Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Ultimate and Microsoft Security Essentials found sirefef


  • This topic is locked This topic is locked
37 replies to this topic

#1 brmommy

brmommy

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 13 August 2012 - 02:37 PM

Last night I noticed that the MSE icon was flashing red. When I clicked on it there was a note that some of the sirefef's were on there. I tried to remove them and updated MSE. When it said it needed to reboot to complete update, I did. Now I keep getting the message Windows has a critical error and will reboot in 1 minute. It reboots over and over. I tried safe mode and it does the same thing. Just reboots. I do not see any options to repair Vista.

I searched online and downloaded Hirems Boot CD. It will bring up Mini Win xp. I plugged into a wired network updated the definitions on the Avira that is part of the bootup cd. It is now running a scan which seems to be taking forever. Been running now for at least 6-7 hours. I see lots of messages about archive not completely scanned. Reason:maximum uncompressed size reached. I've read this can take days????

I see lots of messages on here about downloading programs to run. Not sure if I can do that on the laptop since it reboots after 1 minute. I'd appreciate any help. I've used computers a long time, but some of what I read on here seems kind of confusing.

Dell Vostro 1510 running Vista Ultimate. Anti Virus is Microsoft Security Essentials. (which evidently didn't work) :-(

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 14 August 2012 - 01:19 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 brmommy

brmommy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 14 August 2012 - 11:39 AM

When I try to run frst64.exe it tells me

f:\FRST64.exe is not compatible with the version of Windows you're running. Check you computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.

#4 brmommy

brmommy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 14 August 2012 - 12:12 PM

I just found the link on this site for the frst.exe and I'm running it now.

#5 brmommy

brmommy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 14 August 2012 - 12:28 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 14-08-2012
Ran by SYSTEM at 14-08-2012 13:10:50
Running from F:\
Windows Vista ™ Ultimate Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-02-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [166424 2008-02-21] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133656 2008-02-21] (Intel Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [159744 2008-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe [36864 2008-07-16] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2008-07-03] (Dell Inc.)
HKLM\...\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-06-24] (Google)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [291760 2006-11-22] ()
HKLM\...\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s [304048 2006-11-22] ()
HKLM\...\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe" [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 [106496 2006-11-21] (Lexmark International Inc.)
HKLM\...\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a [17664 2009-02-19] (Sprint)
HKLM\...\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [x]
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-08] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun [3618104 2009-08-19] (brother)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128232 2009-04-02] (CyberLink Corp.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\bkr\...\Run: [googletalk] C:\Users\bkr\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\bkr\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.)
HKU\bkr\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\bkr\...\Run: [Google Update] "C:\Users\bkr\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-01-02] (Google Inc.)
HKU\bkr\...\Run: [htffjcio] C:\Users\bkr\AppData\Local\ajweri\hxersftav.exe [x]
HKU\bkr\...\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN13V1C4Q805PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 [1721192 2011-03-30] (Hewlett-Packard Co.)
HKU\bkr\...\Run: [Akamai NetSession Interface] "C:\Users\bkr\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\bkr\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [226904 2007-07-12] (Macrovision Corporation)
HKU\bkr\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\bkr\...\Policies\system: [LogonHoursAction] 2
HKU\bkr\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\brendadesktop\...\Policies\system: [LogonHoursAction] 2
HKU\brendadesktop\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Kids\...\Policies\system: [LogonHoursAction] 2
HKU\Kids\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\Userinit.exe [25088 2008-01-20] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Tcpip\..\Interfaces\{28FAF8CB-FE96-464B-AC1D-6C9777CBBF71}: [NameServer]208.67.220.220,208.67.222.222
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\bkr\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet Brenda's 3050A J611 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet Brenda's 3050A J611 (Network).lnk -> C:\Windows\System32\RunDll32.exe (Microsoft Corporation)
Startup: C:\Users\bkr\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 AERTFilters; C:\Windows\System32\AERTSrv.exe [77824 2008-02-21] (Andrea Electronics Corporation)
2 BthFilterHelper; "C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe" [127488 2006-11-07] (CSR, plc)
3 CASprint; "C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe" /n "CASprint" [124160 2009-02-19] (PCTEL)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 FlipShare Service; "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe" [460144 2011-05-06] ()
2 FlipShareServer; "C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2011-05-06] ()
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-06-24] (Google)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [16680 2009-12-26] (Citrix Online, a division of Citrix Systems, Inc.)
2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2002-10-14] (Lexmark International, Inc.)
2 lxct_device; C:\Windows\system32\lxctcoms.exe -service [537520 2006-11-22] ( )
2 O2FLASH; C:\Windows\System32\DRIVERS\o2flash.exe [71512 2008-08-27] (O2Micro International)
3 SprintRcAppSvc; "C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe" /n "SprintRcAppSvc" [111872 2009-02-19] (PCTEL)
2 Akamai; c:\program files\common files\akamai/netsession_win_4f7fccd.dll [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
2 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-20] (Microsoft Corporation)
4 adpu160m; C:\Windows\system32\drivers\adpu160m.sys [101432 2008-01-20] (Adaptec, Inc.)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)
3 BTHFILT; C:\Windows\System32\DRIVERS\BthFilt.sys [13824 2007-05-05] (CSR, plc)
3 MA_CMIDI; C:\Windows\System32\drivers\ma_cmidi.sys [31752 2007-11-14] (M-Audio)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 Nmea; C:\Windows\System32\DRIVERS\pctnullport.sys [38680 2009-02-19] (PCTEL Inc.)
3 NWADI; C:\Windows\System32\DRIVERS\NWADIenum.sys [222720 2009-02-19] (Novatel Wireless Inc)
3 O2MDRDR; C:\Windows\System32\DRIVERS\o2media.sys [51288 2008-08-27] (O2Micro )
3 O2SDRDR; C:\Windows\System32\DRIVERS\o2sd.sys [43608 2008-08-27] (O2Micro )
3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2008-07-16] (EyePower Games Pte. Ltd.)
3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-07-16] (Creative Technology Ltd.)
3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2009-02-19] (Printing Communications Assoc., Inc. (PCAUSA))
3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [32408 2009-02-19] (PCTEL Inc.)
3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [24840 2009-02-19] ()
3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2008-05-01] (Texas Instruments Incorporated)
3 USB11LDR; C:\Windows\System32\drivers\usb11ldr.sys [20168 2007-11-14] (MIDIMAN)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2010-01-20] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2010-01-20] (LG Electronics Inc.)
3 UsbGps; C:\Windows\System32\DRIVERS\lgusbgps.sys [19840 2010-01-20] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24960 2010-01-20] (LG Electronics Inc.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-12 14:24 - 2012-08-12 14:24 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2012-08-12 13:38 - 2012-08-12 13:38 - 00000000 ____D C:\Quarantine
2012-08-10 13:16 - 2012-08-10 13:16 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-03 12:29 - 2012-08-03 12:29 - 00000000 ____D C:\Users\bkr\AppData\Roaming\HpUpdate
2012-08-03 12:28 - 2012-08-03 12:28 - 00002141 ____A C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
2012-08-03 12:28 - 2012-08-03 12:28 - 00001099 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
2012-08-03 12:28 - 2012-08-03 12:28 - 00001094 ____A C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
2012-08-03 12:28 - 2010-11-16 17:10 - 00527208 ____N (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPM9311.dll
2012-08-01 14:15 - 2012-08-01 14:15 - 00000991 ____A C:\Users\bkr\Desktop\Continue Audio Converter Installation.lnk
2012-08-01 10:06 - 2012-08-10 18:35 - 00000000 ____D C:\Users\bkr\AppData\Roaming\Audacity
2012-08-01 10:05 - 2012-08-01 10:05 - 00000806 ____A C:\Users\bkr\Desktop\Audacity.lnk
2012-08-01 10:05 - 2012-08-01 10:05 - 00000000 ____D C:\Program Files\Audacity


============ 3 Months Modified Files ========================

2012-08-14 08:21 - 2009-01-20 17:00 - 00002140 ____A C:\Windows\bthservsdp.dat
2012-08-14 08:21 - 2006-11-02 05:00 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-14 08:21 - 2006-11-02 05:00 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-14 08:21 - 2006-11-02 04:45 - 00004976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-14 08:21 - 2006-11-02 04:45 - 00004976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-13 16:31 - 2011-01-19 15:57 - 00000296 ____A C:\Windows\Brownie.ini
2012-08-13 16:31 - 2009-10-20 14:01 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-12 14:28 - 2008-01-20 17:37 - 01165098 ____A C:\Windows\WindowsUpdate.log
2012-08-12 13:55 - 2006-11-02 02:33 - 00846692 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-12 13:48 - 2012-03-20 12:55 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-08-12 13:43 - 2011-06-07 05:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-12 13:04 - 2010-01-02 14:59 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352841613-2907538961-2909738737-1001UA.job
2012-08-12 12:34 - 2012-04-11 04:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-12 12:34 - 2011-06-06 04:03 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-12 04:27 - 2009-01-21 18:31 - 00000166 ____A C:\Windows\hpbafd.ini
2012-08-12 04:25 - 2012-03-20 12:55 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-08-12 03:04 - 2010-01-02 14:59 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352841613-2907538961-2909738737-1001Core.job
2012-08-11 21:00 - 2010-05-02 03:53 - 00000482 ____A C:\Windows\Tasks\Norton AntiVirus - bkr - Full System Scan.job
2012-08-03 12:28 - 2012-08-03 12:28 - 00002141 ____A C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
2012-08-03 12:28 - 2012-08-03 12:28 - 00001099 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3050 J610 series.lnk
2012-08-03 12:28 - 2012-08-03 12:28 - 00001094 ____A C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
2012-08-01 14:15 - 2012-08-01 14:15 - 00000991 ____A C:\Users\bkr\Desktop\Continue Audio Converter Installation.lnk
2012-08-01 10:05 - 2012-08-01 10:05 - 00000806 ____A C:\Users\bkr\Desktop\Audacity.lnk
2012-07-12 05:01 - 2009-01-20 19:19 - 00147968 ____A C:\Users\bkr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-11 14:15 - 2006-11-02 04:51 - 00207828 ____A C:\Windows\setupact.log
2012-07-05 16:27 - 2012-07-05 16:27 - 00001133 ____A C:\Users\bkr\Desktop\Spotlight VBS 2012.lnk
2012-06-27 22:45 - 2009-03-23 20:58 - 00002040 ____A C:\lxct.log
2012-06-21 15:05 - 2012-06-21 15:05 - 00000606 ____A C:\Users\bkr\Desktop\MBR Phone Call Database.MAF
2012-06-20 17:58 - 2009-03-17 10:37 - 00001356 ____A C:\Users\bkr\AppData\Local\d3d9caps.dat
2012-06-20 17:34 - 2006-11-02 04:46 - 00382904 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-20 17:33 - 2006-11-02 04:59 - 00380186 ____A C:\Windows\PFRO.log
2012-06-18 08:02 - 2009-01-20 17:19 - 00105912 ____A C:\Users\bkr\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-18 05:45 - 2006-11-02 02:23 - 00000393 ____A C:\Windows\win.ini
2012-06-17 04:29 - 2012-06-17 04:29 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2012-06-02 14:19 - 2012-06-08 15:31 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 15:31 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 15:31 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 15:31 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 15:31 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-08 15:31 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-08 15:31 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-08 15:30 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-08 15:30 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-23 14:50 - 2012-06-16 11:38 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\System32\Redemption.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00974848 ____A C:\Windows\System32\cis-2.4.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00569344 ____A (© MusicCity) C:\Windows\System32\muzdecode.ax
2012-05-23 14:49 - 2012-05-23 14:49 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\System32\muzapp.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00352256 ____A (Sample Corporation) C:\Windows\System32\MSLUR71.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00258048 ____A (© PeeringPortal) C:\Windows\System32\muzoggsp.ax
2012-05-23 14:49 - 2012-05-23 14:49 - 00245760 ____A (Teruten Inc.) C:\Windows\System32\MSCLib.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00200704 ____A ( © MusicCity) C:\Windows\System32\muzwmts.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\System32\muzapp.exe
2012-05-23 14:49 - 2012-05-23 14:49 - 00155648 ____A (Teruten Inc.) C:\Windows\System32\MSFLib.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00143360 ____A C:\Windows\System32\3DAudio.ax
2012-05-23 14:49 - 2012-05-23 14:49 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\System32\muzaf1.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00131072 ____A (© MusicCity) C:\Windows\System32\muzmpgsp.ax
2012-05-23 14:49 - 2012-05-23 14:49 - 00122880 ____A (© MUSICCITY) C:\Windows\System32\muzeffect.ax
2012-05-23 14:49 - 2012-05-23 14:49 - 00118784 ____A ((?)????) C:\Windows\System32\MaDRM.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00110592 ____A (© MusicCity) C:\Windows\System32\muzmp4sp.ax
2012-05-23 14:49 - 2012-05-23 14:49 - 00081920 ____A C:\Windows\System32\issacapi_bs-2.3.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00065536 ____A C:\Windows\System32\issacapi_pe-2.3.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00057344 ____A C:\Windows\System32\issacapi_se-2.3.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00057344 ____A (Marktek) C:\Windows\System32\MK_Lyric.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00057344 ____A (Marktek Inc.) C:\Windows\System32\MTXSYNCICON.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00049152 ____A ((?) ????) C:\Windows\System32\MaJGUILib.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00045320 ____A (MARKANY) C:\Windows\System32\MAMACExtract.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00045056 ____A ((?) ????) C:\Windows\System32\MaXMLProto.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00045056 ____A ((?) ????) C:\Windows\System32\MACXMLProto.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00040960 ____A (Telechips Inc.,) C:\Windows\System32\MTTELECHIP.dll
2012-05-23 14:49 - 2012-05-23 14:49 - 00024576 ____A ((?)????) C:\Windows\System32\MASetupCleaner.exe


ZeroAccess:
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\n
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\00000004.@
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\201d3dde
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000004.@
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\000000cb.@
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\80000000.@

ZeroAccess:
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\n
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000004.@
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\00000008.@
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\000000cb.@
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\80000000.@
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U\80000032.@

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3061.69 MB
Available physical RAM: 2609.04 MB
Total Pagefile: 2834.14 MB
Available Pagefile: 2681.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.31 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:223.08 GB) (Free:23.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.6 GB) NTFS
3 Drive e: (FRMCFRE_EN_DVD) (CDROM) (Total:2.87 GB) (Free:0 GB) UDF
4 Drive f: (UDISK 2.0) (Removable) (Total:1.92 GB) (Free:0.75 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 1968 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 223 GB 10 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 10 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 223 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1968 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F UDISK 2.0 FAT Removable 1968 MB Healthy

==================================================================================

Last Boot: 2012-08-12 13:55

======================= End Of Log ==========================






Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 2012-08-14 13:13:14
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-10-20 14:01] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:22] - [2008-01-20 18:22] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2009-10-20 14:01] - [2012-08-13 16:31] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 14 August 2012 - 03:21 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b}
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 brmommy

brmommy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 14 August 2012 - 03:43 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012
Ran by SYSTEM at 2012-08-14 16:43:00 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
C:\Windows\Installer\{7faaaafa-cf14-2f74-3593-878a94dc601b} moved successfully.
C:\Users\bkr\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b} moved successfully.

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 14 August 2012 - 07:32 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 brmommy

brmommy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 14 August 2012 - 09:05 PM

The only problem I had was was when I ran ComboFix, a popup said that Windows Security Essentials was still running. I had shut it off as the instructions you linked to showed. I went ahead and clicked for it to go ahead and run at my own risk. It seemed to work.

The computer is no longer rebooting constantly. Thank you!!!! I've gotten a few "not responding" messages to programs. Once with Task manager and once with Firefox. Like maybe the computer is running a little slow or something.

When this is completed, I do want to make a donation. Does that go directly to you or "Bleeping Computer"?


ComboFix 12-08-14.05 - bkr 08/14/2012 21:21:18.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3062.1764 [GMT -4:00]
Running from: c:\users\bkr\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bkr\AppData\Roaming\msxml4.dll
c:\users\bkr\AppData\Roaming\msxml4a.dll
c:\users\bkr\AppData\Roaming\msxml4r.dll
c:\users\bkr\GoToAssistDownloadHelper.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\spool\prtprocs\w32x86\LXBBPP5C.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 01:35 . 2012-08-15 01:35 -------- d-----w- c:\users\Kids\AppData\Local\temp
2012-08-15 01:35 . 2012-08-15 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 01:35 . 2012-08-15 01:35 -------- d-----w- c:\users\brendadesktop\AppData\Local\temp
2012-08-14 21:10 . 2012-08-14 21:10 -------- d-----w- C:\FRST
2012-08-12 22:24 . 2012-08-12 22:24 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-08-12 21:43 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FDC4C14-FD86-4F44-9F07-3DCAC99F352A}\mpengine.dll
2012-08-12 21:38 . 2012-08-12 21:38 -------- d-----w- C:\Quarantine
2012-08-10 21:16 . 2012-08-10 21:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-03 20:29 . 2012-08-03 20:29 -------- d-----w- c:\users\bkr\AppData\Roaming\HpUpdate
2012-08-03 20:28 . 2010-11-17 01:10 527208 ------w- c:\windows\system32\HPDiscoPM9311.dll
2012-08-03 20:13 . 2008-01-21 02:21 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-08-01 18:06 . 2012-08-11 02:35 -------- d-----w- c:\users\bkr\AppData\Roaming\Audacity
2012-08-01 18:05 . 2012-08-01 18:05 -------- d-----w- c:\program files\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 20:34 . 2012-04-11 12:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-12 20:34 . 2011-06-06 12:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 08:44 . 2011-06-08 13:46 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-02 22:19 . 2012-06-08 23:31 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:31 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:31 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:31 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 23:31 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 23:31 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 23:31 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-08 23:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-08 23:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-23 22:50 . 2012-06-16 19:38 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-05-23 22:49 . 2012-05-23 22:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-05-23 22:49 . 2012-05-23 22:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-05-23 22:49 . 2012-05-23 22:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-05-23 22:49 . 2012-05-23 22:49 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-05-23 22:49 . 2012-05-23 22:49 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-05-23 22:49 . 2012-05-23 22:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-05-23 22:49 . 2012-05-23 22:49 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-05-23 22:49 . 2012-05-23 22:49 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-05-23 22:49 . 2012-05-23 22:49 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-05-23 22:49 . 2012-05-23 22:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-05-23 22:49 . 2012-05-23 22:49 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-05-23 22:49 . 2012-05-23 22:49 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-05-23 22:49 . 2012-05-23 22:49 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-05-23 22:49 . 2012-05-23 22:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-05-23 22:49 . 2012-05-23 22:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-05-23 22:49 . 2012-05-23 22:49 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-05-23 22:49 . 2012-05-23 22:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-05-23 22:49 . 2012-05-23 22:49 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-05-23 22:49 . 2012-05-23 22:49 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-05-23 22:49 . 2012-05-23 22:49 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-05-23 22:49 . 2012-05-23 22:49 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-05-23 22:49 . 2012-05-23 22:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-05-23 22:49 . 2012-05-23 22:49 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-05-23 22:49 . 2012-05-23 22:49 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-05-23 22:49 . 2012-05-23 22:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-08-12 20:36 . 2011-11-17 11:35 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-24 12:41 . 2009-12-07 02:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\bkr\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-03-30 1721192]
"Akamai NetSession Interface"="c:\users\bkr\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-22 159744]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-07-17 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-24 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-02-19 17664]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-22 4907008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\bkr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet Brenda's 3050A J611 (Network).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 44544]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfehidk
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352841613-2907538961-2909738737-1001Core.job
- c:\users\bkr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 22:59]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352841613-2907538961-2909738737-1001UA.job
- c:\users\bkr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 22:59]
.
2012-08-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
2012-08-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{28FAF8CB-FE96-464B-AC1D-6C9777CBBF71}: NameServer = 208.67.220.220,208.67.222.222
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\bkr\AppData\Roaming\Mozilla\Firefox\Profiles\24jek8h9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-htffjcio - c:\users\bkr\AppData\Local\ajweri\hxersftav.exe
HKLM-Run-Lexmark X74-X75 - c:\program files\Lexmark X74-X75\lxbbbmgr.exe
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
AddRemove-Destinator PC Portal - c:\program files\LGE PC Portal\Inst.exe \U
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe
c:\windows\system32\lxctcoms.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\mcupdate.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-14 21:53:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 01:52
.
Pre-Run: 24,803,401,728 bytes free
Post-Run: 30,291,755,008 bytes free
.
- - End Of File - - 192613244EE3F6FEEA41C7E7C00B2EC4

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 14 August 2012 - 09:28 PM

Greetings

When this is completed, I do want to make a donation. - it goes to me as BC makes its money from advertizing

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 brmommy

brmommy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 15 August 2012 - 04:59 AM

Here are the reports. Just curious when I should turn Microsoft Security Essentials back on? Since I'm back on the internet here, just want to be protected.


22:38:21.0106 2364 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
22:38:21.0652 2364 ============================================================
22:38:21.0652 2364 Current date / time: 2012/08/14 22:38:21.0652
22:38:21.0652 2364 SystemInfo:
22:38:21.0652 2364
22:38:21.0652 2364 OS Version: 6.0.6002 ServicePack: 2.0
22:38:21.0652 2364 Product type: Workstation
22:38:21.0652 2364 ComputerName: BKRLAPTOP09
22:38:21.0653 2364 UserName: bkr
22:38:21.0653 2364 Windows directory: C:\Windows
22:38:21.0653 2364 System windows directory: C:\Windows
22:38:21.0653 2364 Processor architecture: Intel x86
22:38:21.0653 2364 Number of processors: 2
22:38:21.0653 2364 Page size: 0x1000
22:38:21.0653 2364 Boot type: Normal boot
22:38:21.0653 2364 ============================================================
22:38:25.0087 2364 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:38:25.0113 2364 ============================================================
22:38:25.0113 2364 \Device\Harddisk0\DR0:
22:38:25.0113 2364 MBR partitions:
22:38:25.0113 2364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
22:38:25.0113 2364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x1BE29170
22:38:25.0113 2364 ============================================================
22:38:25.0115 2364 C: <-> \Device\Harddisk0\DR0\Partition2
22:38:25.0207 2364 D: <-> \Device\Harddisk0\DR0\Partition1
22:38:25.0207 2364 ============================================================
22:38:25.0207 2364 Initialize success
22:38:25.0207 2364 ============================================================
22:38:42.0978 5516 ============================================================
22:38:42.0978 5516 Scan started
22:38:42.0978 5516 Mode: Manual;
22:38:42.0978 5516 ============================================================
22:38:43.0415 5516 ================ Scan services =============================
22:38:44.0070 5516 [ 585e64bb6dfbc0a2f1f0b554ded012df ] 61883 C:\Windows\system32\DRIVERS\61883.sys
22:38:44.0148 5516 61883 - ok
22:38:44.0210 5516 [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:38:44.0210 5516 ACPI - ok
22:38:44.0491 5516 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:38:44.0491 5516 AdobeARMservice - ok
22:38:44.0553 5516 [ 04f0fcac69c7c71a3ac4eb97fafc8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:38:44.0585 5516 adp94xx - ok
22:38:44.0600 5516 [ 60505e0041f7751bdbb80f88bf45c2ce ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:38:44.0616 5516 adpahci - ok
22:38:44.0631 5516 [ 8a42779b02aec986eab64ecfc98f8bd7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:38:44.0678 5516 adpu160m - ok
22:38:44.0678 5516 [ 241c9e37f8ce45ef51c3de27515ca4e5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:38:44.0725 5516 adpu320 - ok
22:38:44.0819 5516 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:38:44.0819 5516 AeLookupSvc - ok
22:38:45.0255 5516 [ 330a1e4df07c2e29949ed8631cd8828e ] AERTFilters C:\Windows\system32\AERTSrv.exe
22:38:45.0333 5516 AERTFilters - ok
22:38:45.0411 5516 [ 3911b972b55fea0478476b2e777b29fa ] AFD C:\Windows\system32\drivers\afd.sys
22:38:45.0458 5516 AFD - ok
22:38:45.0505 5516 [ 13f9e33747e6b41a3ff305c37db0d360 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:38:45.0536 5516 agp440 - ok
22:38:45.0583 5516 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:38:45.0645 5516 aic78xx - ok
22:38:45.0848 5516 [ 29584f02a43e427c4227e3b1d9ff1b22 ] Akamai c:\program files\common files\akamai/netsession_win_4f7fccd.dll
22:38:45.0848 5516 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
22:38:45.0848 5516 Akamai ( HiddenFile.Multi.Generic ) - warning
22:38:45.0848 5516 Akamai - detected HiddenFile.Multi.Generic (1)
22:38:45.0989 5516 [ a1545b731579895d8cc44fc0481c1192 ] ALG C:\Windows\System32\alg.exe
22:38:46.0020 5516 ALG - ok
22:38:46.0363 5516 [ 9eaef5fc9b8e351afa7e78a6fae91f91 ] aliide C:\Windows\system32\drivers\aliide.sys
22:38:46.0379 5516 aliide - ok
22:38:46.0441 5516 [ c47344bc706e5f0b9dce369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:38:46.0488 5516 amdagp - ok
22:38:46.0503 5516 [ 9b78a39a4c173fdbc1321e0dd659b34c ] amdide C:\Windows\system32\drivers\amdide.sys
22:38:46.0519 5516 amdide - ok
22:38:46.0519 5516 [ 18f29b49ad23ecee3d2a826c725c8d48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:38:46.0550 5516 AmdK7 - ok
22:38:46.0550 5516 [ 93ae7f7dd54ab986a6f1a1b37be7442d ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:38:46.0581 5516 AmdK8 - ok
22:38:46.0675 5516 [ dd8d9c597af7cd2f6b70a3d6a4a1acea ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
22:38:46.0753 5516 androidusb - ok
22:38:46.0815 5516 [ 350f19eb5fe4ec37a2414df56cde1aa8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:38:46.0831 5516 ApfiltrService - ok
22:38:46.0878 5516 [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo C:\Windows\System32\appinfo.dll
22:38:46.0878 5516 Appinfo - ok
22:38:46.0940 5516 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:38:46.0940 5516 Apple Mobile Device - ok
22:38:46.0971 5516 [ 0fe769cae5855b53c90e23f85e7e89ff ] AppMgmt C:\Windows\System32\appmgmts.dll
22:38:46.0987 5516 AppMgmt - ok
22:38:47.0003 5516 [ 5d2888182fb46632511acee92fdad522 ] arc C:\Windows\system32\drivers\arc.sys
22:38:47.0034 5516 arc - ok
22:38:47.0049 5516 [ 5e2a321bd7c8b3624e41fdec3e244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:38:47.0081 5516 arcsas - ok
22:38:47.0252 5516 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:38:47.0315 5516 aspnet_state - ok
22:38:47.0346 5516 [ 53b202abee6455406254444303e87be1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:38:47.0361 5516 AsyncMac - ok
22:38:47.0393 5516 [ 1f05b78ab91c9075565a9d8a4b880bc4 ] atapi C:\Windows\system32\drivers\atapi.sys
22:38:47.0393 5516 atapi - ok
22:38:47.0455 5516 [ 68e2a1a0407a66cf50da0300852424ab ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:38:47.0455 5516 AudioEndpointBuilder - ok
22:38:47.0455 5516 [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:38:47.0455 5516 Audiosrv - ok
22:38:47.0517 5516 [ f4b56425a00beb32f5fa6603ff7b0ea2 ] Avc C:\Windows\system32\DRIVERS\avc.sys
22:38:47.0549 5516 Avc - ok
22:38:47.0580 5516 [ 7bd70aeed0d975285a1b20bd012ebf4e ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
22:38:47.0580 5516 BCM42RLY - ok
22:38:47.0642 5516 [ fa6707a346cd122407f3b0bad1c47639 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
22:38:47.0642 5516 BCM43XX - ok
22:38:48.0110 5516 [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:38:48.0126 5516 Beep - ok
22:38:48.0188 5516 [ c789af0f724fda5852fb9a7d3a432381 ] BFE C:\Windows\System32\bfe.dll
22:38:48.0188 5516 BFE - ok
22:38:48.0251 5516 [ d4df28447741fd3d953526e33a617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:38:48.0282 5516 blbdrive - ok
22:38:48.0391 5516 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:38:48.0407 5516 Bonjour Service - ok
22:38:48.0453 5516 [ 35f376253f687bde63976ccb3f2108ca ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:38:48.0485 5516 bowser - ok
22:38:48.0547 5516 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:38:48.0609 5516 BrFiltLo - ok
22:38:48.0609 5516 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:38:48.0656 5516 BrFiltUp - ok
22:38:48.0734 5516 [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser C:\Windows\System32\browser.dll
22:38:48.0734 5516 Browser - ok
22:38:48.0750 5516 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
22:38:48.0781 5516 Brserid - ok
22:38:48.0968 5516 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:38:48.0999 5516 BrSerWdm - ok
22:38:49.0015 5516 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:38:49.0031 5516 BrUsbMdm - ok
22:38:49.0031 5516 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:38:49.0062 5516 BrUsbSer - ok
22:38:49.0109 5516 [ 6d39c954799b63ba866910234cf7d726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
22:38:49.0140 5516 BthEnum - ok
22:38:49.0155 5516 [ 43c96c1ac278bc22e7799c23405635a0 ] BTHFILT C:\Windows\system32\DRIVERS\BthFilt.sys
22:38:49.0171 5516 BTHFILT - ok
22:38:49.0218 5516 [ d8abbcb42c550fd3a29dec6daabd0a87 ] BthFilterHelper C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
22:38:49.0265 5516 BthFilterHelper - ok
22:38:49.0452 5516 [ 9a966a8e86d1771911ae34a20d11bff3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:38:49.0483 5516 BTHMODEM - ok
22:38:49.0545 5516 [ 5904efa25f829bf84ea6fb045134a1d8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:38:49.0561 5516 BthPan - ok
22:38:49.0608 5516 [ 611ff3f2f095c8d4a6d4cfd9dcc09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
22:38:49.0655 5516 BTHPORT - ok
22:38:49.0686 5516 [ a4c8377fa4a994e07075107dbe2e3dce ] BthServ C:\Windows\System32\bthserv.dll
22:38:49.0686 5516 BthServ - ok
22:38:49.0904 5516 [ d330803eab2a15caec7f011f1d4cb30e ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
22:38:49.0920 5516 BTHUSB - ok
22:38:49.0982 5516 [ df515dcccfbfcf550d38ca3956d8b343 ] CASprint C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
22:38:50.0045 5516 CASprint - ok
22:38:50.0388 5516 catchme - ok
22:38:50.0388 5516 Scan interrupted by user!
22:38:50.0388 5516 ================ Scan global ===============================
22:38:50.0388 5516 Scan interrupted by user!
22:38:50.0388 5516 ================ Scan MBR ==================================
22:38:50.0388 5516 Scan interrupted by user!
22:38:50.0388 5516 ================ Scan VBR ==================================
22:38:50.0388 5516 Scan interrupted by user!
22:38:50.0388 5516 ============================================================
22:38:50.0388 5516 Scan finished
22:38:50.0388 5516 ============================================================
22:38:50.0403 4392 Detected object count: 1
22:38:50.0403 4392 Actual detected object count: 1
22:39:16.0235 4392 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
22:39:16.0235 4392 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
22:39:18.0668 5900 ============================================================
22:39:18.0668 5900 Scan started
22:39:18.0668 5900 Mode: Manual;
22:39:18.0668 5900 ============================================================
22:39:18.0980 5900 ================ Scan services =============================
22:39:19.0152 5900 [ 585e64bb6dfbc0a2f1f0b554ded012df ] 61883 C:\Windows\system32\DRIVERS\61883.sys
22:39:19.0152 5900 61883 - ok
22:39:19.0183 5900 [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:39:19.0199 5900 ACPI - ok
22:39:19.0339 5900 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:39:19.0339 5900 AdobeARMservice - ok
22:39:19.0370 5900 [ 04f0fcac69c7c71a3ac4eb97fafc8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:39:19.0370 5900 adp94xx - ok
22:39:19.0386 5900 [ 60505e0041f7751bdbb80f88bf45c2ce ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:39:19.0386 5900 adpahci - ok
22:39:19.0402 5900 [ 8a42779b02aec986eab64ecfc98f8bd7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:39:19.0402 5900 adpu160m - ok
22:39:19.0402 5900 [ 241c9e37f8ce45ef51c3de27515ca4e5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:39:19.0402 5900 adpu320 - ok
22:39:19.0433 5900 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:39:19.0433 5900 AeLookupSvc - ok
22:39:19.0464 5900 [ 330a1e4df07c2e29949ed8631cd8828e ] AERTFilters C:\Windows\system32\AERTSrv.exe
22:39:19.0480 5900 AERTFilters - ok
22:39:19.0511 5900 [ 3911b972b55fea0478476b2e777b29fa ] AFD C:\Windows\system32\drivers\afd.sys
22:39:19.0511 5900 AFD - ok
22:39:19.0526 5900 [ 13f9e33747e6b41a3ff305c37db0d360 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:39:19.0526 5900 agp440 - ok
22:39:19.0558 5900 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:39:19.0558 5900 aic78xx - ok
22:39:19.0714 5900 [ 29584f02a43e427c4227e3b1d9ff1b22 ] Akamai c:\program files\common files\akamai/netsession_win_4f7fccd.dll
22:39:19.0714 5900 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
22:39:19.0714 5900 Akamai ( HiddenFile.Multi.Generic ) - warning
22:39:19.0714 5900 Akamai - detected HiddenFile.Multi.Generic (1)
22:39:19.0745 5900 [ a1545b731579895d8cc44fc0481c1192 ] ALG C:\Windows\System32\alg.exe
22:39:19.0745 5900 ALG - ok
22:39:19.0745 5900 [ 9eaef5fc9b8e351afa7e78a6fae91f91 ] aliide C:\Windows\system32\drivers\aliide.sys
22:39:19.0745 5900 aliide - ok
22:39:19.0760 5900 [ c47344bc706e5f0b9dce369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:39:19.0760 5900 amdagp - ok
22:39:19.0760 5900 [ 9b78a39a4c173fdbc1321e0dd659b34c ] amdide C:\Windows\system32\drivers\amdide.sys
22:39:19.0760 5900 amdide - ok
22:39:19.0792 5900 [ 18f29b49ad23ecee3d2a826c725c8d48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:39:19.0792 5900 AmdK7 - ok
22:39:19.0792 5900 [ 93ae7f7dd54ab986a6f1a1b37be7442d ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:39:19.0807 5900 AmdK8 - ok
22:39:19.0838 5900 [ dd8d9c597af7cd2f6b70a3d6a4a1acea ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
22:39:19.0838 5900 androidusb - ok
22:39:19.0870 5900 [ 350f19eb5fe4ec37a2414df56cde1aa8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:39:19.0885 5900 ApfiltrService - ok
22:39:19.0885 5900 [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo C:\Windows\System32\appinfo.dll
22:39:19.0885 5900 Appinfo - ok
22:39:19.0963 5900 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:39:19.0963 5900 Apple Mobile Device - ok
22:39:19.0994 5900 [ 0fe769cae5855b53c90e23f85e7e89ff ] AppMgmt C:\Windows\System32\appmgmts.dll
22:39:20.0010 5900 AppMgmt - ok
22:39:20.0026 5900 [ 5d2888182fb46632511acee92fdad522 ] arc C:\Windows\system32\drivers\arc.sys
22:39:20.0026 5900 arc - ok
22:39:20.0041 5900 [ 5e2a321bd7c8b3624e41fdec3e244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:39:20.0041 5900 arcsas - ok
22:39:20.0150 5900 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:39:20.0150 5900 aspnet_state - ok
22:39:20.0166 5900 [ 53b202abee6455406254444303e87be1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:39:20.0166 5900 AsyncMac - ok
22:39:20.0197 5900 [ 1f05b78ab91c9075565a9d8a4b880bc4 ] atapi C:\Windows\system32\drivers\atapi.sys
22:39:20.0197 5900 atapi - ok
22:39:20.0244 5900 [ 68e2a1a0407a66cf50da0300852424ab ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:39:20.0244 5900 AudioEndpointBuilder - ok
22:39:20.0260 5900 [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:39:20.0260 5900 Audiosrv - ok
22:39:20.0291 5900 [ f4b56425a00beb32f5fa6603ff7b0ea2 ] Avc C:\Windows\system32\DRIVERS\avc.sys
22:39:20.0306 5900 Avc - ok
22:39:20.0322 5900 [ 7bd70aeed0d975285a1b20bd012ebf4e ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
22:39:20.0322 5900 BCM42RLY - ok
22:39:20.0384 5900 [ fa6707a346cd122407f3b0bad1c47639 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
22:39:20.0400 5900 BCM43XX - ok
22:39:20.0416 5900 [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:39:20.0416 5900 Beep - ok
22:39:20.0462 5900 [ c789af0f724fda5852fb9a7d3a432381 ] BFE C:\Windows\System32\bfe.dll
22:39:20.0462 5900 BFE - ok
22:39:20.0494 5900 [ d4df28447741fd3d953526e33a617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:39:20.0494 5900 blbdrive - ok
22:39:20.0572 5900 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:39:20.0572 5900 Bonjour Service - ok
22:39:20.0603 5900 [ 35f376253f687bde63976ccb3f2108ca ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:39:20.0603 5900 bowser - ok
22:39:20.0618 5900 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:39:20.0618 5900 BrFiltLo - ok
22:39:20.0618 5900 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:39:20.0618 5900 BrFiltUp - ok
22:39:20.0681 5900 [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser C:\Windows\System32\browser.dll
22:39:20.0681 5900 Browser - ok
22:39:20.0696 5900 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
22:39:20.0696 5900 Brserid - ok
22:39:20.0728 5900 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:39:20.0728 5900 BrSerWdm - ok
22:39:20.0728 5900 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:39:20.0728 5900 BrUsbMdm - ok
22:39:20.0743 5900 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:39:20.0743 5900 BrUsbSer - ok
22:39:20.0774 5900 [ 6d39c954799b63ba866910234cf7d726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
22:39:20.0774 5900 BthEnum - ok
22:39:20.0806 5900 [ 43c96c1ac278bc22e7799c23405635a0 ] BTHFILT C:\Windows\system32\DRIVERS\BthFilt.sys
22:39:20.0806 5900 BTHFILT - ok
22:39:20.0852 5900 [ d8abbcb42c550fd3a29dec6daabd0a87 ] BthFilterHelper C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
22:39:20.0852 5900 BthFilterHelper - ok
22:39:20.0884 5900 [ 9a966a8e86d1771911ae34a20d11bff3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:39:20.0884 5900 BTHMODEM - ok
22:39:20.0899 5900 [ 5904efa25f829bf84ea6fb045134a1d8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:39:20.0899 5900 BthPan - ok
22:39:20.0946 5900 [ 611ff3f2f095c8d4a6d4cfd9dcc09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
22:39:20.0962 5900 BTHPORT - ok
22:39:20.0993 5900 [ a4c8377fa4a994e07075107dbe2e3dce ] BthServ C:\Windows\System32\bthserv.dll
22:39:20.0993 5900 BthServ - ok
22:39:21.0024 5900 [ d330803eab2a15caec7f011f1d4cb30e ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
22:39:21.0040 5900 BTHUSB - ok
22:39:21.0102 5900 [ df515dcccfbfcf550d38ca3956d8b343 ] CASprint C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe
22:39:21.0102 5900 CASprint - ok
22:39:21.0274 5900 catchme - ok
22:39:21.0320 5900 [ 7add03e75beb9e6dd102c3081d29840a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:39:21.0320 5900 cdfs - ok
22:39:21.0336 5900 [ 6b4bffb9becd728097024276430db314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:39:21.0336 5900 cdrom - ok
22:39:21.0352 5900 [ 312ec3e37a0a1f2006534913e37b4423 ] CertPropSvc C:\Windows\System32\certprop.dll
22:39:21.0367 5900 CertPropSvc - ok
22:39:21.0383 5900 [ e5d4133f37219dbcfe102bc61072589d ] circlass C:\Windows\system32\drivers\circlass.sys
22:39:21.0383 5900 circlass - ok
22:39:21.0445 5900 [ d7659d3b5b92c31e84e53c1431f35132 ] CLFS C:\Windows\system32\CLFS.sys
22:39:21.0461 5900 CLFS - ok
22:39:21.0539 5900 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:21.0539 5900 clr_optimization_v2.0.50727_32 - ok
22:39:21.0601 5900 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:21.0601 5900 clr_optimization_v4.0.30319_32 - ok
22:39:21.0632 5900 [ 99afc3795b58cc478fbbbcdc658fcb56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:39:21.0632 5900 CmBatt - ok
22:39:21.0664 5900 [ 0ca25e686a4928484e9fdabd168ab629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:39:21.0664 5900 cmdide - ok
22:39:21.0679 5900 [ 6afef0b60fa25de07c0968983ee4f60a ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:39:21.0679 5900 Compbatt - ok
22:39:21.0695 5900 COMSysApp - ok
22:39:21.0710 5900 [ 741e9dff4f42d2d8477d0fc1dc0df871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:39:21.0710 5900 crcdisk - ok
22:39:21.0710 5900 [ 1f07becdca750766a96cda811ba86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
22:39:21.0710 5900 Crusoe - ok
22:39:21.0757 5900 [ fb27772beaf8e1d28ccd825c09da939b ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:39:21.0757 5900 CryptSvc - ok
22:39:21.0788 5900 [ 9bdb2e89be8d0ef37b1f25c3d3fc192c ] CSC C:\Windows\system32\drivers\csc.sys
22:39:21.0788 5900 CSC - ok
22:39:21.0866 5900 [ 0a2095f92f6ae4fe6484d911b0c21e95 ] CscService C:\Windows\System32\cscsvc.dll
22:39:21.0882 5900 CscService - ok
22:39:21.0929 5900 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:39:21.0929 5900 DcomLaunch - ok
22:39:21.0976 5900 [ 622c41a07ca7e6dd91770f50d532cb6c ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:39:21.0976 5900 DfsC - ok
22:39:22.0022 5900 [ 2cc3dcfb533a1035b13dcab6160ab38b ] DFSR C:\Windows\system32\DFSR.exe
22:39:22.0069 5900 DFSR - ok
22:39:22.0132 5900 [ 9028559c132146fb75eb7acf384b086a ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:39:22.0132 5900 Dhcp - ok
22:39:22.0178 5900 [ 5d4aefc3386920236a548271f8f1af6a ] disk C:\Windows\system32\drivers\disk.sys
22:39:22.0178 5900 disk - ok
22:39:22.0210 5900 [ 57d762f6f5974af0da2be88a3349baaa ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:39:22.0210 5900 Dnscache - ok
22:39:22.0256 5900 [ 324fd74686b1ef5e7c19a8af49e748f6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:39:22.0256 5900 dot3svc - ok
22:39:22.0288 5900 [ a622e888f8aa2f6b49e9bc466f0e5def ] DPS C:\Windows\system32\dps.dll
22:39:22.0288 5900 DPS - ok
22:39:22.0319 5900 [ 97fef831ab90bee128c9af390e243f80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:39:22.0319 5900 drmkaud - ok
22:39:22.0381 5900 [ c68ac676b0ef30cfbb1080adce49eb1f ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:39:22.0381 5900 DXGKrnl - ok
22:39:22.0412 5900 [ 5425f74ac0c1dbd96a1e04f17d63f94c ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
22:39:22.0428 5900 E1G60 - ok
22:39:22.0444 5900 [ c0b95e40d85cd807d614e264248a45b9 ] EapHost C:\Windows\System32\eapsvc.dll
22:39:22.0444 5900 EapHost - ok
22:39:22.0475 5900 [ 7f64ea048dcfac7acf8b4d7b4e6fe371 ] Ecache C:\Windows\system32\drivers\ecache.sys
22:39:22.0475 5900 Ecache - ok
22:39:22.0537 5900 [ 9be3744d295a7701eb425332014f0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:39:22.0537 5900 ehRecvr - ok
22:39:22.0553 5900 [ ad1870c8e5d6dd340c829e6074bf3c3f ] ehSched C:\Windows\ehome\ehsched.exe
22:39:22.0553 5900 ehSched - ok
22:39:22.0568 5900 [ c27c4ee8926e74aa72efcab24c5242c3 ] ehstart C:\Windows\ehome\ehstart.dll
22:39:22.0568 5900 ehstart - ok
22:39:22.0584 5900 [ 23b62471681a124889978f6295b3f4c6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:39:22.0584 5900 elxstor - ok
22:39:22.0631 5900 [ 4e6b23dfc917ea39306b529b773950f4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:39:22.0662 5900 EMDMgmt - ok
22:39:22.0662 5900 [ 3db974f3935483555d7148663f726c61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:39:22.0662 5900 ErrDev - ok
22:39:22.0756 5900 [ 67058c46504bc12d821f38cf99b7b28f ] EventSystem C:\Windows\system32\es.dll
22:39:22.0756 5900 EventSystem - ok
22:39:22.0802 5900 [ 22b408651f9123527bcee54b4f6c5cae ] exfat C:\Windows\system32\drivers\exfat.sys
22:39:22.0802 5900 exfat - ok
22:39:22.0880 5900 [ 1e9b9a70d332103c52995e957dc09ef8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:39:22.0880 5900 fastfat - ok
22:39:22.0912 5900 [ dfba0f60fa301e5b1bfb1403a93ee23e ] Fax C:\Windows\system32\fxssvc.exe
22:39:22.0943 5900 Fax - ok
22:39:22.0974 5900 [ afe1e8b9782a0dd7fb46bbd88e43f89a ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:39:22.0974 5900 fdc - ok
22:39:22.0990 5900 [ 6629b5f0e98151f4afdd87567ea32ba3 ] fdPHost C:\Windows\system32\fdPHost.dll
22:39:23.0005 5900 fdPHost - ok
22:39:23.0021 5900 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub C:\Windows\system32\fdrespub.dll
22:39:23.0021 5900 FDResPub - ok
22:39:23.0036 5900 [ a8c0139a884861e3aae9cfe73b208a9f ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:39:23.0036 5900 FileInfo - ok
22:39:23.0052 5900 [ 0ae429a696aecbc5970e3cf2c62635ae ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:39:23.0052 5900 Filetrace - ok
22:39:23.0146 5900 [ b8602c90d3c427d8a86ce60437615cf5 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
22:39:23.0146 5900 FlipShare Service - ok
22:39:23.0239 5900 [ ac5fb7094f31534594cae48306972cbd ] FlipShareServer C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
22:39:23.0239 5900 FlipShareServer - ok
22:39:23.0239 5900 [ 85b7cf99d532820495d68d747fda9ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:39:23.0255 5900 flpydisk - ok
22:39:23.0317 5900 [ 01334f9ea68e6877c4ef05d3ea8abb05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:39:23.0317 5900 FltMgr - ok
22:39:23.0395 5900 [ 8ce364388c8eca59b14b539179276d44 ] FontCache C:\Windows\system32\FntCache.dll
22:39:23.0426 5900 FontCache - ok
22:39:23.0458 5900 [ c7fbdd1ed42f82bfa35167a5c9803ea3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:39:23.0458 5900 FontCache3.0.0.0 - ok
22:39:23.0489 5900 [ 65ea8b77b5851854f0c55c43fa51a198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:39:23.0489 5900 Fs_Rec - ok
22:39:23.0567 5900 [ fecf4c2e42440a8d132bf94eee3c3fc9 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:39:23.0567 5900 fvevol - ok
22:39:23.0582 5900 [ 34582a6e6573d54a07ece5fe24a126b5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:39:23.0582 5900 gagp30kx - ok
22:39:23.0598 5900 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:39:23.0598 5900 GEARAspiWDM - ok
22:39:23.0660 5900 [ 9f5f2f0fb0a7f5aa9f16b9a7b6dad89f ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:39:23.0660 5900 GoogleDesktopManager-051210-111108 - ok
22:39:23.0754 5900 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
22:39:23.0754 5900 GoToAssist - ok
22:39:23.0816 5900 [ cd5d0aeee35dfd4e986a5aa1500a6e66 ] gpsvc C:\Windows\System32\gpsvc.dll
22:39:23.0832 5900 gpsvc - ok
22:39:23.0879 5900 [ 062452b7ffd68c8c042a6261fe8dff4a ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:39:23.0879 5900 HDAudBus - ok
22:39:23.0926 5900 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:39:23.0926 5900 HidBth - ok
22:39:23.0941 5900 [ ff3160c3a2445128c5a6d9b076da519e ] HidIr C:\Windows\system32\drivers\hidir.sys
22:39:23.0941 5900 HidIr - ok
22:39:23.0972 5900 [ 84067081f3318162797385e11a8f0582 ] hidserv C:\Windows\System32\hidserv.dll
22:39:23.0972 5900 hidserv - ok
22:39:24.0035 5900 [ cca4b519b17e23a00b826c55716809cc ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:39:24.0035 5900 HidUsb - ok
22:39:24.0082 5900 [ d8ad255b37da92434c26e4876db7d418 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:39:24.0082 5900 hkmsvc - ok
22:39:24.0082 5900 [ 16ee7b23a009e00d835cdb79574a91a6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:39:24.0082 5900 HpCISSs - ok
22:39:24.0144 5900 [ f870aa3e254628ebeafe754108d664de ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:39:24.0144 5900 HTTP - ok
22:39:24.0160 5900 [ c6b032d69650985468160fc9937cf5b4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:39:24.0160 5900 i2omp - ok
22:39:24.0175 5900 [ 22d56c8184586b7a1f6fa60be5f5a2bd ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:39:24.0191 5900 i8042prt - ok
22:39:24.0222 5900 [ 2358c53f30cb9dcd1d3843c4e2f299b2 ] iaStor C:\Windows\system32\drivers\iastor.sys
22:39:24.0222 5900 iaStor - ok
22:39:24.0238 5900 [ 54155ea1b0df185878e0fc9ec3ac3a14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:39:24.0253 5900 iaStorV - ok
22:39:24.0331 5900 [ 98477b08e61945f974ed9fdc4cb6bdab ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:39:24.0362 5900 idsvc - ok
22:39:24.0456 5900 [ c134e69ce901422d1f2d7ea8d69098fe ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
22:39:24.0472 5900 igfx - ok
22:39:24.0487 5900 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:39:24.0487 5900 iirsp - ok
22:39:24.0550 5900 [ 9908d8a397b76cd8d31d0d383c5773c9 ] IKEEXT C:\Windows\System32\ikeext.dll
22:39:24.0550 5900 IKEEXT - ok
22:39:24.0643 5900 [ f8f53c5449f15b23d4c61d51d2701da8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:39:24.0643 5900 IntcAzAudAddService - ok
22:39:24.0752 5900 [ 83aa759f3189e6370c30de5dc5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:39:24.0752 5900 intelide - ok
22:39:24.0768 5900 [ 224191001e78c89dfa78924c3ea595ff ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:39:24.0768 5900 intelppm - ok
22:39:24.0815 5900 [ 9ac218c6e6105477484c6fdbe7d409a4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:39:24.0815 5900 IPBusEnum - ok
22:39:24.0877 5900 [ 62c265c38769b864cb25b4bcf62df6c3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:24.0877 5900 IpFilterDriver - ok
22:39:24.0940 5900 [ 1998bd97f950680bb55f55a7244679c2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:39:24.0940 5900 iphlpsvc - ok
22:39:24.0940 5900 IpInIp - ok
22:39:24.0955 5900 [ b25aaf203552b7b3491139d582b39ad1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:39:24.0971 5900 IPMIDRV - ok
22:39:24.0971 5900 [ 8793643a67b42cec66490b2a0cf92d68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:39:24.0971 5900 IPNAT - ok
22:39:25.0033 5900 [ 49918803b661367023bf325cf602afdc ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:39:25.0049 5900 iPod Service - ok
22:39:25.0064 5900 [ 109c0dfb82c3632fbd11949b73aeeac9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:39:25.0064 5900 IRENUM - ok
22:39:25.0064 5900 [ 6c70698a3e5c4376c6ab5c7c17fb0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:39:25.0064 5900 isapnp - ok
22:39:25.0111 5900 [ 232fa340531d940aac623b121a595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:39:25.0111 5900 iScsiPrt - ok
22:39:25.0111 5900 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:39:25.0127 5900 iteatapi - ok
22:39:25.0127 5900 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:39:25.0127 5900 iteraid - ok
22:39:25.0142 5900 [ 37605e0a8cf00cbba538e753e4344c6e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:25.0142 5900 kbdclass - ok
22:39:25.0189 5900 [ ede59ec70e25c24581add1fbec7325f7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:39:25.0189 5900 kbdhid - ok
22:39:25.0236 5900 [ a3e186b4b935905b829219502557314e ] KeyIso C:\Windows\system32\lsass.exe
22:39:25.0236 5900 KeyIso - ok
22:39:25.0267 5900 [ 2b2f1638466e8cb091400c9019cc730e ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:39:25.0267 5900 KSecDD - ok
22:39:25.0314 5900 [ 8078f8f8f7a79e2e6b494523a828c585 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:39:25.0330 5900 KtmRm - ok
22:39:25.0423 5900 [ 1bf5eebfd518dd7298434d8c862f825d ] LanmanServer C:\Windows\System32\srvsvc.dll
22:39:25.0423 5900 LanmanServer - ok
22:39:25.0486 5900 [ 1db69705b695b987082c8baec0c6b34f ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:39:25.0486 5900 LanmanWorkstation - ok
22:39:25.0564 5900 [ 32362d0c789458eea21ecc1b3534a901 ] LexBceS C:\Windows\System32\LEXBCES.EXE
22:39:25.0564 5900 LexBceS - ok
22:39:25.0610 5900 [ d1c5883087a0c3f1344d9d55a44901f6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:39:25.0610 5900 lltdio - ok
22:39:25.0657 5900 [ 2d5a428872f1442631d0959a34abff63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:39:25.0657 5900 lltdsvc - ok
22:39:25.0673 5900 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:39:25.0673 5900 lmhosts - ok
22:39:25.0735 5900 [ c7e15e82879bf3235b559563d4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:39:25.0735 5900 LSI_FC - ok
22:39:25.0735 5900 [ ee01ebae8c9bf0fa072e0ff68718920a ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:39:25.0735 5900 LSI_SAS - ok
22:39:25.0751 5900 [ 912a04696e9ca30146a62afa1463dd5c ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:39:25.0751 5900 LSI_SCSI - ok
22:39:25.0782 5900 [ 8f5c7426567798e62a3b3614965d62cc ] luafv C:\Windows\system32\drivers\luafv.sys
22:39:25.0782 5900 luafv - ok
22:39:25.0782 5900 lxct_device - ok
22:39:25.0844 5900 [ 6b5d093711eadd77c789b0150dc4879c ] MA_CMIDI C:\Windows\system32\drivers\ma_cmidi.sys
22:39:25.0844 5900 MA_CMIDI - ok
22:39:25.0860 5900 [ aef9babb8a506bc4ce0451a64aaded46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:39:25.0876 5900 Mcx2Svc - ok
22:39:25.0876 5900 [ 0001ce609d66632fa17b84705f658879 ] megasas C:\Windows\system32\drivers\megasas.sys
22:39:25.0876 5900 megasas - ok
22:39:25.0938 5900 [ c252f32cd9a49dbfc25ecf26ebd51a99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:39:25.0938 5900 MegaSR - ok
22:39:25.0985 5900 [ 41fe2f288e05a6c8ab85dd56770ffbad ] mferkdk C:\Windows\system32\drivers\mferkdk.sys
22:39:25.0985 5900 mferkdk - ok
22:39:26.0016 5900 [ 096b52ea918aa909ba5903d79e129005 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys
22:39:26.0016 5900 mfesmfk - ok
22:39:26.0110 5900 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:39:26.0110 5900 Microsoft Office Groove Audit Service - ok
22:39:26.0172 5900 [ 1076ffcffaae8385fd62dfcb25ac4708 ] MMCSS C:\Windows\system32\mmcss.dll
22:39:26.0172 5900 MMCSS - ok
22:39:26.0188 5900 [ e13b5ea0f51ba5b1512ec671393d09ba ] Modem C:\Windows\system32\drivers\modem.sys
22:39:26.0188 5900 Modem - ok
22:39:26.0203 5900 [ 0a9bb33b56e294f686abb7c1e4e2d8a8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:39:26.0203 5900 monitor - ok
22:39:26.0219 5900 [ 5bf6a1326a335c5298477754a506d263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:39:26.0219 5900 mouclass - ok
22:39:26.0234 5900 [ 93b8d4869e12cfbe663915502900876f ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:39:26.0234 5900 mouhid - ok
22:39:26.0250 5900 [ bdafc88aa6b92f7842416ea6a48e1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:39:26.0266 5900 MountMgr - ok
22:39:26.0328 5900 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:39:26.0328 5900 MozillaMaintenance - ok
22:39:26.0359 5900 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:39:26.0359 5900 MpFilter - ok
22:39:26.0390 5900 [ 511d011289755dd9f9a7579fb0b064e6 ] mpio C:\Windows\system32\drivers\mpio.sys
22:39:26.0390 5900 mpio - ok
22:39:26.0562 5900 [ a69630d039c38018689190234f866d77 ] MpKsl08af9cb3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5244A3CB-4ACF-4F7E-8B1C-8817D9C2A051}\MpKsl08af9cb3.sys
22:39:26.0562 5900 MpKsl08af9cb3 - ok
22:39:26.0578 5900 [ 22241feba9b2defa669c8cb0a8dd7d2e ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:39:26.0578 5900 mpsdrv - ok
22:39:26.0656 5900 [ 5de62c6e9108f14f6794060a9bdecaec ] MpsSvc C:\Windows\system32\mpssvc.dll
22:39:26.0671 5900 MpsSvc - ok
22:39:26.0702 5900 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:39:26.0702 5900 Mraid35x - ok
22:39:26.0734 5900 [ 82cea0395524aacfeb58ba1448e8325c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:39:26.0734 5900 MRxDAV - ok
22:39:26.0796 5900 [ 1e94971c4b446ab2290deb71d01cf0c2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:26.0796 5900 mrxsmb - ok
22:39:26.0812 5900 [ 4fccb34d793b116423209c0f8b7a3b03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:26.0812 5900 mrxsmb10 - ok
22:39:26.0827 5900 [ c3cb1b40ad4a0124d617a1199b0b9d7c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:26.0827 5900 mrxsmb20 - ok
22:39:26.0858 5900 [ 28023e86f17001f7cd9b15a5bc9ae07d ] msahci C:\Windows\system32\drivers\msahci.sys
22:39:26.0858 5900 msahci - ok
22:39:26.0858 5900 [ 4468b0f385a86ecddaf8d3ca662ec0e7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:39:26.0858 5900 msdsm - ok
22:39:26.0890 5900 [ fd7520cc3a80c5fc8c48852bb24c6ded ] MSDTC C:\Windows\System32\msdtc.exe
22:39:26.0890 5900 MSDTC - ok
22:39:26.0952 5900 [ 343291a4dfd7c923c3f71f550830ec1c ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
22:39:26.0952 5900 MSDV - ok
22:39:26.0968 5900 [ a9927f4a46b816c92f461acb90cf8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:39:26.0968 5900 Msfs - ok
22:39:26.0968 5900 [ 0f400e306f385c56317357d6dea56f62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:39:26.0983 5900 msisadrv - ok
22:39:27.0014 5900 [ 85466c0757a23d9a9aecdc0755203cb2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:39:27.0030 5900 MSiSCSI - ok
22:39:27.0030 5900 msiserver - ok
22:39:27.0077 5900 [ d8c63d34d9c9e56c059e24ec7185cc07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:39:27.0077 5900 MSKSSRV - ok
22:39:27.0108 5900 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:39:27.0108 5900 MsMpSvc - ok
22:39:27.0124 5900 [ 1d373c90d62ddb641d50e55b9e78d65e ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:27.0139 5900 MSPCLOCK - ok
22:39:27.0139 5900 [ b572da05bf4e098d4bba3a4734fb505b ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:39:27.0155 5900 MSPQM - ok
22:39:27.0186 5900 [ b49456d70555de905c311bcda6ec6adb ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:39:27.0186 5900 MsRPC - ok
22:39:27.0202 5900 [ e384487cb84be41d09711c30ca79646c ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:39:27.0202 5900 mssmbios - ok
22:39:27.0264 5900 MSSQL$MSSMLBIZ - ok
22:39:27.0311 5900 [ 1d89eb4e2a99cabd4e81225f4f4c4b25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
22:39:27.0311 5900 MSSQLServerADHelper - ok
22:39:27.0326 5900 [ 7199c1eec1e4993caf96b8c0a26bd58a ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:39:27.0326 5900 MSTEE - ok
22:39:27.0373 5900 [ 6a57b5733d4cb702c8ea4542e836b96c ] Mup C:\Windows\system32\Drivers\mup.sys
22:39:27.0373 5900 Mup - ok
22:39:27.0420 5900 [ e4eaf0c5c1b41b5c83386cf212ca9584 ] napagent C:\Windows\system32\qagentRT.dll
22:39:27.0420 5900 napagent - ok
22:39:27.0467 5900 [ 85c44fdff9cf7e72a40dcb7ec06a4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:39:27.0467 5900 NativeWifiP - ok
22:39:27.0514 5900 [ 1357274d1883f68300aeadd15d7bbb42 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:39:27.0514 5900 NDIS - ok
22:39:27.0545 5900 [ 0e186e90404980569fb449ba7519ae61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:27.0545 5900 NdisTapi - ok
22:39:27.0560 5900 [ d6973aa34c4d5d76c0430b181c3cd389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:27.0560 5900 Ndisuio - ok
22:39:27.0592 5900 [ 818f648618ae34f729fdb47ec68345c3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:27.0607 5900 NdisWan - ok
22:39:27.0654 5900 [ 71dab552b41936358f3b541ae5997fb3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:39:27.0654 5900 NDProxy - ok
22:39:27.0670 5900 [ bcd093a5a6777cf626434568dc7dba78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:39:27.0670 5900 NetBIOS - ok
22:39:27.0716 5900 [ ecd64230a59cbd93c85f1cd1cab9f3f6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:39:27.0716 5900 netbt - ok
22:39:27.0748 5900 [ a3e186b4b935905b829219502557314e ] Netlogon C:\Windows\system32\lsass.exe
22:39:27.0748 5900 Netlogon - ok
22:39:27.0779 5900 [ c8052711daecc48b982434c5116ca401 ] Netman C:\Windows\System32\netman.dll
22:39:27.0794 5900 Netman - ok
22:39:27.0826 5900 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:39:27.0826 5900 NetMsmqActivator - ok
22:39:27.0826 5900 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:39:27.0841 5900 NetPipeActivator - ok
22:39:27.0872 5900 [ 2ef3bbe22e5a5acd1428ee387a0d0172 ] netprofm C:\Windows\System32\netprofm.dll
22:39:27.0872 5900 netprofm - ok
22:39:27.0888 5900 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:39:27.0888 5900 NetTcpActivator - ok
22:39:27.0888 5900 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:39:27.0888 5900 NetTcpPortSharing - ok
22:39:27.0919 5900 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:39:27.0919 5900 nfrd960 - ok
22:39:27.0966 5900 [ b52f26bade7d7e4a79706e3fd91834cd ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:39:27.0966 5900 NisDrv - ok
22:39:28.0028 5900 [ 290c0d4c4889398797f8df3be00b9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:39:28.0028 5900 NisSrv - ok
22:39:28.0044 5900 [ 2997b15415f9bbe05b5a4c1c85e0c6a2 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:39:28.0060 5900 NlaSvc - ok
22:39:28.0091 5900 [ b0d5188e282dc4edae7020f333427bc8 ] Nmea C:\Windows\system32\DRIVERS\pctnullport.sys
22:39:28.0091 5900 Nmea - ok
22:39:28.0122 5900 [ d36f239d7cce1931598e8fb90a0dbc26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:39:28.0138 5900 Npfs - ok
22:39:28.0153 5900 [ 8bb86f0c7eea2bded6fe095d0b4ca9bd ] nsi C:\Windows\system32\nsisvc.dll
22:39:28.0153 5900 nsi - ok
22:39:28.0184 5900 [ 609773e344a97410ce4ebf74a8914fcf ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:39:28.0184 5900 nsiproxy - ok
22:39:28.0278 5900 [ 6a4a98cee84cf9e99564510dda4baa47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:39:28.0294 5900 Ntfs - ok
22:39:28.0309 5900 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
22:39:28.0309 5900 ntrigdigi - ok
22:39:28.0340 5900 [ c5dbbcda07d780bda9b685df333bb41e ] Null C:\Windows\system32\drivers\Null.sys
22:39:28.0340 5900 Null - ok
22:39:28.0372 5900 [ 2edf9e7751554b42cbb60116de727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:39:28.0372 5900 nvraid - ok
22:39:28.0372 5900 [ abed0c09758d1d97db0042dbb2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:39:28.0372 5900 nvstor - ok
22:39:28.0403 5900 [ 18bbdf913916b71bd54575bdb6eeac0b ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:39:28.0403 5900 nv_agp - ok
22:39:28.0450 5900 [ 0973c0c696780161f4526586d5eac422 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
22:39:28.0450 5900 NWADI - ok
22:39:28.0450 5900 NwlnkFlt - ok
22:39:28.0465 5900 NwlnkFwd - ok
22:39:28.0512 5900 [ bbd5503999f331278db39046888d559c ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
22:39:28.0512 5900 O2FLASH - ok
22:39:28.0528 5900 [ 305e0ec480ebc7a24d4b691da76e008c ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys
22:39:28.0528 5900 O2MDRDR - ok
22:39:28.0543 5900 [ 6e590c91f97ae5e3408453c8ae9a3000 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys
22:39:28.0543 5900 O2SDRDR - ok
22:39:28.0637 5900 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:39:28.0637 5900 odserv - ok
22:39:28.0684 5900 [ 86326062a90494bdd79ce383511d7d69 ] OEM13Vfx C:\Windows\system32\DRIVERS\OEM13Vfx.sys
22:39:28.0684 5900 OEM13Vfx - ok
22:39:28.0699 5900 [ 12539b57ed05de7552403a12b3e0161c ] OEM13Vid C:\Windows\system32\DRIVERS\OEM13Vid.sys
22:39:28.0715 5900 OEM13Vid - ok
22:39:28.0746 5900 [ 6f310e890d46e246e0e261a63d9b36b4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:39:28.0746 5900 ohci1394 - ok
22:39:28.0793 5900 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:39:28.0793 5900 ose - ok
22:39:28.0840 5900 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:39:28.0871 5900 p2pimsvc - ok
22:39:28.0886 5900 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2psvc C:\Windows\system32\p2psvc.dll
22:39:28.0886 5900 p2psvc - ok
22:39:28.0933 5900 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport C:\Windows\system32\drivers\parport.sys
22:39:28.0933 5900 Parport - ok
22:39:28.0980 5900 [ 57389fa59a36d96b3eb09d0cb91e9cdc ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:39:28.0980 5900 partmgr - ok
22:39:29.0011 5900 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:39:29.0011 5900 Parvdm - ok
22:39:29.0042 5900 [ 1961590aa191b6b7dcf18a6a693af7b8 ] PCASp50 C:\Windows\system32\Drivers\PCASp50.sys
22:39:29.0042 5900 PCASp50 - ok
22:39:29.0074 5900 [ c6276ad11f4bb49b58aa1ed88537f14a ] PcaSvc C:\Windows\System32\pcasvc.dll
22:39:29.0074 5900 PcaSvc - ok
22:39:29.0105 5900 [ 941dc1d19e7e8620f40bbc206981efdb ] pci C:\Windows\system32\drivers\pci.sys
22:39:29.0105 5900 pci - ok
22:39:29.0120 5900 [ fc175f5ddab666d7f4d17449a547626f ] pciide C:\Windows\system32\drivers\pciide.sys
22:39:29.0120 5900 pciide - ok
22:39:29.0136 5900 [ e6f3fb1b86aa519e7698ad05e58b04e5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:39:29.0152 5900 pcmcia - ok
22:39:29.0167 5900 [ d6da0b85889d8236e2a3e80826ad104b ] PCTINDIS5 C:\Windows\system32\PCTINDIS5.SYS
22:39:29.0167 5900 PCTINDIS5 - ok
22:39:29.0198 5900 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:39:29.0214 5900 PEAUTH - ok
22:39:29.0308 5900 [ b1689df169143f57053f795390c99db3 ] pla C:\Windows\system32\pla.dll
22:39:29.0339 5900 pla - ok
22:39:29.0432 5900 [ c5e7f8a996ec0a82d508fd9064a5569e ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:39:29.0432 5900 PlugPlay - ok
22:39:29.0464 5900 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:39:29.0464 5900 PNRPAutoReg - ok
22:39:29.0495 5900 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:39:29.0495 5900 PNRPsvc - ok
22:39:29.0542 5900 [ d0494460421a03cd5225cca0059aa146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:39:29.0573 5900 PolicyAgent - ok
22:39:29.0651 5900 [ ecfffaec0c1ecd8dbc77f39070ea1db1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:39:29.0651 5900 PptpMiniport - ok
22:39:29.0682 5900 [ 2027293619dd0f047c584cf2e7df4ffd ] Processor C:\Windows\system32\drivers\processr.sys
22:39:29.0682 5900 Processor - ok
22:39:29.0713 5900 [ 0508faa222d28835310b7bfca7a77346 ] ProfSvc C:\Windows\system32\profsvc.dll
22:39:29.0729 5900 ProfSvc - ok
22:39:29.0744 5900 [ a3e186b4b935905b829219502557314e ] ProtectedStorage C:\Windows\system32\lsass.exe
22:39:29.0744 5900 ProtectedStorage - ok
22:39:29.0807 5900 [ 99514faa8df93d34b5589187db3aa0ba ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:39:29.0807 5900 PSched - ok
22:39:29.0838 5900 [ 153d02480a0a2f45785522e814c634b6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
22:39:29.0838 5900 PxHelp20 - ok
22:39:29.0900 5900 [ 0a6db55afb7820c99aa1f3a1d270f4f6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:39:29.0916 5900 ql2300 - ok
22:39:29.0916 5900 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:39:29.0916 5900 ql40xx - ok
22:39:29.0947 5900 [ e9ecae663f47e6cb43962d18ab18890f ] QWAVE C:\Windows\system32\qwave.dll
22:39:29.0963 5900 QWAVE - ok
22:39:29.0978 5900 [ 9f5e0e1926014d17486901c88eca2db7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:39:29.0978 5900 QWAVEdrv - ok
22:39:30.0010 5900 [ 70dbdab246c18b78e2200d6401d038be ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
22:39:30.0010 5900 RapiMgr - ok
22:39:30.0025 5900 [ 147d7f9c556d259924351feb0de606c3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:39:30.0041 5900 RasAcd - ok
22:39:30.0056 5900 [ f6a452eb4ceadbb51c9e0ee6b3ecef0f ] RasAuto C:\Windows\System32\rasauto.dll
22:39:30.0056 5900 RasAuto - ok
22:39:30.0072 5900 [ a214adbaf4cb47dd2728859ef31f26b0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:30.0072 5900 Rasl2tp - ok
22:39:30.0119 5900 [ 75d47445d70ca6f9f894b032fbc64fcf ] RasMan C:\Windows\System32\rasmans.dll
22:39:30.0119 5900 RasMan - ok
22:39:30.0166 5900 [ 509a98dd18af4375e1fc40bc175f1def ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:30.0166 5900 RasPppoe - ok
22:39:30.0197 5900 [ 2005f4a1e05fa09389ac85840f0a9e4d ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:39:30.0197 5900 RasSstp - ok
22:39:30.0228 5900 [ b14c9d5b9add2f84f70570bbbfaa7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:39:30.0244 5900 rdbss - ok
22:39:30.0275 5900 [ 89e59be9a564262a3fb6c4f4f1cd9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:30.0275 5900 RDPCDD - ok
22:39:30.0322 5900 [ 943b18305eae3935598a9b4a3d560b4c ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
22:39:30.0337 5900 rdpdr - ok
22:39:30.0337 5900 [ 9d91fe5286f748862ecffa05f8a0710c ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:39:30.0337 5900 RDPENCDD - ok
22:39:30.0400 5900 [ 79c6df8477250f5c54f7c5ae1d6b814e ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:39:30.0415 5900 RDPWD - ok
22:39:30.0462 5900 [ bcdd6b4804d06b1f7ebf29e53a57ece9 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:39:30.0462 5900 RemoteAccess - ok
22:39:30.0493 5900 [ 9e6894ea18daff37b63e1005f83ae4ab ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:39:30.0493 5900 RemoteRegistry - ok
22:39:30.0540 5900 [ 6482707f9f4da0ecbab43b2e0398a101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:39:30.0540 5900 RFCOMM - ok
22:39:30.0571 5900 [ d9b34325ee5df78b8f28a3de9f577c7d ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
22:39:30.0571 5900 RimVSerPort - ok
22:39:30.0587 5900 [ 75e8a6bfa7374aba833ae92bf41ae4e6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
22:39:30.0587 5900 ROOTMODEM - ok
22:39:30.0602 5900 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
22:39:30.0602 5900 RpcLocator - ok
22:39:30.0665 5900 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] RpcSs C:\Windows\system32\rpcss.dll
22:39:30.0680 5900 RpcSs - ok
22:39:30.0696 5900 [ 9c508f4074a39e8b4b31d27198146fad ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:39:30.0696 5900 rspndr - ok
22:39:30.0727 5900 [ cb0bd9e10e3e244d312c106dee1bbb93 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
22:39:30.0727 5900 RTL8169 - ok
22:39:30.0727 5900 [ a3e186b4b935905b829219502557314e ] SamSs C:\Windows\system32\lsass.exe
22:39:30.0743 5900 SamSs - ok
22:39:30.0758 5900 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:39:30.0758 5900 sbp2port - ok
22:39:30.0790 5900 [ 77b7a11a0c3d78d3386398fbbea1b632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:39:30.0790 5900 SCardSvr - ok
22:39:30.0836 5900 [ 1a58069db21d05eb2ab58ee5753ebe8d ] Schedule C:\Windows\system32\schedsvc.dll
22:39:30.0852 5900 Schedule - ok
22:39:30.0883 5900 [ 312ec3e37a0a1f2006534913e37b4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:39:30.0883 5900 SCPolicySvc - ok
22:39:30.0930 5900 [ 716313d9f6b0529d03f726d5aaf6f191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:39:30.0930 5900 SDRSVC - ok
22:39:30.0961 5900 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:39:30.0961 5900 secdrv - ok
22:39:30.0977 5900 [ fd5199d4d8a521005e4b5ee7fe00fa9b ] seclogon C:\Windows\system32\seclogon.dll
22:39:30.0977 5900 seclogon - ok
22:39:30.0992 5900 [ a9bbab5759771e523f55563d6cbe140f ] SENS C:\Windows\system32\sens.dll
22:39:30.0992 5900 SENS - ok
22:39:31.0008 5900 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:39:31.0008 5900 Serenum - ok
22:39:31.0024 5900 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial C:\Windows\system32\drivers\serial.sys
22:39:31.0024 5900 Serial - ok
22:39:31.0024 5900 [ 8af3d28a879bf75db53a0ee7a4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:39:31.0024 5900 sermouse - ok
22:39:31.0070 5900 [ d2193326f729b163125610dbf3e17d57 ] SessionEnv C:\Windows\system32\sessenv.dll
22:39:31.0070 5900 SessionEnv - ok
22:39:31.0070 5900 [ 3efa810bdca87f6ecc24f9832243fe86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:39:31.0070 5900 sffdisk - ok
22:39:31.0086 5900 [ e95d451f7ea3e583aec75f3b3ee42dc5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:39:31.0086 5900 sffp_mmc - ok
22:39:31.0086 5900 [ 3d0ea348784b7ac9ea9bd9f317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:39:31.0086 5900 sffp_sd - ok
22:39:31.0102 5900 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:39:31.0102 5900 sfloppy - ok
22:39:31.0148 5900 [ e1499bd0ff76b1b2fbbf1af339d91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:39:31.0164 5900 SharedAccess - ok
22:39:31.0195 5900 [ c7230fbee14437716701c15be02c27b8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:39:31.0211 5900 ShellHWDetection - ok
22:39:31.0211 5900 [ 1d76624a09a054f682d746b924e2dbc3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:39:31.0211 5900 sisagp - ok
22:39:31.0226 5900 [ 43cb7aa756c7db280d01da9b676cfde2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:39:31.0226 5900 SiSRaid2 - ok
22:39:31.0258 5900 [ a99c6c8b0baa970d8aa59ddc50b57f94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:39:31.0258 5900 SiSRaid4 - ok
22:39:31.0367 5900 [ 862bb4cbc05d80c5b45be430e5ef872f ] slsvc C:\Windows\system32\SLsvc.exe
22:39:31.0476 5900 slsvc - ok
22:39:31.0538 5900 [ 6edc422215cd78aa8a9cde6b30abbd35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:39:31.0538 5900 SLUINotify - ok
22:39:31.0570 5900 [ 7b75299a4d201d6a6533603d6914ab04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:39:31.0570 5900 Smb - ok
22:39:31.0632 5900 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:39:31.0632 5900 SNMPTRAP - ok
22:39:31.0663 5900 [ 7aebdeef071fe28b0eef2cdd69102bff ] spldr C:\Windows\system32\drivers\spldr.sys
22:39:31.0663 5900 spldr - ok
22:39:31.0694 5900 [ 8554097e5136c3bf9f69fe578a1b35f4 ] Spooler C:\Windows\System32\spoolsv.exe
22:39:31.0710 5900 Spooler - ok
22:39:31.0788 5900 [ da93260567295bb7851699abbbdcce29 ] SprintRcAppSvc C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
22:39:31.0788 5900 SprintRcAppSvc - ok
22:39:31.0835 5900 [ 86ebd8b1f23e743aad21f4d5b4d40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:39:31.0835 5900 SQLBrowser - ok
22:39:31.0850 5900 [ d89083c4eb02daca8f944b0e05e57f9d ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:39:31.0850 5900 SQLWriter - ok
22:39:31.0882 5900 [ 41987f9fc0e61adf54f581e15029ad91 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:39:31.0897 5900 srv - ok
22:39:31.0928 5900 [ ff33aff99564b1aa534f58868cbe41ef ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:39:31.0928 5900 srv2 - ok
22:39:31.0975 5900 [ 7605c0e1d01a08f3ecd743f38b834a44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:39:31.0975 5900 srvnet - ok
22:39:32.0006 5900 [ 64e44acd8c238fcbbb78f0ba4bdc4b05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
22:39:32.0006 5900 ssadbus - ok
22:39:32.0053 5900 [ bb2c84a15c765da89fd832b0e73f26ce ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:39:32.0053 5900 ssadmdfl - ok
22:39:32.0100 5900 [ 6d0d132ddc6f43eda00dced6d8b1ca31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
22:39:32.0100 5900 ssadmdm - ok
22:39:32.0147 5900 [ 03d50b37234967433a5ea5ba72bc0b62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:39:32.0147 5900 SSDPSRV - ok
22:39:32.0162 5900 [ 6f1a32e7b7b30f004d9a20afadb14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:39:32.0162 5900 SstpSvc - ok
22:39:32.0209 5900 [ ef70b3d22b4bffda6ea851ecb063efaa ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:39:32.0209 5900 StillCam - ok
22:39:32.0256 5900 [ 5de7d67e49b88f5f07f3e53c4b92a352 ] stisvc C:\Windows\System32\wiaservc.dll
22:39:32.0256 5900 stisvc - ok
22:39:32.0303 5900 [ de3e7a2345ebaa3ce8e6957dfb55fb15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:39:32.0303 5900 stllssvr - ok
22:39:32.0334 5900 [ 7ba58ecf0c0a9a69d44b3dca62becf56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:39:32.0334 5900 swenum - ok
22:39:32.0381 5900 [ e6c797b33a454840245c0c96e7f08b0a ] swmsflt C:\Windows\System32\drivers\swmsflt.sys
22:39:32.0381 5900 swmsflt - ok
22:39:32.0443 5900 [ 5d3c9f767eaded3e14fa4ce6cf9f7725 ] swmx00 C:\Windows\system32\DRIVERS\swmx00.sys
22:39:32.0443 5900 swmx00 - ok
22:39:32.0506 5900 [ e0919389fb29ed5c03b0b664236abe50 ] SWNC5E00 C:\Windows\system32\DRIVERS\SWNC5E00.sys
22:39:32.0506 5900 SWNC5E00 - ok
22:39:32.0537 5900 [ f21fd248040681cca1fb6c9a03aaa93d ] swprv C:\Windows\System32\swprv.dll
22:39:32.0537 5900 swprv - ok
22:39:32.0599 5900 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:39:32.0599 5900 Symc8xx - ok
22:39:32.0615 5900 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:39:32.0615 5900 Sym_hi - ok
22:39:32.0615 5900 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:39:32.0615 5900 Sym_u3 - ok
22:39:32.0677 5900 [ 9a51b04e9886aa4ee90093586b0ba88d ] SysMain C:\Windows\system32\sysmain.dll
22:39:32.0693 5900 SysMain - ok
22:39:32.0740 5900 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:39:32.0740 5900 TabletInputService - ok
22:39:32.0786 5900 [ d7673e4b38ce21ee54c59eeeb65e2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:39:32.0786 5900 TapiSrv - ok
22:39:32.0802 5900 [ cb05822cd9cc6c688168e113c603dbe7 ] TBS C:\Windows\System32\tbssvc.dll
22:39:32.0802 5900 TBS - ok
22:39:32.0864 5900 [ 16731b631f28f63cd9f4cb60940e7ddd ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:39:32.0880 5900 Tcpip - ok
22:39:32.0942 5900 [ 16731b631f28f63cd9f4cb60940e7ddd ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:39:32.0958 5900 Tcpip6 - ok
22:39:33.0020 5900 [ 3fc13f09af9be487c7b4fac4070a036c ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:39:33.0020 5900 tcpipreg - ok
22:39:33.0098 5900 [ 5dcf5e267be67a1ae926f2df77fbcc56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:39:33.0098 5900 TDPIPE - ok
22:39:33.0114 5900 [ 389c63e32b3cefed425b61ed92d3f021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:39:33.0114 5900 TDTCP - ok
22:39:33.0176 5900 [ 76b06eb8a01fc8624d699e7045303e54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:39:33.0176 5900 tdx - ok
22:39:33.0192 5900 [ 3cad38910468eab9a6479e2f01db43c7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:39:33.0192 5900 TermDD - ok
22:39:33.0208 5900 [ bb95da09bef6e7a131bff3ba5032090d ] TermService C:\Windows\System32\termsrv.dll
22:39:33.0208 5900 TermService - ok
22:39:33.0239 5900 [ c7230fbee14437716701c15be02c27b8 ] Themes C:\Windows\system32\shsvcs.dll
22:39:33.0239 5900 Themes - ok
22:39:33.0254 5900 [ 1076ffcffaae8385fd62dfcb25ac4708 ] THREADORDER C:\Windows\system32\mmcss.dll
22:39:33.0254 5900 THREADORDER - ok
22:39:33.0286 5900 [ a1124ebc672aa3ae1b327096c1dcc346 ] TIEHDUSB C:\Windows\system32\drivers\tiehdusb.sys
22:39:33.0286 5900 TIEHDUSB - ok
22:39:33.0332 5900 [ ec74e77d0eb004bd3a809b5f8fb8c2ce ] TrkWks C:\Windows\System32\trkwks.dll
22:39:33.0332 5900 TrkWks - ok
22:39:33.0395 5900 [ 97d9d6a04e3ad9b6c626b9931db78dba ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:39:33.0395 5900 TrustedInstaller - ok
22:39:33.0488 5900 [ dcf0f056a2e4f52287264f5ab29cf206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:39:33.0488 5900 tssecsrv - ok
22:39:33.0551 5900 [ caecc0120ac49e3d2f758b9169872d38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:39:33.0551 5900 tunmp - ok
22:39:33.0598 5900 [ 300db877ac094feab0be7688c3454a9c ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:39:33.0598 5900 tunnel - ok
22:39:33.0598 5900 [ 7d33c4db2ce363c8518d2dfcf533941f ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:39:33.0598 5900 uagp35 - ok
22:39:33.0660 5900 [ d9728af68c4c7693cb100b8441cbdec6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:39:33.0660 5900 udfs - ok
22:39:33.0722 5900 [ ecef404f62863755951e09c802c94ad5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:39:33.0722 5900 UI0Detect - ok
22:39:33.0754 5900 [ b0acfdc9e4af279e9116c03e014b2b27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:39:33.0754 5900 uliagpkx - ok
22:39:33.0769 5900 [ 9224bb254f591de4ca8d572a5f0d635c ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:39:33.0769 5900 uliahci - ok
22:39:33.0769 5900 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:39:33.0785 5900 UlSata - ok
22:39:33.0785 5900 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:39:33.0785 5900 ulsata2 - ok
22:39:33.0832 5900 [ 32cff9f809ae9aed85464492bf3e32d2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:39:33.0832 5900 umbus - ok
22:39:33.0878 5900 [ 8a66360f38f81e960e2367b428cbd5d9 ] UmRdpService C:\Windows\System32\umrdp.dll
22:39:33.0878 5900 UmRdpService - ok
22:39:33.0894 5900 [ 68308183f4ae0be7bf8ecd07cb297999 ] upnphost C:\Windows\System32\upnphost.dll
22:39:33.0910 5900 upnphost - ok
22:39:33.0956 5900 [ 57af81fbaa297c254541cddfbe8d2cb4 ] USB11LDR C:\Windows\system32\drivers\usb11ldr.sys
22:39:33.0956 5900 USB11LDR - ok
22:39:34.0003 5900 [ 83cafcb53201bbac04d822f32438e244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:39:34.0003 5900 USBAAPL - ok
22:39:34.0034 5900 [ 8ef48ff1c23b1ce6f96d09a45959eb20 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
22:39:34.0034 5900 usbbus - ok
22:39:34.0066 5900 [ caf811ae4c147ffcd5b51750c7f09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:39:34.0066 5900 usbccgp - ok
22:39:34.0081 5900 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:39:34.0081 5900 usbcir - ok
22:39:34.0112 5900 [ a0e24c5c2d0cff04bbd3753a72fae80b ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
22:39:34.0128 5900 UsbDiag - ok
22:39:34.0159 5900 [ 79e96c23a97ce7b8f14d310da2db0c9b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:39:34.0159 5900 usbehci - ok
22:39:34.0206 5900 [ 66ae66aa38127f3083cf27bfabd4760f ] UsbGps C:\Windows\system32\DRIVERS\lgusbgps.sys
22:39:34.0222 5900 UsbGps - ok
22:39:34.0253 5900 [ 4673bbcb006af60e7abddbe7a130ba42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:39:34.0253 5900 usbhub - ok
22:39:34.0284 5900 [ cc09a1132b1f6a8362107cc134e90d0b ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
22:39:34.0284 5900 USBModem - ok
22:39:34.0300 5900 [ 38dbc7dd6cc5a72011f187425384388b ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:39:34.0300 5900 usbohci - ok
22:39:34.0331 5900 [ e75c4b5269091d15a2e7dc0b6d35f2f5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:39:34.0331 5900 usbprint - ok
22:39:34.0378 5900 [ a508c9bd8724980512136b039bba65e9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:39:34.0378 5900 usbscan - ok
22:39:34.0424 5900 [ be3da31c191bc222d9ad503c5224f2ad ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:39:34.0440 5900 USBSTOR - ok
22:39:34.0456 5900 [ 814d653efc4d48be3b04a307eceff56f ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:39:34.0456 5900 usbuhci - ok
22:39:34.0487 5900 [ 1509e705f3ac1d474c92454a5c2dd81f ] UxSms C:\Windows\System32\uxsms.dll
22:39:34.0487 5900 UxSms - ok
22:39:34.0534 5900 [ cd88d1b7776dc17a119049742ec07eb4 ] vds C:\Windows\System32\vds.exe
22:39:34.0534 5900 vds - ok
22:39:34.0565 5900 [ 87b06e1f30b749a114f74622d013f8d4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:39:34.0565 5900 vga - ok
22:39:34.0580 5900 [ 2e93ac0a1d8c79d019db6c51f036636c ] VgaSave C:\Windows\System32\drivers\vga.sys
22:39:34.0580 5900 VgaSave - ok
22:39:34.0580 5900 [ 5d7159def58a800d5781ba3a879627bc ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:39:34.0596 5900 viaagp - ok
22:39:34.0596 5900 [ c4f3a691b5bad343e6249bd8c2d45dee ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:39:34.0596 5900 ViaC7 - ok
22:39:34.0596 5900 [ aadf5587a4063f52c2c3fed7887426fc ] viaide C:\Windows\system32\drivers\viaide.sys
22:39:34.0596 5900 viaide - ok
22:39:34.0643 5900 [ 69503668ac66c77c6cd7af86fbdf8c43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:39:34.0643 5900 volmgr - ok
22:39:34.0690 5900 [ 23e41b834759917bfd6b9a0d625d0c28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:39:34.0690 5900 volmgrx - ok
22:39:34.0736 5900 [ 147281c01fcb1df9252de2a10d5e7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:39:34.0736 5900 volsnap - ok
22:39:34.0768 5900 [ 587253e09325e6bf226b299774b728a9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:39:34.0768 5900 vsmraid - ok
22:39:34.0814 5900 [ db3d19f850c6eb32bdcb9bc0836acddb ] VSS C:\Windows\system32\vssvc.exe
22:39:34.0861 5900 VSS - ok
22:39:34.0924 5900 [ 96ea68b9eb310a69c25ebb0282b2b9de ] W32Time C:\Windows\system32\w32time.dll
22:39:34.0924 5900 W32Time - ok
22:39:34.0939 5900 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:39:34.0939 5900 WacomPen - ok
22:39:34.0970 5900 [ 55201897378cca7af8b5efd874374a26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:39:34.0970 5900 Wanarp - ok
22:39:34.0986 5900 [ 55201897378cca7af8b5efd874374a26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:39:34.0986 5900 Wanarpv6 - ok
22:39:35.0048 5900 [ 20b23332885dfb93fe0185362ee811e9 ] wbengine C:\Windows\system32\wbengine.exe
22:39:35.0080 5900 wbengine - ok
22:39:35.0142 5900 [ 779f9c90d3fe9c70b6ffd8ef035f3e83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
22:39:35.0142 5900 WcesComm - ok
22:39:35.0158 5900 [ a3cd60fd826381b49f03832590e069af ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:39:35.0158 5900 wcncsvc - ok
22:39:35.0204 5900 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:39:35.0204 5900 WcsPlugInService - ok
22:39:35.0204 5900 [ 78fe9542363f297b18c027b2d7e7c07f ] Wd C:\Windows\system32\drivers\wd.sys
22:39:35.0204 5900 Wd - ok
22:39:35.0236 5900 [ b6f0a7ad6d4bd325fbcd8bac96cd8d96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:39:35.0236 5900 Wdf01000 - ok
22:39:35.0267 5900 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:39:35.0267 5900 WdiServiceHost - ok
22:39:35.0267 5900 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:39:35.0267 5900 WdiSystemHost - ok
22:39:35.0314 5900 [ 04c37d8107320312fbae09926103d5e2 ] WebClient C:\Windows\System32\webclnt.dll
22:39:35.0329 5900 WebClient - ok
22:39:35.0360 5900 [ ae3736e7e8892241c23e4ebbb7453b60 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:39:35.0360 5900 Wecsvc - ok
22:39:35.0392 5900 [ 670ff720071ed741206d69bd995ea453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:39:35.0392 5900 wercplsupport - ok
22:39:35.0438 5900 [ 32b88481d3b326da6deb07b1d03481e7 ] WerSvc C:\Windows\System32\WerSvc.dll
22:39:35.0438 5900 WerSvc - ok
22:39:35.0516 5900 [ 4575aa12561c5648483403541d0d7f2b ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:39:35.0516 5900 WinDefend - ok
22:39:35.0532 5900 WinHttpAutoProxySvc - ok
22:39:35.0610 5900 [ 6b2a1d0e80110e3d04e6863c6e62fd8a ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:39:35.0610 5900 Winmgmt - ok
22:39:35.0672 5900 [ 7cfe68bdc065e55aa5e8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
22:39:35.0735 5900 WinRM - ok
22:39:35.0766 5900 [ 676f4b665bdd8053eaa53ac1695b8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
22:39:35.0766 5900 winusb - ok
22:39:35.0813 5900 [ c008405e4feeb069e30da1d823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:39:35.0828 5900 Wlansvc - ok
22:39:35.0938 5900 [ 5144ae67d60ec653f97ddf3feed29e77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:39:35.0938 5900 wlidsvc - ok
22:39:35.0953 5900 wltrysvc - ok
22:39:35.0984 5900 [ 2e7255d172df0b8283cdfb7b433b864e ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:39:35.0984 5900 WmiAcpi - ok
22:39:36.0031 5900 [ 43be3875207dcb62a85c8c49970b66cc ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:39:36.0031 5900 wmiApSrv - ok
22:39:36.0125 5900 [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:39:36.0156 5900 WMPNetworkSvc - ok
22:39:36.0203 5900 [ cfc5a04558f5070cee3e3a7809f3ff52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:39:36.0203 5900 WPCSvc - ok
22:39:36.0250 5900 [ 801fbdb89d472b3c467eb112a0fc9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:39:36.0250 5900 WPDBusEnum - ok
22:39:36.0296 5900 [ de9d36f91a4df3d911626643debf11ea ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:39:36.0296 5900 WpdUsb - ok
22:39:36.0374 5900 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:39:36.0374 5900 WPFFontCache_v0400 - ok
22:39:36.0390 5900 [ e3a3cb253c0ec2494d4a61f5e43a389c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:39:36.0390 5900 ws2ifsl - ok
22:39:36.0421 5900 [ 1ca6c40261ddc0425987980d0cd2aaab ] wscsvc C:\Windows\system32\wscsvc.dll
22:39:36.0437 5900 wscsvc - ok
22:39:36.0452 5900 [ 4422ac5ed8d4c2f0db63e71d4c069dd7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:39:36.0452 5900 WSDPrintDevice - ok
22:39:36.0468 5900 WSearch - ok
22:39:36.0562 5900 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
22:39:36.0655 5900 wuauserv - ok
22:39:36.0686 5900 [ ac13cb789d93412106b0fb6c7eb2bcb6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:39:36.0686 5900 WUDFRd - ok
22:39:36.0718 5900 [ 575a4190d989f64732119e4114045a4f ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:39:36.0718 5900 wudfsvc - ok
22:39:36.0749 5900 ================ Scan global ===============================
22:39:36.0811 5900 (f31eebc1a1c81fd04005489cc3dcdfe7) C:\Windows\system32\basesrv.dll
22:39:36.0874 5900 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
22:39:36.0889 5900 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
22:39:36.0952 5900 (d4e6d91c1349b7bfb3599a6ada56851b) C:\Windows\system32\services.exe
22:39:36.0952 5900 [Global] - ok
22:39:36.0952 5900 ================ Scan MBR ==================================
22:39:36.0998 5900 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:39:37.0357 5900 \Device\Harddisk0\DR0 - ok
22:39:37.0357 5900 ================ Scan VBR ==================================
22:39:37.0388 5900 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition1
22:39:37.0388 5900 \Device\Harddisk0\DR0\Partition1 - ok
22:39:37.0388 5900 Boot (0x1200) (d0bc325ef8894f832ce4c2391d1542aa) \Device\Harddisk0\DR0\Partition2
22:39:37.0388 5900 \Device\Harddisk0\DR0\Partition2 - ok
22:39:37.0388 5900 ============================================================
22:39:37.0388 5900 Scan finished
22:39:37.0388 5900 ============================================================
22:39:37.0404 5180 Detected object count: 1
22:39:37.0404 5180 Actual detected object count: 1
22:40:07.0169 5180 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
22:40:07.0169 5180 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 22:46:23
-----------------------------
22:46:23.521 OS Version: Windows 6.0.6002 Service Pack 2
22:46:23.521 Number of processors: 2 586 0xF0D
22:46:23.521 ComputerName: BKRLAPTOP09 UserName: bkr
22:46:26.188 Initialize success
22:48:27.564 AVAST engine defs: 12081401
22:50:42.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:50:42.851 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
22:50:42.882 Disk 0 MBR read successfully
22:50:42.882 Disk 0 MBR scan
22:50:42.882 Disk 0 Windows VISTA default MBR code
22:50:42.897 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:50:42.897 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
22:50:42.913 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228434 MB offset 20561920
22:50:42.913 Disk 0 scanning sectors +488395120
22:50:43.007 Disk 0 scanning C:\Windows\system32\drivers
22:50:55.128 Service scanning
22:51:06.235 Service MpKsl08af9cb3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5244A3CB-4ACF-4F7E-8B1C-8817D9C2A051}\MpKsl08af9cb3.sys **LOCKED** 32
22:51:26.624 Modules scanning
22:51:32.802 Disk 0 trace - called modules:
22:51:32.864 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys dxgkrnl.sys igdkmd32.sys watchdog.sys USBPORT.SYS usbuhci.sys
22:51:32.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8643dac8]
22:51:32.880 3 CLASSPNP.SYS[8a9c48b3] -> nt!IofCallDriver -> [0x84f7c7c0]
22:51:32.880 5 acpi.sys[8069e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84f82030]
22:51:35.922 AVAST engine scan C:\Windows
22:51:41.600 AVAST engine scan C:\Windows\system32
22:57:32.244 AVAST engine scan C:\Windows\system32\drivers
22:58:00.340 AVAST engine scan C:\Users\bkr
23:59:08.690 AVAST engine scan C:\ProgramData
00:10:37.174 Scan finished successfully
05:58:31.508 Disk 0 MBR has been saved successfully to "C:\Users\bkr\Desktop\MBR.dat"
05:58:31.508 The log file has been saved successfully to "C:\Users\bkr\Desktop\aswMBR.txt"

#12 brmommy

brmommy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 15 August 2012 - 05:45 AM

My computer is a dell Vostro 1510. Somewhere during this process, I've lost the touch pad icon at the bottom of my screen. I had previously changed the settings to not have the touch pad taps being mouse clicks. I can not find a way to correct this now. Any thoughts on how I can fix this?

Thanks!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 AM

Posted 15 August 2012 - 09:35 AM

Greetings

remind me later and we will look for the drivers

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 brmommy

brmommy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 15 August 2012 - 01:15 PM

No problems running the script. Computer seems to be running fine except the touchpad won't scroll. The touch clicking is fixed, but I can't scroll. I'll keep looking at that. The icon is at the bottom of the screen but it used to have a blue dot on the icon that moved depending where my finger was on the pad. Now it doesn't have anything on it when I move my finger.


ComboFix 12-08-14.05 - bkr 08/15/2012 13:35:19.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3062.1592 [GMT -4:00]
Running from: c:\users\bkr\Desktop\ComboFix.exe
Command switches used :: c:\users\bkr\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 17:43 . 2012-08-15 17:43 -------- d-----w- c:\users\Kids\AppData\Local\temp
2012-08-15 17:43 . 2012-08-15 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 17:43 . 2012-08-15 17:43 -------- d-----w- c:\users\brendadesktop\AppData\Local\temp
2012-08-15 17:32 . 2012-08-15 17:32 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA4C5627-688B-42E7-8BF2-802C09B6927B}\MpKsl23eb2deb.sys
2012-08-15 10:57 . 2008-02-19 15:07 192512 ----a-w- c:\windows\LockStatusTray.exe
2012-08-15 10:00 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA4C5627-688B-42E7-8BF2-802C09B6927B}\mpengine.dll
2012-08-14 21:10 . 2012-08-14 21:10 -------- d-----w- C:\FRST
2012-08-12 22:24 . 2012-08-12 22:24 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-08-12 21:38 . 2012-08-12 21:38 -------- d-----w- C:\Quarantine
2012-08-10 21:16 . 2012-08-10 21:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-03 20:29 . 2012-08-03 20:29 -------- d-----w- c:\users\bkr\AppData\Roaming\HpUpdate
2012-08-03 20:28 . 2010-11-17 01:10 527208 ------w- c:\windows\system32\HPDiscoPM9311.dll
2012-08-03 20:13 . 2008-01-21 02:21 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2012-08-01 18:06 . 2012-08-11 02:35 -------- d-----w- c:\users\bkr\AppData\Roaming\Audacity
2012-08-01 18:05 . 2012-08-01 18:05 -------- d-----w- c:\program files\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 20:34 . 2012-04-11 12:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-12 20:34 . 2011-06-06 12:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 08:44 . 2011-06-08 13:46 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-02 22:19 . 2012-06-08 23:31 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:31 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:31 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:31 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 23:31 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 23:31 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 23:31 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-08 23:30 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-08 23:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-23 22:50 . 2012-06-16 19:38 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-05-23 22:49 . 2012-05-23 22:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-05-23 22:49 . 2012-05-23 22:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-05-23 22:49 . 2012-05-23 22:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-05-23 22:49 . 2012-05-23 22:49 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-05-23 22:49 . 2012-05-23 22:49 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-05-23 22:49 . 2012-05-23 22:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-05-23 22:49 . 2012-05-23 22:49 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-05-23 22:49 . 2012-05-23 22:49 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-05-23 22:49 . 2012-05-23 22:49 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-05-23 22:49 . 2012-05-23 22:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-05-23 22:49 . 2012-05-23 22:49 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-05-23 22:49 . 2012-05-23 22:49 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-05-23 22:49 . 2012-05-23 22:49 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-05-23 22:49 . 2012-05-23 22:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-05-23 22:49 . 2012-05-23 22:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-05-23 22:49 . 2012-05-23 22:49 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-05-23 22:49 . 2012-05-23 22:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-05-23 22:49 . 2012-05-23 22:49 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-05-23 22:49 . 2012-05-23 22:49 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-05-23 22:49 . 2012-05-23 22:49 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-05-23 22:49 . 2012-05-23 22:49 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-05-23 22:49 . 2012-05-23 22:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-05-23 22:49 . 2012-05-23 22:49 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-05-23 22:49 . 2012-05-23 22:49 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-05-23 22:49 . 2012-05-23 22:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-08-12 20:36 . 2011-11-17 11:35 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-24 12:41 . 2009-12-07 02:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\bkr\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-03-30 1721192]
"Akamai NetSession Interface"="c:\users\bkr\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-22 159744]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-07-17 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-24 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-02-19 17664]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-22 4907008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
.
c:\users\bkr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet Brenda's 3050A J611 (Network).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 44544]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL23EB2DEB
*Deregistered* - mfehidk
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 22:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 15:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352841613-2907538961-2909738737-1001Core.job
- c:\users\bkr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 22:59]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-352841613-2907538961-2909738737-1001UA.job
- c:\users\bkr\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-02 22:59]
.
2012-08-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
2012-08-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{28FAF8CB-FE96-464B-AC1D-6C9777CBBF71}: NameServer = 208.67.220.220,208.67.222.222
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\bkr\AppData\Roaming\Mozilla\Firefox\Profiles\24jek8h9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=DCF3DF&PC=DCF3&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 13:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-15 13:46:48
ComboFix-quarantined-files.txt 2012-08-15 17:46
ComboFix2.txt 2012-08-15 01:53
.
Pre-Run: 32,535,318,528 bytes free
Post-Run: 32,624,717,824 bytes free
.
- - End Of File - - 1624D29CF14C4B0677C85897F3B7E4C5

#15 brmommy

brmommy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 15 August 2012 - 01:24 PM

Just rebooted and now the scrolling and all is working fine. So at this moment, I don't notice any problems. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users