626}\gapaengine.dll
2012-07-02 05:02 . 2012-07-02 05:02 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-07-02 05:02 . 2012-07-02 05:02 -------- d-----w- c:\windows\PCHEALTH
2012-07-02 04:56 . 2012-07-02 04:56 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-07-02 04:55 . 2012-07-02 04:55 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 03:27 . 2010-07-04 03:22 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 08:05 . 2010-07-04 02:40 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 03:56 . 2012-06-16 16:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 03:56 . 2011-06-01 06:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 08:24 . 2012-06-15 08:24 12557904 ----a-w- c:\programdata\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
2012-06-02 22:19 . 2012-06-09 01:30 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:30 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:30 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-09 01:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-09 01:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-15 01:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 01:33 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 01:33 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-15 01:33 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-15 01:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-15 01:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-15 01:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-15 01:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Game_Master_2.1\prxtbGame.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}"= "c:\program files (x86)\Game_Master_2.1\prxtbGame.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Deb\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
R2 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]
R3 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R3 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-26 16776]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 03:56]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 18:23]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 18:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-06-04 21:17 6301584 ----a-w- d:\mozy home\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-06-04 21:17 6301584 ----a-w- d:\mozy home\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SelectRebates - c:\program files (x86)\SelectRebates\SelectRebates.exe
Toolbar-Locked - (no file)
WebBrowser-{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"=hex:51,66,7a,6c,4c,1d,38,12,56,9f,34,
9c,79,90,a1,0e,ec,df,cd,82,65,37,92,e0
"{22DFBF5B-A7CD-4B25-9471-3DC68C71855F}"=hex:51,66,7a,6c,4c,1d,38,12,35,bc,cc,
26,ff,e9,4b,0e,eb,67,7e,86,89,2f,c1,4b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{E8DAAA30-6CAA-4B58-9603-8E54238219E2}"=hex:51,66,7a,6c,4c,1d,38,12,5e,a9,c9,
ec,98,22,36,0e,e9,15,cd,14,26,dc,5d,f6
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:71,8b,c6,df,90,66,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-23 18:33:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 23:33
.
Pre-Run: 8,043,388,928 bytes free
Post-Run: 9,366,315,008 bytes free
.
- - End Of File - - B5D0AB431D7B65C02FBB5F3D4D78962A

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:22 AM

Posted 23 July 2012 - 06:52 PM

please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ripawheelie

ripawheelie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 23 July 2012 - 07:43 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Deb :: DEB-PC [administrator]

7/23/2012 7:33:14 PM
mbam-log-2012-07-23 (19-33-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198212
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET to follow

#6 ripawheelie

ripawheelie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 23 July 2012 - 09:44 PM

ESETSCAN.TXT

C:\$RECYCLE.BIN\S-1-5-21-4155851039-1599387656-2706747480-1001\$RIOP3HR\22.07.2012_14.49.16\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\$RECYCLE.BIN\S-1-5-21-4155851039-1599387656-2706747480-1001\$RIOP3HR\22.07.2012_14.49.16\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\$RECYCLE.BIN\S-1-5-21-4155851039-1599387656-2706747480-1001\$RIOP3HR\22.07.2012_14.49.16\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\$RECYCLE.BIN\S-1-5-21-4155851039-1599387656-2706747480-1001\$RIOP3HR\22.07.2012_14.49.16\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\$RECYCLE.BIN\S-1-5-21-4155851039-1599387656-2706747480-1001\$RIOP3HR\22.07.2012_14.49.16\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\$RECYCLE.BIN\S-1-5-21-4155851039-1599387656-2706747480-1001\$RIOP3HR\22.07.2012_14.49.16\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\$RECYCLE.BIN\S-1-5-21-4155851039-1599387656-2706747480-1001\$RIOP3HR\22.07.2012_14.49.16\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\$RECYCLE.BIN\S-1-5-21-4155851039-1599387656-2706747480-1001\$RIOP3HR\22.07.2012_14.49.16\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\ProgramData\Microsoft\Windows\DRM\96A7.tmp.dat a variant of Win32/Kryptik.AITT trojan
C:\Users\All Users\Microsoft\Windows\DRM\96A7.tmp.dat a variant of Win32/Kryptik.AITT trojan
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7b603a92-323b3a0a multiple threats
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\545519e1-1ef2ff6b Java/Agent.U trojan
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\48c812c5-52ac578c probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5ae4dbb-16885e31 Java/Exploit.CVE-2011-3544.H trojan
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\608456fc-3c935ab2 multiple threats
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\420dadbf-1d6fd3ab multiple threats
D:\DEB-PC\Backup Set 2012-04-11 231528\Backup Files 2012-04-11 231528\Backup files 10.zip multiple threats

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:22 AM

Posted 24 July 2012 - 09:29 AM

Please empty your trash bin, then do the following:

Note, you will also need to make a full set of back-ups again once we are done


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\ProgramData\Microsoft\Windows\DRM\96A7.tmp.dat 
C:\Users\All Users\Microsoft\Windows\DRM\96A7.tmp.dat 
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7b603a92-323b3a0a 
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\545519e1-1ef2ff6b 
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\48c812c5-52ac578c 
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5ae4dbb-16885e31 
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\608456fc-3c935ab2 
C:\Users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\420dadbf-1d6fd3ab 
D:\DEB-PC\Backup Set 2012-04-11 231528\Backup Files 2012-04-11 231528\Backup files 10.zip 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp


NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 ripawheelie

ripawheelie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 24 July 2012 - 09:07 PM

ComboFix 12-07-25.04 - Deb 07/24/2012 20:18:05.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2381 [GMT -5:00]
Running from: c:\users\Deb\Desktop\ComboFix.exe
Command switches used :: c:\users\Deb\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\96A7.tmp.dat"
"c:\users\All Users\Microsoft\Windows\DRM\96A7.tmp.dat"
"c:\users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7b603a92-323b3a0a"
"c:\users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\545519e1-1ef2ff6b"
"c:\users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\48c812c5-52ac578c"
"c:\users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5ae4dbb-16885e31"
"c:\users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\608456fc-3c935ab2"
"c:\users\Deb\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\420dadbf-1d6fd3ab"
"d:\deb-pc\Backup Set 2012-04-11 231528\Backup Files 2012-04-11 231528\Backup files 10.zip"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\96A7.tmp.dat
c:\users\All Users\Microsoft\Windows\DRM\96A7.tmp.dat
c:\users\Deb\AppData\Local\Temp\{CD096A5A-5CFA-4DFB-8F19-6B1935092BA5}\fpb.tmp
d:\deb-pc\Backup Set 2012-04-11 231528\Backup Files 2012-04-11 231528\Backup files 10.zip
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 01:23 . 2012-07-25 01:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 01:10 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A55EB5DD-B6A0-456A-93AB-E0079FF93795}\mpengine.dll
2012-07-24 00:47 . 2012-07-24 00:47 -------- d-----w- c:\program files (x86)\ESET
2012-07-23 23:47 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 01:10 . 2012-07-23 01:10 -------- d-----w- C:\FRST
2012-07-21 23:16 . 2012-07-22 03:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-21 23:10 . 2012-07-22 03:18 -------- d-----w- c:\users\Deb\AppData\Local\Dell Edoc Viewer
2012-07-21 04:53 . 2012-07-21 04:53 -------- d-----w- c:\users\Deb\AppData\Roaming\QuickScan
2012-07-21 04:32 . 2012-06-18 18:34 19032 ----a-w- c:\windows\system32\pwdrvio.sys
2012-07-21 04:32 . 2012-06-18 18:34 2966720 ----a-w- c:\windows\system32\pwNative.exe
2012-07-21 04:32 . 2012-06-18 18:34 12384 ----a-w- c:\windows\system32\pwdspio.sys
2012-07-21 03:27 . 2012-07-21 03:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-21 03:27 . 2012-07-21 03:27 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-21 03:24 . 2012-07-21 03:24 -------- d-----w- c:\program files (x86)\EASEUS
2012-07-21 03:23 . 2012-07-21 03:23 -------- d--h--w- c:\programdata\Common Files
2012-07-17 21:38 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-17 21:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-14 18:10 . 2012-07-14 18:10 12562920 ----a-w- c:\programdata\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
2012-07-12 19:22 . 2012-07-12 19:22 -------- d-----w- c:\users\Deb\AppData\Roaming\Epson
2012-07-12 19:22 . 2012-07-12 19:22 -------- d-----w- c:\users\Deb\AppData\Roaming\Leader Technologies
2012-07-12 08:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 01:44 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-04 18:36 . 2012-04-12 05:59 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60DEB573-F500-4448-ABC5-094A2057B626}\gapaengine.dll
2012-07-02 05:02 . 2012-07-02 05:02 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-07-02 05:02 . 2012-07-02 05:02 -------- d-----w- c:\windows\PCHEALTH
2012-07-02 04:56 . 2012-07-02 04:56 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-07-02 04:55 . 2012-07-02 04:55 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 03:27 . 2010-07-04 03:22 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-12 08:05 . 2010-07-04 02:40 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 03:56 . 2012-06-16 16:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 03:56 . 2011-06-01 06:43 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 08:24 . 2012-06-15 08:24 12557904 ----a-w- c:\programdata\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
2012-06-02 22:19 . 2012-06-09 01:30 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:30 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:30 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-09 01:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-09 01:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-15 01:34 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 01:33 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 01:33 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-15 01:33 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-15 01:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-15 01:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-15 01:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-15 01:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_23.28.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-14 22:09 . 2012-07-25 01:26 38912 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-25 01:27 29798 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-28 03:14 . 2012-07-25 01:27 12664 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4155851039-1599387656-2706747480-1001_UserData.bin
- 2012-07-23 23:27 . 2012-07-23 23:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-25 01:24 . 2012-07-25 01:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 23:27 . 2012-07-23 23:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-25 01:24 . 2012-07-25 01:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-23 23:26 395612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-25 01:24 395612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-17 09:03 . 2012-07-25 01:24 1766884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4155851039-1599387656-2706747480-1001-8192.dat
- 2012-03-17 09:03 . 2012-07-23 23:27 1766884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4155851039-1599387656-2706747480-1001-8192.dat
+ 2012-03-17 09:03 . 2012-07-25 01:24 14035384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4155851039-1599387656-2706747480-1001-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Game_Master_2.1\prxtbGame.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}"= "c:\program files (x86)\Game_Master_2.1\prxtbGame.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Deb\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
R2 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]
R3 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R3 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-09 92160]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 03:56]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 18:23]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-31 18:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-06-04 21:17 6301584 ----a-w- d:\mozy home\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-06-04 21:17 6301584 ----a-w- d:\mozy home\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-09 8158240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-09-16 357376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"=hex:51,66,7a,6c,4c,1d,38,12,56,9f,34,
9c,79,90,a1,0e,ec,df,cd,82,65,37,92,e0
"{22DFBF5B-A7CD-4B25-9471-3DC68C71855F}"=hex:51,66,7a,6c,4c,1d,38,12,35,bc,cc,
26,ff,e9,4b,0e,eb,67,7e,86,89,2f,c1,4b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{E8DAAA30-6CAA-4B58-9603-8E54238219E2}"=hex:51,66,7a,6c,4c,1d,38,12,5e,a9,c9,
ec,98,22,36,0e,e9,15,cd,14,26,dc,5d,f6
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:71,8b,c6,df,90,66,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-24 20:31:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 01:31
ComboFix2.txt 2012-07-23 23:33
.
Pre-Run: 9,016,799,232 bytes free
Post-Run: 8,498,794,496 bytes free
.
- - End Of File - - 5F0BD727F61AB2D4B155B6796B4252E4

Java and Adobe Reader uninstalled. New versions installed as directed.

Allow me time to take lappy for a spin ;-)

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:22 AM

Posted 24 July 2012 - 09:18 PM

ok, let me know if there are any issues, please make sure your windows updates are working, this infection is known to break that service

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 ripawheelie

ripawheelie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 24 July 2012 - 10:20 PM

Windows update set to run automatically. I tried manual check. It worked correctly.

Obviously this machine needs to run something other than MS Security Essentials. Any suggestions for subscription services to real-time AV? ESET? Site sponsers, perhaps? TY so much for your help. I logged into PayPal *cough* ;-)

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:22 AM

Posted 24 July 2012 - 10:40 PM

unfortunately, no AV can catch everything. MSE is an excellent AV, I use it myself with the Pro version of Malwarebytes, the Web of Trust and I'm behind a secure router. If you want a paid AV, there are some excellent choices, ESET and Kaspersky as well as Emisoft are good choices,

You just need to be careful where you surf (that's where the Web of Trust helps), stay away from cracks, keygens, torrents and peer to peer, don't open email attachments from unknown sources and don't follow unknown links.

we just have some housekeeping to do now, please do the following:


You can delete the TDSSKiller and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 ripawheelie

ripawheelie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 25 July 2012 - 02:51 PM

I would like to do one more sweep tonight with eset perhaps before locking this thread. This whole ordeal was actually kinda fun with you holding my hand. I have learned a lot. Thx for the heads up.

I didn't mention that all but a few of the services were disabled in the beginning. I don't know if it was a problem with msconfig/safe mode, etc or what ... ebchk mebbe. Computer appears to run ok. I manually restarted services to match my win 7 notebook - give or take a few that were different.

Hopefully I'll post a final update tonight. Thx again CB!!

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:22 AM

Posted 25 July 2012 - 02:55 PM

ok great, yes, use it normally for a day or so, I'll keep the thread open

make sure your windows updates are working properly (this infection has been known to break them in the past)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 ripawheelie

ripawheelie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:22 AM

Posted 27 July 2012 - 02:53 PM

Okie. It's purring like a kittie. U rock!!! This forum rocks!!! /close the front door ... err, the thread. TY ty tyvm!!

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:22 AM

Posted 27 July 2012 - 03:15 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users