Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of a .exe Virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 Ribbitmeister

Ribbitmeister

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 02 August 2012 - 01:14 PM

Infected by a virus from a .exe. Directed form Am I Infected? page

DDS Log


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Mycah Braxton at 14:08:25 on 2012-08-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3689.1738 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Mycah Braxton\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Magic Workstation\MagicWorkstation.exe
C:\Program Files (x86)\Skype\Phone\skype.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = proxy.doshisha.ac.jp:8080
uInternet Settings,ProxyOverride = do-net.doshisha.ac.jp;do-netmac.doshisha.ac.jp;<local>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\MYCAHB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mycah Braxton\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{808E6E79-9EE2-49BE-91B9-A5576EBFB07E} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{808E6E79-9EE2-49BE-91B9-A5576EBFB07E}\354716E666F6274602255637964656E6365637 : DhcpNameServer = 171.64.7.77 171.64.7.99 171.64.7.121
TCP: Interfaces\{808E6E79-9EE2-49BE-91B9-A5576EBFB07E}\6796379647F627 : DhcpNameServer = 172.30.31.252 8.8.8.8 8.8.4.4
TCP: Interfaces\{808E6E79-9EE2-49BE-91B9-A5576EBFB07E}\C49626D2B434A435 : DhcpNameServer = 202.23.130.32 202.23.130.33
TCP: Interfaces\{808E6E79-9EE2-49BE-91B9-A5576EBFB07E}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C646145F-B32D-497A-88CB-75E328180417} : DhcpNameServer = 10.130.0.1 202.224.32.1 202.224.32.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-3-14 197504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys --> C:\Windows\system32\drivers\bcbtums.sys [?]
R3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-01 21:53:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3CBE5886-D1D2-4905-8B24-F50999F72580}\offreg.dll
2012-08-01 21:29:23 -------- d-----w- C:\Program Files (x86)\Magic Workstation
2012-08-01 17:57:19 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3CBE5886-D1D2-4905-8B24-F50999F72580}\mpengine.dll
2012-07-31 20:08:53 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-31 17:21:06 -------- d-----w- C:\Users\Mycah Braxton\AppData\Roaming\f-secure
2012-07-31 17:20:47 -------- d-----w- C:\ProgramData\F-Secure
2012-07-31 17:08:59 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-29 17:34:47 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-29 17:23:38 -------- d-----w- C:\Users\Mycah Braxton\AppData\Roaming\Malwarebytes
2012-07-29 17:23:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-29 17:23:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-29 17:23:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-29 13:49:35 208896 ----a-w- C:\Windows\MBR.exe
2012-07-29 13:49:28 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-29 13:49:28 256000 ----a-w- C:\Windows\PEV.exe
2012-07-29 13:49:26 98816 ----a-w- C:\Windows\sed.exe
2012-07-29 13:03:44 -------- d-----w- C:\Program Files (x86)\smartdl
2012-07-28 23:04:19 -------- d-----w- C:\Users\Mycah Braxton\AppData\Roaming\.minecraft
2012-07-28 23:01:05 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-28 22:56:10 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-28 22:56:08 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-27 16:56:36 568722 ----a-w- C:\torrent.exe
2012-07-22 04:12:16 -------- d-----w- C:\Users\Mycah Braxton\AppData\Local\Windows Live
2012-07-22 04:12:00 -------- d-----w- C:\Users\Mycah Braxton\AppData\Local\{E41C7D66-3486-42ED-B62C-29E65D4B58AE}
2012-07-22 04:12:00 -------- d-----w- C:\Users\Mycah Braxton\AppData\Local\{CE481764-9B65-4FD6-BF0E-0DEF376B0E2F}
2012-07-22 04:11:50 -------- d-----w- C:\Users\Mycah Braxton\AppData\Roaming\Windows Live Writer
2012-07-22 04:11:50 -------- d-----w- C:\Users\Mycah Braxton\AppData\Local\Windows Live Writer
2012-07-12 21:04:44 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 11:03:22 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
2012-07-11 21:38:30 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-11 21:38:30 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 21:38:30 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 21:38:30 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-11 21:38:29 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 21:38:29 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 21:38:29 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-11 21:38:28 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-11 21:38:28 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-11 13:17:30 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 13:17:30 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 13:17:29 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 13:17:29 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 13:17:29 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 13:17:29 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-07 22:45:22 -------- d-----w- C:\Windows\PCHEALTH
2012-07-07 22:41:57 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-07-07 22:41:17 -------- d-----w- C:\Windows\SHELLNEW
2012-07-07 22:40:48 -------- d-----w- C:\Users\Mycah Braxton\AppData\Local\Microsoft Help
2012-07-07 22:35:42 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-07-07 22:35:26 -------- d-----w- C:\Users\Mycah Braxton\AppData\Roaming\DAEMON Tools Lite
2012-07-07 22:35:16 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-07-07 22:34:38 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-07-04 04:36:31 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7DE9169F-77E9-470F-AFB3-5BD911886751}\gapaengine.dll
.
==================== Find3M ====================
.
2012-07-31 20:09:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 20:09:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-09 05:09:09 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-05-09 05:09:09 685160 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-05-09 05:09:09 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-05-09 03:34:21 9887848 ----a-w- C:\Windows\SysWow64\RtsUStoricon.dll
2012-05-09 03:34:21 422504 ----a-w- C:\Windows\System32\RtsUStor.dll
2012-05-09 03:34:21 251496 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys
.
============= FINISH: 14:10:09.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Ribbitmeister

Ribbitmeister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 02 August 2012 - 01:21 PM

Combofix Log


ComboFix 12-07-29.02 - Mycah Braxton 07/29/2012 12:21:07.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3689.2341 [GMT -4:00]
Running from: c:\users\Mycah Braxton\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 16:29 . 2012-07-29 16:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 15:35 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4811DCA0-AAC8-4D00-9679-3D08C66617E3}\mpengine.dll
2012-07-29 13:03 . 2012-07-29 13:03 -------- d-----w- c:\program files (x86)\smartdl
2012-07-28 23:04 . 2012-07-28 23:16 -------- d-----w- c:\users\Mycah Braxton\AppData\Roaming\.minecraft
2012-07-28 23:01 . 2012-07-28 23:01 -------- d-----w- c:\program files (x86)\Oracle
2012-07-28 22:56 . 2012-07-06 02:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-28 22:56 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-28 22:54 . 2012-07-28 22:54 -------- d-----w- c:\program files (x86)\Java
2012-07-28 22:53 . 2012-07-28 22:53 -------- d-----w- c:\programdata\McAfee
2012-07-28 13:20 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-27 16:56 . 2012-07-27 16:56 568722 ----a-w- C:\torrent.exe
2012-07-22 04:12 . 2012-07-22 04:12 -------- d-----w- c:\users\Mycah Braxton\AppData\Local\Windows Live
2012-07-22 04:11 . 2012-07-22 04:12 -------- d-----w- c:\users\Mycah Braxton\AppData\Local\Windows Live Writer
2012-07-22 04:11 . 2012-07-22 04:11 -------- d-----w- c:\users\Mycah Braxton\AppData\Roaming\Windows Live Writer
2012-07-12 21:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 11:03 . 2012-07-12 11:03 -------- d--h--w- c:\programdata\CanonBJ
2012-07-12 11:03 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2012-07-11 21:38 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 21:38 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 21:38 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 21:38 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 21:38 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 21:38 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 21:38 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 21:38 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 21:38 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 21:38 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-11 13:17 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 13:17 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 13:17 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 13:17 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 13:17 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 13:17 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-08 02:04 . 2012-07-08 02:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-07 22:47 . 2012-07-09 19:16 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-07-07 22:45 . 2012-07-07 22:45 -------- d-----w- c:\windows\PCHEALTH
2012-07-07 22:42 . 2012-07-07 22:42 -------- d-----w- c:\program files\Microsoft Office
2012-07-07 22:41 . 2012-07-07 22:41 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-07-07 22:41 . 2012-07-07 22:47 -------- d-----w- c:\windows\SHELLNEW
2012-07-07 22:40 . 2012-07-07 22:40 -------- d-----w- c:\users\Mycah Braxton\AppData\Local\Microsoft Help
2012-07-07 22:40 . 2012-07-12 21:04 -------- d-----w- c:\programdata\Microsoft Help
2012-07-07 22:39 . 2012-07-07 22:39 -------- d-----r- C:\MSOCache
2012-07-07 22:35 . 2012-07-07 22:35 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-07 22:35 . 2012-07-07 22:38 -------- d-----w- c:\users\Mycah Braxton\AppData\Roaming\DAEMON Tools Lite
2012-07-07 22:35 . 2012-07-07 22:35 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-07-07 22:34 . 2012-07-07 22:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-07-04 04:36 . 2012-04-17 00:15 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DE9169F-77E9-470F-AFB3-5BD911886751}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 01:14 . 2012-04-17 01:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 01:14 . 2011-10-16 20:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 14:40 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 14:40 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:40 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:40 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 14:40 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 14:40 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 14:40 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 14:40 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-09 05:09 . 2012-05-09 05:10 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-05-09 05:09 . 2012-05-09 05:10 685160 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-05-09 05:09 . 2012-02-02 09:04 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-05-09 03:34 . 2012-05-09 03:35 251496 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-05-09 03:34 . 2012-05-09 03:35 9887848 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-05-09 03:34 . 2012-05-09 03:35 422504 ----a-w- c:\windows\system32\RtsUStor.dll
2012-05-04 11:06 . 2012-06-12 21:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 21:01 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 21:01 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 21:02 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Mycah Braxton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Mycah Braxton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Mycah Braxton\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-13 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-29 336384]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
.
c:\users\Mycah Braxton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mycah Braxton\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 257224]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-21 89640]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-07 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-29 204288]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-29 9371136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-29 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-18 115216]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-21 133672]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-21 620584]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-21 39976]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2012-05-09 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-05-09 685160]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-08 53376]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 01:14]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681252267-347641421-554505533-1000Core.job
- c:\users\Mycah Braxton\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 00:18]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1681252267-347641421-554505533-1000UA.job
- c:\users\Mycah Braxton\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 00:18]
.
2012-07-29 c:\windows\Tasks\HPCeeScheduleForBASTION$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2012-07-29 c:\windows\Tasks\HPCeeScheduleForMycah Braxton.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Mycah Braxton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Mycah Braxton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Mycah Braxton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Mycah Braxton\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-07-01 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = proxy.doshisha.ac.jp:8080
uInternet Settings,ProxyOverride = do-net.doshisha.ac.jp;do-netmac.doshisha.ac.jp;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-29 12:35:47
ComboFix-quarantined-files.txt 2012-07-29 16:35
.
Pre-Run: 410,164,678,656 bytes free
Post-Run: 409,513,787,392 bytes free
.
- - End Of File - - 6D4D25C638404343C506BB64B5A032C9

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 07 August 2012 - 01:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463582 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 AM

Posted 12 August 2012 - 01:20 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!


Mod Edit: Topic reopened per OP request rec'd via PM - Hamluis.

Edited by hamluis, 16 August 2012 - 02:17 PM.
Topic reopened - Hamluis.


#5 Ribbitmeister

Ribbitmeister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 17 August 2012 - 09:53 PM

Last month I accidentally downloaded and ran an .exe. I am concerned it had malevolent software. I was directed to this page from the "Am I Infected" page. My DD log follows and my GMER log is attached. I had some trouble running GMER that I'll explain in the next post.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Mycah Braxton at 18:23:47 on 2012-08-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3689.1276 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Mycah Braxton\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\splwow64.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mycah Braxton\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = proxy.doshisha.ac.jp:8080
uInternet Settings,ProxyOverride = do-net.doshisha.ac.jp;do-netmac.doshisha.ac.jp;<local>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\MYCAHB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mycah Braxton\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{808E6E79-9EE2-49BE-91B9-A5576EBFB07E} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{808E6E79-9EE2-49BE-91B9-A5576EBFB07E}\354716E666F6274602255637964656E6365637 : DhcpNameServer = 171.64.7.77 171.64.7.99 171.64.7.121
TCP: Interfaces\{808E6E79-9EE2-49BE-91B9-A5576EBFB07E}\6796379647F627 : DhcpNameServer = 172.30.31.252 8.8.8.8 8.8.4.4
TCP: Interfaces\{808E6E79-9EE2-49BE-91B9-A5576EBFB07E}\C49626D2B434A435 : DhcpNameServer = 202.23.130.32 202.23.130.33
TCP: Interfaces\{808E6E79-9EE2-49BE-91B9-A5576EBFB07E}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C646145F-B32D-497A-88CB-75E328180417} : DhcpNameServer = 10.130.0.1 202.224.32.1 202.224.32.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-3-14 197504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys --> C:\Windows\system32\drivers\bcbtums.sys [?]
R3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-16 250056]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-17 05:46:31 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C62F23F1-A2AD-4820-A210-569AD021D5BE}\mpengine.dll
2012-08-16 19:05:03 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-16 04:53:45 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 02:02:56 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 02:02:55 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 02:02:45 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 02:02:44 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 02:02:44 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 02:02:44 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 02:01:06 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 02:01:06 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 02:01:05 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 02:01:01 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 02:00:58 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-04 01:18:43 -------- d-----w- C:\Users\Mycah Braxton\AppData\Roaming\calibre
2012-08-04 01:17:40 -------- d-----w- C:\Program Files (x86)\Calibre2
2012-08-03 18:54:48 -------- d-----w- C:\Program Files (x86)\BeadSurge
2012-08-01 21:29:23 -------- d-----w- C:\Program Files (x86)\Magic Workstation
2012-07-31 20:08:53 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-31 17:21:06 -------- d-----w- C:\Users\Mycah Braxton\AppData\Roaming\f-secure
2012-07-31 17:20:47 -------- d-----w- C:\ProgramData\F-Secure
2012-07-29 17:34:47 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-29 17:23:38 -------- d-----w- C:\Users\Mycah Braxton\AppData\Roaming\Malwarebytes
2012-07-29 17:23:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-29 17:23:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-29 17:23:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-29 13:49:35 208896 ----a-w- C:\Windows\MBR.exe
2012-07-29 13:49:28 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-29 13:49:28 256000 ----a-w- C:\Windows\PEV.exe
2012-07-29 13:49:26 98816 ----a-w- C:\Windows\sed.exe
2012-07-29 13:03:44 -------- d-----w- C:\Program Files (x86)\smartdl
2012-07-28 23:04:19 -------- d-----w- C:\Users\Mycah Braxton\AppData\Roaming\.minecraft
2012-07-28 23:01:05 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-28 22:56:10 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-28 22:56:08 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-27 16:56:36 568722 ----a-w- C:\torrent.exe
2012-07-22 04:12:16 -------- d-----w- C:\Users\Mycah Braxton\AppData\Local\Windows Live
2012-07-22 04:12:00 -------- d-----w- C:\Users\Mycah Braxton\AppData\Local\{E41C7D66-3486-42ED-B62C-29E65D4B58AE}
2012-07-22 04:12:00 -------- d-----w- C:\Users\Mycah Braxton\AppData\Local\{CE481764-9B65-4FD6-BF0E-0DEF376B0E2F}
2012-07-22 04:11:50 -------- d-----w- C:\Users\Mycah Braxton\AppData\Roaming\Windows Live Writer
2012-07-22 04:11:50 -------- d-----w- C:\Users\Mycah Braxton\AppData\Local\Windows Live Writer
.
==================== Find3M ====================
.
2012-08-17 20:49:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-17 20:49:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-07 22:35:42 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-07 00:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 18:25:07.20 ===============

#6 Ribbitmeister

Ribbitmeister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 17 August 2012 - 09:57 PM

When I downloaded GMER, neither this website nor the other host downloaded a .zip file. Instead, there was a file named "XXX" and when I opened it, the "services, registry, files, c:\, and ADS options were preselected and I couldn't select anything else.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:20 AM

Posted 18 August 2012 - 09:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I see nothing wrong in your logs.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review and let me know what issues you are having with this computer.

#8 Ribbitmeister

Ribbitmeister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 18 August 2012 - 10:14 AM

TDSS scanned 444 objects and found no infection:

11:11:28.0617 3904 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
11:11:28.0944 3904 ============================================================
11:11:28.0944 3904 Current date / time: 2012/08/18 11:11:28.0944
11:11:28.0944 3904 SystemInfo:
11:11:28.0944 3904
11:11:28.0944 3904 OS Version: 6.1.7601 ServicePack: 1.0
11:11:28.0944 3904 Product type: Workstation
11:11:28.0945 3904 ComputerName: BASTION
11:11:28.0945 3904 UserName: Mycah Braxton
11:11:28.0945 3904 Windows directory: C:\Windows
11:11:28.0945 3904 System windows directory: C:\Windows
11:11:28.0945 3904 Running under WOW64
11:11:28.0946 3904 Processor architecture: Intel x64
11:11:28.0946 3904 Number of processors: 2
11:11:28.0946 3904 Page size: 0x1000
11:11:28.0946 3904 Boot type: Normal boot
11:11:28.0946 3904 ============================================================
11:11:30.0328 3904 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:11:30.0432 3904 Drive \Device\Harddisk1\DR1 - Size: 0xF3630000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1F0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:11:30.0437 3904 ============================================================
11:11:30.0437 3904 \Device\Harddisk0\DR0:
11:11:30.0440 3904 MBR partitions:
11:11:30.0440 3904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:11:30.0440 3904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x36EB5800
11:11:30.0440 3904 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36F19800, BlocksNum 0x2C7C800
11:11:30.0440 3904 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF830
11:11:30.0440 3904 \Device\Harddisk1\DR1:
11:11:30.0441 3904 MBR partitions:
11:11:30.0441 3904 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x38, BlocksNum 0x79B148
11:11:30.0441 3904 ============================================================
11:11:30.0467 3904 C: <-> \Device\Harddisk0\DR0\Partition2
11:11:30.0515 3904 D: <-> \Device\Harddisk0\DR0\Partition3
11:11:30.0528 3904 E: <-> \Device\Harddisk0\DR0\Partition4
11:11:30.0529 3904 ============================================================
11:11:30.0529 3904 Initialize success
11:11:30.0529 3904 ============================================================
11:11:32.0934 2112 ============================================================
11:11:32.0935 2112 Scan started
11:11:32.0935 2112 Mode: Manual;
11:11:32.0935 2112 ============================================================
11:11:33.0288 2112 ================ Scan services =============================
11:11:33.0541 2112 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:11:33.0545 2112 1394ohci - ok
11:11:33.0589 2112 [ 5c368f4b04ed2a923e6afca2d37baff5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
11:11:33.0592 2112 Accelerometer - ok
11:11:33.0624 2112 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:11:33.0631 2112 ACPI - ok
11:11:33.0676 2112 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:11:33.0678 2112 AcpiPmi - ok
11:11:33.0782 2112 [ 11a52cf7b265631deeb24c6149309eff ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:11:33.0788 2112 AdobeARMservice - ok
11:11:33.0910 2112 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:11:33.0914 2112 AdobeFlashPlayerUpdateSvc - ok
11:11:33.0991 2112 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:11:34.0000 2112 adp94xx - ok
11:11:34.0036 2112 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:11:34.0042 2112 adpahci - ok
11:11:34.0077 2112 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:11:34.0082 2112 adpu320 - ok
11:11:34.0121 2112 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:11:34.0123 2112 AeLookupSvc - ok
11:11:34.0221 2112 [ a6fb9db8f1a86861d955fd6975977ae0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
11:11:34.0223 2112 AESTFilters - ok
11:11:34.0279 2112 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:11:34.0288 2112 AFD - ok
11:11:34.0316 2112 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:11:34.0320 2112 agp440 - ok
11:11:34.0356 2112 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
11:11:34.0360 2112 ALG - ok
11:11:34.0416 2112 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:11:34.0418 2112 aliide - ok
11:11:34.0490 2112 [ 310f88a93c3b02e3d1f906fb57b9e01e ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:11:34.0494 2112 AMD External Events Utility - ok
11:11:34.0538 2112 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
11:11:34.0540 2112 amdide - ok
11:11:34.0581 2112 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:11:34.0583 2112 AmdK8 - ok
11:11:34.0837 2112 [ 62ddf55680f8c53e4b8dde4189ada0b8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:11:35.0059 2112 amdkmdag - ok
11:11:35.0106 2112 [ 51f027dffedfb8d763fabffa06b56e6d ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:11:35.0112 2112 amdkmdap - ok
11:11:35.0140 2112 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:11:35.0142 2112 AmdPPM - ok
11:11:35.0183 2112 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:11:35.0188 2112 amdsata - ok
11:11:35.0227 2112 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:11:35.0231 2112 amdsbs - ok
11:11:35.0247 2112 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:11:35.0249 2112 amdxata - ok
11:11:35.0279 2112 [ f9d46b6b322708bd5afcc8767ebdc901 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
11:11:35.0280 2112 amd_sata - ok
11:11:35.0311 2112 [ 329cc9c7e20deebcd4cd10816193ef14 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
11:11:35.0313 2112 amd_xata - ok
11:11:35.0357 2112 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
11:11:35.0359 2112 AppID - ok
11:11:35.0392 2112 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:11:35.0395 2112 AppIDSvc - ok
11:11:35.0406 2112 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:11:35.0409 2112 Appinfo - ok
11:11:35.0499 2112 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
11:11:35.0506 2112 arc - ok
11:11:35.0541 2112 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:11:35.0546 2112 arcsas - ok
11:11:35.0579 2112 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:11:35.0582 2112 AsyncMac - ok
11:11:35.0624 2112 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
11:11:35.0627 2112 atapi - ok
11:11:35.0699 2112 [ 4bf5bca6e2608cd8a00bc4a6673a9f47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:11:35.0704 2112 AtiHDAudioService - ok
11:11:35.0832 2112 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:11:35.0911 2112 AudioEndpointBuilder - ok
11:11:35.0987 2112 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:11:35.0999 2112 AudioSrv - ok
11:11:36.0052 2112 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:11:36.0058 2112 AxInstSV - ok
11:11:36.0120 2112 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:11:36.0133 2112 b06bdrv - ok
11:11:36.0234 2112 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:11:36.0242 2112 b57nd60a - ok
11:11:36.0314 2112 [ 09a19c806110ce839111850ec27e65f5 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
11:11:36.0319 2112 bcbtums - ok
11:11:36.0546 2112 [ a3d55b3aa767891fba495ed42295c0f0 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
11:11:36.0693 2112 BCM43XX - ok
11:11:36.0740 2112 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:11:36.0745 2112 BDESVC - ok
11:11:36.0790 2112 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:11:36.0793 2112 Beep - ok
11:11:37.0168 2112 [ cbdc51c584fd4a6bbd06727d82a11428 ] BESClient C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
11:11:37.0313 2112 BESClient - ok
11:11:37.0389 2112 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
11:11:37.0468 2112 BFE - ok
11:11:37.0533 2112 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
11:11:37.0623 2112 BITS - ok
11:11:37.0667 2112 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:11:37.0669 2112 blbdrive - ok
11:11:37.0713 2112 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:11:37.0715 2112 bowser - ok
11:11:37.0747 2112 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:11:37.0749 2112 BrFiltLo - ok
11:11:37.0788 2112 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:11:37.0790 2112 BrFiltUp - ok
11:11:37.0843 2112 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:11:37.0848 2112 BridgeMP - ok
11:11:37.0899 2112 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
11:11:37.0905 2112 Browser - ok
11:11:37.0956 2112 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:11:37.0965 2112 Brserid - ok
11:11:38.0011 2112 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:11:38.0015 2112 BrSerWdm - ok
11:11:38.0054 2112 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:11:38.0058 2112 BrUsbMdm - ok
11:11:38.0090 2112 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:11:38.0093 2112 BrUsbSer - ok
11:11:38.0165 2112 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:11:38.0167 2112 BthEnum - ok
11:11:38.0205 2112 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:11:38.0208 2112 BTHMODEM - ok
11:11:38.0241 2112 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:11:38.0245 2112 BthPan - ok
11:11:38.0290 2112 [ 738d0e9272f59eb7a1449c3ec118e6c4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:11:38.0373 2112 BTHPORT - ok
11:11:38.0415 2112 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
11:11:38.0419 2112 bthserv - ok
11:11:38.0460 2112 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:11:38.0464 2112 BTHUSB - ok
11:11:38.0547 2112 [ 0e78584d5faca0509dfa97bd8b635075 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
11:11:38.0626 2112 btwampfl - ok
11:11:38.0738 2112 [ 409c4117e6027672ef41e68ace1468ad ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:11:38.0744 2112 btwaudio - ok
11:11:38.0809 2112 [ 8ca7cabd13316abace386d9f380b4cf3 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
11:11:38.0815 2112 btwavdt - ok
11:11:38.0885 2112 [ 1249ede2280f9a1564c946afddcd59d5 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:11:38.0977 2112 btwdins - ok
11:11:39.0030 2112 [ 41933521a618475644b6e8d8487af326 ] BTWDPAN C:\Windows\system32\DRIVERS\btwdpan.sys
11:11:39.0035 2112 BTWDPAN - ok
11:11:39.0072 2112 [ b9354f9f111c64f2495b60f1e24cb453 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:11:39.0077 2112 btwl2cap - ok
11:11:39.0116 2112 [ 71a04f2d9deb21b162561eb574d7d629 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
11:11:39.0118 2112 btwrchid - ok
11:11:39.0145 2112 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:11:39.0147 2112 cdfs - ok
11:11:39.0187 2112 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:11:39.0191 2112 cdrom - ok
11:11:39.0224 2112 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
11:11:39.0227 2112 CertPropSvc - ok
11:11:39.0267 2112 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
11:11:39.0270 2112 circlass - ok
11:11:39.0351 2112 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
11:11:39.0361 2112 CLFS - ok
11:11:39.0438 2112 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:11:39.0442 2112 clr_optimization_v2.0.50727_32 - ok
11:11:39.0490 2112 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:11:39.0495 2112 clr_optimization_v2.0.50727_64 - ok
11:11:39.0561 2112 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:11:39.0567 2112 clr_optimization_v4.0.30319_32 - ok
11:11:39.0619 2112 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:11:39.0625 2112 clr_optimization_v4.0.30319_64 - ok
11:11:39.0673 2112 [ 50f92c943f18b070f166d019dfab3d9a ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
11:11:39.0676 2112 clwvd - ok
11:11:39.0705 2112 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:11:39.0707 2112 CmBatt - ok
11:11:39.0742 2112 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:11:39.0746 2112 cmdide - ok
11:11:39.0798 2112 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
11:11:39.0811 2112 CNG - ok
11:11:39.0861 2112 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:11:39.0865 2112 Compbatt - ok
11:11:39.0905 2112 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:11:39.0908 2112 CompositeBus - ok
11:11:39.0942 2112 COMSysApp - ok
11:11:39.0966 2112 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:11:39.0969 2112 crcdisk - ok
11:11:40.0023 2112 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:11:40.0027 2112 CryptSvc - ok
11:11:40.0076 2112 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:11:40.0087 2112 DcomLaunch - ok
11:11:40.0122 2112 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
11:11:40.0128 2112 defragsvc - ok
11:11:40.0156 2112 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:11:40.0159 2112 DfsC - ok
11:11:40.0206 2112 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
11:11:40.0212 2112 Dhcp - ok
11:11:40.0229 2112 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
11:11:40.0231 2112 discache - ok
11:11:40.0255 2112 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
11:11:40.0258 2112 Disk - ok
11:11:40.0286 2112 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:11:40.0289 2112 Dnscache - ok
11:11:40.0369 2112 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:11:40.0375 2112 dot3svc - ok
11:11:40.0444 2112 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
11:11:40.0450 2112 DPS - ok
11:11:40.0477 2112 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:11:40.0480 2112 drmkaud - ok
11:11:40.0533 2112 [ 46571ed73ae84469dca53081d33cf3c8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:11:40.0542 2112 dtsoftbus01 - ok
11:11:40.0608 2112 [ a4f408ad1065c7ad2ed332c68025b435 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:11:40.0698 2112 DXGKrnl - ok
11:11:40.0741 2112 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:11:40.0747 2112 EapHost - ok
11:11:40.0939 2112 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:11:41.0062 2112 ebdrv - ok
11:11:41.0100 2112 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
11:11:41.0107 2112 EFS - ok
11:11:41.0184 2112 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:11:41.0263 2112 ehRecvr - ok
11:11:41.0277 2112 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
11:11:41.0282 2112 ehSched - ok
11:11:41.0344 2112 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:11:41.0423 2112 elxstor - ok
11:11:41.0450 2112 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:11:41.0454 2112 ErrDev - ok
11:11:41.0528 2112 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
11:11:41.0540 2112 EventSystem - ok
11:11:41.0573 2112 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
11:11:41.0580 2112 exfat - ok
11:11:41.0650 2112 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:11:41.0657 2112 fastfat - ok
11:11:41.0763 2112 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
11:11:41.0843 2112 Fax - ok
11:11:41.0882 2112 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
11:11:41.0886 2112 fdc - ok
11:11:41.0929 2112 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:11:41.0933 2112 fdPHost - ok
11:11:41.0952 2112 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:11:41.0957 2112 FDResPub - ok
11:11:41.0986 2112 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:11:41.0991 2112 FileInfo - ok
11:11:42.0015 2112 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:11:42.0020 2112 Filetrace - ok
11:11:42.0054 2112 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:11:42.0057 2112 flpydisk - ok
11:11:42.0135 2112 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:11:42.0142 2112 FltMgr - ok
11:11:42.0200 2112 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
11:11:42.0296 2112 FontCache - ok
11:11:42.0347 2112 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:11:42.0353 2112 FontCache3.0.0.0 - ok
11:11:42.0377 2112 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:11:42.0381 2112 FsDepends - ok
11:11:42.0420 2112 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:11:42.0424 2112 Fs_Rec - ok
11:11:42.0516 2112 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:11:42.0522 2112 fvevol - ok
11:11:42.0548 2112 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:11:42.0553 2112 gagp30kx - ok
11:11:42.0601 2112 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:11:42.0607 2112 GamesAppService - ok
11:11:42.0671 2112 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
11:11:42.0751 2112 gpsvc - ok
11:11:42.0782 2112 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:11:42.0787 2112 hcw85cir - ok
11:11:42.0879 2112 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:11:42.0889 2112 HdAudAddService - ok
11:11:42.0934 2112 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:11:42.0940 2112 HDAudBus - ok
11:11:42.0974 2112 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:11:42.0977 2112 HidBatt - ok
11:11:43.0008 2112 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:11:43.0012 2112 HidBth - ok
11:11:43.0052 2112 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:11:43.0056 2112 HidIr - ok
11:11:43.0092 2112 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
11:11:43.0098 2112 hidserv - ok
11:11:43.0164 2112 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:11:43.0168 2112 HidUsb - ok
11:11:43.0197 2112 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:11:43.0204 2112 hkmsvc - ok
11:11:43.0239 2112 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:11:43.0248 2112 HomeGroupListener - ok
11:11:43.0293 2112 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:11:43.0304 2112 HomeGroupProvider - ok
11:11:43.0382 2112 [ 13bb1114451c63bfb41ba7daa4d70a29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:11:43.0386 2112 HP Support Assistant Service - ok
11:11:43.0439 2112 [ 7b8c1b09c11e8db7c4480abd7d17e821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
11:11:43.0519 2112 HPAuto - ok
11:11:43.0566 2112 [ 6a181452d4e240b8ecc7614b9a19bde9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:11:43.0576 2112 HPClientSvc - ok
11:11:43.0634 2112 [ 02ce63d8dd5e6dd5ceff336191c0859e ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:11:43.0640 2112 HPDrvMntSvc.exe - ok
11:11:43.0680 2112 [ 4e0bec0f78096ffd6d3314b497fc49d3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
11:11:43.0684 2112 hpdskflt - ok
11:11:43.0742 2112 [ e7c7829ba0395e48f8c8fe16b8832344 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:11:43.0832 2112 hpqwmiex - ok
11:11:43.0863 2112 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:11:43.0869 2112 HpSAMD - ok
11:11:43.0914 2112 [ fc7c13b5a9e9be23b7ae72bbc7fdb278 ] hpsrv C:\Windows\system32\Hpservice.exe
11:11:43.0919 2112 hpsrv - ok
11:11:43.0996 2112 [ 2bec76bdcd1bc080210325e7b5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:11:43.0999 2112 HPWMISVC - ok
11:11:44.0097 2112 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:11:44.0177 2112 HTTP - ok
11:11:44.0203 2112 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:11:44.0207 2112 hwpolicy - ok
11:11:44.0265 2112 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:11:44.0270 2112 i8042prt - ok
11:11:44.0375 2112 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:11:44.0387 2112 iaStorV - ok
11:11:44.0459 2112 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:11:44.0550 2112 idsvc - ok
11:11:44.0578 2112 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:11:44.0582 2112 iirsp - ok
11:11:44.0638 2112 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
11:11:44.0732 2112 IKEEXT - ok
11:11:44.0776 2112 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
11:11:44.0780 2112 intelide - ok
11:11:44.0831 2112 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:11:44.0836 2112 intelppm - ok
11:11:44.0876 2112 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:11:44.0883 2112 IPBusEnum - ok
11:11:44.0920 2112 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:11:44.0925 2112 IpFilterDriver - ok
11:11:44.0970 2112 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:11:45.0049 2112 iphlpsvc - ok
11:11:45.0075 2112 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:11:45.0080 2112 IPMIDRV - ok
11:11:45.0111 2112 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:11:45.0116 2112 IPNAT - ok
11:11:45.0155 2112 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:11:45.0158 2112 IRENUM - ok
11:11:45.0194 2112 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:11:45.0197 2112 isapnp - ok
11:11:45.0233 2112 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:11:45.0242 2112 iScsiPrt - ok
11:11:45.0279 2112 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:11:45.0284 2112 kbdclass - ok
11:11:45.0315 2112 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:11:45.0318 2112 kbdhid - ok
11:11:45.0333 2112 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
11:11:45.0336 2112 KeyIso - ok
11:11:45.0376 2112 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:11:45.0379 2112 KSecDD - ok
11:11:45.0454 2112 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:11:45.0459 2112 KSecPkg - ok
11:11:45.0499 2112 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:11:45.0502 2112 ksthunk - ok
11:11:45.0540 2112 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
11:11:45.0550 2112 KtmRm - ok
11:11:45.0604 2112 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:11:45.0612 2112 LanmanServer - ok
11:11:45.0647 2112 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:11:45.0654 2112 LanmanWorkstation - ok
11:11:45.0690 2112 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:11:45.0693 2112 lltdio - ok
11:11:45.0728 2112 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:11:45.0736 2112 lltdsvc - ok
11:11:45.0758 2112 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:11:45.0762 2112 lmhosts - ok
11:11:45.0806 2112 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:11:45.0810 2112 LSI_FC - ok
11:11:45.0833 2112 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:11:45.0836 2112 LSI_SAS - ok
11:11:45.0862 2112 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:11:45.0865 2112 LSI_SAS2 - ok
11:11:45.0887 2112 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:11:45.0890 2112 LSI_SCSI - ok
11:11:45.0925 2112 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
11:11:45.0929 2112 luafv - ok
11:11:45.0995 2112 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:11:46.0002 2112 Mcx2Svc - ok
11:11:46.0027 2112 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:11:46.0029 2112 megasas - ok
11:11:46.0063 2112 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:11:46.0069 2112 MegaSR - ok
11:11:46.0103 2112 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
11:11:46.0107 2112 MMCSS - ok
11:11:46.0130 2112 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:11:46.0135 2112 Modem - ok
11:11:46.0173 2112 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:11:46.0176 2112 monitor - ok
11:11:46.0222 2112 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:11:46.0225 2112 mouclass - ok
11:11:46.0251 2112 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:11:46.0254 2112 mouhid - ok
11:11:46.0286 2112 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:11:46.0289 2112 mountmgr - ok
11:11:46.0342 2112 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:11:46.0346 2112 MpFilter - ok
11:11:46.0384 2112 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:11:46.0389 2112 mpio - ok
11:11:46.0412 2112 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:11:46.0416 2112 mpsdrv - ok
11:11:46.0458 2112 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:11:46.0552 2112 MpsSvc - ok
11:11:46.0588 2112 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:11:46.0594 2112 MRxDAV - ok
11:11:46.0637 2112 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:11:46.0642 2112 mrxsmb - ok
11:11:46.0717 2112 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:11:46.0726 2112 mrxsmb10 - ok
11:11:46.0742 2112 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:11:46.0747 2112 mrxsmb20 - ok
11:11:46.0779 2112 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:11:46.0782 2112 msahci - ok
11:11:46.0817 2112 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:11:46.0821 2112 msdsm - ok
11:11:46.0856 2112 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
11:11:46.0862 2112 MSDTC - ok
11:11:46.0914 2112 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:11:46.0917 2112 Msfs - ok
11:11:46.0949 2112 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:11:46.0952 2112 mshidkmdf - ok
11:11:46.0989 2112 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:11:46.0992 2112 msisadrv - ok
11:11:47.0048 2112 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:11:47.0053 2112 MSiSCSI - ok
11:11:47.0063 2112 msiserver - ok
11:11:47.0090 2112 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:11:47.0092 2112 MSKSSRV - ok
11:11:47.0157 2112 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:11:47.0159 2112 MsMpSvc - ok
11:11:47.0193 2112 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:11:47.0195 2112 MSPCLOCK - ok
11:11:47.0216 2112 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:11:47.0218 2112 MSPQM - ok
11:11:47.0309 2112 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:11:47.0319 2112 MsRPC - ok
11:11:47.0367 2112 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:11:47.0371 2112 mssmbios - ok
11:11:47.0386 2112 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:11:47.0389 2112 MSTEE - ok
11:11:47.0416 2112 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:11:47.0420 2112 MTConfig - ok
11:11:47.0462 2112 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:11:47.0465 2112 Mup - ok
11:11:47.0503 2112 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
11:11:47.0513 2112 napagent - ok
11:11:47.0556 2112 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:11:47.0562 2112 NativeWifiP - ok
11:11:47.0624 2112 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:11:47.0720 2112 NDIS - ok
11:11:47.0746 2112 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:11:47.0751 2112 NdisCap - ok
11:11:47.0792 2112 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:11:47.0796 2112 NdisTapi - ok
11:11:47.0825 2112 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:11:47.0828 2112 Ndisuio - ok
11:11:47.0913 2112 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:11:47.0920 2112 NdisWan - ok
11:11:47.0952 2112 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:11:47.0956 2112 NDProxy - ok
11:11:47.0991 2112 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:11:47.0994 2112 NetBIOS - ok
11:11:48.0066 2112 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:11:48.0073 2112 NetBT - ok
11:11:48.0100 2112 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
11:11:48.0105 2112 Netlogon - ok
11:11:48.0155 2112 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
11:11:48.0165 2112 Netman - ok
11:11:48.0183 2112 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
11:11:48.0194 2112 netprofm - ok
11:11:48.0229 2112 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:11:48.0233 2112 NetTcpPortSharing - ok
11:11:48.0285 2112 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:11:48.0287 2112 nfrd960 - ok
11:11:48.0351 2112 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:11:48.0354 2112 NisDrv - ok
11:11:48.0391 2112 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:11:48.0402 2112 NisSrv - ok
11:11:48.0456 2112 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:11:48.0468 2112 NlaSvc - ok
11:11:48.0511 2112 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:11:48.0515 2112 Npfs - ok
11:11:48.0542 2112 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:11:48.0549 2112 nsi - ok
11:11:48.0573 2112 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:11:48.0576 2112 nsiproxy - ok
11:11:48.0642 2112 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:11:48.0756 2112 Ntfs - ok
11:11:48.0798 2112 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
11:11:48.0802 2112 Null - ok
11:11:48.0900 2112 [ a85b4f2ef3a7304a5399ef0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
11:11:48.0911 2112 NVENETFD - ok
11:11:48.0973 2112 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:11:48.0977 2112 nvraid - ok
11:11:49.0049 2112 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:11:49.0055 2112 nvstor - ok
11:11:49.0090 2112 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:11:49.0095 2112 nv_agp - ok
11:11:49.0226 2112 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:11:49.0238 2112 odserv - ok
11:11:49.0278 2112 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:11:49.0283 2112 ohci1394 - ok
11:11:49.0332 2112 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:11:49.0337 2112 ose - ok
11:11:49.0398 2112 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:11:49.0411 2112 p2pimsvc - ok
11:11:49.0477 2112 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:11:49.0493 2112 p2psvc - ok
11:11:49.0524 2112 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:11:49.0529 2112 Parport - ok
11:11:49.0558 2112 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:11:49.0561 2112 partmgr - ok
11:11:49.0584 2112 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:11:49.0593 2112 PcaSvc - ok
11:11:49.0639 2112 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
11:11:49.0644 2112 pci - ok
11:11:49.0690 2112 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
11:11:49.0693 2112 pciide - ok
11:11:49.0775 2112 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:11:49.0782 2112 pcmcia - ok
11:11:49.0814 2112 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:11:49.0818 2112 pcw - ok
11:11:49.0904 2112 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:11:49.0984 2112 PEAUTH - ok
11:11:50.0072 2112 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:11:50.0076 2112 PerfHost - ok
11:11:50.0167 2112 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
11:11:50.0265 2112 pla - ok
11:11:50.0310 2112 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:11:50.0320 2112 PlugPlay - ok
11:11:50.0350 2112 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:11:50.0355 2112 PNRPAutoReg - ok
11:11:50.0430 2112 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:11:50.0436 2112 PNRPsvc - ok
11:11:50.0467 2112 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:11:50.0476 2112 PolicyAgent - ok
11:11:50.0517 2112 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
11:11:50.0523 2112 Power - ok
11:11:50.0560 2112 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:11:50.0563 2112 PptpMiniport - ok
11:11:50.0583 2112 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
11:11:50.0586 2112 Processor - ok
11:11:50.0630 2112 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:11:50.0636 2112 ProfSvc - ok
11:11:50.0655 2112 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:11:50.0658 2112 ProtectedStorage - ok
11:11:50.0689 2112 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:11:50.0692 2112 Psched - ok
11:11:50.0758 2112 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:11:50.0859 2112 ql2300 - ok
11:11:50.0898 2112 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:11:50.0904 2112 ql40xx - ok
11:11:50.0956 2112 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
11:11:50.0963 2112 QWAVE - ok
11:11:50.0991 2112 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:11:50.0995 2112 QWAVEdrv - ok
11:11:51.0016 2112 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:11:51.0018 2112 RasAcd - ok
11:11:51.0061 2112 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:11:51.0064 2112 RasAgileVpn - ok
11:11:51.0094 2112 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
11:11:51.0100 2112 RasAuto - ok
11:11:51.0125 2112 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:11:51.0129 2112 Rasl2tp - ok
11:11:51.0202 2112 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
11:11:51.0215 2112 RasMan - ok
11:11:51.0231 2112 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:11:51.0236 2112 RasPppoe - ok
11:11:51.0275 2112 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:11:51.0279 2112 RasSstp - ok
11:11:51.0357 2112 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:11:51.0365 2112 rdbss - ok
11:11:51.0391 2112 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:11:51.0395 2112 rdpbus - ok
11:11:51.0416 2112 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:11:51.0419 2112 RDPCDD - ok
11:11:51.0458 2112 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:11:51.0460 2112 RDPENCDD - ok
11:11:51.0484 2112 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:11:51.0486 2112 RDPREFMP - ok
11:11:51.0520 2112 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:11:51.0525 2112 RDPWD - ok
11:11:51.0581 2112 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:11:51.0586 2112 rdyboost - ok
11:11:51.0625 2112 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:11:51.0630 2112 RemoteAccess - ok
11:11:51.0670 2112 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:11:51.0677 2112 RemoteRegistry - ok
11:11:51.0716 2112 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:11:51.0721 2112 RFCOMM - ok
11:11:51.0733 2112 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:11:51.0738 2112 RpcEptMapper - ok
11:11:51.0772 2112 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
11:11:51.0776 2112 RpcLocator - ok
11:11:51.0857 2112 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
11:11:51.0871 2112 RpcSs - ok
11:11:51.0922 2112 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:11:51.0927 2112 rspndr - ok
11:11:51.0984 2112 [ bb1c3df1d6cc0972e9c7268a19e62d2e ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
11:11:51.0992 2112 RSUSBSTOR - ok
11:11:52.0058 2112 [ c5cd940effade1f6246730bca14e9fe6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:11:52.0137 2112 RTL8167 - ok
11:11:52.0167 2112 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
11:11:52.0172 2112 SamSs - ok
11:11:52.0207 2112 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:11:52.0211 2112 sbp2port - ok
11:11:52.0243 2112 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:11:52.0251 2112 SCardSvr - ok
11:11:52.0268 2112 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:11:52.0271 2112 scfilter - ok
11:11:52.0368 2112 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
11:11:52.0462 2112 Schedule - ok
11:11:52.0491 2112 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
11:11:52.0495 2112 SCPolicySvc - ok
11:11:52.0544 2112 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:11:52.0550 2112 sdbus - ok
11:11:52.0589 2112 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:11:52.0600 2112 SDRSVC - ok
11:11:52.0636 2112 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:11:52.0639 2112 secdrv - ok
11:11:52.0667 2112 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
11:11:52.0674 2112 seclogon - ok
11:11:52.0684 2112 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
11:11:52.0689 2112 SENS - ok
11:11:52.0712 2112 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:11:52.0717 2112 SensrSvc - ok
11:11:52.0750 2112 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
11:11:52.0752 2112 Serenum - ok
11:11:52.0782 2112 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
11:11:52.0786 2112 Serial - ok
11:11:52.0821 2112 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:11:52.0823 2112 sermouse - ok
11:11:52.0876 2112 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:11:52.0882 2112 SessionEnv - ok
11:11:52.0913 2112 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:11:52.0915 2112 sffdisk - ok
11:11:52.0950 2112 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:11:52.0953 2112 sffp_mmc - ok
11:11:52.0966 2112 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:11:52.0969 2112 sffp_sd - ok
11:11:53.0009 2112 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:11:53.0011 2112 sfloppy - ok
11:11:53.0047 2112 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:11:53.0055 2112 SharedAccess - ok
11:11:53.0098 2112 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:11:53.0106 2112 ShellHWDetection - ok
11:11:53.0135 2112 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:11:53.0137 2112 SiSRaid2 - ok
11:11:53.0169 2112 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:11:53.0172 2112 SiSRaid4 - ok
11:11:53.0211 2112 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:11:53.0214 2112 Smb - ok
11:11:53.0262 2112 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:11:53.0267 2112 SNMPTRAP - ok
11:11:53.0288 2112 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:11:53.0290 2112 spldr - ok
11:11:53.0351 2112 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:11:53.0431 2112 Spooler - ok
11:11:53.0567 2112 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
11:11:53.0693 2112 sppsvc - ok
11:11:53.0730 2112 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:11:53.0735 2112 sppuinotify - ok
11:11:53.0782 2112 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
11:11:53.0793 2112 srv - ok
11:11:53.0867 2112 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:11:53.0877 2112 srv2 - ok
11:11:53.0925 2112 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:11:53.0937 2112 SrvHsfHDA - ok
11:11:54.0034 2112 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:11:54.0126 2112 SrvHsfV92 - ok
11:11:54.0194 2112 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:11:54.0278 2112 SrvHsfWinac - ok
11:11:54.0320 2112 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:11:54.0324 2112 srvnet - ok
11:11:54.0365 2112 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:11:54.0372 2112 SSDPSRV - ok
11:11:54.0384 2112 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:11:54.0390 2112 SstpSvc - ok
11:11:54.0467 2112 [ 7eae822e0153d5815ff842fd57d2a49e ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
11:11:54.0473 2112 STacSV - ok
11:11:54.0502 2112 Steam Client Service - ok
11:11:54.0525 2112 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:11:54.0529 2112 stexstor - ok
11:11:54.0583 2112 [ 6efe5345d1c187973760af3b7b10f636 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
11:11:54.0664 2112 STHDA - ok
11:11:54.0718 2112 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
11:11:54.0799 2112 stisvc - ok
11:11:54.0832 2112 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:11:54.0835 2112 swenum - ok
11:11:54.0891 2112 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
11:11:54.0909 2112 swprv - ok
11:11:55.0009 2112 [ bd40d01d81669b02cb8366eb10de95a8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:11:55.0101 2112 SynTP - ok
11:11:55.0179 2112 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
11:11:55.0285 2112 SysMain - ok
11:11:55.0324 2112 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:11:55.0336 2112 TabletInputService - ok
11:11:55.0400 2112 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:11:55.0412 2112 TapiSrv - ok
11:11:55.0427 2112 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
11:11:55.0438 2112 TBS - ok
11:11:55.0530 2112 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:11:55.0633 2112 Tcpip - ok
11:11:55.0774 2112 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:11:55.0805 2112 TCPIP6 - ok
11:11:55.0856 2112 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:11:55.0860 2112 tcpipreg - ok
11:11:55.0890 2112 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:11:55.0893 2112 TDPIPE - ok
11:11:55.0932 2112 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:11:55.0934 2112 TDTCP - ok
11:11:55.0965 2112 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:11:55.0970 2112 tdx - ok
11:11:55.0998 2112 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:11:56.0003 2112 TermDD - ok
11:11:56.0051 2112 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
11:11:56.0128 2112 TermService - ok
11:11:56.0149 2112 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
11:11:56.0156 2112 Themes - ok
11:11:56.0193 2112 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
11:11:56.0199 2112 THREADORDER - ok
11:11:56.0224 2112 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
11:11:56.0234 2112 TrkWks - ok
11:11:56.0295 2112 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:11:56.0301 2112 TrustedInstaller - ok
11:11:56.0354 2112 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:11:56.0357 2112 tssecsrv - ok
11:11:56.0392 2112 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:11:56.0395 2112 TsUsbFlt - ok
11:11:56.0408 2112 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:11:56.0410 2112 TsUsbGD - ok
11:11:56.0442 2112 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:11:56.0446 2112 tunnel - ok
11:11:56.0483 2112 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:11:56.0486 2112 uagp35 - ok
11:11:56.0571 2112 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:11:56.0581 2112 udfs - ok
11:11:56.0640 2112 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:11:56.0649 2112 UI0Detect - ok
11:11:56.0681 2112 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:11:56.0686 2112 uliagpkx - ok
11:11:56.0737 2112 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:11:56.0740 2112 umbus - ok
11:11:56.0766 2112 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
11:11:56.0769 2112 UmPass - ok
11:11:56.0815 2112 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
11:11:56.0825 2112 upnphost - ok
11:11:56.0852 2112 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:11:56.0856 2112 usbccgp - ok
11:11:56.0885 2112 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:11:56.0889 2112 usbcir - ok
11:11:56.0921 2112 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:11:56.0924 2112 usbehci - ok
11:11:56.0972 2112 [ 1196ead6ff3714bb6b17590adc5b61cf ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:11:56.0976 2112 usbfilter - ok
11:11:57.0020 2112 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
11:11:57.0028 2112 usbhub - ok
11:11:57.0049 2112 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:11:57.0053 2112 usbohci - ok
11:11:57.0086 2112 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:11:57.0088 2112 usbprint - ok
11:11:57.0122 2112 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:11:57.0125 2112 usbscan - ok
11:11:57.0149 2112 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:11:57.0152 2112 USBSTOR - ok
11:11:57.0192 2112 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:11:57.0195 2112 usbuhci - ok
11:11:57.0288 2112 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:11:57.0298 2112 usbvideo - ok
11:11:57.0355 2112 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
11:11:57.0363 2112 UxSms - ok
11:11:57.0390 2112 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
11:11:57.0395 2112 VaultSvc - ok
11:11:57.0434 2112 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:11:57.0437 2112 vdrvroot - ok
11:11:57.0526 2112 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
11:11:57.0605 2112 vds - ok
11:11:57.0634 2112 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:11:57.0638 2112 vga - ok
11:11:57.0672 2112 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
11:11:57.0676 2112 VgaSave - ok
11:11:57.0760 2112 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:11:57.0768 2112 vhdmp - ok
11:11:57.0800 2112 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:11:57.0804 2112 viaide - ok
11:11:57.0829 2112 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:11:57.0834 2112 volmgr - ok
11:11:57.0906 2112 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:11:57.0913 2112 volmgrx - ok
11:11:57.0953 2112 [ df8126bd41180351a093a3ad2fc8903b ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:11:57.0960 2112 volsnap - ok
11:11:58.0051 2112 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:11:58.0058 2112 vsmraid - ok
11:11:58.0201 2112 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
11:11:58.0293 2112 VSS - ok
11:11:58.0323 2112 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:11:58.0325 2112 vwifibus - ok
11:11:58.0352 2112 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:11:58.0355 2112 vwififlt - ok
11:11:58.0387 2112 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
11:11:58.0390 2112 vwifimp - ok
11:11:58.0426 2112 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
11:11:58.0437 2112 W32Time - ok
11:11:58.0467 2112 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:11:58.0469 2112 WacomPen - ok
11:11:58.0513 2112 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:11:58.0517 2112 WANARP - ok
11:11:58.0526 2112 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:11:58.0529 2112 Wanarpv6 - ok
11:11:58.0640 2112 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:11:58.0732 2112 WatAdminSvc - ok
11:11:58.0891 2112 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
11:11:58.0982 2112 wbengine - ok
11:11:59.0029 2112 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:11:59.0041 2112 WbioSrvc - ok
11:11:59.0065 2112 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:11:59.0080 2112 wcncsvc - ok
11:11:59.0100 2112 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:11:59.0108 2112 WcsPlugInService - ok
11:11:59.0150 2112 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
11:11:59.0153 2112 Wd - ok
11:11:59.0209 2112 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:11:59.0288 2112 Wdf01000 - ok
11:11:59.0326 2112 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:11:59.0335 2112 WdiServiceHost - ok
11:11:59.0347 2112 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:11:59.0358 2112 WdiSystemHost - ok
11:11:59.0408 2112 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:11:59.0416 2112 WebClient - ok
11:11:59.0480 2112 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:11:59.0490 2112 Wecsvc - ok
11:11:59.0514 2112 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:11:59.0523 2112 wercplsupport - ok
11:11:59.0553 2112 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:11:59.0563 2112 WerSvc - ok
11:11:59.0594 2112 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:11:59.0597 2112 WfpLwf - ok
11:11:59.0617 2112 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:11:59.0620 2112 WIMMount - ok
11:11:59.0645 2112 WinDefend - ok
11:11:59.0658 2112 WinHttpAutoProxySvc - ok
11:11:59.0723 2112 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:11:59.0729 2112 Winmgmt - ok
11:11:59.0888 2112 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
11:11:59.0992 2112 WinRM - ok
11:12:00.0095 2112 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:12:00.0098 2112 WinUsb - ok
11:12:00.0146 2112 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
11:12:00.0240 2112 Wlansvc - ok
11:12:00.0306 2112 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:12:00.0310 2112 wlcrasvc - ok
11:12:00.0541 2112 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:12:00.0676 2112 wlidsvc - ok
11:12:00.0709 2112 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:12:00.0712 2112 WmiAcpi - ok
11:12:00.0753 2112 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:12:00.0757 2112 wmiApSrv - ok
11:12:00.0815 2112 WMPNetworkSvc - ok
11:12:00.0839 2112 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:12:00.0844 2112 WPCSvc - ok
11:12:00.0870 2112 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:12:00.0876 2112 WPDBusEnum - ok
11:12:00.0906 2112 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:12:00.0908 2112 ws2ifsl - ok
11:12:00.0931 2112 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
11:12:00.0936 2112 wscsvc - ok
11:12:00.0947 2112 WSearch - ok
11:12:01.0121 2112 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:12:01.0236 2112 wuauserv - ok
11:12:01.0291 2112 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:12:01.0295 2112 WudfPf - ok
11:12:01.0390 2112 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:12:01.0396 2112 WUDFRd - ok
11:12:01.0438 2112 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:12:01.0447 2112 wudfsvc - ok
11:12:01.0486 2112 [ ce8cf9de9cbfdaa318bd04d8be3fcada ] WwanSvc C:\Windows\System32\wwansvc.dll
11:12:01.0500 2112 WwanSvc - ok
11:12:01.0623 2112 ================ Scan global ===============================
11:12:01.0666 2112 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
11:12:01.0702 2112 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
11:12:01.0719 2112 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
11:12:01.0750 2112 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
11:12:01.0778 2112 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
11:12:01.0787 2112 [Global] - ok
11:12:01.0788 2112 ================ Scan MBR ==================================
11:12:01.0799 2112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:12:02.0153 2112 \Device\Harddisk0\DR0 - ok
11:12:02.0167 2112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:12:02.0189 2112 \Device\Harddisk1\DR1 - ok
11:12:02.0190 2112 ================ Scan VBR ==================================
11:12:02.0200 2112 Boot (0x1200) (8e2ffe962602a8cfe59c6caa953f783e) \Device\Harddisk0\DR0\Partition1
11:12:02.0205 2112 \Device\Harddisk0\DR0\Partition1 - ok
11:12:02.0228 2112 Boot (0x1200) (154b47fabd2478cbe913c87aa4f96951) \Device\Harddisk0\DR0\Partition2
11:12:02.0234 2112 \Device\Harddisk0\DR0\Partition2 - ok
11:12:02.0269 2112 Boot (0x1200) (6cf9ee02a9cfb4425cf5221dc885f891) \Device\Harddisk0\DR0\Partition3
11:12:02.0274 2112 \Device\Harddisk0\DR0\Partition3 - ok
11:12:02.0299 2112 Boot (0x1200) (4a65016ec2ece5bf9efbf990ceb527e2) \Device\Harddisk0\DR0\Partition4
11:12:02.0302 2112 \Device\Harddisk0\DR0\Partition4 - ok
11:12:02.0313 2112 Boot (0x1200) (7251cfabf9b3f771d4268af205a72baf) \Device\Harddisk1\DR1\Partition1
11:12:02.0317 2112 \Device\Harddisk1\DR1\Partition1 - ok
11:12:02.0318 2112 ============================================================
11:12:02.0318 2112 Scan finished
11:12:02.0318 2112 ============================================================
11:12:02.0348 2504 Detected object count: 0
11:12:02.0348 2504 Actual detected object count: 0

#9 Ribbitmeister

Ribbitmeister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 18 August 2012 - 10:52 AM

The Avast scan causes my computer to blue screen, so I can't finish it.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:20 AM

Posted 18 August 2012 - 01:04 PM

Let see what else I can find.

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Edited by nasdaq, 19 August 2012 - 01:29 PM.


#11 Ribbitmeister

Ribbitmeister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 19 August 2012 - 12:00 PM

I have an hp computer and don't get a response for the f8 key on start up. Instead, if I press esc I get a series of options for f1, f2, f9, f10, and f11. None of them are advanced and I'm not sure where to look.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:20 AM

Posted 19 August 2012 - 01:32 PM

From HP. Can this help?

http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01835750&lc=en&cc=us&dlc=en

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:20 AM

Posted 25 August 2012 - 08:49 AM

Are you still with me?

#14 Ribbitmeister

Ribbitmeister
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 25 August 2012 - 10:29 AM

Still with you, sorry. I use this computer every day so need to find a time when it's ok if something goes wrong. Should be today or tomorrow.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users