Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Wav Files Playing


  • This topic is locked This topic is locked
25 replies to this topic

#1 pithed2

pithed2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 17 August 2012 - 05:09 PM

I've already tried to used Tdsskiller and it runs for a second and then closes. Yesterday, the virus hid all my documents and start menu items. I was able to correct that through use of using Malwarebytes and UnHide while in safe mode. But today I'm continuing to get internet redirects, times where the cpu is maxed and very odd occasional wav files being played. Here is the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Trisha at 16:40:43 on 2012-08-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5416 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\MYTRAKHealth\MytrakM2\Mytrak Manager.exe
C:\Program Files (x86)\Zecter\ZumoCast\ZumoCast.exe
C:\Users\Trisha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Users\Trisha\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Trisha\AppData\Roaming\Spotify\spotify.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Zecter\ZumoCast\bin\gst-thumbnailer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
uURLSearchHooks: H - No File
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [instanteyedropper] "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe"
uRun: [ZumoCast] C:\Program Files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [AdobeBridge]
uRun: [Mytrak Manager.exe] "C:\Program Files (x86)\MYTRAKHealth\MytrakM2\Mytrak Manager.exe"
uRun: [Spotify Web Helper] "C:\Users\Trisha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Trisha\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Trisha\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2DA75F3B-8E86-49CD-BC24-FD29B3684B56} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2DA75F3B-8E86-49CD-BC24-FD29B3684B56}\1647D643 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Trisha\AppData\Roaming\Mozilla\Firefox\Profiles\u5obcyo2.Andy\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-7-26 794560]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-8-8 69640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-2 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-7 381248]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]
R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]
R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-9 491920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-28 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-16 655944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-28 136176]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-17 18:29:26 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B191DFCB-1FF8-4616-922E-955C66E50936}\offreg.dll
2012-08-17 18:11:39 -------- d-----w- C:\ProgramData\PrevxCSI
2012-08-17 17:40:33 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-17 17:40:10 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-17 06:46:47 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B191DFCB-1FF8-4616-922E-955C66E50936}\mpengine.dll
2012-08-16 15:22:35 -------- d-----w- C:\Users\Trisha\AppData\Local\ElevatedDiagnostics
2012-08-16 12:52:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-15 16:52:11 -------- d-----w- C:\Program Files (x86)\Amazon
2012-08-15 15:03:13 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-08-15 14:55:53 399264 ----a-w- C:\Users\Trisha\unhide.exe
2012-08-15 14:54:47 2208856 ----a-w- C:\Users\Trisha\tdsskiller.exe
2012-08-15 14:47:48 -------- d-----w- C:\Program Files\CCleaner
2012-08-15 13:51:20 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-14 01:50:53 -------- d-----w- C:\ProgramData\ALM
2012-08-14 01:01:50 -------- d-----w- C:\Users\Trisha\New folder
2012-08-14 00:23:18 -------- d-----w- C:\Users\Trisha\AppData\Roaming\Downloaded Installations
2012-08-09 01:53:14 69640 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE
2012-08-07 01:08:12 -------- d-----w- C:\Users\Trisha\.fontconfig
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-15 14:51:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 14:51:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-07 01:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 16:49:33.77 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 19 August 2012 - 02:08 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pithed2

pithed2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 19 August 2012 - 11:45 AM

Here's the Security Check log:
*======================================================================*
Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

*======================================================================*
ComboFix
*======================================================================*
ComboFix 12-08-18.03 - Trisha 08/19/2012 8:31.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5727 [GMT -5:00]
Running from: c:\users\Trisha\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\GuffinsEI
c:\programdata\Nc0eciurXNhd54
c:\users\Trisha\135.JPG
c:\users\Trisha\893.JPG
c:\users\Trisha\AppData\Roaming\Microsoft\Windows\Recent\More Free Vector Arts Download.url
c:\users\Trisha\tdsskiller.exe
c:\users\Trisha\unhide.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 14:05 . 2012-08-19 14:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-19 14:05 . 2012-08-19 14:05 -------- d-----w- c:\users\Mcx1-TRISHA-PC\AppData\Local\temp
2012-08-19 14:05 . 2012-08-19 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 18:11 . 2012-08-17 18:18 -------- d-----w- c:\programdata\PrevxCSI
2012-08-17 17:40 . 2012-08-17 17:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-17 17:40 . 2012-08-17 17:40 -------- d-----w- c:\program files (x86)\Oracle
2012-08-17 17:40 . 2012-08-17 17:39 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-17 06:46 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B191DFCB-1FF8-4616-922E-955C66E50936}\mpengine.dll
2012-08-16 15:22 . 2012-08-16 15:22 -------- d-----w- c:\users\Trisha\AppData\Local\ElevatedDiagnostics
2012-08-16 12:52 . 2012-08-16 12:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-15 16:52 . 2012-08-15 16:52 -------- d-----w- c:\users\Trisha\AppData\Roaming\Amazon
2012-08-15 16:52 . 2012-08-15 16:52 -------- d-----w- c:\program files (x86)\Amazon
2012-08-15 15:03 . 2012-08-15 15:03 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-15 14:47 . 2012-08-15 14:47 -------- d-----w- c:\program files\CCleaner
2012-08-15 13:51 . 2012-08-15 14:51 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-08-15 12:22 . 2012-08-15 12:22 -------- d-----w- c:\programdata\McAfee
2012-08-14 01:50 . 2012-08-14 01:50 -------- d-----w- c:\programdata\ALM
2012-08-14 01:01 . 2012-08-14 01:02 -------- d-----w- c:\users\Trisha\New folder
2012-08-14 00:25 . 2012-08-15 19:09 -------- d-----w- c:\users\Trisha\AppData\Roaming\Nitro PDF
2012-08-14 00:24 . 2012-08-15 16:26 -------- d-----w- c:\programdata\Nitro PDF
2012-08-14 00:23 . 2012-08-15 16:35 -------- d-----w- c:\users\Trisha\AppData\Roaming\Downloaded Installations
2012-08-09 01:53 . 2012-08-09 01:53 69640 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE
2012-08-07 01:08 . 2012-08-07 01:08 -------- d-----w- c:\users\Trisha\.fontconfig
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 08:00 . 2011-09-30 12:11 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 14:51 . 2012-03-31 16:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 14:51 . 2011-09-29 17:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 03:06 . 2012-01-02 20:39 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-12 03:08 . 2012-07-12 08:03 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 11:06 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 11:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:05 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:06 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:06 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:05 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 17:18 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 17:18 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:18 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:18 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 17:18 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 17:18 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 17:17 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 17:17 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:06 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:06 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 11:06 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 11:06 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:06 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:06 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:06 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:06 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:06 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 17:25 . 2011-09-28 01:30 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-22 02:02 . 2012-03-13 01:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-22 02:01 . 2012-03-13 01:53 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-22 02:01 . 2012-03-13 01:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Trisha\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Trisha\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Trisha\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"instanteyedropper"="c:\program files (x86)\InstantEyedropper\InstantEyedropper.exe" [2007-10-17 352256]
"ZumoCast"="c:\program files (x86)\Zecter\ZumoCast\ZumoLauncher.lnk" [2011-11-10 1938]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-10-23 5013128]
"Mytrak Manager.exe"="c:\program files (x86)\MYTRAKHealth\MytrakM2\Mytrak Manager.exe" [2012-03-15 1054048]
"Spotify Web Helper"="c:\users\Trisha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-17 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Trisha\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-2 26868192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-29 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-07-27 794560]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-08-09 69640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-08 381248]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:51]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 19:47]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 19:47]
.
2012-07-24 c:\windows\Tasks\HPCeeScheduleForTrisha.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Trisha\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Trisha\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Trisha\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Trisha\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Trisha\AppData\Roaming\Mozilla\Firefox\Profiles\u5obcyo2.Andy\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-MYTRAK Manager Installer - c:\programdata\{4B901D4F-EF7D-48CD-82CC-78C55962ADCA}\Mytrak_Manager_Setup.exe
AddRemove-Nations Photo Lab ROES Easy - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2648636479-2688589529-2253410797-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2648636479-2688589529-2253410797-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\Zecter\ZumoCast\ZumoCast.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-08-19 09:47:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 14:47
.
Pre-Run: 792,744,521,728 bytes free
Post-Run: 792,431,575,040 bytes free
.
- - End Of File - - D0DC2510523885E58E4AC84F3F28EA56

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 19 August 2012 - 12:20 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pithed2

pithed2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 19 August 2012 - 12:40 PM

When I run either, they both pop the Windows User Account Control box. I click Yes and nothing happens. Looking at the task manager, I can see them kick off in the processes, but then disappear and nothing happens.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 19 August 2012 - 12:46 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pithed2

pithed2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 19 August 2012 - 02:12 PM

I've attached the screen shot.

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 19 August 2012 - 02:33 PM

Greetings

it is going to take aliitle bit of work but here is what i want you to do

I want you to boot back into GParted right click on the first partition (sda1) and select "Manage flages" then I want you to choose "boot"

Exit out of GParted saving as you leave

Report back to me

Note** If the computer does not boot into windows after you have changed the "Boot Flag" to SDA1 then do the same thing for SDA2

if it still will not boot after changing it to sda2 then do it for SDA3

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 pithed2

pithed2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 19 August 2012 - 02:49 PM

I was able to boot into windows after setting the boot flag for sda1. As a side note, since starting Puppy, every time I reboot to windows, I need to reset my mouse by unplugging and replugging it in.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 19 August 2012 - 04:30 PM

greetings


I want you to boot back into GParted and right click on the hidden partition (the one that is 10.00MiB in size) and select delete exit out of gparted and report back here


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 pithed2

pithed2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 19 August 2012 - 04:39 PM

Hidden partition deleted.

#12 pithed2

pithed2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 19 August 2012 - 04:41 PM

This time, my mouse worked immediately after rebooting. Also, when I booted into Puppy, all the graphics were missing. So I had defaults for everything on the desktop. But I was able to delete the 10Mb partition.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 19 August 2012 - 05:27 PM

redo the post 4 for me now please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pithed2

pithed2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 19 August 2012 - 05:38 PM

*===================================================*
TDSSKILLER - Log
*===================================================*

17:30:29.0560 2448 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
17:30:29.0997 2448 ============================================================
17:30:29.0997 2448 Current date / time: 2012/08/19 17:30:29.0997
17:30:29.0997 2448 SystemInfo:
17:30:29.0997 2448
17:30:29.0997 2448 OS Version: 6.1.7601 ServicePack: 1.0
17:30:29.0997 2448 Product type: Workstation
17:30:29.0997 2448 ComputerName: TRISHA-PC
17:30:29.0997 2448 UserName: Trisha
17:30:29.0997 2448 Windows directory: C:\Windows
17:30:29.0997 2448 System windows directory: C:\Windows
17:30:29.0997 2448 Running under WOW64
17:30:29.0997 2448 Processor architecture: Intel x64
17:30:29.0997 2448 Number of processors: 4
17:30:29.0997 2448 Page size: 0x1000
17:30:29.0997 2448 Boot type: Normal boot
17:30:29.0997 2448 ============================================================
17:30:30.0980 2448 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:30:30.0995 2448 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:30:30.0995 2448 Drive \Device\Harddisk3\DR3 - Size: 0x7A1D1C00 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:30:31.0011 2448 ============================================================
17:30:31.0011 2448 \Device\Harddisk0\DR0:
17:30:31.0011 2448 MBR partitions:
17:30:31.0011 2448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:30:31.0011 2448 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73149000
17:30:31.0011 2448 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7317B800, BlocksNum 0x1583DB0
17:30:31.0011 2448 \Device\Harddisk2\DR2:
17:30:31.0011 2448 MBR partitions:
17:30:31.0011 2448 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
17:30:31.0011 2448 \Device\Harddisk3\DR3:
17:30:31.0011 2448 MBR partitions:
17:30:31.0011 2448 \Device\Harddisk3\DR3\Partition1: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0x3D0E4F
17:30:31.0011 2448 ============================================================
17:30:31.0026 2448 C: <-> \Device\Harddisk0\DR0\Partition2
17:30:31.0089 2448 D: <-> \Device\Harddisk0\DR0\Partition3
17:30:31.0089 2448 F: <-> \Device\Harddisk2\DR2\Partition1
17:30:31.0089 2448 ============================================================
17:30:31.0089 2448 Initialize success
17:30:31.0089 2448 ============================================================
17:30:44.0879 2316 ============================================================
17:30:44.0879 2316 Scan started
17:30:44.0879 2316 Mode: Manual;
17:30:44.0879 2316 ============================================================
17:30:46.0377 2316 ================ Scan services =============================
17:30:46.0548 2316 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:30:46.0548 2316 1394ohci - ok
17:30:46.0595 2316 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:30:46.0595 2316 ACPI - ok
17:30:46.0642 2316 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:30:46.0642 2316 AcpiPmi - ok
17:30:46.0751 2316 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:30:46.0751 2316 AdobeARMservice - ok
17:30:46.0907 2316 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:30:46.0907 2316 AdobeFlashPlayerUpdateSvc - ok
17:30:46.0954 2316 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:30:46.0954 2316 adp94xx - ok
17:30:46.0985 2316 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:30:46.0985 2316 adpahci - ok
17:30:47.0001 2316 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:30:47.0001 2316 adpu320 - ok
17:30:47.0016 2316 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:30:47.0016 2316 AeLookupSvc - ok
17:30:47.0079 2316 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:30:47.0094 2316 AFD - ok
17:30:47.0141 2316 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:30:47.0141 2316 agp440 - ok
17:30:47.0157 2316 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
17:30:47.0157 2316 ALG - ok
17:30:47.0204 2316 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:30:47.0204 2316 aliide - ok
17:30:47.0235 2316 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
17:30:47.0235 2316 amdide - ok
17:30:47.0250 2316 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:30:47.0250 2316 AmdK8 - ok
17:30:47.0266 2316 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:30:47.0266 2316 AmdPPM - ok
17:30:47.0313 2316 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:30:47.0313 2316 amdsata - ok
17:30:47.0344 2316 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:30:47.0360 2316 amdsbs - ok
17:30:47.0375 2316 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:30:47.0375 2316 amdxata - ok
17:30:47.0406 2316 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
17:30:47.0406 2316 AppID - ok
17:30:47.0438 2316 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:30:47.0438 2316 AppIDSvc - ok
17:30:47.0469 2316 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:30:47.0484 2316 Appinfo - ok
17:30:47.0547 2316 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:30:47.0547 2316 Apple Mobile Device - ok
17:30:47.0609 2316 [ 0805ecf10476a091999e4d59d0db71a2 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
17:30:47.0625 2316 Application Updater - ok
17:30:47.0672 2316 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
17:30:47.0672 2316 arc - ok
17:30:47.0687 2316 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:30:47.0687 2316 arcsas - ok
17:30:47.0781 2316 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:30:47.0781 2316 aspnet_state - ok
17:30:47.0812 2316 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:30:47.0812 2316 AsyncMac - ok
17:30:47.0843 2316 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
17:30:47.0859 2316 atapi - ok
17:30:47.0921 2316 [ e0fabc10635c670bd7d89fd214a405d7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:30:47.0937 2316 athr - ok
17:30:47.0999 2316 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:30:48.0015 2316 AudioEndpointBuilder - ok
17:30:48.0046 2316 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:30:48.0062 2316 AudioSrv - ok
17:30:48.0124 2316 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:30:48.0124 2316 AxInstSV - ok
17:30:48.0171 2316 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:30:48.0171 2316 b06bdrv - ok
17:30:48.0202 2316 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:30:48.0202 2316 b57nd60a - ok
17:30:48.0233 2316 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:30:48.0233 2316 BDESVC - ok
17:30:48.0249 2316 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:30:48.0249 2316 Beep - ok
17:30:48.0327 2316 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
17:30:48.0342 2316 BFE - ok
17:30:48.0405 2316 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
17:30:48.0420 2316 BITS - ok
17:30:48.0436 2316 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:30:48.0436 2316 blbdrive - ok
17:30:48.0498 2316 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:30:48.0514 2316 Bonjour Service - ok
17:30:48.0530 2316 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:30:48.0530 2316 bowser - ok
17:30:48.0545 2316 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:30:48.0545 2316 BrFiltLo - ok
17:30:48.0561 2316 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:30:48.0561 2316 BrFiltUp - ok
17:30:48.0576 2316 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:30:48.0576 2316 BridgeMP - ok
17:30:48.0623 2316 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
17:30:48.0623 2316 Browser - ok
17:30:48.0639 2316 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:30:48.0639 2316 Brserid - ok
17:30:48.0654 2316 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:30:48.0654 2316 BrSerWdm - ok
17:30:48.0670 2316 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:30:48.0670 2316 BrUsbMdm - ok
17:30:48.0686 2316 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:30:48.0686 2316 BrUsbSer - ok
17:30:48.0732 2316 [ ff7c57973eead140062238c5a0b7d455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
17:30:48.0732 2316 BTCFilterService - ok
17:30:48.0764 2316 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:30:48.0764 2316 BTHMODEM - ok
17:30:48.0810 2316 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
17:30:48.0810 2316 bthserv - ok
17:30:48.0857 2316 catchme - ok
17:30:48.0888 2316 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:30:48.0888 2316 cdfs - ok
17:30:48.0935 2316 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:30:48.0935 2316 cdrom - ok
17:30:48.0982 2316 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
17:30:48.0998 2316 CertPropSvc - ok
17:30:49.0013 2316 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:30:49.0013 2316 circlass - ok
17:30:49.0060 2316 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
17:30:49.0060 2316 CLFS - ok
17:30:49.0122 2316 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:49.0122 2316 clr_optimization_v2.0.50727_32 - ok
17:30:49.0185 2316 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:30:49.0185 2316 clr_optimization_v2.0.50727_64 - ok
17:30:49.0466 2316 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:30:49.0466 2316 clr_optimization_v4.0.30319_32 - ok
17:30:49.0497 2316 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:30:49.0497 2316 clr_optimization_v4.0.30319_64 - ok
17:30:49.0512 2316 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:30:49.0512 2316 CmBatt - ok
17:30:49.0544 2316 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:30:49.0544 2316 cmdide - ok
17:30:49.0590 2316 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
17:30:49.0606 2316 CNG - ok
17:30:49.0606 2316 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:30:49.0606 2316 Compbatt - ok
17:30:49.0653 2316 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:30:49.0653 2316 CompositeBus - ok
17:30:49.0668 2316 COMSysApp - ok
17:30:49.0684 2316 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:30:49.0684 2316 crcdisk - ok
17:30:49.0731 2316 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:30:49.0731 2316 CryptSvc - ok
17:30:49.0778 2316 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:30:49.0793 2316 DcomLaunch - ok
17:30:49.0840 2316 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
17:30:49.0856 2316 defragsvc - ok
17:30:49.0887 2316 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:30:49.0887 2316 DfsC - ok
17:30:49.0949 2316 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
17:30:49.0949 2316 Dhcp - ok
17:30:49.0965 2316 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
17:30:49.0965 2316 discache - ok
17:30:49.0980 2316 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:30:49.0980 2316 Disk - ok
17:30:50.0012 2316 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:30:50.0012 2316 Dnscache - ok
17:30:50.0058 2316 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:30:50.0058 2316 dot3svc - ok
17:30:50.0105 2316 [ b42ed0320c6e41102fde0005154849bb ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:30:50.0105 2316 Dot4 - ok
17:30:50.0152 2316 [ e9f5969233c5d89f3c35e3a66a52a361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
17:30:50.0152 2316 Dot4Print - ok
17:30:50.0168 2316 [ fd05a02b0370bc3000f402e543ca5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:30:50.0168 2316 dot4usb - ok
17:30:50.0214 2316 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
17:30:50.0214 2316 DPS - ok
17:30:50.0246 2316 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:30:50.0246 2316 drmkaud - ok
17:30:50.0324 2316 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:30:50.0324 2316 DXGKrnl - ok
17:30:50.0370 2316 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:30:50.0386 2316 EapHost - ok
17:30:50.0480 2316 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:30:50.0495 2316 ebdrv - ok
17:30:50.0511 2316 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
17:30:50.0511 2316 EFS - ok
17:30:50.0558 2316 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:30:50.0573 2316 ehRecvr - ok
17:30:50.0604 2316 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
17:30:50.0604 2316 ehSched - ok
17:30:50.0651 2316 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:30:50.0651 2316 elxstor - ok
17:30:50.0682 2316 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:30:50.0682 2316 ErrDev - ok
17:30:50.0729 2316 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
17:30:50.0729 2316 EventSystem - ok
17:30:50.0745 2316 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
17:30:50.0745 2316 exfat - ok
17:30:50.0776 2316 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:30:50.0776 2316 fastfat - ok
17:30:50.0838 2316 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
17:30:50.0854 2316 Fax - ok
17:30:50.0854 2316 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:30:50.0854 2316 fdc - ok
17:30:50.0885 2316 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:30:50.0885 2316 fdPHost - ok
17:30:50.0885 2316 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:30:50.0901 2316 FDResPub - ok
17:30:50.0916 2316 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:30:50.0916 2316 FileInfo - ok
17:30:50.0916 2316 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:30:50.0916 2316 Filetrace - ok
17:30:50.0994 2316 [ c623057d3905323f760a8b3c8523c072 ] FileZilla Server C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
17:30:51.0010 2316 FileZilla Server - ok
17:30:51.0010 2316 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:30:51.0010 2316 flpydisk - ok
17:30:51.0057 2316 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:30:51.0057 2316 FltMgr - ok
17:30:51.0135 2316 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
17:30:51.0150 2316 FontCache - ok
17:30:51.0213 2316 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:30:51.0213 2316 FontCache3.0.0.0 - ok
17:30:51.0228 2316 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:30:51.0228 2316 FsDepends - ok
17:30:51.0275 2316 [ 07da62c960ddccc2d35836aeab4fc578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:30:51.0275 2316 fssfltr - ok
17:30:51.0416 2316 [ 28ddeeec44e988657b732cf404d504cb ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:30:51.0447 2316 fsssvc - ok
17:30:51.0462 2316 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:30:51.0462 2316 Fs_Rec - ok
17:30:51.0509 2316 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:30:51.0525 2316 fvevol - ok
17:30:51.0540 2316 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:30:51.0540 2316 gagp30kx - ok
17:30:51.0603 2316 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:30:51.0618 2316 GamesAppService - ok
17:30:51.0681 2316 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:30:51.0681 2316 GEARAspiWDM - ok
17:30:51.0743 2316 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
17:30:51.0759 2316 gpsvc - ok
17:30:51.0837 2316 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:30:51.0837 2316 gupdate - ok
17:30:51.0868 2316 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:30:51.0868 2316 gupdatem - ok
17:30:51.0884 2316 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:30:51.0884 2316 hcw85cir - ok
17:30:51.0930 2316 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:30:51.0946 2316 HDAudBus - ok
17:30:51.0946 2316 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:30:51.0946 2316 HidBatt - ok
17:30:51.0962 2316 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:30:51.0977 2316 HidBth - ok
17:30:51.0993 2316 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:30:51.0993 2316 HidIr - ok
17:30:52.0024 2316 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
17:30:52.0024 2316 hidserv - ok
17:30:52.0055 2316 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:30:52.0055 2316 HidUsb - ok
17:30:52.0102 2316 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:30:52.0102 2316 hkmsvc - ok
17:30:52.0164 2316 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:30:52.0164 2316 HomeGroupListener - ok
17:30:52.0196 2316 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:30:52.0211 2316 HomeGroupProvider - ok
17:30:52.0274 2316 [ 00b239202f7756695c8ccdf8bafa7d3d ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
17:30:52.0274 2316 HP Health Check Service - ok
17:30:52.0383 2316 [ 08457d8f8149757c70cea59c71ec5d27 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:30:52.0383 2316 hpqcxs08 - ok
17:30:52.0414 2316 [ 75cc8c5146a3fb76221a7606628778d5 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:30:52.0414 2316 hpqddsvc - ok
17:30:52.0461 2316 [ fdf273a845f1ffcceadf363aaf47582f ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:30:52.0461 2316 hpqwmiex - ok
17:30:52.0508 2316 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:30:52.0508 2316 HpSAMD - ok
17:30:52.0554 2316 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:30:52.0570 2316 HTTP - ok
17:30:52.0617 2316 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:30:52.0617 2316 hwpolicy - ok
17:30:52.0679 2316 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:30:52.0679 2316 i8042prt - ok
17:30:52.0726 2316 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:30:52.0742 2316 iaStorV - ok
17:30:52.0804 2316 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:30:52.0820 2316 idsvc - ok
17:30:52.0851 2316 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:30:52.0851 2316 iirsp - ok
17:30:52.0882 2316 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
17:30:52.0913 2316 IKEEXT - ok
17:30:52.0991 2316 [ ef75c94792187a143871fbb87611b0b7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:30:53.0022 2316 IntcAzAudAddService - ok
17:30:53.0038 2316 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
17:30:53.0038 2316 intelide - ok
17:30:53.0069 2316 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:30:53.0069 2316 intelppm - ok
17:30:53.0147 2316 [ 1663a135865f0ba6e853353e98e67f2a ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
17:30:53.0163 2316 IntuitUpdateServiceV4 - ok
17:30:53.0194 2316 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:30:53.0194 2316 IPBusEnum - ok
17:30:53.0241 2316 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:30:53.0241 2316 IpFilterDriver - ok
17:30:53.0288 2316 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:30:53.0288 2316 iphlpsvc - ok
17:30:53.0319 2316 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:30:53.0334 2316 IPMIDRV - ok
17:30:53.0350 2316 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:30:53.0350 2316 IPNAT - ok
17:30:53.0428 2316 [ ee4c2a137c7088911a8919effc9812e7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:30:53.0444 2316 iPod Service - ok
17:30:53.0459 2316 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:30:53.0459 2316 IRENUM - ok
17:30:53.0506 2316 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:30:53.0506 2316 isapnp - ok
17:30:53.0537 2316 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:30:53.0537 2316 iScsiPrt - ok
17:30:53.0584 2316 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:30:53.0584 2316 kbdclass - ok
17:30:53.0600 2316 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:30:53.0600 2316 kbdhid - ok
17:30:53.0631 2316 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
17:30:53.0631 2316 KeyIso - ok
17:30:53.0678 2316 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:30:53.0678 2316 KSecDD - ok
17:30:53.0693 2316 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:30:53.0693 2316 KSecPkg - ok
17:30:53.0724 2316 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:30:53.0724 2316 ksthunk - ok
17:30:53.0756 2316 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
17:30:53.0771 2316 KtmRm - ok
17:30:53.0834 2316 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:30:53.0834 2316 LanmanServer - ok
17:30:53.0880 2316 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:30:53.0880 2316 LanmanWorkstation - ok
17:30:53.0943 2316 [ 2238b91ac1a12cc6cc4c4fed41258b2a ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:30:53.0943 2316 LightScribeService - ok
17:30:53.0974 2316 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:30:53.0974 2316 lltdio - ok
17:30:53.0990 2316 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:30:54.0005 2316 lltdsvc - ok
17:30:54.0005 2316 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:30:54.0005 2316 lmhosts - ok
17:30:54.0036 2316 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:30:54.0036 2316 LSI_FC - ok
17:30:54.0068 2316 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:30:54.0068 2316 LSI_SAS - ok
17:30:54.0083 2316 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:30:54.0083 2316 LSI_SAS2 - ok
17:30:54.0083 2316 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:30:54.0083 2316 LSI_SCSI - ok
17:30:54.0114 2316 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
17:30:54.0114 2316 luafv - ok
17:30:54.0161 2316 MBAMProtector - ok
17:30:54.0255 2316 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:30:54.0255 2316 MBAMService - ok
17:30:54.0302 2316 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:30:54.0302 2316 Mcx2Svc - ok
17:30:54.0333 2316 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:30:54.0333 2316 megasas - ok
17:30:54.0348 2316 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:30:54.0348 2316 MegaSR - ok
17:30:54.0364 2316 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
17:30:54.0364 2316 MMCSS - ok
17:30:54.0395 2316 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:30:54.0395 2316 Modem - ok
17:30:54.0411 2316 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:30:54.0411 2316 monitor - ok
17:30:54.0504 2316 [ c94a2ea3fdfa5d650884926b710b7db1 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
17:30:54.0504 2316 motccgp - ok
17:30:54.0520 2316 [ d51e009baeda07ebc107d49d224c2414 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
17:30:54.0520 2316 motccgpfl - ok
17:30:54.0567 2316 [ 060f0ef84f430802df3788f3dcfd009c ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
17:30:54.0567 2316 motmodem - ok
17:30:54.0629 2316 [ 9dfd34e6841c460b5d992a1c5327ae69 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
17:30:54.0629 2316 MotoHelper - ok
17:30:54.0676 2316 [ ebd05f60cafc5bba2602b8d7101082d3 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
17:30:54.0676 2316 MotoSwitchService - ok
17:30:54.0723 2316 [ 87701078c3f720ac7a028e937994cc49 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
17:30:54.0723 2316 Motousbnet - ok
17:30:54.0770 2316 [ d075b1d964a314d240f5498773ee89df ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
17:30:54.0770 2316 motusbdevice - ok
17:30:54.0785 2316 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:30:54.0785 2316 mouclass - ok
17:30:54.0801 2316 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:30:54.0801 2316 mouhid - ok
17:30:54.0832 2316 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:30:54.0832 2316 mountmgr - ok
17:30:54.0894 2316 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:30:54.0894 2316 MozillaMaintenance - ok
17:30:54.0941 2316 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:30:54.0941 2316 mpio - ok
17:30:54.0972 2316 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:30:54.0972 2316 mpsdrv - ok
17:30:55.0019 2316 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:30:55.0035 2316 MpsSvc - ok
17:30:55.0066 2316 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:30:55.0066 2316 MRxDAV - ok
17:30:55.0097 2316 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:30:55.0097 2316 mrxsmb - ok
17:30:55.0113 2316 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:30:55.0128 2316 mrxsmb10 - ok
17:30:55.0144 2316 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:30:55.0144 2316 mrxsmb20 - ok
17:30:55.0191 2316 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:30:55.0191 2316 msahci - ok
17:30:55.0222 2316 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:30:55.0222 2316 msdsm - ok
17:30:55.0269 2316 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
17:30:55.0269 2316 MSDTC - ok
17:30:55.0316 2316 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:30:55.0316 2316 Msfs - ok
17:30:55.0347 2316 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:30:55.0347 2316 mshidkmdf - ok
17:30:55.0378 2316 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:30:55.0378 2316 msisadrv - ok
17:30:55.0409 2316 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:30:55.0409 2316 MSiSCSI - ok
17:30:55.0425 2316 msiserver - ok
17:30:55.0456 2316 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:30:55.0456 2316 MSKSSRV - ok
17:30:55.0472 2316 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:30:55.0472 2316 MSPCLOCK - ok
17:30:55.0487 2316 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:30:55.0487 2316 MSPQM - ok
17:30:55.0550 2316 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:30:55.0550 2316 MsRPC - ok
17:30:55.0565 2316 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:30:55.0565 2316 mssmbios - ok
17:30:55.0581 2316 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:30:55.0581 2316 MSTEE - ok
17:30:55.0596 2316 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:30:55.0596 2316 MTConfig - ok
17:30:55.0628 2316 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:30:55.0628 2316 Mup - ok
17:30:55.0674 2316 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
17:30:55.0690 2316 napagent - ok
17:30:55.0721 2316 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:30:55.0721 2316 NativeWifiP - ok
17:30:55.0752 2316 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
17:30:55.0752 2316 NDIS - ok
17:30:55.0784 2316 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:30:55.0784 2316 NdisCap - ok
17:30:55.0799 2316 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:30:55.0799 2316 NdisTapi - ok
17:30:55.0830 2316 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:30:55.0830 2316 Ndisuio - ok
17:30:55.0862 2316 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:30:55.0862 2316 NdisWan - ok
17:30:55.0908 2316 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:30:55.0908 2316 NDProxy - ok
17:30:55.0955 2316 [ d5ac41ae382738483faffbd7e373d49a ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:30:55.0955 2316 Net Driver HPZ12 - ok
17:30:55.0955 2316 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:30:55.0971 2316 NetBIOS - ok
17:30:56.0018 2316 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:30:56.0018 2316 NetBT - ok
17:30:56.0033 2316 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
17:30:56.0033 2316 Netlogon - ok
17:30:56.0064 2316 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
17:30:56.0080 2316 Netman - ok
17:30:56.0127 2316 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:56.0127 2316 NetMsmqActivator - ok
17:30:56.0142 2316 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:56.0142 2316 NetPipeActivator - ok
17:30:56.0174 2316 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
17:30:56.0174 2316 netprofm - ok
17:30:56.0174 2316 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:56.0189 2316 NetTcpActivator - ok
17:30:56.0189 2316 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:30:56.0189 2316 NetTcpPortSharing - ok
17:30:56.0205 2316 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:30:56.0220 2316 nfrd960 - ok
17:30:56.0252 2316 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:30:56.0267 2316 NlaSvc - ok
17:30:56.0361 2316 [ 5da063c13d2e0850140f10af4720ce78 ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
17:30:56.0361 2316 nlsX86cc - ok
17:30:56.0361 2316 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:30:56.0361 2316 Npfs - ok
17:30:56.0408 2316 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:30:56.0408 2316 nsi - ok
17:30:56.0408 2316 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:30:56.0408 2316 nsiproxy - ok
17:30:56.0486 2316 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:30:56.0486 2316 Ntfs - ok
17:30:56.0548 2316 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
17:30:56.0548 2316 Null - ok
17:30:56.0813 2316 [ cbf698abe989d60ec0d0b6b81ad82930 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:30:56.0876 2316 nvlddmkm - ok
17:30:56.0907 2316 [ 909eedcbd365bb81027d8e742e6b3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
17:30:56.0907 2316 NVNET - ok
17:30:56.0938 2316 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:30:56.0938 2316 nvraid - ok
17:30:56.0969 2316 [ afde3015bb8d76e26bec3b287c5443a0 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
17:30:56.0985 2316 nvsmu - ok
17:30:57.0016 2316 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:30:57.0016 2316 nvstor - ok
17:30:57.0047 2316 [ 1e45f96342429d63dc30e0d9117da3d8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
17:30:57.0047 2316 nvstor64 - ok
17:30:57.0125 2316 [ cce27b95d1ae8128a7e0cee0fc9ae535 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:30:57.0141 2316 nvsvc - ok
17:30:57.0219 2316 [ d4f624d918686491e1b1afaf1901f457 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:30:57.0234 2316 nvUpdatusService - ok
17:30:57.0312 2316 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:30:57.0312 2316 nv_agp - ok
17:30:57.0390 2316 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:30:57.0390 2316 odserv - ok
17:30:57.0437 2316 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:30:57.0437 2316 ohci1394 - ok
17:30:57.0484 2316 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:30:57.0484 2316 ose - ok
17:30:57.0515 2316 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:30:57.0515 2316 p2pimsvc - ok
17:30:57.0546 2316 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:30:57.0562 2316 p2psvc - ok
17:30:57.0593 2316 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:30:57.0593 2316 Parport - ok
17:30:57.0640 2316 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:30:57.0640 2316 partmgr - ok
17:30:57.0656 2316 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:30:57.0656 2316 PcaSvc - ok
17:30:57.0671 2316 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
17:30:57.0671 2316 pci - ok
17:30:57.0718 2316 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
17:30:57.0718 2316 pciide - ok
17:30:57.0749 2316 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:30:57.0749 2316 pcmcia - ok
17:30:57.0765 2316 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:30:57.0765 2316 pcw - ok
17:30:57.0796 2316 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:30:57.0812 2316 PEAUTH - ok
17:30:57.0843 2316 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:30:57.0843 2316 PerfHost - ok
17:30:57.0952 2316 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
17:30:57.0968 2316 pla - ok
17:30:58.0030 2316 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:30:58.0046 2316 PlugPlay - ok
17:30:58.0108 2316 [ 37f6046cdc630442d7dc087501ff6fc6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:30:58.0108 2316 Pml Driver HPZ12 - ok
17:30:58.0124 2316 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:30:58.0139 2316 PNRPAutoReg - ok
17:30:58.0155 2316 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:30:58.0170 2316 PNRPsvc - ok
17:30:58.0186 2316 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:30:58.0202 2316 PolicyAgent - ok
17:30:58.0233 2316 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
17:30:58.0233 2316 Power - ok
17:30:58.0280 2316 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:30:58.0280 2316 PptpMiniport - ok
17:30:58.0311 2316 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:30:58.0311 2316 Processor - ok
17:30:58.0373 2316 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:30:58.0373 2316 ProfSvc - ok
17:30:58.0389 2316 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:30:58.0389 2316 ProtectedStorage - ok
17:30:58.0436 2316 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:30:58.0436 2316 Psched - ok
17:30:58.0498 2316 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:30:58.0529 2316 ql2300 - ok
17:30:58.0545 2316 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:30:58.0545 2316 ql40xx - ok
17:30:58.0560 2316 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
17:30:58.0560 2316 QWAVE - ok
17:30:58.0576 2316 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:30:58.0576 2316 QWAVEdrv - ok
17:30:58.0607 2316 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:30:58.0607 2316 RasAcd - ok
17:30:58.0638 2316 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:30:58.0638 2316 RasAgileVpn - ok
17:30:58.0654 2316 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
17:30:58.0654 2316 RasAuto - ok
17:30:58.0701 2316 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:30:58.0701 2316 Rasl2tp - ok
17:30:58.0748 2316 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
17:30:58.0763 2316 RasMan - ok
17:30:58.0779 2316 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:30:58.0779 2316 RasPppoe - ok
17:30:58.0794 2316 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:30:58.0794 2316 RasSstp - ok
17:30:58.0841 2316 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:30:58.0841 2316 rdbss - ok
17:30:58.0857 2316 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:30:58.0857 2316 rdpbus - ok
17:30:58.0872 2316 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:30:58.0872 2316 RDPCDD - ok
17:30:58.0904 2316 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:30:58.0904 2316 RDPENCDD - ok
17:30:58.0919 2316 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:30:58.0919 2316 RDPREFMP - ok
17:30:58.0950 2316 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:30:58.0950 2316 RDPWD - ok
17:30:58.0982 2316 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:30:58.0982 2316 rdyboost - ok
17:30:59.0028 2316 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:30:59.0028 2316 RemoteAccess - ok
17:30:59.0028 2316 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:30:59.0028 2316 RemoteRegistry - ok
17:30:59.0044 2316 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:30:59.0044 2316 RpcEptMapper - ok
17:30:59.0060 2316 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
17:30:59.0060 2316 RpcLocator - ok
17:30:59.0106 2316 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
17:30:59.0106 2316 RpcSs - ok
17:30:59.0122 2316 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:30:59.0138 2316 rspndr - ok
17:30:59.0153 2316 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
17:30:59.0153 2316 SamSs - ok
17:30:59.0184 2316 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:30:59.0184 2316 sbp2port - ok
17:30:59.0184 2316 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:30:59.0200 2316 SCardSvr - ok
17:30:59.0231 2316 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:30:59.0231 2316 scfilter - ok
17:30:59.0294 2316 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
17:30:59.0309 2316 Schedule - ok
17:30:59.0356 2316 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
17:30:59.0356 2316 SCPolicySvc - ok
17:30:59.0450 2316 [ 958e956e119eb7b9aba142afed1b5ff4 ] ScsiAccess C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
17:30:59.0450 2316 ScsiAccess - ok
17:30:59.0496 2316 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:30:59.0496 2316 SDRSVC - ok
17:30:59.0528 2316 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:30:59.0528 2316 secdrv - ok
17:30:59.0559 2316 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
17:30:59.0574 2316 seclogon - ok
17:30:59.0574 2316 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
17:30:59.0590 2316 SENS - ok
17:30:59.0606 2316 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:30:59.0606 2316 SensrSvc - ok
17:30:59.0621 2316 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:30:59.0621 2316 Serenum - ok
17:30:59.0637 2316 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:30:59.0637 2316 Serial - ok
17:30:59.0668 2316 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:30:59.0668 2316 sermouse - ok
17:30:59.0699 2316 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:30:59.0715 2316 SessionEnv - ok
17:30:59.0746 2316 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:30:59.0746 2316 sffdisk - ok
17:30:59.0762 2316 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:30:59.0762 2316 sffp_mmc - ok
17:30:59.0762 2316 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:30:59.0777 2316 sffp_sd - ok
17:30:59.0777 2316 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:30:59.0777 2316 sfloppy - ok
17:30:59.0824 2316 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:30:59.0824 2316 SharedAccess - ok
17:30:59.0871 2316 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:30:59.0886 2316 ShellHWDetection - ok
17:30:59.0902 2316 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:30:59.0902 2316 SiSRaid2 - ok
17:30:59.0918 2316 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:30:59.0918 2316 SiSRaid4 - ok
17:30:59.0980 2316 [ dd0443bc6cc78a19fd399817f8c51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
17:30:59.0980 2316 SmartDefragDriver - ok
17:31:00.0011 2316 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:31:00.0011 2316 Smb - ok
17:31:00.0042 2316 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:31:00.0042 2316 SNMPTRAP - ok
17:31:00.0058 2316 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:31:00.0058 2316 spldr - ok
17:31:00.0105 2316 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
17:31:00.0105 2316 Spooler - ok
17:31:00.0214 2316 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
17:31:00.0245 2316 sppsvc - ok
17:31:00.0276 2316 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:31:00.0276 2316 sppuinotify - ok
17:31:00.0292 2316 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
17:31:00.0308 2316 srv - ok
17:31:00.0323 2316 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:31:00.0323 2316 srv2 - ok
17:31:00.0339 2316 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:31:00.0339 2316 srvnet - ok
17:31:00.0354 2316 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:31:00.0354 2316 SSDPSRV - ok
17:31:00.0386 2316 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:31:00.0386 2316 SstpSvc - ok
17:31:00.0432 2316 [ 2a3a44dfa9bb1ba65057a99966edfe56 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:31:00.0432 2316 Stereo Service - ok
17:31:00.0448 2316 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:31:00.0448 2316 stexstor - ok
17:31:00.0510 2316 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
17:31:00.0510 2316 stisvc - ok
17:31:00.0557 2316 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:31:00.0557 2316 swenum - ok
17:31:00.0620 2316 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:31:00.0635 2316 SwitchBoard - ok
17:31:00.0666 2316 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
17:31:00.0666 2316 swprv - ok
17:31:00.0744 2316 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
17:31:00.0776 2316 SysMain - ok
17:31:00.0807 2316 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:31:00.0822 2316 TabletInputService - ok
17:31:00.0869 2316 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:31:00.0869 2316 TapiSrv - ok
17:31:00.0900 2316 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
17:31:00.0900 2316 TBS - ok
17:31:00.0978 2316 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:31:01.0010 2316 Tcpip - ok
17:31:01.0041 2316 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:31:01.0056 2316 TCPIP6 - ok
17:31:01.0103 2316 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:31:01.0103 2316 tcpipreg - ok
17:31:01.0150 2316 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:31:01.0150 2316 TDPIPE - ok
17:31:01.0181 2316 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:31:01.0181 2316 TDTCP - ok
17:31:01.0244 2316 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:31:01.0259 2316 tdx - ok
17:31:01.0290 2316 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:31:01.0306 2316 TermDD - ok
17:31:01.0368 2316 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
17:31:01.0384 2316 TermService - ok
17:31:01.0400 2316 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
17:31:01.0400 2316 Themes - ok
17:31:01.0431 2316 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
17:31:01.0431 2316 THREADORDER - ok
17:31:01.0446 2316 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
17:31:01.0446 2316 TrkWks - ok
17:31:01.0509 2316 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:31:01.0509 2316 TrustedInstaller - ok
17:31:01.0556 2316 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:31:01.0556 2316 tssecsrv - ok
17:31:01.0602 2316 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:31:01.0602 2316 TsUsbFlt - ok
17:31:01.0665 2316 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:31:01.0665 2316 tunnel - ok
17:31:01.0680 2316 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:31:01.0680 2316 uagp35 - ok
17:31:01.0727 2316 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:31:01.0743 2316 udfs - ok
17:31:01.0774 2316 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:31:01.0790 2316 UI0Detect - ok
17:31:01.0821 2316 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:31:01.0821 2316 uliagpkx - ok
17:31:01.0883 2316 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:31:01.0883 2316 umbus - ok
17:31:01.0914 2316 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:31:01.0914 2316 UmPass - ok
17:31:01.0946 2316 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
17:31:01.0946 2316 upnphost - ok
17:31:01.0992 2316 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:31:01.0992 2316 USBAAPL64 - ok
17:31:02.0039 2316 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:31:02.0039 2316 usbccgp - ok
17:31:02.0102 2316 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:31:02.0102 2316 usbcir - ok
17:31:02.0133 2316 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:31:02.0133 2316 usbehci - ok
17:31:02.0164 2316 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:31:02.0164 2316 usbhub - ok
17:31:02.0211 2316 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:31:02.0211 2316 usbohci - ok
17:31:02.0226 2316 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:31:02.0226 2316 usbprint - ok
17:31:02.0258 2316 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:31:02.0258 2316 usbscan - ok
17:31:02.0258 2316 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:31:02.0258 2316 USBSTOR - ok
17:31:02.0273 2316 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:31:02.0273 2316 usbuhci - ok
17:31:02.0304 2316 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
17:31:02.0304 2316 UxSms - ok
17:31:02.0304 2316 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
17:31:02.0320 2316 VaultSvc - ok
17:31:02.0351 2316 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:31:02.0351 2316 vdrvroot - ok
17:31:02.0398 2316 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
17:31:02.0414 2316 vds - ok
17:31:02.0429 2316 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:31:02.0429 2316 vga - ok
17:31:02.0445 2316 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
17:31:02.0445 2316 VgaSave - ok
17:31:02.0476 2316 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:31:02.0492 2316 vhdmp - ok
17:31:02.0523 2316 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:31:02.0523 2316 viaide - ok
17:31:02.0538 2316 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:31:02.0538 2316 volmgr - ok
17:31:02.0601 2316 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:31:02.0601 2316 volmgrx - ok
17:31:02.0648 2316 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:31:02.0648 2316 volsnap - ok
17:31:02.0694 2316 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:31:02.0694 2316 vsmraid - ok
17:31:02.0772 2316 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
17:31:02.0804 2316 VSS - ok
17:31:02.0835 2316 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:31:02.0850 2316 vwifibus - ok
17:31:02.0866 2316 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:31:02.0866 2316 vwififlt - ok
17:31:02.0897 2316 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:31:02.0897 2316 vwifimp - ok
17:31:02.0944 2316 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
17:31:02.0960 2316 W32Time - ok
17:31:02.0960 2316 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:31:02.0960 2316 WacomPen - ok
17:31:02.0991 2316 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:31:02.0991 2316 WANARP - ok
17:31:02.0991 2316 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:31:02.0991 2316 Wanarpv6 - ok
17:31:03.0053 2316 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:31:03.0053 2316 WatAdminSvc - ok
17:31:03.0116 2316 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
17:31:03.0131 2316 wbengine - ok
17:31:03.0131 2316 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:31:03.0131 2316 WbioSrvc - ok
17:31:03.0178 2316 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:31:03.0194 2316 wcncsvc - ok
17:31:03.0194 2316 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:31:03.0209 2316 WcsPlugInService - ok
17:31:03.0209 2316 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:31:03.0209 2316 Wd - ok
17:31:03.0272 2316 [ a3d04ebf5227886029b4532f20d026f7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
17:31:03.0272 2316 WDC_SAM - ok
17:31:03.0334 2316 [ e6050fe6b60fa91188b8abdb5b1e339f ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
17:31:03.0334 2316 WDDMService - ok
17:31:03.0350 2316 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:31:03.0365 2316 Wdf01000 - ok
17:31:03.0443 2316 [ b83d5071b32a70bebdb3330bfa7acb80 ] WDFME C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
17:31:03.0459 2316 WDFME - ok
17:31:03.0474 2316 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:31:03.0474 2316 WdiServiceHost - ok
17:31:03.0474 2316 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:31:03.0474 2316 WdiSystemHost - ok
17:31:03.0506 2316 [ 517de2c5568cba6b2a24a557ac60c30b ] WDSC C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
17:31:03.0521 2316 WDSC - ok
17:31:03.0552 2316 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:31:03.0568 2316 WebClient - ok
17:31:03.0568 2316 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:31:03.0584 2316 Wecsvc - ok
17:31:03.0599 2316 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:31:03.0599 2316 wercplsupport - ok
17:31:03.0630 2316 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:31:03.0630 2316 WerSvc - ok
17:31:03.0646 2316 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:31:03.0662 2316 WfpLwf - ok
17:31:03.0677 2316 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:31:03.0677 2316 WIMMount - ok
17:31:03.0693 2316 WinDefend - ok
17:31:03.0693 2316 WinHttpAutoProxySvc - ok
17:31:03.0740 2316 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:31:03.0740 2316 Winmgmt - ok
17:31:03.0833 2316 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
17:31:03.0864 2316 WinRM - ok
17:31:03.0896 2316 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:31:03.0896 2316 WinUsb - ok
17:31:03.0927 2316 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
17:31:03.0958 2316 Wlansvc - ok
17:31:04.0067 2316 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:31:04.0098 2316 wlidsvc - ok
17:31:04.0145 2316 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:31:04.0145 2316 WmiAcpi - ok
17:31:04.0176 2316 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:31:04.0176 2316 wmiApSrv - ok
17:31:04.0192 2316 WMPNetworkSvc - ok
17:31:04.0208 2316 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:31:04.0208 2316 WPCSvc - ok
17:31:04.0254 2316 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:31:04.0254 2316 WPDBusEnum - ok
17:31:04.0286 2316 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:31:04.0301 2316 ws2ifsl - ok
17:31:04.0301 2316 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
17:31:04.0317 2316 wscsvc - ok
17:31:04.0317 2316 WSearch - ok
17:31:04.0426 2316 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:31:04.0442 2316 wuauserv - ok
17:31:04.0488 2316 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:31:04.0488 2316 WudfPf - ok
17:31:04.0520 2316 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:31:04.0520 2316 WUDFRd - ok
17:31:04.0551 2316 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:31:04.0566 2316 wudfsvc - ok
17:31:04.0582 2316 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
17:31:04.0598 2316 WwanSvc - ok
17:31:04.0676 2316 [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:31:04.0691 2316 YahooAUService - ok
17:31:04.0722 2316 ================ Scan global ===============================
17:31:04.0754 2316 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
17:31:04.0785 2316 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
17:31:04.0800 2316 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
17:31:04.0832 2316 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
17:31:04.0878 2316 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
17:31:04.0894 2316 [Global] - ok
17:31:04.0894 2316 ================ Scan MBR ==================================
17:31:04.0910 2316 MBR (0x1B8) (1719c40cf594294b92e3cc075c1c10cc) \Device\Harddisk0\DR0
17:31:05.0128 2316 \Device\Harddisk0\DR0 - ok
17:31:05.0144 2316 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR2
17:31:05.0144 2316 \Device\Harddisk2\DR2 - ok
17:31:05.0159 2316 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk3\DR3
17:31:05.0175 2316 \Device\Harddisk3\DR3 - ok
17:31:05.0175 2316 ================ Scan VBR ==================================
17:31:05.0175 2316 Boot (0x1200) (044b6c1d1b343b6986d0cf233b1968af) \Device\Harddisk0\DR0\Partition1
17:31:05.0175 2316 \Device\Harddisk0\DR0\Partition1 - ok
17:31:05.0190 2316 Boot (0x1200) (5c8bba5e93c2e43ebefc11816a6751a7) \Device\Harddisk0\DR0\Partition2
17:31:05.0190 2316 \Device\Harddisk0\DR0\Partition2 - ok
17:31:05.0237 2316 Boot (0x1200) (eade992013a92d6d4b9b2fd68e671ccb) \Device\Harddisk0\DR0\Partition3
17:31:05.0237 2316 \Device\Harddisk0\DR0\Partition3 - ok
17:31:05.0237 2316 Boot (0x1200) (a2f7c953059c207e12161046fd44dbef) \Device\Harddisk2\DR2\Partition1
17:31:05.0237 2316 \Device\Harddisk2\DR2\Partition1 - ok
17:31:05.0253 2316 Boot (0x1200) (8efba4716c332beb11c2c55e7653e779) \Device\Harddisk3\DR3\Partition1
17:31:05.0253 2316 \Device\Harddisk3\DR3\Partition1 - ok
17:31:05.0253 2316 ============================================================
17:31:05.0253 2316 Scan finished
17:31:05.0253 2316 ============================================================
17:31:05.0268 5400 Detected object count: 0
17:31:05.0268 5400 Actual detected object count: 0

*===================================================*
ASWMBR - Log
*===================================================*
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 17:29:13
-----------------------------
17:29:13.069 OS Version: Windows x64 6.1.7601 Service Pack 1
17:29:13.069 Number of processors: 4 586 0x402
17:29:13.069 ComputerName: TRISHA-PC UserName: Trisha
17:29:14.379 Initialize success
17:30:28.920 AVAST engine defs: 12081900
17:32:42.285 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
17:32:42.285 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
17:32:42.316 Disk 0 MBR read successfully
17:32:42.316 Disk 0 MBR scan
17:32:42.332 Disk 0 unknown MBR code
17:32:42.332 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:32:42.347 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942738 MB offset 206848
17:32:42.394 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11015 MB offset 1930934272
17:32:42.441 Disk 0 scanning C:\Windows\system32\drivers
17:32:52.721 Service scanning
17:33:18.180 Modules scanning
17:33:18.196 Disk 0 trace - called modules:
17:33:18.227 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
17:33:18.742 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076fa060]
17:33:18.742 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80067a9e40]
17:33:18.758 5 ACPI.sys[fffff88000e907a1] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80067e3510]
17:33:21.176 AVAST engine scan C:\Windows
17:33:24.811 AVAST engine scan C:\Windows\system32
17:36:30.295 AVAST engine scan C:\Windows\system32\drivers
17:36:45.365 AVAST engine scan C:\Users\Trisha
17:37:47.423 Disk 0 MBR has been saved successfully to "C:\Users\Trisha\Desktop\MBR.dat"
17:37:47.438 The log file has been saved successfully to "C:\Users\Trisha\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 AM

Posted 19 August 2012 - 09:16 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users