Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!


  • This topic is locked This topic is locked
28 replies to this topic

#1 andrewpomo

andrewpomo

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 19 August 2012 - 03:36 PM

So I went to do some improving of my girlfriend's computer this morning and downloaded MSE and Chrome for her, and deleted her previous antivirus. Shortly after running my first MSE scan, I got a message saying that windows had detected a critical error and would be shutting down in one minute. MSE also told me that in order to complete the scan, I would need to restart. Now every time I turn the computer back on, or restart it, both of these messages appear within moments, and the computer is shut down before I can even do anything. For a while, I was able to run in safe mode and managed to download Malwarebytes and run a full scan, but it didn't help and now the problem has moved on to affect safe mode as well. I'm stumped. PLEASE HELP!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:16 AM

Posted 20 August 2012 - 03:48 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 andrewpomo

andrewpomo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 20 August 2012 - 06:19 PM

Scan result of Farbar Recovery Scan Tool Version: 19-08-2012
Ran by SYSTEM at 20-08-2012 18:08:03
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] H.EXE [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7970848 2009-07-14] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] CARD\WLTRAY.EXE [x]
HKLM\...\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x]
HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x]
HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [fsi] C:\Program Files (x86)\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe [9728 2009-09-02] ()
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [Clearwire Connection Manager] "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a [54608 2010-11-17] (ClearwireCM)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Guest\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Hannah\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [15026056 2011-01-26] (Skype Technologies S.A.)
HKU\Hannah\...\Run: [Google Update] "C:\Users\Hannah\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-11-05] (Google Inc.)
HKU\Hannah\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Hannah\...\Run: [Facebook Update] "C:\Users\Hannah\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-10] (Facebook Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-10] (Dell)
HKLM\...\Winlogon: [Userinit] userinit.exe,
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Hannah\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

3 CACLEARWIRE; "C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe" /n "CACLEARWIRE" [124240 2010-11-17] (SmithMicro Inc.)
2 clearwireDeviceDiagnosticsService; "C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe" [398848 2010-06-17] ()
3 CLEARWIRERcAppSvc; "C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe" /n "CLEARWIRERcAppSvc" [120144 2010-11-17] (SmithMicro Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 SMSI Device Launch Service; "C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe" /n "SMSI Device Launch Service" [107856 2010-11-17] ()
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [x]
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

========================== Drivers (Whitelisted) =============

3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [357248 2010-07-08] (Beceem communications pvt ltd.)
3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2010-07-08] (Beceem communications pvt ltd.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-11-17] (Smith Micro Inc.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-19 15:24 - 2012-08-19 15:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB5F70C5B2E7EA53
2012-08-19 15:22 - 2012-08-19 15:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E342B69BF709FDFF
2012-08-19 15:19 - 2012-08-19 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3161B8EFAD8B707
2012-08-19 15:15 - 2012-08-19 15:15 - 04059939 ____A (SUPERAntiSpyware.com) C:\Users\Hannah\Downloads\Unconfirmed 92098.crdownload
2012-08-19 15:15 - 2012-08-19 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8AEA5650A8A9026
2012-08-19 15:12 - 2012-08-19 15:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A216DC2584A376A5
2012-08-19 14:41 - 2012-08-19 14:56 - 00000000 ____D C:\FRST
2012-08-19 14:31 - 2012-08-19 14:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F9525DD089E203C
2012-08-19 13:28 - 2012-08-19 13:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Hannah\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-19 13:28 - 2012-08-19 13:28 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-19 13:28 - 2012-08-19 13:28 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-19 13:28 - 2012-08-19 13:28 - 00000000 ____D C:\Users\Hannah\Application Data\Malwarebytes
2012-08-19 13:28 - 2012-08-19 13:28 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\Malwarebytes
2012-08-19 13:28 - 2012-08-19 13:28 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-19 13:28 - 2012-08-19 13:28 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-08-19 13:28 - 2012-08-19 13:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-19 13:28 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-19 13:24 - 2012-08-19 13:24 - 00000000 ____A C:\Users\Hannah\Downloads\78B8.tmp
2012-08-19 13:23 - 2012-08-19 13:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6CC3CC3CC8075B98
2012-08-19 13:19 - 2012-08-19 13:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6845701ECC52DD7
2012-08-19 13:15 - 2012-08-19 13:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D1D7146BE3076BB0
2012-08-19 13:11 - 2012-08-19 13:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E90C9E8BD65AF09
2012-08-19 13:05 - 2012-08-19 13:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9A51CADFEA1546B
2012-08-19 13:00 - 2012-08-19 13:00 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-19 12:57 - 2012-08-19 12:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-19 12:57 - 2012-08-19 12:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-19 12:56 - 2012-08-19 12:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Hannah\Downloads\mseinstall.exe
2012-08-14 18:52 - 2012-08-14 18:52 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-14 17:34 - 2009-07-13 20:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\zz-services.tmp
2012-08-14 17:26 - 2012-08-19 14:29 - 00000000 ____D C:\Users\Hannah\Application Data\System
2012-08-14 17:26 - 2012-08-19 14:29 - 00000000 ____D C:\Users\Hannah\AppData\Roaming\System
2012-08-10 11:34 - 2012-08-10 11:34 - 00000000 ____D C:\Windows\en
2012-08-10 11:29 - 2012-08-10 11:29 - 00000000 ____D C:\Program Files\Windows Live
2012-08-10 11:24 - 2012-08-10 11:24 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\{9D8FAC82-8237-4748-B2B3-ED69D5F4978E}
2012-08-10 11:24 - 2012-08-10 11:24 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\{349D2612-C7A9-4534-857C-F9B740019CC8}
2012-08-10 11:24 - 2012-08-10 11:24 - 00000000 ____D C:\Users\Hannah\Local Settings\{9D8FAC82-8237-4748-B2B3-ED69D5F4978E}
2012-08-10 11:24 - 2012-08-10 11:24 - 00000000 ____D C:\Users\Hannah\Local Settings\{349D2612-C7A9-4534-857C-F9B740019CC8}
2012-08-10 11:24 - 2012-08-10 11:24 - 00000000 ____D C:\Users\Hannah\AppData\Local\{9D8FAC82-8237-4748-B2B3-ED69D5F4978E}
2012-08-10 11:24 - 2012-08-10 11:24 - 00000000 ____D C:\Users\Hannah\AppData\Local\{349D2612-C7A9-4534-857C-F9B740019CC8}
2012-08-10 11:23 - 2012-08-10 11:24 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\{1FB6C472-B295-4639-8054-CE3FC35EBA10}
2012-08-10 11:23 - 2012-08-10 11:24 - 00000000 ____D C:\Users\Hannah\Local Settings\{1FB6C472-B295-4639-8054-CE3FC35EBA10}
2012-08-10 11:23 - 2012-08-10 11:24 - 00000000 ____D C:\Users\Hannah\AppData\Local\{1FB6C472-B295-4639-8054-CE3FC35EBA10}
2012-08-10 11:23 - 2012-08-10 11:23 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\{1E4C218A-2F8D-47E7-8003-2B5F73B7F88C}
2012-08-10 11:23 - 2012-08-10 11:23 - 00000000 ____D C:\Users\Hannah\Local Settings\{1E4C218A-2F8D-47E7-8003-2B5F73B7F88C}
2012-08-10 11:23 - 2012-08-10 11:23 - 00000000 ____D C:\Users\Hannah\AppData\Local\{1E4C218A-2F8D-47E7-8003-2B5F73B7F88C}
2012-08-10 11:19 - 2012-08-19 12:06 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4071152865-3611521800-3555070594-1001Core.job
2012-08-10 11:19 - 2012-08-19 11:55 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4071152865-3611521800-3555070594-1001UA.job
2012-08-10 11:18 - 2012-08-10 11:19 - 00000000 ____D C:\Users\Hannah\Local Settings\Facebook
2012-08-10 11:18 - 2012-08-10 11:19 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\Facebook
2012-08-10 11:18 - 2012-08-10 11:19 - 00000000 ____D C:\Users\Hannah\AppData\Local\Facebook
2012-08-10 11:17 - 2012-08-10 11:17 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\{D51A3B03-2376-4695-BA40-83E76628417A}
2012-08-10 11:17 - 2012-08-10 11:17 - 00000000 ____D C:\Users\Hannah\Local Settings\{D51A3B03-2376-4695-BA40-83E76628417A}
2012-08-10 11:17 - 2012-08-10 11:17 - 00000000 ____D C:\Users\Hannah\AppData\Local\{D51A3B03-2376-4695-BA40-83E76628417A}
2012-08-10 11:16 - 2012-08-10 11:16 - 00000000 ____D C:\Users\Hannah\Local Settings\Application Data\{604E7D93-DCD6-4EF7-B831-738EE3B30BFE}
2012-08-10 11:16 - 2012-08-10 11:16 - 00000000 ____D C:\Users\Hannah\Local Settings\{604E7D93-DCD6-4EF7-B831-738EE3B30BFE}
2012-08-10 11:16 - 2012-08-10 11:16 - 00000000 ____D C:\Users\Hannah\AppData\Local\{604E7D93-DCD6-4EF7-B831-738EE3B30BFE}
2012-07-24 22:14 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

============ 3 Months Modified Files ========================

2012-08-19 15:26 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-19 15:26 - 2009-07-13 23:51 - 00063151 ____A C:\Windows\setupact.log
2012-08-19 15:24 - 2012-08-19 15:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BB5F70C5B2E7EA53
2012-08-19 15:23 - 2011-05-27 00:01 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-08-19 15:22 - 2012-08-19 15:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E342B69BF709FDFF
2012-08-19 15:19 - 2012-08-19 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C3161B8EFAD8B707
2012-08-19 15:15 - 2012-08-19 15:15 - 04059939 ____A (SUPERAntiSpyware.com) C:\Users\Hannah\Downloads\Unconfirmed 92098.crdownload
2012-08-19 15:15 - 2012-08-19 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8AEA5650A8A9026
2012-08-19 15:12 - 2012-08-19 15:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A216DC2584A376A5
2012-08-19 14:50 - 2009-07-14 00:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-19 14:31 - 2012-08-19 14:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F9525DD089E203C
2012-08-19 14:29 - 2010-08-16 08:59 - 00058162 ____A C:\Windows\PFRO.log
2012-08-19 13:28 - 2012-08-19 13:28 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Hannah\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-19 13:28 - 2012-08-19 13:28 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-19 13:28 - 2012-08-19 13:28 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-19 13:24 - 2012-08-19 13:24 - 00000000 ____A C:\Users\Hannah\Downloads\78B8.tmp
2012-08-19 13:23 - 2012-08-19 13:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6CC3CC3CC8075B98
2012-08-19 13:19 - 2012-08-19 13:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C6845701ECC52DD7
2012-08-19 13:15 - 2012-08-19 13:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D1D7146BE3076BB0
2012-08-19 13:15 - 2009-07-14 00:10 - 01933816 ____A C:\Windows\WindowsUpdate.log
2012-08-19 13:11 - 2012-08-19 13:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E90C9E8BD65AF09
2012-08-19 13:05 - 2012-08-19 13:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9A51CADFEA1546B
2012-08-19 13:01 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-19 13:01 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-19 13:00 - 2012-08-19 13:00 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-19 12:57 - 2011-01-07 11:08 - 00744410 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-19 12:56 - 2012-08-19 12:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Hannah\Downloads\mseinstall.exe
2012-08-19 12:49 - 2010-11-05 17:54 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4071152865-3611521800-3555070594-1001UA.job
2012-08-19 12:09 - 2010-11-05 17:54 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4071152865-3611521800-3555070594-1001Core.job
2012-08-19 12:06 - 2012-08-10 11:19 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4071152865-3611521800-3555070594-1001Core.job
2012-08-19 11:55 - 2012-08-10 11:19 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4071152865-3611521800-3555070594-1001UA.job
2012-08-10 11:58 - 2011-05-27 00:01 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-08-10 11:27 - 2010-08-16 07:19 - 00032141 ____A C:\Windows\DirectX.log
2012-07-25 21:11 - 2009-07-13 23:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-24 21:08 - 2011-02-01 13:15 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 13:46 - 2012-08-19 13:28 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-15 10:49 - 2012-06-15 10:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-15 10:49 - 2011-08-01 11:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-11 22:08 - 2012-07-24 22:14 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 00:43 - 2012-07-17 17:35 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-17 17:35 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 01:06 - 2012-07-17 17:35 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-17 17:35 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-17 17:35 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-17 17:35 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-17 17:35 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-17 17:35 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 17:19 - 2012-06-27 12:52 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-27 12:52 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-27 12:52 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-27 12:52 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-27 12:52 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-27 12:52 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-27 12:52 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-27 12:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-27 12:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 00:50 - 2012-07-17 17:35 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-07-17 17:35 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-07-17 17:35 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-07-17 17:35 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-07-17 17:35 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-07-17 17:35 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-07-17 17:35 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-07-17 17:35 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-07-17 17:35 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll


ZeroAccess:
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U\00000001.@

ZeroAccess:
C:\Users\Hannah\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}
C:\Users\Hannah\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\@
C:\Users\Hannah\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\L
C:\Users\Hannah\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 2936.95 MB
Available physical RAM: 2420.68 MB
Total Pagefile: 2935.09 MB
Available Pagefile: 2413.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:241.52 GB) NTFS
3 Drive e: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1907 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 100 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT Removable 1907 MB Healthy

==================================================================================

Last Boot: 2012-08-10 19:44

======================= End Of Log ==========================


Farbar Recovery Scan Tool Version: 19-08-2012
Ran by SYSTEM at 2012-08-20 18:13:36
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:16 AM

Posted 21 August 2012 - 12:48 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}
C:\Users\Hannah\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 andrewpomo

andrewpomo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 21 August 2012 - 09:30 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 19-08-2012
Ran by SYSTEM at 2012-08-21 09:29:47 Run:1
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1} moved successfully.
C:\Users\Hannah\AppData\Local\{678e0b4f-17c9-f768-10f6-97e8ee0ffbb1} moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:16 AM

Posted 21 August 2012 - 12:56 PM

Hello andrewpomo

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 andrewpomo

andrewpomo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 21 August 2012 - 07:24 PM

The computer seems to be working fine. The only problem I ran into was the fact that there was a windows update that occurred when the computer restarted after combofix finished. When booting, I got a message saying the updates had failed and were reverting. They still haven't updated.

Other than that, everything appears to be running smoothly.


ComboFix 12-08-21.02 - Hannah 08/21/2012 18:36:54.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2937.1403 [GMT -5:00]
Running from: c:\users\Hannah\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))
.
.
2012-08-21 23:47 . 2012-08-21 23:55 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F42995EC-02EC-43C6-BFF5-393010424FDA}\offreg.dll
2012-08-21 23:45 . 2012-08-21 23:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-21 23:45 . 2012-08-21 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-19 20:24 . 2012-08-19 20:24 328704 ----a-w- c:\windows\system32\services.exe.BB5F70C5B2E7EA53
2012-08-19 20:22 . 2012-08-19 20:22 328704 ----a-w- c:\windows\system32\services.exe.E342B69BF709FDFF
2012-08-19 20:19 . 2012-08-19 20:19 328704 ----a-w- c:\windows\system32\services.exe.C3161B8EFAD8B707
2012-08-19 20:15 . 2012-08-19 20:15 328704 ----a-w- c:\windows\system32\services.exe.B8AEA5650A8A9026
2012-08-19 20:12 . 2012-08-19 20:12 328704 ----a-w- c:\windows\system32\services.exe.A216DC2584A376A5
2012-08-19 19:41 . 2012-08-19 19:56 -------- d-----w- C:\FRST
2012-08-19 19:31 . 2012-08-19 19:31 328704 ----a-w- c:\windows\system32\services.exe.1F9525DD089E203C
2012-08-19 18:28 . 2012-08-19 18:28 -------- d-----w- c:\users\Hannah\AppData\Roaming\Malwarebytes
2012-08-19 18:28 . 2012-08-19 18:28 -------- d-----w- c:\programdata\Malwarebytes
2012-08-19 18:28 . 2012-08-19 18:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-19 18:28 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-19 18:23 . 2012-08-19 18:23 328704 ----a-w- c:\windows\system32\services.exe.6CC3CC3CC8075B98
2012-08-19 18:19 . 2012-08-19 18:19 328704 ----a-w- c:\windows\system32\services.exe.C6845701ECC52DD7
2012-08-19 18:15 . 2012-08-19 18:15 328704 ----a-w- c:\windows\system32\services.exe.D1D7146BE3076BB0
2012-08-19 18:11 . 2012-08-19 18:11 328704 ----a-w- c:\windows\system32\services.exe.2E90C9E8BD65AF09
2012-08-19 18:05 . 2012-08-19 18:05 328704 ----a-w- c:\windows\system32\services.exe.C9A51CADFEA1546B
2012-08-19 17:59 . 2012-02-09 19:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C9B224E-7E4C-4D2D-8CFD-14CD03A65392}\gapaengine.dll
2012-08-19 17:59 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F42995EC-02EC-43C6-BFF5-393010424FDA}\mpengine.dll
2012-08-19 17:57 . 2012-08-19 17:57 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-19 17:57 . 2012-08-19 17:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-14 23:52 . 2012-08-14 23:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-14 22:34 . 2009-07-14 01:39 328704 ----a-w- c:\windows\system32\zz-services.tmp
2012-08-14 22:26 . 2012-08-19 19:29 -------- d-----w- c:\users\Hannah\AppData\Roaming\System
2012-08-10 16:34 . 2012-08-10 16:34 -------- d-----w- c:\windows\en
2012-08-10 16:29 . 2012-08-10 16:29 -------- d-----w- c:\program files\Windows Live
2012-08-10 16:29 . 2012-08-10 16:28 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-10 16:25 . 2012-08-10 16:25 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cc48e53d1cd771401\DSETUP.dll
2012-08-10 16:25 . 2012-08-10 16:25 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cc48e53d1cd771401\DXSETUP.exe
2012-08-10 16:25 . 2012-08-10 16:25 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cc48e53d1cd771401\dsetup32.dll
2012-08-10 16:18 . 2012-08-10 16:19 -------- d-----w- c:\users\Hannah\AppData\Local\Facebook
2012-07-25 03:14 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 23:32 . 2011-02-01 18:15 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-15 15:49 . 2012-06-15 15:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 15:49 . 2011-08-01 16:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 20:29 . 2011-10-06 00:16 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-14 20:29 . 2011-10-06 00:16 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-14 20:28 . 2011-10-06 00:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-14 20:28 . 2011-10-02 18:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-09 05:43 . 2012-07-17 22:35 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-17 22:35 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-17 22:35 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-17 22:35 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-17 22:35 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-17 22:35 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-17 22:35 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-27 17:52 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 17:52 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 17:52 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 17:52 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 17:52 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 17:52 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 17:52 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-27 17:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-27 17:52 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-17 22:35 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-17 22:35 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-17 22:35 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-17 22:35 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-17 22:35 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-17 22:35 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-17 22:35 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-17 22:35 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-17 22:35 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 16:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Facebook Update"="c:\users\Hannah\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-10 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"fsi"="c:\program files (x86)\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe" [2009-09-02 9728]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Clearwire Connection Manager"="c:\program files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" [2010-11-17 54608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-10 559616]
.
c:\users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-06-17 398848]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2010-11-17 107856]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [2010-07-08 357248]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [2010-07-08 62976]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2010-11-17 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2010-11-17 120144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2010-11-17 43032]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 216064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-25 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4071152865-3611521800-3555070594-1001Core.job
- c:\users\Hannah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10 16:18]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4071152865-3611521800-3555070594-1001UA.job
- c:\users\Hannah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10 16:18]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4071152865-3611521800-3555070594-1001Core.job
- c:\users\Hannah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-05 22:53]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4071152865-3611521800-3555070594-1001UA.job
- c:\users\Hannah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-05 22:53]
.
2012-08-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2012-08-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-14 7970848]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.11.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - H.EXE
HKLM-Run-Broadcom Wireless Manager UI - CARD\WLTRAY.EXE
HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4071152865-3611521800-3555070594-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4071152865-3611521800-3555070594-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-21 19:00:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 00:00
.
Pre-Run: 258,947,063,808 bytes free
Post-Run: 258,992,721,920 bytes free
.
- - End Of File - - 714BC8F43A8424435B5A571CB136652F

#8 andrewpomo

andrewpomo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 21 August 2012 - 07:25 PM

Also. Updating anything appears to be an issue. Before this whole virus started, MSE refused to update as well.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:16 AM

Posted 21 August 2012 - 07:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 andrewpomo

andrewpomo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 22 August 2012 - 12:34 AM

00:09:52.0029 5060 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
00:09:52.0419 5060 ============================================================
00:09:52.0419 5060 Current date / time: 2012/08/22 00:09:52.0419
00:09:52.0419 5060 SystemInfo:
00:09:52.0419 5060
00:09:52.0419 5060 OS Version: 6.1.7601 ServicePack: 1.0
00:09:52.0419 5060 Product type: Workstation
00:09:52.0419 5060 ComputerName: HANNAH-PC
00:09:52.0419 5060 UserName: Hannah
00:09:52.0419 5060 Windows directory: C:\Windows
00:09:52.0419 5060 System windows directory: C:\Windows
00:09:52.0419 5060 Running under WOW64
00:09:52.0419 5060 Processor architecture: Intel x64
00:09:52.0419 5060 Number of processors: 2
00:09:52.0419 5060 Page size: 0x1000
00:09:52.0419 5060 Boot type: Normal boot
00:09:52.0419 5060 ============================================================
00:09:56.0911 5060 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:09:56.0927 5060 ============================================================
00:09:56.0927 5060 \Device\Harddisk0\DR0:
00:09:56.0927 5060 MBR partitions:
00:09:56.0927 5060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
00:09:56.0927 5060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x236AFAB0
00:09:56.0927 5060 ============================================================
00:09:56.0989 5060 C: <-> \Device\Harddisk0\DR0\Partition2
00:09:56.0989 5060 ============================================================
00:09:56.0989 5060 Initialize success
00:09:56.0989 5060 ============================================================
00:10:00.0141 4416 ============================================================
00:10:00.0141 4416 Scan started
00:10:00.0141 4416 Mode: Manual;
00:10:00.0141 4416 ============================================================
00:10:01.0638 4416 ================ Scan system memory ========================
00:10:01.0638 4416 System memory - ok
00:10:01.0638 4416 ================ Scan services =============================
00:10:01.0794 4416 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:10:01.0810 4416 1394ohci - ok
00:10:01.0872 4416 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:10:01.0872 4416 ACPI - ok
00:10:01.0888 4416 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:10:01.0903 4416 AcpiPmi - ok
00:10:02.0013 4416 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:10:02.0013 4416 AdobeARMservice - ok
00:10:02.0059 4416 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:10:02.0091 4416 adp94xx - ok
00:10:02.0122 4416 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:10:02.0137 4416 adpahci - ok
00:10:02.0169 4416 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:10:02.0200 4416 adpu320 - ok
00:10:02.0231 4416 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:10:02.0231 4416 AeLookupSvc - ok
00:10:02.0262 4416 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
00:10:02.0262 4416 AERTFilters - ok
00:10:02.0309 4416 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:10:02.0356 4416 AFD - ok
00:10:02.0387 4416 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:10:02.0418 4416 agp440 - ok
00:10:02.0449 4416 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:10:02.0559 4416 ALG - ok
00:10:02.0590 4416 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:10:02.0605 4416 aliide - ok
00:10:02.0621 4416 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:10:02.0637 4416 amdide - ok
00:10:02.0652 4416 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:10:02.0668 4416 AmdK8 - ok
00:10:02.0683 4416 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:10:02.0699 4416 AmdPPM - ok
00:10:02.0746 4416 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:10:02.0761 4416 amdsata - ok
00:10:02.0793 4416 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:10:02.0839 4416 amdsbs - ok
00:10:02.0855 4416 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:10:02.0855 4416 amdxata - ok
00:10:02.0871 4416 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:10:02.0902 4416 AppID - ok
00:10:02.0917 4416 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:10:02.0949 4416 AppIDSvc - ok
00:10:02.0980 4416 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:10:02.0980 4416 Appinfo - ok
00:10:03.0011 4416 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:10:03.0042 4416 arc - ok
00:10:03.0058 4416 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:10:03.0073 4416 arcsas - ok
00:10:03.0105 4416 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:10:03.0120 4416 AsyncMac - ok
00:10:03.0136 4416 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:10:03.0136 4416 atapi - ok
00:10:03.0183 4416 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:10:03.0261 4416 AudioEndpointBuilder - ok
00:10:03.0292 4416 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:10:03.0292 4416 AudioSrv - ok
00:10:03.0339 4416 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:10:03.0385 4416 AxInstSV - ok
00:10:03.0417 4416 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:10:03.0463 4416 b06bdrv - ok
00:10:03.0495 4416 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:10:03.0526 4416 b57nd60a - ok
00:10:03.0651 4416 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
00:10:03.0651 4416 BBSvc - ok
00:10:03.0697 4416 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
00:10:03.0697 4416 BBUpdate - ok
00:10:03.0744 4416 [ 9725C48E5EC9AB239A7E999F1EE7EE0D ] bcm C:\Windows\system32\DRIVERS\drxvi314_64.sys
00:10:03.0775 4416 bcm - ok
00:10:03.0807 4416 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
00:10:03.0807 4416 BCM42RLY - ok
00:10:03.0900 4416 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
00:10:03.0931 4416 BCM43XX - ok
00:10:03.0963 4416 [ 34E604E2B7CFED79AC31C4894C5989A6 ] bcmbusctr C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
00:10:03.0978 4416 bcmbusctr - ok
00:10:04.0025 4416 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:10:04.0056 4416 BDESVC - ok
00:10:04.0103 4416 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:10:04.0119 4416 Beep - ok
00:10:04.0165 4416 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:10:04.0228 4416 BFE - ok
00:10:04.0259 4416 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:10:04.0275 4416 blbdrive - ok
00:10:04.0321 4416 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:10:04.0353 4416 bowser - ok
00:10:04.0353 4416 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:10:04.0384 4416 BrFiltLo - ok
00:10:04.0384 4416 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:10:04.0415 4416 BrFiltUp - ok
00:10:04.0446 4416 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
00:10:04.0462 4416 BridgeMP - ok
00:10:04.0509 4416 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
00:10:04.0509 4416 Browser - ok
00:10:04.0524 4416 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:10:04.0555 4416 Brserid - ok
00:10:04.0571 4416 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:10:04.0587 4416 BrSerWdm - ok
00:10:04.0602 4416 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:10:04.0618 4416 BrUsbMdm - ok
00:10:04.0633 4416 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:10:04.0649 4416 BrUsbSer - ok
00:10:04.0665 4416 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:10:04.0696 4416 BTHMODEM - ok
00:10:04.0727 4416 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:10:04.0774 4416 bthserv - ok
00:10:04.0821 4416 [ 79B73CEEAD04EA3B140E9662B09C2856 ] CACLEARWIRE C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe
00:10:04.0914 4416 CACLEARWIRE - ok
00:10:04.0914 4416 catchme - ok
00:10:04.0945 4416 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:10:04.0961 4416 cdfs - ok
00:10:05.0008 4416 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:10:05.0039 4416 cdrom - ok
00:10:05.0055 4416 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:10:05.0101 4416 CertPropSvc - ok
00:10:05.0117 4416 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:10:05.0133 4416 circlass - ok
00:10:05.0164 4416 [ DF352AD585C99B088445C932F4817A45 ] clearwireDeviceDiagnosticsService C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
00:10:05.0179 4416 clearwireDeviceDiagnosticsService - ok
00:10:05.0211 4416 [ 8DA9572E4D698F73CE0D48BF7A612B19 ] CLEARWIRERcAppSvc C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe
00:10:05.0289 4416 CLEARWIRERcAppSvc - ok
00:10:05.0320 4416 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:10:05.0320 4416 CLFS - ok
00:10:05.0367 4416 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:10:05.0413 4416 clr_optimization_v2.0.50727_32 - ok
00:10:05.0460 4416 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:10:05.0476 4416 clr_optimization_v2.0.50727_64 - ok
00:10:05.0538 4416 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:10:05.0554 4416 clr_optimization_v4.0.30319_32 - ok
00:10:05.0585 4416 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:10:05.0585 4416 clr_optimization_v4.0.30319_64 - ok
00:10:05.0616 4416 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:10:05.0632 4416 CmBatt - ok
00:10:05.0663 4416 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:10:05.0679 4416 cmdide - ok
00:10:05.0725 4416 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:10:05.0725 4416 CNG - ok
00:10:05.0757 4416 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:10:05.0757 4416 Compbatt - ok
00:10:05.0788 4416 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:10:05.0819 4416 CompositeBus - ok
00:10:05.0819 4416 COMSysApp - ok
00:10:05.0850 4416 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:10:05.0866 4416 crcdisk - ok
00:10:05.0913 4416 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:10:05.0913 4416 CryptSvc - ok
00:10:05.0944 4416 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
00:10:05.0975 4416 CtClsFlt - ok
00:10:06.0037 4416 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:10:06.0069 4416 cvhsvc - ok
00:10:06.0115 4416 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:10:06.0131 4416 DcomLaunch - ok
00:10:06.0162 4416 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:10:06.0209 4416 defragsvc - ok
00:10:06.0240 4416 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:10:06.0256 4416 DfsC - ok
00:10:06.0287 4416 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:10:06.0349 4416 Dhcp - ok
00:10:06.0365 4416 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:10:06.0381 4416 discache - ok
00:10:06.0412 4416 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:10:06.0412 4416 Disk - ok
00:10:06.0459 4416 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:10:06.0505 4416 Dnscache - ok
00:10:06.0552 4416 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
00:10:06.0552 4416 DockLoginService - ok
00:10:06.0583 4416 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:10:06.0630 4416 dot3svc - ok
00:10:06.0661 4416 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:10:06.0661 4416 DPS - ok
00:10:06.0708 4416 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:10:06.0708 4416 drmkaud - ok
00:10:06.0755 4416 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:10:06.0786 4416 DXGKrnl - ok
00:10:06.0817 4416 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:10:06.0864 4416 EapHost - ok
00:10:06.0973 4416 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:10:07.0129 4416 ebdrv - ok
00:10:07.0176 4416 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:10:07.0176 4416 EFS - ok
00:10:07.0223 4416 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:10:07.0301 4416 ehRecvr - ok
00:10:07.0317 4416 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:10:07.0379 4416 ehSched - ok
00:10:07.0410 4416 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:10:07.0457 4416 elxstor - ok
00:10:07.0488 4416 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:10:07.0504 4416 ErrDev - ok
00:10:07.0535 4416 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:10:07.0551 4416 EventSystem - ok
00:10:07.0566 4416 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:10:07.0597 4416 exfat - ok
00:10:07.0629 4416 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:10:07.0629 4416 fastfat - ok
00:10:07.0675 4416 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:10:07.0691 4416 Fax - ok
00:10:07.0707 4416 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:10:07.0722 4416 fdc - ok
00:10:07.0753 4416 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:10:07.0785 4416 fdPHost - ok
00:10:07.0800 4416 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:10:07.0800 4416 FDResPub - ok
00:10:07.0816 4416 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:10:07.0816 4416 FileInfo - ok
00:10:07.0831 4416 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:10:07.0863 4416 Filetrace - ok
00:10:07.0878 4416 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:10:07.0894 4416 flpydisk - ok
00:10:07.0925 4416 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:10:07.0925 4416 FltMgr - ok
00:10:07.0987 4416 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:10:08.0097 4416 FontCache - ok
00:10:08.0143 4416 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:10:08.0159 4416 FontCache3.0.0.0 - ok
00:10:08.0175 4416 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:10:08.0206 4416 FsDepends - ok
00:10:08.0237 4416 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:10:08.0237 4416 Fs_Rec - ok
00:10:08.0268 4416 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:10:08.0268 4416 fvevol - ok
00:10:08.0299 4416 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:10:08.0331 4416 gagp30kx - ok
00:10:08.0346 4416 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
00:10:08.0393 4416 GoToAssist - ok
00:10:08.0440 4416 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:10:08.0502 4416 gpsvc - ok
00:10:08.0518 4416 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:10:08.0533 4416 hcw85cir - ok
00:10:08.0580 4416 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:10:08.0596 4416 HDAudBus - ok
00:10:08.0627 4416 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:10:08.0643 4416 HidBatt - ok
00:10:08.0658 4416 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:10:08.0689 4416 HidBth - ok
00:10:08.0705 4416 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:10:08.0721 4416 HidIr - ok
00:10:08.0752 4416 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
00:10:08.0783 4416 hidserv - ok
00:10:08.0814 4416 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
00:10:08.0830 4416 HidUsb - ok
00:10:08.0861 4416 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:10:08.0908 4416 hkmsvc - ok
00:10:08.0955 4416 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:10:09.0001 4416 HomeGroupListener - ok
00:10:09.0033 4416 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:10:09.0033 4416 HomeGroupProvider - ok
00:10:09.0064 4416 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:10:09.0095 4416 HpSAMD - ok
00:10:09.0142 4416 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:10:09.0204 4416 HTTP - ok
00:10:09.0235 4416 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:10:09.0235 4416 hwpolicy - ok
00:10:09.0282 4416 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:10:09.0313 4416 i8042prt - ok
00:10:09.0345 4416 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:10:09.0423 4416 iaStorV - ok
00:10:09.0469 4416 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:10:09.0547 4416 idsvc - ok
00:10:09.0781 4416 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:10:10.0125 4416 igfx - ok
00:10:10.0156 4416 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:10:10.0187 4416 iirsp - ok
00:10:10.0234 4416 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:10:10.0265 4416 IKEEXT - ok
00:10:10.0327 4416 [ 0A5CCF2A30B7ED158F616728D3268FB1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:10:10.0374 4416 IntcAzAudAddService - ok
00:10:10.0390 4416 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
00:10:10.0421 4416 IntcHdmiAddService - ok
00:10:10.0452 4416 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:10:10.0468 4416 intelide - ok
00:10:10.0483 4416 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:10:10.0515 4416 intelppm - ok
00:10:10.0530 4416 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:10:10.0577 4416 IPBusEnum - ok
00:10:10.0624 4416 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:10:10.0639 4416 IpFilterDriver - ok
00:10:10.0671 4416 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:10:10.0686 4416 iphlpsvc - ok
00:10:10.0717 4416 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:10:10.0749 4416 IPMIDRV - ok
00:10:10.0764 4416 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:10:10.0827 4416 IPNAT - ok
00:10:10.0858 4416 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:10:10.0873 4416 IRENUM - ok
00:10:10.0905 4416 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:10:10.0936 4416 isapnp - ok
00:10:10.0951 4416 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:10:10.0983 4416 iScsiPrt - ok
00:10:11.0014 4416 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:10:11.0045 4416 kbdclass - ok
00:10:11.0061 4416 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:10:11.0092 4416 kbdhid - ok
00:10:11.0107 4416 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:10:11.0107 4416 KeyIso - ok
00:10:11.0154 4416 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:10:11.0154 4416 KSecDD - ok
00:10:11.0185 4416 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:10:11.0185 4416 KSecPkg - ok
00:10:11.0201 4416 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:10:11.0217 4416 ksthunk - ok
00:10:11.0263 4416 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:10:11.0310 4416 KtmRm - ok
00:10:11.0373 4416 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
00:10:11.0373 4416 LanmanServer - ok
00:10:11.0404 4416 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:10:11.0466 4416 LanmanWorkstation - ok
00:10:11.0482 4416 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:10:11.0513 4416 lltdio - ok
00:10:11.0544 4416 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:10:11.0591 4416 lltdsvc - ok
00:10:11.0607 4416 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:10:11.0638 4416 lmhosts - ok
00:10:11.0669 4416 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:10:11.0685 4416 LSI_FC - ok
00:10:11.0700 4416 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:10:11.0731 4416 LSI_SAS - ok
00:10:11.0731 4416 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:10:11.0763 4416 LSI_SAS2 - ok
00:10:11.0778 4416 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:10:11.0794 4416 LSI_SCSI - ok
00:10:11.0809 4416 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:10:11.0856 4416 luafv - ok
00:10:11.0887 4416 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:10:11.0887 4416 MBAMProtector - ok
00:10:11.0965 4416 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:10:11.0981 4416 MBAMService - ok
00:10:12.0012 4416 McMPFSvc - ok
00:10:12.0012 4416 mcmscsvc - ok
00:10:12.0028 4416 McNaiAnn - ok
00:10:12.0059 4416 McNASvc - ok
00:10:12.0059 4416 McODS - ok
00:10:12.0075 4416 McProxy - ok
00:10:12.0106 4416 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:10:12.0153 4416 Mcx2Svc - ok
00:10:12.0168 4416 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:10:12.0184 4416 megasas - ok
00:10:12.0215 4416 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:10:12.0246 4416 MegaSR - ok
00:10:12.0277 4416 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:10:12.0324 4416 MMCSS - ok
00:10:12.0340 4416 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:10:12.0355 4416 Modem - ok
00:10:12.0387 4416 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:10:12.0402 4416 monitor - ok
00:10:12.0418 4416 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
00:10:12.0449 4416 mouclass - ok
00:10:12.0465 4416 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:10:12.0496 4416 mouhid - ok
00:10:12.0511 4416 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:10:12.0527 4416 mountmgr - ok
00:10:12.0558 4416 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:10:12.0558 4416 MpFilter - ok
00:10:12.0589 4416 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:10:12.0621 4416 mpio - ok
00:10:12.0636 4416 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:10:12.0652 4416 mpsdrv - ok
00:10:12.0699 4416 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:10:12.0777 4416 MpsSvc - ok
00:10:12.0808 4416 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:10:12.0839 4416 MRxDAV - ok
00:10:12.0870 4416 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:10:12.0901 4416 mrxsmb - ok
00:10:12.0933 4416 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:10:12.0964 4416 mrxsmb10 - ok
00:10:12.0979 4416 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:10:13.0011 4416 mrxsmb20 - ok
00:10:13.0057 4416 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:10:13.0057 4416 msahci - ok
00:10:13.0073 4416 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:10:13.0104 4416 msdsm - ok
00:10:13.0120 4416 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:10:13.0167 4416 MSDTC - ok
00:10:13.0198 4416 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:10:13.0229 4416 Msfs - ok
00:10:13.0245 4416 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:10:13.0260 4416 mshidkmdf - ok
00:10:13.0276 4416 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:10:13.0276 4416 msisadrv - ok
00:10:13.0323 4416 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:10:13.0369 4416 MSiSCSI - ok
00:10:13.0369 4416 msiserver - ok
00:10:13.0401 4416 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:10:13.0416 4416 MSKSSRV - ok
00:10:13.0479 4416 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:10:13.0479 4416 MsMpSvc - ok
00:10:13.0494 4416 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:10:13.0525 4416 MSPCLOCK - ok
00:10:13.0541 4416 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:10:13.0557 4416 MSPQM - ok
00:10:13.0588 4416 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:10:13.0588 4416 MsRPC - ok
00:10:13.0603 4416 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:10:13.0603 4416 mssmbios - ok
00:10:13.0635 4416 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:10:13.0650 4416 MSTEE - ok
00:10:13.0666 4416 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:10:13.0681 4416 MTConfig - ok
00:10:13.0713 4416 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:10:13.0713 4416 Mup - ok
00:10:13.0744 4416 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:10:13.0806 4416 napagent - ok
00:10:13.0837 4416 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:10:13.0869 4416 NativeWifiP - ok
00:10:13.0900 4416 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
00:10:13.0931 4416 NDIS - ok
00:10:13.0947 4416 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:10:13.0962 4416 NdisCap - ok
00:10:13.0978 4416 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:10:14.0009 4416 NdisTapi - ok
00:10:14.0040 4416 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:10:14.0056 4416 Ndisuio - ok
00:10:14.0087 4416 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:10:14.0118 4416 NdisWan - ok
00:10:14.0149 4416 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:10:14.0165 4416 NDProxy - ok
00:10:14.0181 4416 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:10:14.0212 4416 NetBIOS - ok
00:10:14.0243 4416 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:10:14.0274 4416 NetBT - ok
00:10:14.0290 4416 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:10:14.0305 4416 Netlogon - ok
00:10:14.0337 4416 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:10:14.0352 4416 Netman - ok
00:10:14.0368 4416 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:10:14.0383 4416 netprofm - ok
00:10:14.0399 4416 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:10:14.0446 4416 NetTcpPortSharing - ok
00:10:14.0477 4416 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:10:14.0493 4416 nfrd960 - ok
00:10:14.0524 4416 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:10:14.0539 4416 NisDrv - ok
00:10:14.0571 4416 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
00:10:14.0617 4416 NisSrv - ok
00:10:14.0649 4416 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:10:14.0664 4416 NlaSvc - ok
00:10:14.0680 4416 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:10:14.0695 4416 Npfs - ok
00:10:14.0711 4416 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:10:14.0742 4416 nsi - ok
00:10:14.0758 4416 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:10:14.0773 4416 nsiproxy - ok
00:10:14.0851 4416 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:10:14.0867 4416 Ntfs - ok
00:10:14.0883 4416 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:10:14.0898 4416 Null - ok
00:10:14.0945 4416 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:10:14.0976 4416 nvraid - ok
00:10:15.0007 4416 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:10:15.0039 4416 nvstor - ok
00:10:15.0054 4416 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:10:15.0085 4416 nv_agp - ok
00:10:15.0117 4416 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:10:15.0148 4416 ohci1394 - ok
00:10:15.0179 4416 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:10:15.0257 4416 ose - ok
00:10:15.0397 4416 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:10:15.0975 4416 osppsvc - ok
00:10:16.0037 4416 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:10:16.0053 4416 p2pimsvc - ok
00:10:16.0068 4416 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:10:16.0131 4416 p2psvc - ok
00:10:16.0162 4416 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:10:16.0193 4416 Parport - ok
00:10:16.0224 4416 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:10:16.0224 4416 partmgr - ok
00:10:16.0240 4416 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:10:16.0240 4416 PcaSvc - ok
00:10:16.0287 4416 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:10:16.0287 4416 pci - ok
00:10:16.0302 4416 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:10:16.0318 4416 pciide - ok
00:10:16.0349 4416 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:10:16.0380 4416 pcmcia - ok
00:10:16.0427 4416 [ B5D3C24E4EA8E6D4850E83DAD8C510D4 ] PCTINDIS5X64 C:\Windows\system32\PCTINDIS5X64.SYS
00:10:16.0443 4416 PCTINDIS5X64 - ok
00:10:16.0458 4416 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:10:16.0458 4416 pcw - ok
00:10:16.0489 4416 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:10:16.0505 4416 PEAUTH - ok
00:10:16.0567 4416 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:10:16.0614 4416 PerfHost - ok
00:10:16.0677 4416 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:10:16.0770 4416 pla - ok
00:10:16.0817 4416 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:10:16.0879 4416 PlugPlay - ok
00:10:16.0911 4416 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:10:16.0942 4416 PNRPAutoReg - ok
00:10:16.0957 4416 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:10:16.0973 4416 PNRPsvc - ok
00:10:16.0989 4416 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:10:17.0004 4416 PolicyAgent - ok
00:10:17.0051 4416 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:10:17.0051 4416 Power - ok
00:10:17.0082 4416 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:10:17.0113 4416 PptpMiniport - ok
00:10:17.0145 4416 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:10:17.0160 4416 Processor - ok
00:10:17.0191 4416 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:10:17.0254 4416 ProfSvc - ok
00:10:17.0254 4416 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:10:17.0254 4416 ProtectedStorage - ok
00:10:17.0285 4416 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:10:17.0301 4416 Psched - ok
00:10:17.0316 4416 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
00:10:17.0316 4416 PxHlpa64 - ok
00:10:17.0363 4416 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:10:17.0457 4416 ql2300 - ok
00:10:17.0472 4416 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:10:17.0503 4416 ql40xx - ok
00:10:17.0535 4416 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:10:17.0581 4416 QWAVE - ok
00:10:17.0597 4416 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:10:17.0628 4416 QWAVEdrv - ok
00:10:17.0628 4416 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:10:17.0659 4416 RasAcd - ok
00:10:17.0675 4416 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:10:17.0706 4416 RasAgileVpn - ok
00:10:17.0722 4416 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:10:17.0753 4416 RasAuto - ok
00:10:17.0784 4416 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:10:17.0815 4416 Rasl2tp - ok
00:10:17.0847 4416 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:10:17.0862 4416 RasMan - ok
00:10:17.0862 4416 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:10:17.0893 4416 RasPppoe - ok
00:10:17.0909 4416 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:10:17.0925 4416 RasSstp - ok
00:10:17.0971 4416 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:10:18.0003 4416 rdbss - ok
00:10:18.0018 4416 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:10:18.0034 4416 rdpbus - ok
00:10:18.0065 4416 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:10:18.0081 4416 RDPCDD - ok
00:10:18.0096 4416 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:10:18.0112 4416 RDPENCDD - ok
00:10:18.0143 4416 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:10:18.0159 4416 RDPREFMP - ok
00:10:18.0190 4416 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:10:18.0221 4416 RDPWD - ok
00:10:18.0252 4416 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:10:18.0252 4416 rdyboost - ok
00:10:18.0283 4416 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:10:18.0330 4416 RemoteAccess - ok
00:10:18.0361 4416 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:10:18.0393 4416 RemoteRegistry - ok
00:10:18.0408 4416 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:10:18.0455 4416 RpcEptMapper - ok
00:10:18.0471 4416 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:10:18.0502 4416 RpcLocator - ok
00:10:18.0533 4416 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:10:18.0549 4416 RpcSs - ok
00:10:18.0564 4416 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:10:18.0580 4416 rspndr - ok
00:10:18.0611 4416 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
00:10:18.0642 4416 RSUSBSTOR - ok
00:10:18.0673 4416 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:10:18.0705 4416 RTL8167 - ok
00:10:18.0705 4416 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:10:18.0720 4416 SamSs - ok
00:10:18.0751 4416 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:10:18.0767 4416 sbp2port - ok
00:10:18.0798 4416 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:10:18.0845 4416 SCardSvr - ok
00:10:18.0861 4416 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:10:18.0876 4416 scfilter - ok
00:10:18.0923 4416 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:10:19.0017 4416 Schedule - ok
00:10:19.0048 4416 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:10:19.0048 4416 SCPolicySvc - ok
00:10:19.0079 4416 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:10:19.0126 4416 SDRSVC - ok
00:10:19.0141 4416 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:10:19.0141 4416 secdrv - ok
00:10:19.0173 4416 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:10:19.0173 4416 seclogon - ok
00:10:19.0188 4416 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
00:10:19.0188 4416 SENS - ok
00:10:19.0204 4416 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:10:19.0251 4416 SensrSvc - ok
00:10:19.0266 4416 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:10:19.0282 4416 Serenum - ok
00:10:19.0313 4416 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:10:19.0344 4416 Serial - ok
00:10:19.0360 4416 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:10:19.0375 4416 sermouse - ok
00:10:19.0422 4416 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:10:19.0469 4416 SessionEnv - ok
00:10:19.0500 4416 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:10:19.0516 4416 sffdisk - ok
00:10:19.0531 4416 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:10:19.0547 4416 sffp_mmc - ok
00:10:19.0563 4416 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:10:19.0578 4416 sffp_sd - ok
00:10:19.0594 4416 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:10:19.0609 4416 sfloppy - ok
00:10:19.0656 4416 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
00:10:19.0656 4416 Sftfs - ok
00:10:19.0703 4416 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:10:19.0719 4416 sftlist - ok
00:10:19.0734 4416 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:10:19.0734 4416 Sftplay - ok
00:10:19.0765 4416 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:10:19.0765 4416 Sftredir - ok
00:10:19.0828 4416 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
00:10:19.0875 4416 SftService - ok
00:10:19.0890 4416 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
00:10:19.0921 4416 Sftvol - ok
00:10:19.0937 4416 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:10:19.0937 4416 sftvsa - ok
00:10:19.0999 4416 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:10:19.0999 4416 SharedAccess - ok
00:10:20.0031 4416 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:10:20.0093 4416 ShellHWDetection - ok
00:10:20.0124 4416 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:10:20.0140 4416 SiSRaid2 - ok
00:10:20.0155 4416 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:10:20.0171 4416 SiSRaid4 - ok
00:10:20.0202 4416 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:10:20.0218 4416 Smb - ok
00:10:20.0280 4416 [ B95365DB2DE201A2DDF786E85BA5411C ] SMSI Device Launch Service C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
00:10:20.0280 4416 SMSI Device Launch Service - ok
00:10:20.0327 4416 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:10:20.0358 4416 SNMPTRAP - ok
00:10:20.0358 4416 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:10:20.0358 4416 spldr - ok
00:10:20.0389 4416 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
00:10:20.0452 4416 Spooler - ok
00:10:20.0545 4416 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:10:20.0639 4416 sppsvc - ok
00:10:20.0655 4416 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:10:20.0701 4416 sppuinotify - ok
00:10:20.0733 4416 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:10:20.0764 4416 srv - ok
00:10:20.0811 4416 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:10:20.0842 4416 srv2 - ok
00:10:20.0857 4416 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:10:20.0889 4416 srvnet - ok
00:10:20.0920 4416 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:10:20.0967 4416 SSDPSRV - ok
00:10:20.0982 4416 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:10:20.0982 4416 SstpSvc - ok
00:10:20.0998 4416 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:10:21.0013 4416 stexstor - ok
00:10:21.0060 4416 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:10:21.0076 4416 stisvc - ok
00:10:21.0123 4416 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:10:21.0154 4416 swenum - ok
00:10:21.0185 4416 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:10:21.0247 4416 swprv - ok
00:10:21.0279 4416 [ 1657B7442D5CE30533F5C4317716B468 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:10:21.0310 4416 SynTP - ok
00:10:21.0372 4416 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:10:21.0419 4416 SysMain - ok
00:10:21.0450 4416 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:10:21.0497 4416 TabletInputService - ok
00:10:21.0513 4416 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:10:21.0513 4416 TapiSrv - ok
00:10:21.0544 4416 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:10:21.0544 4416 TBS - ok
00:10:21.0606 4416 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:10:21.0637 4416 Tcpip - ok
00:10:21.0700 4416 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:10:21.0731 4416 TCPIP6 - ok
00:10:21.0762 4416 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:10:21.0762 4416 tcpipreg - ok
00:10:21.0793 4416 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:10:21.0809 4416 TDPIPE - ok
00:10:21.0856 4416 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:10:21.0871 4416 TDTCP - ok
00:10:21.0918 4416 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:10:21.0949 4416 tdx - ok
00:10:21.0996 4416 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:10:22.0043 4416 TermDD - ok
00:10:22.0090 4416 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:10:22.0449 4416 TermService - ok
00:10:22.0480 4416 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:10:22.0511 4416 Themes - ok
00:10:22.0558 4416 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:10:22.0558 4416 THREADORDER - ok
00:10:22.0605 4416 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:10:22.0605 4416 TrkWks - ok
00:10:22.0667 4416 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:10:22.0714 4416 TrustedInstaller - ok
00:10:22.0745 4416 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:10:22.0776 4416 tssecsrv - ok
00:10:22.0839 4416 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:10:22.0870 4416 TsUsbFlt - ok
00:10:22.0979 4416 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:10:22.0979 4416 tunnel - ok
00:10:23.0041 4416 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:10:23.0088 4416 uagp35 - ok
00:10:23.0135 4416 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:10:23.0151 4416 udfs - ok
00:10:23.0182 4416 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:10:23.0213 4416 UI0Detect - ok
00:10:23.0244 4416 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:10:23.0260 4416 uliagpkx - ok
00:10:23.0338 4416 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:10:23.0353 4416 umbus - ok
00:10:23.0369 4416 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:10:23.0385 4416 UmPass - ok
00:10:23.0400 4416 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:10:23.0447 4416 upnphost - ok
00:10:23.0463 4416 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:10:23.0494 4416 usbccgp - ok
00:10:23.0509 4416 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:10:23.0541 4416 usbcir - ok
00:10:23.0556 4416 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:10:23.0572 4416 usbehci - ok
00:10:23.0603 4416 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:10:23.0634 4416 usbhub - ok
00:10:23.0650 4416 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:10:23.0665 4416 usbohci - ok
00:10:23.0697 4416 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:10:23.0712 4416 usbprint - ok
00:10:23.0743 4416 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:10:23.0759 4416 USBSTOR - ok
00:10:23.0790 4416 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:10:23.0806 4416 usbuhci - ok
00:10:23.0837 4416 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:10:23.0868 4416 usbvideo - ok
00:10:23.0884 4416 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:10:23.0931 4416 UxSms - ok
00:10:23.0946 4416 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:10:23.0946 4416 VaultSvc - ok
00:10:23.0962 4416 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:10:23.0962 4416 vdrvroot - ok
00:10:24.0024 4416 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:10:24.0087 4416 vds - ok
00:10:24.0118 4416 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:10:24.0133 4416 vga - ok
00:10:24.0149 4416 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:10:24.0180 4416 VgaSave - ok
00:10:24.0211 4416 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:10:24.0258 4416 vhdmp - ok
00:10:24.0321 4416 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:10:24.0352 4416 viaide - ok
00:10:24.0367 4416 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:10:24.0367 4416 volmgr - ok
00:10:24.0414 4416 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:10:24.0430 4416 volmgrx - ok
00:10:24.0492 4416 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:10:24.0492 4416 volsnap - ok
00:10:24.0570 4416 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:10:24.0601 4416 vsmraid - ok
00:10:24.0726 4416 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:10:24.0882 4416 VSS - ok
00:10:24.0929 4416 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:10:24.0945 4416 vwifibus - ok
00:10:24.0991 4416 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:10:25.0023 4416 vwififlt - ok
00:10:25.0085 4416 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:10:25.0116 4416 vwifimp - ok
00:10:25.0147 4416 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:10:25.0225 4416 W32Time - ok
00:10:25.0257 4416 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:10:25.0335 4416 WacomPen - ok
00:10:25.0849 4416 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:10:26.0005 4416 WANARP - ok
00:10:26.0021 4416 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:10:26.0021 4416 Wanarpv6 - ok
00:10:26.0161 4416 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:10:26.0957 4416 WatAdminSvc - ok
00:10:27.0082 4416 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:10:27.0519 4416 wbengine - ok
00:10:27.0550 4416 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:10:27.0628 4416 WbioSrvc - ok
00:10:27.0690 4416 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:10:27.0753 4416 wcncsvc - ok
00:10:27.0768 4416 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:10:27.0799 4416 WcsPlugInService - ok
00:10:27.0831 4416 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:10:27.0862 4416 Wd - ok
00:10:27.0893 4416 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:10:27.0924 4416 Wdf01000 - ok
00:10:27.0955 4416 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:10:27.0955 4416 WdiServiceHost - ok
00:10:27.0971 4416 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:10:27.0971 4416 WdiSystemHost - ok
00:10:28.0033 4416 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:10:28.0080 4416 WebClient - ok
00:10:28.0111 4416 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:10:28.0174 4416 Wecsvc - ok
00:10:28.0205 4416 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:10:28.0252 4416 wercplsupport - ok
00:10:28.0283 4416 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:10:28.0330 4416 WerSvc - ok
00:10:28.0345 4416 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:10:28.0361 4416 WfpLwf - ok
00:10:28.0408 4416 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
00:10:28.0470 4416 WimFltr - ok
00:10:28.0486 4416 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:10:28.0501 4416 WIMMount - ok
00:10:28.0517 4416 WinDefend - ok
00:10:28.0533 4416 WinHttpAutoProxySvc - ok
00:10:28.0611 4416 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:10:28.0626 4416 Winmgmt - ok
00:10:28.0813 4416 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:10:29.0250 4416 WinRM - ok
00:10:29.0328 4416 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:10:29.0359 4416 WinUsb - ok
00:10:29.0406 4416 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:10:29.0500 4416 Wlansvc - ok
00:10:29.0625 4416 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:10:29.0671 4416 wlidsvc - ok
00:10:29.0718 4416 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
00:10:29.0749 4416 wltrysvc - ok
00:10:29.0781 4416 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:10:29.0796 4416 WmiAcpi - ok
00:10:29.0827 4416 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:10:29.0890 4416 wmiApSrv - ok
00:10:29.0921 4416 WMPNetworkSvc - ok
00:10:29.0937 4416 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:10:29.0983 4416 WPCSvc - ok
00:10:30.0015 4416 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:10:30.0030 4416 WPDBusEnum - ok
00:10:30.0061 4416 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:10:30.0108 4416 ws2ifsl - ok
00:10:30.0124 4416 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
00:10:30.0139 4416 wscsvc - ok
00:10:30.0139 4416 WSearch - ok
00:10:30.0249 4416 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:10:30.0342 4416 wuauserv - ok
00:10:30.0389 4416 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:10:30.0420 4416 WudfPf - ok
00:10:30.0467 4416 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:30.0545 4416 WUDFRd - ok
00:10:30.0576 4416 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:10:30.0639 4416 wudfsvc - ok
00:10:30.0685 4416 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:10:30.0748 4416 WwanSvc - ok
00:10:30.0826 4416 ================ Scan global ===============================
00:10:30.0857 4416 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:10:30.0935 4416 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:10:30.0997 4416 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:10:31.0029 4416 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:10:31.0153 4416 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:10:31.0200 4416 [Global] - ok
00:10:31.0200 4416 ================ Scan MBR ==================================
00:10:31.0263 4416 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:10:31.0949 4416 \Device\Harddisk0\DR0 - ok
00:10:31.0949 4416 ================ Scan VBR ==================================
00:10:31.0980 4416 [ CE10B06D2B580D721F098B2EF6F0305A ] \Device\Harddisk0\DR0\Partition1
00:10:31.0980 4416 \Device\Harddisk0\DR0\Partition1 - ok
00:10:31.0996 4416 [ C9EBD8F87B06A9553AB3B59674084104 ] \Device\Harddisk0\DR0\Partition2
00:10:31.0996 4416 \Device\Harddisk0\DR0\Partition2 - ok
00:10:32.0011 4416 ============================================================
00:10:32.0011 4416 Scan finished
00:10:32.0011 4416 ============================================================
00:10:32.0027 4180 Detected object count: 0
00:10:32.0027 4180 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 00:13:07
-----------------------------
00:13:07.638 OS Version: Windows x64 6.1.7601 Service Pack 1
00:13:07.638 Number of processors: 2 586 0x170A
00:13:07.638 ComputerName: HANNAH-PC UserName: Hannah
00:13:09.603 Initialize success
00:14:00.807 AVAST engine defs: 12082100
00:14:07.951 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:14:07.951 Disk 0 Vendor: ST9320423AS D005SDM1 Size: 305245MB BusType: 11
00:14:07.983 Disk 0 MBR read successfully
00:14:07.983 Disk 0 MBR scan
00:14:07.998 Disk 0 Windows 7 default MBR code
00:14:07.998 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
00:14:08.045 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
00:14:08.139 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290143 MB offset 30926848
00:14:08.201 Disk 0 scanning C:\Windows\system32\drivers
00:14:32.740 Service scanning
00:15:12.458 Modules scanning
00:15:12.458 Disk 0 trace - called modules:
00:15:12.473 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:15:12.489 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030d7060]
00:15:12.504 3 CLASSPNP.SYS[fffff8800198343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002d61680]
00:15:13.331 AVAST engine scan C:\Windows
00:15:21.381 AVAST engine scan C:\Windows\system32
00:23:04.374 AVAST engine scan C:\Windows\system32\drivers
00:23:26.635 AVAST engine scan C:\Users\Hannah
00:28:32.177 AVAST engine scan C:\ProgramData
00:30:46.509 Scan finished successfully
00:32:51.122 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
00:32:51.247 The log file has been saved successfully to "E:\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:16 AM

Posted 22 August 2012 - 09:40 AM

I am uploading a file and I want you to download it and run it, if asked to merge please allow

restart the computer after you run it and check for updates

Attached Files


Edited by gringo_pr, 22 August 2012 - 09:41 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 andrewpomo

andrewpomo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 22 August 2012 - 06:19 PM

Well everything seems to have worked. Thank you!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:16 AM

Posted 22 August 2012 - 08:34 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 andrewpomo

andrewpomo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 23 August 2012 - 02:36 AM

Okay. Ran everything the way you asked, but now when I try to open notepad or chrome I get a message like this.

C:\User\Hannah\AppData\Local\Google\Chrome\Application\chrome.exe
Illegal operation attempted on a registry key that has been marked for deletion.

Couldn't copy and paste the combofix log because of this problem.


:mellow: so scared.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:16 AM

Posted 23 August 2012 - 07:02 AM

Please read instructions

from above
Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

Please restart the computer and send me the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users