Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.dropper.BCminer


  • This topic is locked This topic is locked
27 replies to this topic

#1 JTPA

JTPA

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 25 July 2012 - 12:45 PM

Please advise with the removal of this malware that redirects my google searches.

Many thanks ahead of time for any and all help.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,062 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:08 PM

Posted 25 July 2012 - 07:42 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 JTPA

JTPA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 July 2012 - 08:55 AM

Thank you for your help. I've attached the logs you've requested. The log I wasn't able to run is GMER as I am running a 64-bit operating system, not the 32-bit version required.

Thank you again!

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 PM

Posted 27 July 2012 - 01:12 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JTPA

JTPA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 27 July 2012 - 09:50 AM

Hello Gringo,

Many thanks for the help. I really appreciate it.

First, here is the log from the security check:
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 30
Java version out of Date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Combofix did not generate a report after I ran it. I am not sure if I did something incorrectly. I double-clicked it, let it run, and it closed on it's own. Did not reboot.

However, I am noticing my PC running quicker and so far I have not been redirected when using Google search.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 PM

Posted 27 July 2012 - 02:20 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JTPA

JTPA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 27 July 2012 - 02:35 PM

Thanks again for the help.

Here is TDSSKiller report:
14:23:56.0490 5692 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:23:56.0760 5692 ============================================================
14:23:56.0760 5692 Current date / time: 2012/07/27 14:23:56.0760
14:23:56.0760 5692 SystemInfo:
14:23:56.0760 5692
14:23:56.0761 5692 OS Version: 6.1.7601 ServicePack: 1.0
14:23:56.0761 5692 Product type: Workstation
14:23:56.0761 5692 ComputerName: JACOBP-PC
14:23:56.0761 5692 UserName: jacobp
14:23:56.0761 5692 Windows directory: C:\Windows
14:23:56.0761 5692 System windows directory: C:\Windows
14:23:56.0761 5692 Running under WOW64
14:23:56.0761 5692 Processor architecture: Intel x64
14:23:56.0761 5692 Number of processors: 4
14:23:56.0761 5692 Page size: 0x1000
14:23:56.0761 5692 Boot type: Normal boot
14:23:56.0761 5692 ============================================================
14:23:57.0628 5692 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:23:57.0633 5692 ============================================================
14:23:57.0633 5692 \Device\Harddisk0\DR0:
14:23:57.0633 5692 MBR partitions:
14:23:57.0633 5692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x224D000
14:23:57.0633 5692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2261000, BlocksNum 0x38124800
14:23:57.0633 5692 ============================================================
14:23:57.0660 5692 C: <-> \Device\Harddisk0\DR0\Partition1
14:23:57.0660 5692 ============================================================
14:23:57.0660 5692 Initialize success
14:23:57.0660 5692 ============================================================
14:23:59.0664 2820 ============================================================
14:23:59.0664 2820 Scan started
14:23:59.0664 2820 Mode: Manual;
14:23:59.0664 2820 ============================================================
14:24:00.0803 2820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:24:00.0812 2820 1394ohci - ok
14:24:00.0838 2820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:24:00.0842 2820 ACPI - ok
14:24:00.0847 2820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:24:00.0848 2820 AcpiPmi - ok
14:24:00.0946 2820 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:24:00.0947 2820 AdobeARMservice - ok
14:24:01.0042 2820 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:24:01.0044 2820 AdobeFlashPlayerUpdateSvc - ok
14:24:01.0099 2820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:24:01.0118 2820 adp94xx - ok
14:24:01.0149 2820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:24:01.0154 2820 adpahci - ok
14:24:01.0178 2820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:24:01.0180 2820 adpu320 - ok
14:24:01.0205 2820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:24:01.0206 2820 AeLookupSvc - ok
14:24:01.0255 2820 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:24:01.0266 2820 AFD - ok
14:24:01.0285 2820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:24:01.0287 2820 agp440 - ok
14:24:01.0310 2820 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:24:01.0311 2820 ALG - ok
14:24:01.0314 2820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:24:01.0315 2820 aliide - ok
14:24:01.0317 2820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:24:01.0318 2820 amdide - ok
14:24:01.0323 2820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:24:01.0324 2820 AmdK8 - ok
14:24:01.0328 2820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:24:01.0329 2820 AmdPPM - ok
14:24:01.0349 2820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:24:01.0350 2820 amdsata - ok
14:24:01.0365 2820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:24:01.0367 2820 amdsbs - ok
14:24:01.0380 2820 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:24:01.0380 2820 amdxata - ok
14:24:01.0393 2820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:24:01.0394 2820 AppID - ok
14:24:01.0407 2820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:24:01.0408 2820 AppIDSvc - ok
14:24:01.0422 2820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:24:01.0423 2820 Appinfo - ok
14:24:01.0468 2820 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:24:01.0471 2820 AppMgmt - ok
14:24:01.0478 2820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:24:01.0480 2820 arc - ok
14:24:01.0499 2820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:24:01.0501 2820 arcsas - ok
14:24:01.0568 2820 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:24:01.0569 2820 aspnet_state - ok
14:24:01.0578 2820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:24:01.0579 2820 AsyncMac - ok
14:24:01.0593 2820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:24:01.0594 2820 atapi - ok
14:24:01.0655 2820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:24:01.0668 2820 AudioEndpointBuilder - ok
14:24:01.0675 2820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:24:01.0680 2820 AudioSrv - ok
14:24:01.0713 2820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:24:01.0714 2820 AxInstSV - ok
14:24:01.0762 2820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:24:01.0773 2820 b06bdrv - ok
14:24:01.0796 2820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:24:01.0803 2820 b57nd60a - ok
14:24:01.0837 2820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:24:01.0839 2820 BDESVC - ok
14:24:01.0860 2820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:24:01.0861 2820 Beep - ok
14:24:01.0874 2820 BFE - ok
14:24:01.0893 2820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:24:01.0894 2820 blbdrive - ok
14:24:01.0925 2820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:24:01.0926 2820 bowser - ok
14:24:01.0930 2820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:24:01.0931 2820 BrFiltLo - ok
14:24:01.0936 2820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:24:01.0937 2820 BrFiltUp - ok
14:24:01.0945 2820 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:24:01.0946 2820 BridgeMP - ok
14:24:01.0959 2820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:24:01.0961 2820 Browser - ok
14:24:01.0973 2820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:24:01.0976 2820 Brserid - ok
14:24:01.0987 2820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:24:01.0988 2820 BrSerWdm - ok
14:24:01.0990 2820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:24:01.0991 2820 BrUsbMdm - ok
14:24:01.0994 2820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:24:01.0995 2820 BrUsbSer - ok
14:24:02.0008 2820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:24:02.0009 2820 BTHMODEM - ok
14:24:02.0019 2820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:24:02.0021 2820 bthserv - ok
14:24:02.0043 2820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:24:02.0044 2820 cdfs - ok
14:24:02.0079 2820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:24:02.0082 2820 cdrom - ok
14:24:02.0103 2820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:24:02.0104 2820 CertPropSvc - ok
14:24:02.0110 2820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:24:02.0111 2820 circlass - ok
14:24:02.0142 2820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:24:02.0156 2820 CLFS - ok
14:24:02.0201 2820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:24:02.0203 2820 clr_optimization_v2.0.50727_32 - ok
14:24:02.0238 2820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:24:02.0240 2820 clr_optimization_v2.0.50727_64 - ok
14:24:02.0290 2820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:24:02.0293 2820 clr_optimization_v4.0.30319_32 - ok
14:24:02.0324 2820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:24:02.0327 2820 clr_optimization_v4.0.30319_64 - ok
14:24:02.0361 2820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:24:02.0361 2820 CmBatt - ok
14:24:02.0365 2820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:24:02.0366 2820 cmdide - ok
14:24:02.0401 2820 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:24:02.0408 2820 CNG - ok
14:24:02.0505 2820 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
14:24:02.0538 2820 CnxtHdAudService - ok
14:24:02.0603 2820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:24:02.0604 2820 Compbatt - ok
14:24:02.0628 2820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:24:02.0629 2820 CompositeBus - ok
14:24:02.0643 2820 COMSysApp - ok
14:24:02.0648 2820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:24:02.0649 2820 crcdisk - ok
14:24:02.0680 2820 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:24:02.0683 2820 CryptSvc - ok
14:24:02.0724 2820 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:24:02.0734 2820 CSC - ok
14:24:02.0772 2820 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:24:02.0786 2820 CscService - ok
14:24:02.0833 2820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:24:02.0859 2820 DcomLaunch - ok
14:24:02.0890 2820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:24:02.0898 2820 defragsvc - ok
14:24:02.0973 2820 DellDigitalDelivery (18b5c959cbe24d4d4c2381efb87611de) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
14:24:02.0975 2820 DellDigitalDelivery - ok
14:24:03.0019 2820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:24:03.0020 2820 DfsC - ok
14:24:03.0072 2820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:24:03.0087 2820 Dhcp - ok
14:24:03.0102 2820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:24:03.0103 2820 discache - ok
14:24:03.0132 2820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:24:03.0133 2820 Disk - ok
14:24:03.0168 2820 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:24:03.0169 2820 dmvsc - ok
14:24:03.0211 2820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:24:03.0213 2820 Dnscache - ok
14:24:03.0235 2820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:24:03.0243 2820 dot3svc - ok
14:24:03.0259 2820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:24:03.0261 2820 DPS - ok
14:24:03.0293 2820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:24:03.0294 2820 drmkaud - ok
14:24:03.0344 2820 DWMRCS - ok
14:24:03.0378 2820 dwvkbd (faae299fbf42029e55657f61f55533d3) C:\Windows\system32\DRIVERS\dwvkbd64.sys
14:24:03.0380 2820 dwvkbd - ok
14:24:03.0454 2820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:24:03.0485 2820 DXGKrnl - ok
14:24:03.0513 2820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:24:03.0516 2820 EapHost - ok
14:24:03.0639 2820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:24:03.0696 2820 ebdrv - ok
14:24:03.0761 2820 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
14:24:03.0763 2820 EFS - ok
14:24:03.0831 2820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:24:03.0844 2820 ehRecvr - ok
14:24:03.0857 2820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:24:03.0859 2820 ehSched - ok
14:24:03.0913 2820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:24:03.0922 2820 elxstor - ok
14:24:03.0926 2820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:24:03.0927 2820 ErrDev - ok
14:24:03.0975 2820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:24:03.0988 2820 EventSystem - ok
14:24:04.0023 2820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:24:04.0026 2820 exfat - ok
14:24:04.0049 2820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:24:04.0051 2820 fastfat - ok
14:24:04.0097 2820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:24:04.0109 2820 Fax - ok
14:24:04.0113 2820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:24:04.0115 2820 fdc - ok
14:24:04.0128 2820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:24:04.0130 2820 fdPHost - ok
14:24:04.0144 2820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:24:04.0145 2820 FDResPub - ok
14:24:04.0155 2820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:24:04.0157 2820 FileInfo - ok
14:24:04.0172 2820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:24:04.0173 2820 Filetrace - ok
14:24:04.0178 2820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:24:04.0178 2820 flpydisk - ok
14:24:04.0202 2820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:24:04.0204 2820 FltMgr - ok
14:24:04.0263 2820 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:24:04.0282 2820 FontCache - ok
14:24:04.0341 2820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:24:04.0343 2820 FontCache3.0.0.0 - ok
14:24:04.0368 2820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:24:04.0370 2820 FsDepends - ok
14:24:04.0386 2820 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:24:04.0387 2820 Fs_Rec - ok
14:24:04.0412 2820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:24:04.0414 2820 fvevol - ok
14:24:04.0436 2820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:24:04.0437 2820 gagp30kx - ok
14:24:04.0486 2820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:24:04.0498 2820 gpsvc - ok
14:24:04.0515 2820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:24:04.0515 2820 hcw85cir - ok
14:24:04.0543 2820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:24:04.0545 2820 HDAudBus - ok
14:24:04.0550 2820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:24:04.0551 2820 HidBatt - ok
14:24:04.0559 2820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:24:04.0561 2820 HidBth - ok
14:24:04.0572 2820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:24:04.0573 2820 HidIr - ok
14:24:04.0581 2820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:24:04.0582 2820 hidserv - ok
14:24:04.0607 2820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:24:04.0609 2820 HidUsb - ok
14:24:04.0624 2820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:24:04.0626 2820 hkmsvc - ok
14:24:04.0648 2820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:24:04.0658 2820 HomeGroupListener - ok
14:24:04.0690 2820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:24:04.0694 2820 HomeGroupProvider - ok
14:24:04.0708 2820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:24:04.0710 2820 HpSAMD - ok
14:24:04.0751 2820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:24:04.0764 2820 HTTP - ok
14:24:04.0776 2820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:24:04.0776 2820 hwpolicy - ok
14:24:04.0787 2820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:24:04.0788 2820 i8042prt - ok
14:24:04.0823 2820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:24:04.0827 2820 iaStorV - ok
14:24:04.0937 2820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:24:04.0955 2820 idsvc - ok
14:24:05.0317 2820 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:24:05.0491 2820 igfx - ok
14:24:05.0588 2820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:24:05.0589 2820 iirsp - ok
14:24:05.0650 2820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:24:05.0668 2820 IKEEXT - ok
14:24:05.0721 2820 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:24:05.0727 2820 IntcDAud - ok
14:24:05.0747 2820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:24:05.0748 2820 intelide - ok
14:24:05.0771 2820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:24:05.0772 2820 intelppm - ok
14:24:05.0786 2820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:24:05.0788 2820 IPBusEnum - ok
14:24:05.0795 2820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:24:05.0797 2820 IpFilterDriver - ok
14:24:05.0849 2820 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:24:05.0873 2820 iphlpsvc - ok
14:24:05.0881 2820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:24:05.0882 2820 IPMIDRV - ok
14:24:05.0899 2820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:24:05.0901 2820 IPNAT - ok
14:24:05.0923 2820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:24:05.0924 2820 IRENUM - ok
14:24:05.0929 2820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:24:05.0930 2820 isapnp - ok
14:24:05.0957 2820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:24:05.0966 2820 iScsiPrt - ok
14:24:05.0981 2820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:24:05.0982 2820 kbdclass - ok
14:24:05.0999 2820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:24:06.0000 2820 kbdhid - ok
14:24:06.0011 2820 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:24:06.0012 2820 KeyIso - ok
14:24:06.0026 2820 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:24:06.0028 2820 KSecDD - ok
14:24:06.0043 2820 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:24:06.0045 2820 KSecPkg - ok
14:24:06.0053 2820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:24:06.0054 2820 ksthunk - ok
14:24:06.0078 2820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:24:06.0092 2820 KtmRm - ok
14:24:06.0119 2820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:24:06.0127 2820 LanmanServer - ok
14:24:06.0145 2820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:24:06.0148 2820 LanmanWorkstation - ok
14:24:06.0170 2820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:24:06.0171 2820 lltdio - ok
14:24:06.0199 2820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:24:06.0205 2820 lltdsvc - ok
14:24:06.0218 2820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:24:06.0219 2820 lmhosts - ok
14:24:06.0251 2820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:24:06.0253 2820 LSI_FC - ok
14:24:06.0260 2820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:24:06.0262 2820 LSI_SAS - ok
14:24:06.0269 2820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:24:06.0270 2820 LSI_SAS2 - ok
14:24:06.0278 2820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:24:06.0279 2820 LSI_SCSI - ok
14:24:06.0292 2820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:24:06.0293 2820 luafv - ok
14:24:06.0311 2820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:24:06.0313 2820 Mcx2Svc - ok
14:24:06.0326 2820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:24:06.0327 2820 megasas - ok
14:24:06.0349 2820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:24:06.0356 2820 MegaSR - ok
14:24:06.0386 2820 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:24:06.0387 2820 MEIx64 - ok
14:24:06.0408 2820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:24:06.0410 2820 MMCSS - ok
14:24:06.0426 2820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:24:06.0427 2820 Modem - ok
14:24:06.0448 2820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:24:06.0448 2820 monitor - ok
14:24:06.0464 2820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:24:06.0466 2820 mouclass - ok
14:24:06.0491 2820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:24:06.0492 2820 mouhid - ok
14:24:06.0517 2820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:24:06.0518 2820 mountmgr - ok
14:24:06.0538 2820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:24:06.0540 2820 mpio - ok
14:24:06.0552 2820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:24:06.0554 2820 mpsdrv - ok
14:24:06.0571 2820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:24:06.0574 2820 MRxDAV - ok
14:24:06.0592 2820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:24:06.0594 2820 mrxsmb - ok
14:24:06.0616 2820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:24:06.0620 2820 mrxsmb10 - ok
14:24:06.0629 2820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:24:06.0631 2820 mrxsmb20 - ok
14:24:06.0655 2820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:24:06.0656 2820 msahci - ok
14:24:06.0663 2820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:24:06.0665 2820 msdsm - ok
14:24:06.0694 2820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:24:06.0697 2820 MSDTC - ok
14:24:06.0723 2820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:24:06.0723 2820 Msfs - ok
14:24:06.0741 2820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:24:06.0742 2820 mshidkmdf - ok
14:24:06.0763 2820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:24:06.0763 2820 msisadrv - ok
14:24:06.0787 2820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:24:06.0791 2820 MSiSCSI - ok
14:24:06.0793 2820 msiserver - ok
14:24:06.0815 2820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:24:06.0816 2820 MSKSSRV - ok
14:24:06.0820 2820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:24:06.0820 2820 MSPCLOCK - ok
14:24:06.0825 2820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:24:06.0825 2820 MSPQM - ok
14:24:06.0856 2820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:24:06.0859 2820 MsRPC - ok
14:24:06.0878 2820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:24:06.0879 2820 mssmbios - ok
14:24:06.0881 2820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:24:06.0882 2820 MSTEE - ok
14:24:06.0885 2820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:24:06.0886 2820 MTConfig - ok
14:24:06.0900 2820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:24:06.0901 2820 Mup - ok
14:24:06.0939 2820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:24:06.0958 2820 napagent - ok
14:24:07.0002 2820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:24:07.0017 2820 NativeWifiP - ok
14:24:07.0074 2820 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
14:24:07.0085 2820 NDIS - ok
14:24:07.0105 2820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:24:07.0106 2820 NdisCap - ok
14:24:07.0119 2820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:24:07.0120 2820 NdisTapi - ok
14:24:07.0126 2820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:24:07.0127 2820 Ndisuio - ok
14:24:07.0147 2820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:24:07.0150 2820 NdisWan - ok
14:24:07.0168 2820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:24:07.0169 2820 NDProxy - ok
14:24:07.0183 2820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:24:07.0183 2820 NetBIOS - ok
14:24:07.0203 2820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:24:07.0210 2820 NetBT - ok
14:24:07.0236 2820 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:24:07.0237 2820 Netlogon - ok
14:24:07.0287 2820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:24:07.0301 2820 Netman - ok
14:24:07.0421 2820 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:24:07.0445 2820 NetMsmqActivator - ok
14:24:07.0462 2820 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:24:07.0464 2820 NetPipeActivator - ok
14:24:07.0501 2820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:24:07.0512 2820 netprofm - ok
14:24:07.0516 2820 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:24:07.0518 2820 NetTcpActivator - ok
14:24:07.0522 2820 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:24:07.0523 2820 NetTcpPortSharing - ok
14:24:07.0566 2820 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
14:24:07.0569 2820 netvsc - ok
14:24:07.0605 2820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:24:07.0607 2820 nfrd960 - ok
14:24:07.0640 2820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:24:07.0648 2820 NlaSvc - ok
14:24:07.0660 2820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:24:07.0661 2820 Npfs - ok
14:24:07.0672 2820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:24:07.0674 2820 nsi - ok
14:24:07.0685 2820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:24:07.0686 2820 nsiproxy - ok
14:24:07.0769 2820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:24:07.0802 2820 Ntfs - ok
14:24:07.0885 2820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:24:07.0886 2820 Null - ok
14:24:07.0902 2820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:24:07.0905 2820 nvraid - ok
14:24:07.0928 2820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:24:07.0931 2820 nvstor - ok
14:24:07.0959 2820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:24:07.0961 2820 nv_agp - ok
14:24:08.0050 2820 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:24:08.0056 2820 odserv - ok
14:24:08.0062 2820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:24:08.0064 2820 ohci1394 - ok
14:24:08.0097 2820 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:24:08.0099 2820 ose - ok
14:24:08.0138 2820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:24:08.0153 2820 p2pimsvc - ok
14:24:08.0183 2820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:24:08.0194 2820 p2psvc - ok
14:24:08.0201 2820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:24:08.0203 2820 Parport - ok
14:24:08.0217 2820 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:24:08.0218 2820 partmgr - ok
14:24:08.0233 2820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:24:08.0235 2820 PcaSvc - ok
14:24:08.0261 2820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:24:08.0264 2820 pci - ok
14:24:08.0285 2820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:24:08.0286 2820 pciide - ok
14:24:08.0313 2820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:24:08.0316 2820 pcmcia - ok
14:24:08.0330 2820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:24:08.0331 2820 pcw - ok
14:24:08.0370 2820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:24:08.0385 2820 PEAUTH - ok
14:24:08.0454 2820 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:24:08.0475 2820 PeerDistSvc - ok
14:24:08.0530 2820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:24:08.0532 2820 PerfHost - ok
14:24:08.0649 2820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:24:08.0669 2820 pla - ok
14:24:08.0724 2820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:24:08.0736 2820 PlugPlay - ok
14:24:08.0768 2820 Pml Driver HPZ12 (f485770eec8959684cc4c4786b63c06c) C:\Windows\system32\HPZipm12.dll
14:24:08.0770 2820 Pml Driver HPZ12 - ok
14:24:08.0786 2820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:24:08.0788 2820 PNRPAutoReg - ok
14:24:08.0816 2820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:24:08.0819 2820 PNRPsvc - ok
14:24:08.0877 2820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:24:08.0888 2820 PolicyAgent - ok
14:24:08.0919 2820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:24:08.0922 2820 Power - ok
14:24:08.0972 2820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:24:08.0974 2820 PptpMiniport - ok
14:24:08.0988 2820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:24:08.0989 2820 Processor - ok
14:24:09.0024 2820 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:24:09.0034 2820 ProfSvc - ok
14:24:09.0044 2820 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:24:09.0045 2820 ProtectedStorage - ok
14:24:09.0071 2820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:24:09.0073 2820 Psched - ok
14:24:09.0101 2820 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:24:09.0102 2820 PxHlpa64 - ok
14:24:09.0178 2820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:24:09.0207 2820 ql2300 - ok
14:24:09.0274 2820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:24:09.0287 2820 ql40xx - ok
14:24:09.0317 2820 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:24:09.0326 2820 QWAVE - ok
14:24:09.0334 2820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:24:09.0336 2820 QWAVEdrv - ok
14:24:09.0340 2820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:24:09.0346 2820 RasAcd - ok
14:24:09.0380 2820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:24:09.0381 2820 RasAgileVpn - ok
14:24:09.0401 2820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:24:09.0404 2820 RasAuto - ok
14:24:09.0422 2820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:24:09.0424 2820 Rasl2tp - ok
14:24:09.0451 2820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:24:09.0466 2820 RasMan - ok
14:24:09.0480 2820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:24:09.0482 2820 RasPppoe - ok
14:24:09.0494 2820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:24:09.0496 2820 RasSstp - ok
14:24:09.0520 2820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:24:09.0524 2820 rdbss - ok
14:24:09.0536 2820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:24:09.0537 2820 rdpbus - ok
14:24:09.0553 2820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:24:09.0553 2820 RDPCDD - ok
14:24:09.0580 2820 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:24:09.0583 2820 RDPDR - ok
14:24:09.0596 2820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:24:09.0597 2820 RDPENCDD - ok
14:24:09.0610 2820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:24:09.0610 2820 RDPREFMP - ok
14:24:09.0633 2820 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:24:09.0636 2820 RDPWD - ok
14:24:09.0656 2820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:24:09.0659 2820 rdyboost - ok
14:24:09.0691 2820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:24:09.0694 2820 RemoteAccess - ok
14:24:09.0713 2820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:24:09.0716 2820 RemoteRegistry - ok
14:24:09.0730 2820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:24:09.0732 2820 RpcEptMapper - ok
14:24:09.0749 2820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:24:09.0750 2820 RpcLocator - ok
14:24:09.0780 2820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:24:09.0785 2820 RpcSs - ok
14:24:09.0810 2820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:24:09.0812 2820 rspndr - ok
14:24:09.0857 2820 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:24:09.0866 2820 RTL8167 - ok
14:24:09.0882 2820 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:24:09.0883 2820 s3cap - ok
14:24:09.0894 2820 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:24:09.0895 2820 SamSs - ok
14:24:09.0912 2820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:24:09.0914 2820 sbp2port - ok
14:24:09.0937 2820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:24:09.0941 2820 SCardSvr - ok
14:24:09.0957 2820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:24:09.0958 2820 scfilter - ok
14:24:10.0016 2820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:24:10.0037 2820 Schedule - ok
14:24:10.0061 2820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:24:10.0062 2820 SCPolicySvc - ok
14:24:10.0082 2820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:24:10.0086 2820 SDRSVC - ok
14:24:10.0133 2820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:24:10.0134 2820 secdrv - ok
14:24:10.0148 2820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:24:10.0150 2820 seclogon - ok
14:24:10.0165 2820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:24:10.0168 2820 SENS - ok
14:24:10.0180 2820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:24:10.0182 2820 SensrSvc - ok
14:24:10.0203 2820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:24:10.0204 2820 Serenum - ok
14:24:10.0211 2820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:24:10.0213 2820 Serial - ok
14:24:10.0217 2820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:24:10.0219 2820 sermouse - ok
14:24:10.0247 2820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:24:10.0249 2820 SessionEnv - ok
14:24:10.0251 2820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:24:10.0252 2820 sffdisk - ok
14:24:10.0255 2820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:24:10.0255 2820 sffp_mmc - ok
14:24:10.0259 2820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:24:10.0259 2820 sffp_sd - ok
14:24:10.0262 2820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:24:10.0263 2820 sfloppy - ok
14:24:10.0388 2820 SftService (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:24:10.0419 2820 SftService - ok
14:24:10.0494 2820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:24:10.0507 2820 ShellHWDetection - ok
14:24:10.0549 2820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:24:10.0550 2820 SiSRaid2 - ok
14:24:10.0558 2820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:24:10.0559 2820 SiSRaid4 - ok
14:24:10.0574 2820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:24:10.0576 2820 Smb - ok
14:24:10.0598 2820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:24:10.0600 2820 SNMPTRAP - ok
14:24:10.0614 2820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:24:10.0614 2820 spldr - ok
14:24:10.0649 2820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:24:10.0666 2820 Spooler - ok
14:24:10.0799 2820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:24:10.0851 2820 sppsvc - ok
14:24:10.0933 2820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:24:10.0936 2820 sppuinotify - ok
14:24:10.0984 2820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:24:10.0990 2820 srv - ok
14:24:11.0017 2820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:24:11.0022 2820 srv2 - ok
14:24:11.0041 2820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:24:11.0043 2820 srvnet - ok
14:24:11.0068 2820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:24:11.0077 2820 SSDPSRV - ok
14:24:11.0093 2820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:24:11.0096 2820 SstpSvc - ok
14:24:11.0123 2820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:24:11.0124 2820 stexstor - ok
14:24:11.0182 2820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:24:11.0197 2820 stisvc - ok
14:24:11.0223 2820 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:24:11.0225 2820 StorSvc - ok
14:24:11.0241 2820 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:24:11.0242 2820 storvsc - ok
14:24:11.0254 2820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:24:11.0255 2820 swenum - ok
14:24:11.0288 2820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:24:11.0296 2820 swprv - ok
14:24:11.0306 2820 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
14:24:11.0307 2820 SynthVid - ok
14:24:11.0390 2820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:24:11.0419 2820 SysMain - ok
14:24:11.0486 2820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:24:11.0489 2820 TabletInputService - ok
14:24:11.0514 2820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:24:11.0521 2820 TapiSrv - ok
14:24:11.0538 2820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:24:11.0541 2820 TBS - ok
14:24:11.0642 2820 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:24:11.0673 2820 Tcpip - ok
14:24:11.0800 2820 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:24:11.0816 2820 TCPIP6 - ok
14:24:11.0875 2820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:24:11.0876 2820 tcpipreg - ok
14:24:11.0887 2820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:24:11.0888 2820 TDPIPE - ok
14:24:11.0893 2820 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:24:11.0894 2820 TDTCP - ok
14:24:11.0913 2820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:24:11.0915 2820 tdx - ok
14:24:11.0942 2820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:24:11.0944 2820 TermDD - ok
14:24:11.0996 2820 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:24:12.0009 2820 TermService - ok
14:24:12.0025 2820 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:24:12.0027 2820 Themes - ok
14:24:12.0049 2820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:24:12.0051 2820 THREADORDER - ok
14:24:12.0077 2820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:24:12.0081 2820 TrkWks - ok
14:24:12.0136 2820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:24:12.0139 2820 TrustedInstaller - ok
14:24:12.0160 2820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:24:12.0161 2820 tssecsrv - ok
14:24:12.0185 2820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:24:12.0186 2820 TsUsbFlt - ok
14:24:12.0191 2820 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:24:12.0192 2820 TsUsbGD - ok
14:24:12.0221 2820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:24:12.0224 2820 tunnel - ok
14:24:12.0229 2820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:24:12.0231 2820 uagp35 - ok
14:24:12.0246 2820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:24:12.0249 2820 udfs - ok
14:24:12.0263 2820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:24:12.0264 2820 UI0Detect - ok
14:24:12.0278 2820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:24:12.0279 2820 uliagpkx - ok
14:24:12.0296 2820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:24:12.0297 2820 umbus - ok
14:24:12.0299 2820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:24:12.0300 2820 UmPass - ok
14:24:12.0327 2820 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:24:12.0336 2820 UmRdpService - ok
14:24:12.0362 2820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:24:12.0376 2820 upnphost - ok
14:24:12.0402 2820 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
14:24:12.0404 2820 usbccgp - ok
14:24:12.0434 2820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:24:12.0436 2820 usbcir - ok
14:24:12.0454 2820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:24:12.0455 2820 usbehci - ok
14:24:12.0625 2820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:24:12.0629 2820 usbhub - ok
14:24:12.0648 2820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:24:12.0649 2820 usbohci - ok
14:24:12.0661 2820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:24:12.0662 2820 usbprint - ok
14:24:12.0680 2820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:24:12.0681 2820 USBSTOR - ok
14:24:12.0700 2820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:24:12.0701 2820 usbuhci - ok
14:24:12.0716 2820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:24:12.0718 2820 UxSms - ok
14:24:12.0744 2820 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:24:12.0745 2820 VaultSvc - ok
14:24:12.0765 2820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:24:12.0766 2820 vdrvroot - ok
14:24:12.0812 2820 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:24:12.0836 2820 vds - ok
14:24:12.0861 2820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:24:12.0862 2820 vga - ok
14:24:12.0873 2820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:24:12.0874 2820 VgaSave - ok
14:24:12.0886 2820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:24:12.0889 2820 vhdmp - ok
14:24:12.0894 2820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:24:12.0895 2820 viaide - ok
14:24:12.0919 2820 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:24:12.0920 2820 VMBusHID - ok
14:24:12.0932 2820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:24:12.0933 2820 volmgr - ok
14:24:12.0957 2820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:24:12.0960 2820 volmgrx - ok
14:24:12.0980 2820 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:24:12.0983 2820 volsnap - ok
14:24:13.0028 2820 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
14:24:13.0031 2820 vpcbus - ok
14:24:13.0054 2820 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
14:24:13.0055 2820 vpcnfltr - ok
14:24:13.0074 2820 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
14:24:13.0076 2820 vpcusb - ok
14:24:13.0107 2820 vpcvmm (30d4243726a15a14f5c5e45898d14394) C:\Windows\system32\drivers\vpcvmm.sys
14:24:13.0111 2820 vpcvmm - ok
14:24:13.0138 2820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:24:13.0140 2820 vsmraid - ok
14:24:13.0223 2820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:24:13.0255 2820 VSS - ok
14:24:13.0347 2820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:24:13.0348 2820 vwifibus - ok
14:24:13.0383 2820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:24:13.0396 2820 W32Time - ok
14:24:13.0408 2820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:24:13.0410 2820 WacomPen - ok
14:24:13.0444 2820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:24:13.0445 2820 WANARP - ok
14:24:13.0457 2820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:24:13.0458 2820 Wanarpv6 - ok
14:24:13.0543 2820 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:24:13.0567 2820 WatAdminSvc - ok
14:24:13.0648 2820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:24:13.0682 2820 wbengine - ok
14:24:13.0752 2820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:24:13.0762 2820 WbioSrvc - ok
14:24:13.0791 2820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:24:13.0804 2820 wcncsvc - ok
14:24:13.0817 2820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:24:13.0819 2820 WcsPlugInService - ok
14:24:13.0852 2820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:24:13.0853 2820 Wd - ok
14:24:13.0890 2820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:24:13.0898 2820 Wdf01000 - ok
14:24:13.0915 2820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:24:13.0918 2820 WdiServiceHost - ok
14:24:13.0921 2820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:24:13.0924 2820 WdiSystemHost - ok
14:24:13.0946 2820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:24:13.0953 2820 WebClient - ok
14:24:13.0973 2820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:24:13.0976 2820 Wecsvc - ok
14:24:13.0988 2820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:24:13.0990 2820 wercplsupport - ok
14:24:14.0018 2820 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:24:14.0020 2820 WerSvc - ok
14:24:14.0065 2820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:24:14.0066 2820 WfpLwf - ok
14:24:14.0103 2820 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:24:14.0106 2820 WimFltr - ok
14:24:14.0116 2820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:24:14.0117 2820 WIMMount - ok
14:24:14.0149 2820 WinDefend - ok
14:24:14.0156 2820 WinHttpAutoProxySvc - ok
14:24:14.0207 2820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:24:14.0215 2820 Winmgmt - ok
14:24:14.0316 2820 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:24:14.0344 2820 WinRM - ok
14:24:14.0457 2820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:24:14.0474 2820 Wlansvc - ok
14:24:14.0531 2820 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:24:14.0532 2820 wlcrasvc - ok
14:24:14.0655 2820 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:24:14.0694 2820 wlidsvc - ok
14:24:14.0774 2820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:24:14.0775 2820 WmiAcpi - ok
14:24:14.0832 2820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:24:14.0835 2820 wmiApSrv - ok
14:24:14.0858 2820 WMPNetworkSvc - ok
14:24:14.0879 2820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:24:14.0881 2820 WPCSvc - ok
14:24:14.0897 2820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:24:14.0899 2820 WPDBusEnum - ok
14:24:14.0907 2820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:24:14.0907 2820 ws2ifsl - ok
14:24:14.0946 2820 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:24:14.0949 2820 wscsvc - ok
14:24:14.0952 2820 WSearch - ok
14:24:15.0057 2820 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:24:15.0087 2820 wuauserv - ok
14:24:15.0175 2820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:24:15.0177 2820 WudfPf - ok
14:24:15.0205 2820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:24:15.0207 2820 WUDFRd - ok
14:24:15.0221 2820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:24:15.0223 2820 wudfsvc - ok
14:24:15.0243 2820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:24:15.0251 2820 WwanSvc - ok
14:24:15.0269 2820 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:24:15.0446 2820 \Device\Harddisk0\DR0 - ok
14:24:15.0449 2820 Boot (0x1200) (80dad9292b5510caf3860cd537bf4835) \Device\Harddisk0\DR0\Partition0
14:24:15.0451 2820 \Device\Harddisk0\DR0\Partition0 - ok
14:24:15.0465 2820 Boot (0x1200) (5360ce78d421afa903575b5693321dd8) \Device\Harddisk0\DR0\Partition1
14:24:15.0466 2820 \Device\Harddisk0\DR0\Partition1 - ok
14:24:15.0466 2820 ============================================================
14:24:15.0466 2820 Scan finished
14:24:15.0466 2820 ============================================================
14:24:15.0473 3200 Detected object count: 0
14:24:15.0473 3200 Actual detected object count: 0


Following is report from aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-27 14:27:00
-----------------------------
14:27:00.071 OS Version: Windows x64 6.1.7601 Service Pack 1
14:27:00.071 Number of processors: 4 586 0x2A07
14:27:00.071 ComputerName: JACOBP-PC UserName: jacobp
14:27:00.634 Initialize success
14:29:37.720 AVAST engine defs: 12072700
14:30:06.361 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:30:06.364 Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 3
14:30:06.374 Disk 0 MBR read successfully
14:30:06.376 Disk 0 MBR scan
14:30:06.381 Disk 0 Windows VISTA default MBR code
14:30:06.384 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
14:30:06.389 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 17562 MB offset 81920
14:30:06.402 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 459337 MB offset 36048896
14:30:06.422 Disk 0 scanning C:\Windows\system32\drivers
14:30:11.448 Service scanning
14:30:22.837 Modules scanning
14:30:22.846 Disk 0 trace - called modules:
14:30:22.864 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
14:30:22.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800410a060]
14:30:22.876 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8003dcf200]
14:30:22.882 5 ACPI.sys[fffff88000f8e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003ea6060]
14:30:23.797 AVAST engine scan C:\Windows
14:30:25.264 AVAST engine scan C:\Windows\system32
14:31:18.802 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:31:20.071 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:31:59.433 AVAST engine scan C:\Windows\system32\drivers
14:32:06.816 AVAST engine scan C:\Users\jacobp.BSCORP
14:33:31.932 Disk 0 MBR has been saved successfully to "C:\Users\jacobp.BSCORP\Desktop\MBR.dat"
14:33:31.936 The log file has been saved successfully to "C:\Users\jacobp.BSCORP\Desktop\aswMBR.txt"


Still noticing increased PC speed and still no redirects.

Thanks!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 PM

Posted 27 July 2012 - 02:42 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 PM

Posted 29 July 2012 - 11:31 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 JTPA

JTPA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 July 2012 - 09:16 AM

Sorry, I was away for the weekend. Thank you for checking on me. I've pasted the logs that you requested below:

FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 10:08:48
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-02-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-02-04] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-02-04] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-04] (Adobe Systems Inc.)
HKU\jacobp.BSCORP\...\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe" "/Trigger RunAtLogon" [39816 2012-04-18] (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\..\Interfaces\{0002BDF3-23F7-47E2-94BE-93E48554EAE5}: [NameServer]192.168.254.69,209.18.47.62

==================== Services (Whitelisted) ======

2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [173056 2012-06-19] (Dell Products, LP.)
2 DWMRCS; C:\Windows\SysWOW64\DWRCS.EXE -service [232448 2008-03-24] (DameWare Development LLC)

========================== Drivers (Whitelisted) =============

1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2007-02-15] (DameWare)
3 BFE; . [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-30 10:08 - 2012-07-30 10:08 - 00000000 ____D C:\FRST
2012-07-27 09:41 - 2012-07-27 09:45 - 00000000 ___SD C:\32788R22FWJFW
2012-07-27 09:41 - 2012-07-27 09:42 - 00000000 ____D C:\Windows\erdnt
2012-07-27 09:41 - 2012-07-27 09:42 - 00000000 ____D C:\Qoobox
2012-07-26 08:48 - 2012-07-27 14:38 - 00000000 ____D C:\Users\jacobp.BSCORP\Desktop\Virus
2012-07-26 08:44 - 2012-07-26 08:44 - 00000000 ____A C:\Users\jacobp.BSCORP\defogger_reenable
2012-07-19 16:22 - 2012-07-19 16:22 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-18 11:23 - 2012-07-18 11:23 - 00000000 ____D C:\Users\jacobp.BSCORP\Application Data\Malwarebytes
2012-07-18 11:23 - 2012-07-18 11:23 - 00000000 ____D C:\Users\jacobp.BSCORP\AppData\Roaming\Malwarebytes
2012-07-18 11:23 - 2012-07-18 11:23 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-18 11:23 - 2012-07-18 11:23 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-07-18 11:23 - 2012-07-18 11:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-18 11:23 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-18 11:22 - 2012-07-18 11:22 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\jacobp.BSCORP\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-09 09:34 - 2012-07-09 09:34 - 00055808 ____A (DameWare Development LLC) C:\Windows\SysWOW64\DWRCW64.exe
2012-07-09 09:34 - 2012-07-09 09:34 - 00003100 ____A C:\Windows\SysWOW64\DWRCSAccess.log
2012-07-09 09:34 - 2012-07-09 09:34 - 00000000 ___HD C:\Windows\System32\dwrcssft
2012-07-09 09:34 - 2008-03-24 12:46 - 00233472 ____A (DameWare Development LLC) C:\Windows\SysWOW64\DWRCSET.DLL
2012-07-09 09:34 - 2008-03-24 12:46 - 00232448 ____A (DameWare Development LLC) C:\Windows\SysWOW64\DWRCS.EXE
2012-07-09 09:34 - 2008-03-24 12:46 - 00078848 ____A (DameWare Development) C:\Windows\SysWOW64\DWRCST.EXE
2012-07-09 09:34 - 2008-03-24 12:46 - 00053248 ____A (DameWare Development LLC) C:\Windows\SysWOW64\DWRCK.DLL
2012-07-09 09:34 - 2008-01-22 16:08 - 00067584 ____A (DameWare Development LLC) C:\Windows\SysWOW64\DWRCSh64.dll
2012-07-05 14:17 - 2012-07-05 14:17 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

============ 3 Months Modified Files ========================

2012-07-30 10:05 - 2012-01-16 20:17 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl
2012-07-30 10:05 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-30 10:05 - 2009-07-13 23:51 - 00040245 ____A C:\Windows\setupact.log
2012-07-30 09:02 - 2011-12-06 17:28 - 01312115 ____A C:\Windows\WindowsUpdate.log
2012-07-30 08:59 - 2012-01-04 18:03 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-30 08:59 - 2009-07-14 00:13 - 00797632 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 08:57 - 2012-01-04 18:03 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-07-30 08:46 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 08:46 - 2009-07-13 23:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-27 16:21 - 2012-04-05 08:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-27 13:21 - 2012-04-05 08:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-27 13:21 - 2011-12-06 15:33 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-26 08:44 - 2012-07-26 08:44 - 00000000 ____A C:\Users\jacobp.BSCORP\defogger_reenable
2012-07-25 15:08 - 2010-11-20 22:47 - 00019272 ____A C:\Windows\PFRO.log
2012-07-18 11:22 - 2012-07-18 11:22 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\jacobp.BSCORP\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-09 09:34 - 2012-07-09 09:34 - 00055808 ____A (DameWare Development LLC) C:\Windows\SysWOW64\DWRCW64.exe
2012-07-09 09:34 - 2012-07-09 09:34 - 00003100 ____A C:\Windows\SysWOW64\DWRCSAccess.log
2012-07-03 13:46 - 2012-07-18 11:23 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 10:34 - 2012-06-26 10:34 - 00262144 ____A C:\Windows\Minidump\062612-22089-01.dmp
2012-06-26 10:34 - 2012-06-11 08:31 - 292038623 ____A C:\Windows\MEMORY.DMP
2012-06-26 08:53 - 2012-06-26 08:53 - 00262144 ____A C:\Windows\Minidump\062612-29328-01.dmp
2012-06-25 08:43 - 2012-06-25 08:43 - 00262144 ____A C:\Windows\Minidump\062512-20077-01.dmp
2012-06-20 16:05 - 2012-06-20 16:05 - 00262144 ____A C:\Windows\Minidump\062012-27237-01.dmp
2012-06-15 11:34 - 2012-06-15 11:34 - 00027648 ____A C:\Users\jacobp.BSCORP\Downloads\Payroll Template - Salvatore Souza DDS.xls
2012-06-11 08:31 - 2012-06-11 08:31 - 00262144 ____A C:\Windows\Minidump\061112-16052-01.dmp
2012-06-04 08:34 - 2009-07-14 00:08 - 00032568 ____A C:\Windows\Tasks\SCHEDLGU.TXT

ZeroAccess:
C:\Windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}
C:\Windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\L
C:\Windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 2984.63 MB
Available physical RAM: 2445.43 MB
Total Pagefile: 2982.83 MB
Available Pagefile: 2436.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:448.57 GB) (Free:407.11 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:17.15 GB) (Free:9.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (JACOB PA) (Removable) (Total:0.95 GB) (Free:0.86 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 968 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 17 GB 40 MB
Partition 3 Primary 448 GB 17 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 17 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 448 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 967 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F JACOB PA FAT Removable 967 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 14:01

======================= End Of Log ==========================

& search.txt



Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 10:09:58
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 PM

Posted 30 July 2012 - 12:02 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 JTPA

JTPA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 July 2012 - 12:43 PM

Here is the fixlog you've requested:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-30 13:40:19 Run:1
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\assembly\GAC\Desktop.ini not found.
C:\Windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb} moved successfully.

==== End of Fixlog ====

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 PM

Posted 30 July 2012 - 01:11 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 JTPA

JTPA
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 July 2012 - 02:04 PM

Following is log from ComboFix

ComboFix 12-07-30.01 - jacobp 07/30/2012 13:53:40.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2985.1773 [GMT -5:00]
Running from: c:\users\jacobp.BSCORP\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jacobp.BSCORP\g2mdlhlpx.exe
c:\windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\@
c:\windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\L\00000004.@
c:\windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\L\1afb2d56
c:\windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\L\201d3dde
c:\windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\U\00000004.@
c:\windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\U\00000008.@
c:\windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\U\000000cb.@
c:\windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\U\80000000.@
c:\windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\U\80000032.@
c:\windows\Installer\{8eaaf8ba-2d32-f77b-f277-4dbbabe79cdb}\U\80000064.@
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 18:56 . 2012-07-30 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 18:56 . 2012-07-30 18:56 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-07-30 15:08 . 2012-07-30 15:08 -------- d-----w- C:\FRST
2012-07-19 21:22 . 2012-07-19 21:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-18 16:23 . 2012-07-18 16:23 -------- d-----w- c:\users\jacobp.BSCORP\AppData\Roaming\Malwarebytes
2012-07-18 16:23 . 2012-07-18 16:23 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 16:23 . 2012-07-18 16:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 16:23 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 14:34 . 2012-07-09 14:34 55808 ----a-w- c:\windows\SysWow64\DWRCW64.exe
2012-07-09 14:34 . 2012-07-09 14:34 -------- d--h--w- c:\windows\system32\dwrcssft
2012-07-09 14:34 . 2008-03-24 17:46 78848 ----a-w- c:\windows\SysWow64\DWRCST.EXE
2012-07-09 14:34 . 2008-03-24 17:46 233472 ----a-w- c:\windows\SysWow64\DWRCSET.DLL
2012-07-09 14:34 . 2008-03-24 17:46 232448 ----a-w- c:\windows\SysWow64\DWRCS.EXE
2012-07-09 14:34 . 2008-03-24 17:46 53248 ----a-w- c:\windows\SysWow64\DWRCK.DLL
2012-07-09 14:34 . 2008-01-22 21:08 67584 ----a-w- c:\windows\SysWow64\DWRCSh64.dll
2012-07-05 19:17 . 2012-07-05 19:17 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-03 13:39 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79789412-2B3A-498F-B8D6-1BA260C280A7}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 18:21 . 2012-04-05 13:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 18:21 . 2011-12-06 20:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\880\g2mstart.exe" [2012-04-18 39816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"DameWare MRC Agent"="c:\windows\SysWOW64\DWRCST.exe" [2008-03-24 78848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [2007-02-15 30720]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 173056]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 18:21]
.
2012-07-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-07-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-04 418328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{0002BDF3-23F7-47E2-94BE-93E48554EAE5}: NameServer = 192.168.254.69,209.18.47.62
DPF: {19529B56-E206-4F0B-B44E-97B5F4861E6A} - hxxps://reporter.invlink.com/crystalreportviewers115/ActiveXControls/PrintControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a9,55,39,32,75,4d,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\DWRCS.EXE
.
**************************************************************************
.
Completion time: 2012-07-30 14:02:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 19:02
.
Pre-Run: 437,614,743,552 bytes free
Post-Run: 438,470,275,072 bytes free
.
- - End Of File - - 1475EDE51BF56243A8A2DB5BBD2FC33B


No problems, computer is running much faster, no redirects when using Google!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:08 PM

Posted 30 July 2012 - 08:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users