Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 JasonMeyer1118

JasonMeyer1118

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 28 August 2012 - 10:25 PM

I am having issues with google results being redirected and also sometimes popus appear. I am running Windows 7 Home edition, and the issue occurs with both IE9 and Firefox. I've tried several different tools to remove it, but no luck so far. Since I read that different antivirus tools can interfere with each other and need to be disabled, I just deleted them all for the time being until instructed otherwise.

Thanks for your help and please let me know what to do next.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Meyer at 22:17:06 on 2012-08-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4032 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Windows\CNYHKey.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ModLedKey.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [EPSON NX300 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Windows\TEMP\E_S738A.tmp" /EF "HKCU"
mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRun: [EPSON NX300 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Windows\TEMP\E_S8258.tmp" /EF "HKCU"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://rsvpn.raytheon.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{430BA2EC-79D6-4997-AADC-8C482BCFA0A4} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun-x64: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
mRun-x64: [LchDrvKey] LchDrvKey.exe
mRun-x64: [LedKey] CNYHKey.exe
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xyqryibj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Meyer\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Meyer\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 335888]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-6-30 517632]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cxpl_mhd;CX23885/8 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\system32\drivers\y_cx88x.sys --> C:\Windows\system32\drivers\y_cx88x.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ekrn;ESET Service;"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" --> C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-1 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-1 135664]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech QuickCam S7500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S4 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-12 113120]
.
=============== Created Last 30 ================
.
2012-08-29 02:25:37 332 ----a-w- C:\Start_.cmd
2012-08-29 02:25:36 -------- d-----w- C:\ComboFix
2012-08-28 23:57:46 -------- d-----w- C:\Program Files\ESET
2012-08-28 13:13:57 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-28 13:13:57 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-28 04:30:35 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-28 04:15:52 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-08-28 04:15:49 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-08-28 04:15:42 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-28 04:12:31 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-08-28 04:12:31 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-08-28 04:11:05 -------- d-----w- C:\ProgramData\PC Tools
2012-08-28 04:11:04 -------- d-----w- C:\Users\Meyer\AppData\Roaming\TestApp
2012-08-28 03:36:55 -------- d-----w- C:\Users\Meyer\AppData\Roaming\Malwarebytes
2012-08-28 03:36:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-28 02:44:16 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-15 14:52:12 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 14:52:12 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 14:51:16 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 14:51:16 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 14:51:16 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 14:51:16 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 14:50:48 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 14:50:48 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 14:50:48 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 14:50:21 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 14:49:53 956928 ----a-w- C:\Windows\System32\localspl.dll
.
==================== Find3M ====================
.
2012-08-28 02:41:21 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 02:41:21 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 22:18:03.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 PM

Posted 28 August 2012 - 11:31 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JasonMeyer1118

JasonMeyer1118
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 28 August 2012 - 11:47 PM

The security check log is below.

When I try to run Combofix, I window pops up and looks like it is installing something for about 30 seconds, then it goes away, and it seems like nothing is running anymore. I looked in task manager, but the combofix.exe had stopped running. No log files popped up either. How do I know if Combofix is really running or if it quit?


Results of screen317's Security Check version 0.99.49
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 30
Java™ 6 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.265 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 PM

Posted 29 August 2012 - 07:56 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JasonMeyer1118

JasonMeyer1118
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 29 August 2012 - 08:55 PM

After about 5 tries, Combo fix ran something, then rebooted without giving a log. I ran combofix again, and then it gave the log below. I also ran frst and the results will be in the next post.

At first, google worked better, but after about 10 searches, it is being redirected again.

Combofix.txt:
ComboFix 12-08-28.03 - Meyer 08/29/2012 7:27.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4817 [GMT -5:00]
Running from: c:\users\Meyer\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
---- Previous Run -------
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 12:41 . 2012-08-29 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-28 23:57 . 2012-08-28 23:57 -------- d-----w- c:\program files\ESET
2012-08-28 13:13 . 2012-08-29 02:11 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-28 13:13 . 2012-08-29 02:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-28 04:30 . 2012-08-28 04:30 -------- d-----w- c:\program files\Enigma Software Group
2012-08-28 04:15 . 2012-08-29 01:49 -------- d-----w- c:\program files (x86)\PC Tools
2012-08-28 04:15 . 2012-08-29 02:12 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-08-28 04:15 . 2012-08-28 04:15 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-28 04:12 . 2012-08-29 01:49 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-08-28 04:12 . 2012-06-22 20:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-08-28 04:11 . 2012-08-29 01:47 -------- d-----w- c:\programdata\PC Tools
2012-08-28 04:11 . 2012-08-28 04:11 -------- d-----w- c:\users\Meyer\AppData\Roaming\TestApp
2012-08-28 03:36 . 2012-08-28 03:36 -------- d-----w- c:\users\Meyer\AppData\Roaming\Malwarebytes
2012-08-28 03:36 . 2012-08-28 03:36 -------- d-----w- c:\programdata\Malwarebytes
2012-08-28 02:44 . 2012-08-28 02:44 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-15 14:52 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 14:52 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 14:51 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 14:51 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 14:51 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 14:51 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 14:50 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 14:50 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 14:50 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 14:50 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 14:50 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 14:49 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 02:41 . 2012-06-14 11:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 02:41 . 2011-06-16 11:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 08:01 . 2010-01-23 21:29 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-09 05:43 . 2012-07-11 13:13 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 13:13 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 13:13 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 13:12 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 13:13 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 13:13 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 13:12 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 01:28 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:28 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:28 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:28 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:28 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:28 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:28 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 01:27 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 01:27 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 13:12 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 13:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 13:12 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 13:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 13:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 13:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 13:12 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 13:12 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 13:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-05-05 123904]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 135664]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 135664]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2008-10-03 225296]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-06-11 335888]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-03-17 517632]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 cxpl_mhd;CX23885/8 PCI-E AvStream Video Capture (PalomarMHD);c:\windows\system32\drivers\y_cx88x.sys [2009-03-21 676992]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 01:14]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 3432448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xyqryibj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Win7PDF - c:\program files\PDF Printer for Windows 7\PDF.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{85741F1D-ED47-4DCF-9109-07D10213C4D0}"=hex:51,66,7a,6c,4c,1d,38,12,73,1c,67,
81,75,a3,a1,08,ee,1f,44,91,07,4d,80,c4
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:95,ce,09,a7,3c,09,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-29 07:54:40
ComboFix-quarantined-files.txt 2012-08-29 12:54
.
Pre-Run: 101,824,778,240 bytes free
Post-Run: 99,835,621,376 bytes free
.
- - End Of File - - D5E1C68E257BC0EC8349CEAED62D1662

#6 JasonMeyer1118

JasonMeyer1118
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 29 August 2012 - 08:56 PM

Here are the FRST files...

FRST.txt:
Scan result of Farbar Recovery Scan Tool Version: 29-08-2012 03
Ran by SYSTEM at 29-08-2012 20:24:38
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" [3432448 2010-03-17] (Alcatel-Lucent)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [103720 2008-12-24] (CyberLink)
HKLM-x32\...\Run: [Gateway Photo Frame] "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A [123904 2009-05-05] (IOI)
HKLM-x32\...\Run: [LchDrvKey] LchDrvKey.exe [x]
HKLM-x32\...\Run: [LedKey] CNYHKey.exe [x]
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Meyer\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [335888 2012-06-11] (Verizon)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-03-17] (Alcatel-Lucent)
2 RichVideo; "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe" [244904 2008-06-27] ()
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [x]

==================== Drivers (Whitelisted) ===================

3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-08-29 20:24 - 2012-08-29 20:24 - 00000000 ____D C:\FRST
2012-08-29 17:18 - 2012-08-29 17:18 - 01450005 ____A (Farbar) C:\Users\Meyer\Downloads\FRST64.exe
2012-08-29 04:54 - 2012-08-29 04:54 - 00016737 ____A C:\ComboFix.txt
2012-08-29 03:54 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-29 03:54 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-29 03:54 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-29 03:54 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-29 03:54 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-29 03:54 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-29 03:54 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-29 03:54 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-28 20:33 - 2012-08-28 20:33 - 00854124 ____A C:\Users\Meyer\Desktop\SecurityCheck.exe
2012-08-28 19:17 - 2012-08-28 19:17 - 00607260 ____R (Swearware) C:\Users\Meyer\Downloads\dds.com
2012-08-28 18:40 - 2012-08-28 18:40 - 00587432 ____A C:\Users\Meyer\Downloads\cbsidlm-tr1_5-Combofix-75221073.exe
2012-08-28 18:19 - 2012-08-29 04:55 - 00000000 ____D C:\Qoobox
2012-08-28 18:19 - 2012-08-29 04:49 - 00000000 ____D C:\Windows\erdnt
2012-08-28 17:38 - 2012-08-28 17:38 - 00920096 ____A C:\Users\Meyer\Downloads\Norton_Removal_Tool.exe
2012-08-28 17:38 - 2012-08-28 17:38 - 00137568 ____A (Symantec Corporation) C:\Users\Meyer\Downloads\buDump.exe
2012-08-28 17:38 - 2012-08-28 17:38 - 00000000 ____A C:\Users\All Users\N360BUOptions.ini
2012-08-28 16:13 - 2012-08-28 16:13 - 01932256 ____A (Symantec Corporation) C:\Users\Meyer\Desktop\FixTDSS.exe
2012-08-28 16:12 - 2012-08-28 16:13 - 01932256 ____A (Symantec Corporation) C:\Users\Meyer\Downloads\FixTDSS.exe
2012-08-28 16:05 - 2012-08-28 16:05 - 62664192 ____A C:\Users\Meyer\Downloads\ess_nt64_enu.msi
2012-08-28 15:58 - 2012-08-28 15:58 - 00302592 ____A C:\Users\Meyer\Downloads\zism14d9.exe
2012-08-28 15:57 - 2012-08-28 15:57 - 00000000 ____D C:\Users\All Users\ESET
2012-08-28 15:57 - 2012-08-28 15:57 - 00000000 ____D C:\Program Files\ESET
2012-08-28 15:52 - 2012-08-28 15:52 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Meyer\Downloads\meyer.com
2012-08-28 15:51 - 2012-08-28 15:51 - 01374624 ____A (ESET) C:\Users\Meyer\Downloads\eset_smart_security_live_installer.exe
2012-08-28 15:49 - 2012-08-28 15:49 - 00371120 ____A C:\Users\Meyer\Downloads\eset-nod32-antivirusSetup.exe
2012-08-28 05:13 - 2012-08-28 18:11 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-08-28 05:13 - 2012-08-28 18:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-28 04:54 - 2012-08-28 04:54 - 16409960 ____A (Safer Networking Limited ) C:\Users\Meyer\Downloads\spybotsd162.exe
2012-08-27 20:30 - 2012-08-27 20:30 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-08-27 20:15 - 2012-08-28 18:12 - 00000000 ____D C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-08-27 20:15 - 2012-08-28 17:49 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-08-27 20:14 - 2012-08-27 20:15 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Meyer\Downloads\SpyHunter-Installer(1).exe
2012-08-27 20:12 - 2012-08-28 17:37 - 02241992 ____A C:\Windows\System32\Drivers\Cat.DB
2012-08-27 20:12 - 2012-06-22 12:35 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-08-27 20:11 - 2012-08-28 17:47 - 00000000 ____D C:\Users\All Users\PC Tools
2012-08-27 20:11 - 2012-08-27 20:11 - 00000000 ____D C:\Users\Meyer\AppData\Roaming\TestApp
2012-08-27 20:03 - 2012-08-27 20:03 - 04166136 ____A (PC Tools) C:\Users\Meyer\Downloads\spdoc.exe
2012-08-27 20:03 - 2012-08-27 20:03 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Meyer\Downloads\SpyHunter-Installer.exe
2012-08-27 19:57 - 2012-08-28 18:41 - 04722680 ____R (Swearware) C:\Users\Meyer\Downloads\ComboFix.exe
2012-08-27 19:57 - 2012-08-28 18:19 - 04739810 ____R (Swearware) C:\Users\Meyer\Desktop\ComboFix.exe
2012-08-27 19:46 - 2012-08-27 19:46 - 00251392 ____A C:\Users\Meyer\Downloads\hijackthis_sfx.exe
2012-08-27 19:36 - 2012-08-27 19:36 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Meyer\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-27 19:36 - 2012-08-27 19:36 - 00000000 ____D C:\Users\Meyer\AppData\Roaming\Malwarebytes
2012-08-27 19:36 - 2012-08-27 19:36 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-27 18:44 - 2012-08-27 18:44 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-16 00:05 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-16 00:05 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-16 00:05 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-16 00:05 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-16 00:05 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-16 00:05 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-16 00:05 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-16 00:05 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-16 00:05 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-16 00:05 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-16 00:05 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-16 00:05 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-16 00:05 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-16 00:05 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-16 00:05 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-16 00:05 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-16 00:05 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-16 00:05 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-16 00:05 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-16 00:05 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-16 00:05 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-16 00:05 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-16 00:05 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-16 00:05 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-16 00:05 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-16 00:05 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-16 00:05 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-16 00:05 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 06:52 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 06:52 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 06:51 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 06:51 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 06:51 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 06:51 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-15 06:50 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 06:50 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 06:50 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 06:50 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 06:50 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 06:50 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 06:49 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

==================== 3 Months Modified Files ================================

2012-08-29 17:20 - 2011-10-16 19:45 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2012-08-29 17:19 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-29 17:18 - 2012-08-29 17:18 - 01450005 ____A (Farbar) C:\Users\Meyer\Downloads\FRST64.exe
2012-08-29 16:25 - 2009-12-01 17:14 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-29 04:54 - 2012-08-29 04:54 - 00016737 ____A C:\ComboFix.txt
2012-08-29 04:41 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-29 04:29 - 2009-12-29 13:41 - 00011120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-29 04:29 - 2009-12-29 13:41 - 00011120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-29 04:22 - 2009-12-01 17:14 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-29 04:21 - 2009-12-29 14:03 - 00201366 ____A C:\Windows\PFRO.log
2012-08-29 04:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-29 04:21 - 2009-07-13 20:51 - 03734592 ____A C:\Windows\setupact.log
2012-08-28 20:33 - 2012-08-28 20:33 - 00854124 ____A C:\Users\Meyer\Desktop\SecurityCheck.exe
2012-08-28 19:17 - 2012-08-28 19:17 - 00607260 ____R (Swearware) C:\Users\Meyer\Downloads\dds.com
2012-08-28 18:41 - 2012-08-27 19:57 - 04722680 ____R (Swearware) C:\Users\Meyer\Downloads\ComboFix.exe
2012-08-28 18:40 - 2012-08-28 18:40 - 00587432 ____A C:\Users\Meyer\Downloads\cbsidlm-tr1_5-Combofix-75221073.exe
2012-08-28 18:19 - 2012-08-27 19:57 - 04739810 ____R (Swearware) C:\Users\Meyer\Desktop\ComboFix.exe
2012-08-28 17:38 - 2012-08-28 17:38 - 00920096 ____A C:\Users\Meyer\Downloads\Norton_Removal_Tool.exe
2012-08-28 17:38 - 2012-08-28 17:38 - 00137568 ____A (Symantec Corporation) C:\Users\Meyer\Downloads\buDump.exe
2012-08-28 17:38 - 2012-08-28 17:38 - 00000000 ____A C:\Users\All Users\N360BUOptions.ini
2012-08-28 17:37 - 2012-08-27 20:12 - 02241992 ____A C:\Windows\System32\Drivers\Cat.DB
2012-08-28 16:13 - 2012-08-28 16:13 - 01932256 ____A (Symantec Corporation) C:\Users\Meyer\Desktop\FixTDSS.exe
2012-08-28 16:13 - 2012-08-28 16:12 - 01932256 ____A (Symantec Corporation) C:\Users\Meyer\Downloads\FixTDSS.exe
2012-08-28 16:05 - 2012-08-28 16:05 - 62664192 ____A C:\Users\Meyer\Downloads\ess_nt64_enu.msi
2012-08-28 15:58 - 2012-08-28 15:58 - 00302592 ____A C:\Users\Meyer\Downloads\zism14d9.exe
2012-08-28 15:52 - 2012-08-28 15:52 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Meyer\Downloads\meyer.com
2012-08-28 15:51 - 2012-08-28 15:51 - 01374624 ____A (ESET) C:\Users\Meyer\Downloads\eset_smart_security_live_installer.exe
2012-08-28 15:49 - 2012-08-28 15:49 - 00371120 ____A C:\Users\Meyer\Downloads\eset-nod32-antivirusSetup.exe
2012-08-28 04:54 - 2012-08-28 04:54 - 16409960 ____A (Safer Networking Limited ) C:\Users\Meyer\Downloads\spybotsd162.exe
2012-08-28 04:05 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-27 20:15 - 2012-08-27 20:14 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Meyer\Downloads\SpyHunter-Installer(1).exe
2012-08-27 20:03 - 2012-08-27 20:03 - 04166136 ____A (PC Tools) C:\Users\Meyer\Downloads\spdoc.exe
2012-08-27 20:03 - 2012-08-27 20:03 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\Meyer\Downloads\SpyHunter-Installer.exe
2012-08-27 19:46 - 2012-08-27 19:46 - 00251392 ____A C:\Users\Meyer\Downloads\hijackthis_sfx.exe
2012-08-27 19:36 - 2012-08-27 19:36 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Meyer\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-27 18:41 - 2012-06-14 03:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-27 18:41 - 2011-06-16 03:26 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-27 18:39 - 2009-12-29 14:19 - 01762374 ____A C:\Windows\WindowsUpdate.log
2012-08-25 08:07 - 2009-12-29 13:43 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-08-18 18:52 - 2009-10-12 18:27 - 00036352 ____A C:\Users\Meyer\Documents\bills.xls
2012-08-16 00:26 - 2009-07-13 20:45 - 00350528 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-16 00:01 - 2010-01-23 13:29 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-15 19:00 - 2009-10-13 18:21 - 00053760 ____A C:\Users\Meyer\Documents\addresses.xls
2012-07-28 14:38 - 2010-07-30 18:24 - 00000907 ____A C:\Users\Meyer\Documents\Directions to Market Hall.txt
2012-07-18 10:15 - 2012-08-15 06:50 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 19:58 - 2012-07-12 19:58 - 16559808 ____A (Mozilla) C:\Users\Meyer\Downloads\Firefox Setup 13.0.1.exe
2012-07-12 19:38 - 2012-07-12 19:38 - 39483256 ____A (Apple Inc.) C:\Users\Meyer\Downloads\QuickTimeInstaller(1).exe
2012-07-04 18:54 - 2012-07-04 18:54 - 00002279 ____A C:\Users\Public\Desktop\WinZip.lnk
2012-07-04 14:16 - 2012-08-15 06:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 06:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 06:50 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 06:50 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 06:50 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-08-16 00:05 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-16 00:05 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-16 00:05 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-16 00:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-16 00:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-16 00:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-16 00:05 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-16 00:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-16 00:05 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-16 00:05 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-16 00:05 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-16 00:05 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-16 00:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-16 00:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-16 00:05 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-16 00:05 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-16 00:05 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-16 00:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-16 00:05 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-16 00:05 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-16 00:05 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-16 00:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-16 00:05 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-16 00:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-16 00:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-16 00:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-16 00:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-16 00:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-27 18:41 - 2012-06-27 18:41 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-06-22 12:35 - 2012-08-27 20:12 - 00251560 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-06-08 21:43 - 2012-07-11 05:13 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 05:13 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-11 05:13 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 05:13 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 05:12 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 05:13 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 05:13 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 05:12 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 18:57 - 2012-06-05 18:37 - 00016384 ____A C:\Users\Meyer\Documents\lainey bday invitations.xls
2012-06-02 14:19 - 2012-06-21 17:28 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 17:28 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 17:28 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 17:28 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 17:28 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 17:28 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 17:28 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 17:27 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-21 17:27 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-11 05:12 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 05:12 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 05:12 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 05:12 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 05:12 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 05:12 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 05:12 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 05:12 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 05:12 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2450236997-3034184122-912071905-1000\$aa33c60c2ca4e0c48ce51754aac5d90d

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-07-27 22:05:21
Restore point made on: 2012-08-04 09:24:51
Restore point made on: 2012-08-11 21:00:22
Restore point made on: 2012-08-16 00:00:49
Restore point made on: 2012-08-23 21:00:21
Restore point made on: 2012-08-27 20:18:19
Restore point made on: 2012-08-27 20:29:47
Restore point made on: 2012-08-28 16:07:02
Restore point made on: 2012-08-28 17:20:29
Restore point made on: 2012-08-28 17:22:56
Restore point made on: 2012-08-28 18:02:20
Restore point made on: 2012-08-28 18:12:12
Restore point made on: 2012-08-28 18:21:51

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 5887.18 MB
Available physical RAM: 5212.41 MB
Total Pagefile: 5885.33 MB
Available Pagefile: 5207.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:283.44 GB) (Free:93.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:70.96 GB) (Free:16.3 GB) NTFS
3 Drive e: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:4.45 GB) NTFS
5 Drive g: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 74 GB 6144 KB
Disk 2 Online 59 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 14 GB 1024 KB
Partition 2 Primary 283 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E PQSERVICE NTFS Partition 14 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 70 GB 39 MB
Partition 3 Primary 3584 MB 70 GB

==================================================================================

Disk: 1
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 70 GB Healthy

==================================================================================

Disk: 1
Partition 3
Type : DB
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 59 MB 0 B

==================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

Last Boot: 2012-08-27 05:12

==================== End Of Log =============================

Search.txt:
Farbar Recovery Scan Tool Version: 29-08-2012 03
Ran by SYSTEM at 2012-08-29 20:27:21
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-08-29 04:49] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 PM

Posted 29 August 2012 - 09:32 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\$Recycle.Bin\S-1-5-21-2450236997-3034184122-912071905-1000\$aa33c60c2ca4e0c48ce51754aac5d90d


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 JasonMeyer1118

JasonMeyer1118
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 29 August 2012 - 11:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 29-08-2012 03
Ran by SYSTEM at 2012-08-29 23:44:53 Run:1
Running from G:\

==============================================

C:\$Recycle.Bin\S-1-5-21-2450236997-3034184122-912071905-1000\$aa33c60c2ca4e0c48ce51754aac5d90d moved successfully.

==== End of Fixlog ====

#9 JasonMeyer1118

JasonMeyer1118
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 29 August 2012 - 11:54 PM

FYI, even after doing the above step, google is still being redirected sometimes and popups appear sometimes (often to http://63.209.69.107/...)

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 PM

Posted 30 August 2012 - 12:03 AM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JasonMeyer1118

JasonMeyer1118
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 30 August 2012 - 12:08 AM

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Meyer [Admin rights]
Mode : Scan -- Date : 08/30/2012 00:07:12

Bad processes : 4
[SUSP PATH] ChiFuncExt.exe -- C:\Windows\ChiFuncExt.exe -> KILLED [TermProc]
[SUSP PATH] CNYHKey.exe -- C:\Windows\CNYHKey.exe -> KILLED [TermProc]
[SUSP PATH] ModLEDKey.exe -- C:\Windows\ModLedKey.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

Registry Entries : 4
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[RUN][SUSP PATH] [ON_D:]HKLM\Software[...]\Run : UIUCU (C:\DOCUME~1\Jason\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: ST3320813AS ATA Device +++++
--- User ---
[MBR] 7889dbfaf091db6c8db35d4e23ac1425
[BSP] 0d9747f5942948d7aae1e15b70889c4e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30722048 | Size: 290243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST380013AS ATA Device +++++
--- User ---
[MBR] 5ebe18dc10be031469f36de3f2a48324
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 72661 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 148890420 | Size: 3584 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: Generic USB SD Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic USB CF Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 PM

Posted 30 August 2012 - 12:20 AM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 JasonMeyer1118

JasonMeyer1118
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 30 August 2012 - 12:32 AM

It ran and then rebooted, so it generated 2 logs.
I did about 5 google searches and clicked on about 20 links without being redirected yet.
Anything else I need to do?

Thanks,

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Meyer [Admin rights]
Mode : Scan -- Date : 08/30/2012 00:23:06

Bad processes : 1
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

Registry Entries : 4
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[RUN][SUSP PATH] [ON_D:]HKLM\Software[...]\Run : UIUCU (C:\DOCUME~1\Jason\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: ST3320813AS ATA Device +++++
--- User ---
[MBR] 7889dbfaf091db6c8db35d4e23ac1425
[BSP] 0d9747f5942948d7aae1e15b70889c4e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30722048 | Size: 290243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST380013AS ATA Device +++++
--- User ---
[MBR] 5ebe18dc10be031469f36de3f2a48324
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 72661 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 148890420 | Size: 3584 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Meyer [Admin rights]
Mode : Remove -- Date : 08/30/2012 00:24:19

Bad processes : 1
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

Registry Entries : 4
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[RUN][SUSP PATH] [ON_D:]HKLM\Software[...]\Run : UIUCU (C:\DOCUME~1\Jason\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S) -> DELETED

Particular Files / Folders:
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: ST3320813AS ATA Device +++++
--- User ---
[MBR] 7889dbfaf091db6c8db35d4e23ac1425
[BSP] 0d9747f5942948d7aae1e15b70889c4e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30722048 | Size: 290243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST380013AS ATA Device +++++
--- User ---
[MBR] 5ebe18dc10be031469f36de3f2a48324
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 72661 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 148890420 | Size: 3584 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 PM

Posted 30 August 2012 - 12:43 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 JasonMeyer1118

JasonMeyer1118
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 30 August 2012 - 08:36 PM

08:15:37.0145 4084 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
08:15:37.0570 4084 ============================================================
08:15:37.0570 4084 Current date / time: 2012/08/30 08:15:37.0570
08:15:37.0570 4084 SystemInfo:
08:15:37.0570 4084
08:15:37.0570 4084 OS Version: 6.1.7601 ServicePack: 1.0
08:15:37.0570 4084 Product type: Workstation
08:15:37.0570 4084 ComputerName: MEYER-PC
08:15:37.0571 4084 UserName: Meyer
08:15:37.0571 4084 Windows directory: C:\Windows
08:15:37.0571 4084 System windows directory: C:\Windows
08:15:37.0571 4084 Running under WOW64
08:15:37.0571 4084 Processor architecture: Intel x64
08:15:37.0571 4084 Number of processors: 2
08:15:37.0571 4084 Page size: 0x1000
08:15:37.0571 4084 Boot type: Normal boot
08:15:37.0571 4084 ============================================================
08:15:39.0032 4084 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:15:39.0051 4084 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:15:39.0077 4084 ============================================================
08:15:39.0077 4084 \Device\Harddisk0\DR0:
08:15:39.0077 4084 MBR partitions:
08:15:39.0077 4084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x236E1800
08:15:39.0077 4084 \Device\Harddisk1\DR1:
08:15:39.0078 4084 MBR partitions:
08:15:39.0078 4084 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8DEA96F
08:15:39.0078 4084 ============================================================
08:15:39.0109 4084 C: <-> \Device\Harddisk0\DR0\Partition1
08:15:39.0134 4084 D: <-> \Device\Harddisk1\DR1\Partition1
08:15:39.0134 4084 ============================================================
08:15:39.0134 4084 Initialize success
08:15:39.0134 4084 ============================================================
08:15:40.0702 5052 ============================================================
08:15:40.0702 5052 Scan started
08:15:40.0702 5052 Mode: Manual;
08:15:40.0702 5052 ============================================================
08:15:45.0696 5052 ================ Scan system memory ========================
08:15:45.0696 5052 System memory - ok
08:15:45.0698 5052 ================ Scan services =============================
08:15:45.0957 5052 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:15:45.0963 5052 1394ohci - ok
08:15:45.0993 5052 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:15:45.0997 5052 ACPI - ok
08:15:46.0021 5052 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:15:46.0022 5052 AcpiPmi - ok
08:15:46.0182 5052 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:15:46.0184 5052 AdobeARMservice - ok
08:15:46.0264 5052 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:15:46.0273 5052 adp94xx - ok
08:15:46.0329 5052 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:15:46.0337 5052 adpahci - ok
08:15:46.0355 5052 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:15:46.0360 5052 adpu320 - ok
08:15:46.0408 5052 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:15:46.0410 5052 AeLookupSvc - ok
08:15:46.0445 5052 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:15:46.0452 5052 AFD - ok
08:15:46.0491 5052 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:15:46.0493 5052 agp440 - ok
08:15:46.0535 5052 [ 97DD49CCDB89A22CFCEA78B29D393D87 ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys
08:15:46.0541 5052 ahcix64s - ok
08:15:46.0599 5052 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:15:46.0602 5052 ALG - ok
08:15:46.0620 5052 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:15:46.0622 5052 aliide - ok
08:15:46.0661 5052 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:15:46.0665 5052 AMD External Events Utility - ok
08:15:46.0683 5052 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:15:46.0686 5052 amdide - ok
08:15:46.0748 5052 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:15:46.0751 5052 AmdK8 - ok
08:15:46.0939 5052 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:15:47.0086 5052 amdkmdag - ok
08:15:47.0124 5052 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:15:47.0126 5052 amdkmdap - ok
08:15:47.0152 5052 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:15:47.0153 5052 AmdPPM - ok
08:15:47.0199 5052 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:15:47.0203 5052 amdsata - ok
08:15:47.0266 5052 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:15:47.0271 5052 amdsbs - ok
08:15:47.0291 5052 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:15:47.0291 5052 amdxata - ok
08:15:47.0355 5052 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:15:47.0358 5052 AppID - ok
08:15:47.0412 5052 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:15:47.0416 5052 AppIDSvc - ok
08:15:47.0466 5052 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:15:47.0470 5052 Appinfo - ok
08:15:47.0583 5052 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:15:47.0585 5052 Apple Mobile Device - ok
08:15:47.0657 5052 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:15:47.0660 5052 arc - ok
08:15:47.0689 5052 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:15:47.0692 5052 arcsas - ok
08:15:47.0710 5052 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:15:47.0711 5052 AsyncMac - ok
08:15:47.0733 5052 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:15:47.0734 5052 atapi - ok
08:15:47.0885 5052 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:15:47.0939 5052 atikmdag - ok
08:15:48.0009 5052 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
08:15:48.0010 5052 AtiPcie - ok
08:15:48.0098 5052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:15:48.0116 5052 AudioEndpointBuilder - ok
08:15:48.0137 5052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:15:48.0142 5052 AudioSrv - ok
08:15:48.0220 5052 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:15:48.0223 5052 AxInstSV - ok
08:15:48.0296 5052 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:15:48.0311 5052 b06bdrv - ok
08:15:48.0371 5052 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:15:48.0376 5052 b57nd60a - ok
08:15:48.0456 5052 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:15:48.0460 5052 BDESVC - ok
08:15:48.0478 5052 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:15:48.0480 5052 Beep - ok
08:15:48.0553 5052 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:15:48.0570 5052 BFE - ok
08:15:48.0596 5052 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:15:48.0598 5052 blbdrive - ok
08:15:48.0723 5052 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:15:48.0741 5052 Bonjour Service - ok
08:15:48.0781 5052 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:15:48.0783 5052 bowser - ok
08:15:48.0834 5052 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:15:48.0836 5052 BrFiltLo - ok
08:15:48.0855 5052 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:15:48.0856 5052 BrFiltUp - ok
08:15:48.0875 5052 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:15:48.0877 5052 BridgeMP - ok
08:15:48.0910 5052 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:15:48.0913 5052 Browser - ok
08:15:48.0935 5052 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:15:48.0940 5052 Brserid - ok
08:15:48.0956 5052 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:15:48.0958 5052 BrSerWdm - ok
08:15:48.0967 5052 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:15:48.0969 5052 BrUsbMdm - ok
08:15:48.0975 5052 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:15:48.0976 5052 BrUsbSer - ok
08:15:48.0997 5052 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:15:48.0999 5052 BTHMODEM - ok
08:15:49.0048 5052 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:15:49.0050 5052 bthserv - ok
08:15:49.0066 5052 catchme - ok
08:15:49.0086 5052 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:15:49.0089 5052 cdfs - ok
08:15:49.0127 5052 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:15:49.0130 5052 cdrom - ok
08:15:49.0200 5052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:15:49.0204 5052 CertPropSvc - ok
08:15:49.0263 5052 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:15:49.0265 5052 circlass - ok
08:15:49.0320 5052 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:15:49.0327 5052 CLFS - ok
08:15:49.0443 5052 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:15:49.0446 5052 clr_optimization_v2.0.50727_32 - ok
08:15:49.0522 5052 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:15:49.0525 5052 clr_optimization_v2.0.50727_64 - ok
08:15:49.0586 5052 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:15:49.0588 5052 clr_optimization_v4.0.30319_32 - ok
08:15:49.0624 5052 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:15:49.0628 5052 clr_optimization_v4.0.30319_64 - ok
08:15:49.0659 5052 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:15:49.0661 5052 CmBatt - ok
08:15:49.0682 5052 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:15:49.0684 5052 cmdide - ok
08:15:49.0721 5052 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:15:49.0734 5052 CNG - ok
08:15:49.0759 5052 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:15:49.0760 5052 Compbatt - ok
08:15:49.0803 5052 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:15:49.0808 5052 CompositeBus - ok
08:15:49.0818 5052 COMSysApp - ok
08:15:49.0842 5052 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:15:49.0844 5052 crcdisk - ok
08:15:49.0889 5052 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:15:49.0893 5052 CryptSvc - ok
08:15:49.0967 5052 [ 53C879266EFA8D2FA54B99841392DFAF ] cxpl_mhd C:\Windows\system32\drivers\y_cx88x.sys
08:15:49.0985 5052 cxpl_mhd - ok
08:15:50.0066 5052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:15:50.0083 5052 DcomLaunch - ok
08:15:50.0143 5052 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:15:50.0149 5052 defragsvc - ok
08:15:50.0206 5052 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:15:50.0209 5052 DfsC - ok
08:15:50.0278 5052 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:15:50.0285 5052 Dhcp - ok
08:15:50.0341 5052 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:15:50.0343 5052 discache - ok
08:15:50.0380 5052 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:15:50.0383 5052 Disk - ok
08:15:50.0411 5052 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:15:50.0414 5052 Dnscache - ok
08:15:50.0474 5052 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:15:50.0478 5052 dot3svc - ok
08:15:50.0490 5052 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:15:50.0493 5052 DPS - ok
08:15:50.0521 5052 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:15:50.0523 5052 drmkaud - ok
08:15:50.0589 5052 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:15:50.0595 5052 DXGKrnl - ok
08:15:50.0654 5052 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:15:50.0658 5052 EapHost - ok
08:15:50.0770 5052 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:15:50.0863 5052 ebdrv - ok
08:15:50.0955 5052 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:15:51.0022 5052 EFS - ok
08:15:51.0302 5052 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:15:51.0317 5052 ehRecvr - ok
08:15:51.0372 5052 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:15:51.0374 5052 ehSched - ok
08:15:51.0447 5052 ekrn - ok
08:15:51.0545 5052 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:15:51.0571 5052 elxstor - ok
08:15:51.0600 5052 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:15:51.0602 5052 ErrDev - ok
08:15:51.0671 5052 esgiguard - ok
08:15:51.0767 5052 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:15:51.0775 5052 EventSystem - ok
08:15:51.0804 5052 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:15:51.0809 5052 exfat - ok
08:15:51.0836 5052 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:15:51.0841 5052 fastfat - ok
08:15:51.0898 5052 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:15:51.0916 5052 Fax - ok
08:15:51.0963 5052 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:15:51.0964 5052 fdc - ok
08:15:52.0024 5052 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:15:52.0026 5052 fdPHost - ok
08:15:52.0036 5052 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:15:52.0038 5052 FDResPub - ok
08:15:52.0049 5052 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:15:52.0050 5052 FileInfo - ok
08:15:52.0063 5052 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:15:52.0065 5052 Filetrace - ok
08:15:52.0095 5052 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:15:52.0096 5052 flpydisk - ok
08:15:52.0135 5052 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:15:52.0139 5052 FltMgr - ok
08:15:52.0175 5052 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:15:52.0201 5052 FontCache - ok
08:15:52.0308 5052 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:15:52.0310 5052 FontCache3.0.0.0 - ok
08:15:52.0362 5052 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:15:52.0364 5052 FsDepends - ok
08:15:52.0389 5052 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:15:52.0389 5052 Fs_Rec - ok
08:15:52.0446 5052 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:15:52.0449 5052 fvevol - ok
08:15:52.0470 5052 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:15:52.0472 5052 gagp30kx - ok
08:15:52.0497 5052 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:15:52.0497 5052 GEARAspiWDM - ok
08:15:52.0563 5052 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:15:52.0580 5052 gpsvc - ok
08:15:52.0722 5052 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:15:52.0726 5052 gupdate - ok
08:15:52.0749 5052 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:15:52.0750 5052 gupdatem - ok
08:15:52.0772 5052 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:15:52.0776 5052 gusvc - ok
08:15:52.0817 5052 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:15:52.0818 5052 hcw85cir - ok
08:15:52.0853 5052 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:15:52.0855 5052 HDAudBus - ok
08:15:52.0867 5052 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:15:52.0869 5052 HidBatt - ok
08:15:52.0892 5052 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:15:52.0894 5052 HidBth - ok
08:15:52.0906 5052 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:15:52.0908 5052 HidIr - ok
08:15:52.0955 5052 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:15:52.0957 5052 hidserv - ok
08:15:52.0991 5052 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:15:52.0993 5052 HidUsb - ok
08:15:53.0043 5052 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:15:53.0046 5052 hkmsvc - ok
08:15:53.0109 5052 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:15:53.0114 5052 HomeGroupListener - ok
08:15:53.0162 5052 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:15:53.0167 5052 HomeGroupProvider - ok
08:15:53.0215 5052 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:15:53.0218 5052 HpSAMD - ok
08:15:53.0279 5052 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:15:53.0297 5052 HTTP - ok
08:15:53.0313 5052 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:15:53.0314 5052 hwpolicy - ok
08:15:53.0338 5052 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:15:53.0341 5052 i8042prt - ok
08:15:53.0462 5052 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:15:53.0518 5052 iaStor - ok
08:15:53.0690 5052 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:15:53.0696 5052 iaStorV - ok
08:15:53.0826 5052 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:15:53.0868 5052 idsvc - ok
08:15:53.0985 5052 [ 23E1BCADABE423C35C19BBDFF10CCE6D ] IHA_MessageCenter C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
08:15:53.0989 5052 IHA_MessageCenter - ok
08:15:54.0076 5052 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:15:54.0080 5052 iirsp - ok
08:15:54.0240 5052 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:15:54.0258 5052 IKEEXT - ok
08:15:54.0363 5052 [ D8BCE8176CB1084C6F5830C019D47166 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:15:54.0374 5052 IntcAzAudAddService - ok
08:15:54.0406 5052 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:15:54.0408 5052 intelide - ok
08:15:54.0478 5052 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:15:54.0480 5052 intelppm - ok
08:15:54.0528 5052 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:15:54.0531 5052 IPBusEnum - ok
08:15:54.0585 5052 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:15:54.0587 5052 IpFilterDriver - ok
08:15:54.0675 5052 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:15:54.0683 5052 iphlpsvc - ok
08:15:54.0731 5052 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:15:54.0734 5052 IPMIDRV - ok
08:15:54.0784 5052 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:15:54.0787 5052 IPNAT - ok
08:15:54.0838 5052 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:15:54.0855 5052 iPod Service - ok
08:15:54.0883 5052 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:15:54.0885 5052 IRENUM - ok
08:15:54.0913 5052 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:15:54.0915 5052 isapnp - ok
08:15:54.0951 5052 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:15:54.0955 5052 iScsiPrt - ok
08:15:54.0993 5052 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:15:54.0994 5052 kbdclass - ok
08:15:55.0006 5052 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:15:55.0008 5052 kbdhid - ok
08:15:55.0018 5052 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:15:55.0019 5052 KeyIso - ok
08:15:55.0038 5052 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:15:55.0039 5052 KSecDD - ok
08:15:55.0059 5052 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:15:55.0062 5052 KSecPkg - ok
08:15:55.0122 5052 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:15:55.0123 5052 ksthunk - ok
08:15:55.0177 5052 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:15:55.0183 5052 KtmRm - ok
08:15:55.0245 5052 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:15:55.0249 5052 LanmanServer - ok
08:15:55.0310 5052 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:15:55.0313 5052 LanmanWorkstation - ok
08:15:55.0335 5052 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:15:55.0337 5052 lltdio - ok
08:15:55.0398 5052 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:15:55.0453 5052 lltdsvc - ok
08:15:55.0491 5052 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:15:55.0493 5052 lmhosts - ok
08:15:55.0536 5052 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:15:55.0539 5052 LSI_FC - ok
08:15:55.0608 5052 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:15:55.0611 5052 LSI_SAS - ok
08:15:55.0636 5052 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:15:55.0638 5052 LSI_SAS2 - ok
08:15:55.0663 5052 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:15:55.0667 5052 LSI_SCSI - ok
08:15:55.0738 5052 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:15:55.0741 5052 luafv - ok
08:15:55.0869 5052 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
08:15:55.0870 5052 LVPr2M64 - ok
08:15:55.0937 5052 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
08:15:55.0938 5052 LVPr2Mon - ok
08:15:56.0036 5052 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
08:15:56.0040 5052 LVPrcS64 - ok
08:15:56.0071 5052 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
08:15:56.0080 5052 LVRS64 - ok
08:15:56.0209 5052 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
08:15:56.0316 5052 LVUVC64 - ok
08:15:56.0392 5052 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
08:15:56.0394 5052 McciCMService - ok
08:15:56.0423 5052 [ 859E5A32485178DAECA06B52E2BB44B2 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
08:15:56.0430 5052 McciCMService64 - ok
08:15:56.0473 5052 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:15:56.0478 5052 Mcx2Svc - ok
08:15:56.0525 5052 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:15:56.0528 5052 megasas - ok
08:15:56.0557 5052 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:15:56.0562 5052 MegaSR - ok
08:15:56.0618 5052 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:15:56.0620 5052 MMCSS - ok
08:15:56.0633 5052 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:15:56.0635 5052 Modem - ok
08:15:56.0657 5052 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:15:56.0657 5052 monitor - ok
08:15:56.0679 5052 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:15:56.0680 5052 mouclass - ok
08:15:56.0701 5052 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:15:56.0703 5052 mouhid - ok
08:15:56.0750 5052 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:15:56.0752 5052 mountmgr - ok
08:15:56.0810 5052 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:15:56.0814 5052 MozillaMaintenance - ok
08:15:56.0868 5052 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:15:56.0871 5052 mpio - ok
08:15:56.0947 5052 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:15:56.0950 5052 mpsdrv - ok
08:15:57.0051 5052 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:15:57.0073 5052 MpsSvc - ok
08:15:57.0100 5052 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
08:15:57.0102 5052 MREMP50 - ok
08:15:57.0105 5052 MREMP50a64 - ok
08:15:57.0111 5052 MREMPR5 - ok
08:15:57.0117 5052 MRENDIS5 - ok
08:15:57.0137 5052 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
08:15:57.0138 5052 MRESP50 - ok
08:15:57.0142 5052 MRESP50a64 - ok
08:15:57.0189 5052 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:15:57.0192 5052 MRxDAV - ok
08:15:57.0236 5052 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:15:57.0238 5052 mrxsmb - ok
08:15:57.0259 5052 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:15:57.0264 5052 mrxsmb10 - ok
08:15:57.0279 5052 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:15:57.0282 5052 mrxsmb20 - ok
08:15:57.0297 5052 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:15:57.0299 5052 msahci - ok
08:15:57.0327 5052 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:15:57.0330 5052 msdsm - ok
08:15:57.0358 5052 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:15:57.0362 5052 MSDTC - ok
08:15:57.0470 5052 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:15:57.0471 5052 Msfs - ok
08:15:57.0516 5052 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:15:57.0520 5052 mshidkmdf - ok
08:15:57.0546 5052 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:15:57.0547 5052 msisadrv - ok
08:15:57.0611 5052 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:15:57.0614 5052 MSiSCSI - ok
08:15:57.0619 5052 msiserver - ok
08:15:57.0661 5052 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:15:57.0663 5052 MSKSSRV - ok
08:15:57.0684 5052 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:15:57.0689 5052 MSPCLOCK - ok
08:15:57.0714 5052 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:15:57.0716 5052 MSPQM - ok
08:15:57.0818 5052 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:15:57.0851 5052 MsRPC - ok
08:15:57.0885 5052 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:15:57.0886 5052 mssmbios - ok
08:15:57.0926 5052 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:15:57.0929 5052 MSTEE - ok
08:15:57.0947 5052 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:15:57.0949 5052 MTConfig - ok
08:15:58.0004 5052 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:15:58.0005 5052 Mup - ok
08:15:58.0110 5052 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:15:58.0119 5052 napagent - ok
08:15:58.0185 5052 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:15:58.0189 5052 NativeWifiP - ok
08:15:58.0220 5052 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
08:15:58.0239 5052 NDIS - ok
08:15:58.0274 5052 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:15:58.0277 5052 NdisCap - ok
08:15:58.0306 5052 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:15:58.0307 5052 NdisTapi - ok
08:15:58.0357 5052 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:15:58.0360 5052 Ndisuio - ok
08:15:58.0409 5052 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:15:58.0413 5052 NdisWan - ok
08:15:58.0457 5052 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:15:58.0460 5052 NDProxy - ok
08:15:58.0474 5052 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:15:58.0476 5052 NetBIOS - ok
08:15:58.0528 5052 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:15:58.0532 5052 NetBT - ok
08:15:58.0540 5052 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:15:58.0541 5052 Netlogon - ok
08:15:58.0609 5052 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:15:58.0615 5052 Netman - ok
08:15:58.0644 5052 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:15:58.0652 5052 netprofm - ok
08:15:58.0711 5052 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:15:58.0713 5052 NetTcpPortSharing - ok
08:15:58.0778 5052 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:15:58.0781 5052 nfrd960 - ok
08:15:58.0855 5052 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:15:58.0862 5052 NlaSvc - ok
08:15:58.0877 5052 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:15:58.0878 5052 Npfs - ok
08:15:58.0928 5052 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:15:58.0931 5052 nsi - ok
08:15:58.0980 5052 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:15:58.0981 5052 nsiproxy - ok
08:15:59.0029 5052 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:15:59.0055 5052 Ntfs - ok
08:15:59.0070 5052 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:15:59.0072 5052 Null - ok
08:15:59.0117 5052 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:15:59.0121 5052 nvraid - ok
08:15:59.0189 5052 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:15:59.0193 5052 nvstor - ok
08:15:59.0212 5052 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:15:59.0215 5052 nv_agp - ok
08:15:59.0246 5052 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:15:59.0249 5052 ohci1394 - ok
08:15:59.0341 5052 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:15:59.0344 5052 ose - ok
08:15:59.0409 5052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:15:59.0518 5052 p2pimsvc - ok
08:15:59.0696 5052 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:15:59.0755 5052 p2psvc - ok
08:15:59.0812 5052 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:15:59.0815 5052 Parport - ok
08:15:59.0851 5052 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:15:59.0853 5052 partmgr - ok
08:15:59.0867 5052 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:15:59.0873 5052 PcaSvc - ok
08:15:59.0907 5052 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:15:59.0912 5052 pci - ok
08:15:59.0922 5052 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:15:59.0923 5052 pciide - ok
08:15:59.0953 5052 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:15:59.0958 5052 pcmcia - ok
08:15:59.0982 5052 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:15:59.0983 5052 pcw - ok
08:16:00.0007 5052 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:16:00.0025 5052 PEAUTH - ok
08:16:00.0149 5052 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:16:00.0151 5052 PerfHost - ok
08:16:00.0231 5052 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:16:00.0273 5052 pla - ok
08:16:00.0305 5052 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:16:00.0312 5052 PlugPlay - ok
08:16:00.0361 5052 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:16:00.0363 5052 PNRPAutoReg - ok
08:16:00.0382 5052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:16:00.0386 5052 PNRPsvc - ok
08:16:00.0406 5052 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:16:00.0423 5052 PolicyAgent - ok
08:16:00.0490 5052 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:16:00.0496 5052 Power - ok
08:16:00.0559 5052 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:16:00.0562 5052 PptpMiniport - ok
08:16:00.0604 5052 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:16:00.0606 5052 Processor - ok
08:16:00.0634 5052 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:16:00.0638 5052 ProfSvc - ok
08:16:00.0651 5052 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:16:00.0652 5052 ProtectedStorage - ok
08:16:00.0708 5052 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:16:00.0710 5052 Psched - ok
08:16:00.0752 5052 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:16:00.0778 5052 ql2300 - ok
08:16:00.0835 5052 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:16:00.0838 5052 ql40xx - ok
08:16:00.0889 5052 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:16:00.0896 5052 QWAVE - ok
08:16:00.0912 5052 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:16:00.0915 5052 QWAVEdrv - ok
08:16:00.0928 5052 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:16:00.0929 5052 RasAcd - ok
08:16:01.0002 5052 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:16:01.0004 5052 RasAgileVpn - ok
08:16:01.0016 5052 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:16:01.0019 5052 RasAuto - ok
08:16:01.0079 5052 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:16:01.0082 5052 Rasl2tp - ok
08:16:01.0142 5052 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:16:01.0170 5052 RasMan - ok
08:16:01.0230 5052 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:16:01.0236 5052 RasPppoe - ok
08:16:01.0290 5052 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:16:01.0292 5052 RasSstp - ok
08:16:01.0342 5052 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:16:01.0347 5052 rdbss - ok
08:16:01.0366 5052 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:16:01.0368 5052 rdpbus - ok
08:16:01.0381 5052 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:16:01.0423 5052 RDPCDD - ok
08:16:01.0465 5052 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:16:01.0473 5052 RDPENCDD - ok
08:16:01.0485 5052 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:16:01.0487 5052 RDPREFMP - ok
08:16:01.0531 5052 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:16:01.0549 5052 RDPWD - ok
08:16:01.0634 5052 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:16:01.0637 5052 rdyboost - ok
08:16:01.0705 5052 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:16:01.0710 5052 RemoteAccess - ok
08:16:01.0819 5052 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:16:01.0840 5052 RemoteRegistry - ok
08:16:02.0031 5052 [ D1F1D0EE50F8C070A612796676971699 ] RichVideo C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
08:16:02.0033 5052 RichVideo - ok
08:16:02.0105 5052 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:16:02.0111 5052 RpcEptMapper - ok
08:16:02.0168 5052 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:16:02.0173 5052 RpcLocator - ok
08:16:02.0269 5052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:16:02.0273 5052 RpcSs - ok
08:16:02.0357 5052 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:16:02.0360 5052 rspndr - ok
08:16:02.0479 5052 [ 7421A35C45484B95E83B5E9E107CEFC2 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
08:16:02.0480 5052 RTHDMIAzAudService - ok
08:16:02.0495 5052 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:16:02.0496 5052 SamSs - ok
08:16:02.0526 5052 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:16:02.0528 5052 sbp2port - ok
08:16:02.0578 5052 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:16:02.0583 5052 SCardSvr - ok
08:16:02.0632 5052 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:16:02.0636 5052 scfilter - ok
08:16:02.0787 5052 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:16:02.0863 5052 Schedule - ok
08:16:02.0918 5052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:16:02.0920 5052 SCPolicySvc - ok
08:16:03.0000 5052 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:16:03.0033 5052 SDRSVC - ok
08:16:03.0086 5052 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:16:03.0088 5052 secdrv - ok
08:16:03.0137 5052 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:16:03.0142 5052 seclogon - ok
08:16:03.0188 5052 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:16:03.0190 5052 SENS - ok
08:16:03.0198 5052 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:16:03.0201 5052 SensrSvc - ok
08:16:03.0215 5052 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:16:03.0216 5052 Serenum - ok
08:16:03.0228 5052 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:16:03.0230 5052 Serial - ok
08:16:03.0249 5052 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:16:03.0251 5052 sermouse - ok
08:16:03.0313 5052 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:16:03.0317 5052 SessionEnv - ok
08:16:03.0342 5052 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:16:03.0344 5052 sffdisk - ok
08:16:03.0357 5052 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:16:03.0359 5052 sffp_mmc - ok
08:16:03.0364 5052 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:16:03.0365 5052 sffp_sd - ok
08:16:03.0381 5052 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:16:03.0439 5052 sfloppy - ok
08:16:03.0642 5052 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:16:03.0742 5052 SharedAccess - ok
08:16:03.0817 5052 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:16:03.0868 5052 ShellHWDetection - ok
08:16:03.0929 5052 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:16:03.0933 5052 SiSRaid2 - ok
08:16:04.0038 5052 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:16:04.0043 5052 SiSRaid4 - ok
08:16:04.0163 5052 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:16:04.0169 5052 Smb - ok
08:16:04.0282 5052 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:16:04.0285 5052 SNMPTRAP - ok
08:16:04.0334 5052 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:16:04.0335 5052 spldr - ok
08:16:04.0364 5052 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:16:04.0383 5052 Spooler - ok
08:16:04.0485 5052 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:16:04.0551 5052 sppsvc - ok
08:16:04.0608 5052 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:16:04.0611 5052 sppuinotify - ok
08:16:04.0644 5052 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:16:04.0651 5052 srv - ok
08:16:04.0671 5052 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:16:04.0677 5052 srv2 - ok
08:16:04.0689 5052 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:16:04.0692 5052 srvnet - ok
08:16:04.0759 5052 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:16:04.0765 5052 SSDPSRV - ok
08:16:04.0782 5052 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:16:04.0785 5052 SstpSvc - ok
08:16:04.0827 5052 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:16:04.0830 5052 stexstor - ok
08:16:04.0887 5052 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:16:04.0905 5052 stisvc - ok
08:16:04.0932 5052 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:16:04.0933 5052 swenum - ok
08:16:04.0952 5052 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:16:04.0969 5052 swprv - ok
08:16:05.0049 5052 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:16:05.0081 5052 SysMain - ok
08:16:05.0134 5052 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:16:05.0137 5052 TabletInputService - ok
08:16:05.0192 5052 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:16:05.0198 5052 TapiSrv - ok
08:16:05.0243 5052 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:16:05.0246 5052 TBS - ok
08:16:05.0296 5052 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:16:05.0330 5052 Tcpip - ok
08:16:05.0370 5052 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:16:05.0386 5052 TCPIP6 - ok
08:16:05.0438 5052 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:16:05.0441 5052 tcpipreg - ok
08:16:05.0533 5052 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:16:05.0535 5052 TDPIPE - ok
08:16:05.0567 5052 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:16:05.0569 5052 TDTCP - ok
08:16:05.0638 5052 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:16:05.0644 5052 tdx - ok
08:16:05.0665 5052 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:16:05.0666 5052 TermDD - ok
08:16:05.0737 5052 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:16:05.0763 5052 TermService - ok
08:16:05.0806 5052 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:16:05.0813 5052 Themes - ok
08:16:05.0873 5052 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:16:05.0876 5052 THREADORDER - ok
08:16:05.0926 5052 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:16:05.0935 5052 TrkWks - ok
08:16:06.0046 5052 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:16:06.0049 5052 TrustedInstaller - ok
08:16:06.0135 5052 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:16:06.0136 5052 tssecsrv - ok
08:16:06.0210 5052 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:16:06.0218 5052 TsUsbFlt - ok
08:16:06.0295 5052 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:16:06.0299 5052 tunnel - ok
08:16:06.0356 5052 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:16:06.0358 5052 uagp35 - ok
08:16:06.0407 5052 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:16:06.0412 5052 udfs - ok
08:16:06.0475 5052 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:16:06.0478 5052 UI0Detect - ok
08:16:06.0487 5052 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:16:06.0490 5052 uliagpkx - ok
08:16:06.0518 5052 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:16:06.0520 5052 umbus - ok
08:16:06.0567 5052 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:16:06.0569 5052 UmPass - ok
08:16:06.0597 5052 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:16:06.0603 5052 upnphost - ok
08:16:06.0637 5052 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:16:06.0640 5052 USBAAPL64 - ok
08:16:06.0668 5052 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:16:06.0670 5052 usbaudio - ok
08:16:06.0694 5052 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:16:06.0696 5052 usbccgp - ok
08:16:06.0742 5052 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:16:06.0744 5052 usbcir - ok
08:16:06.0777 5052 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:16:06.0778 5052 usbehci - ok
08:16:06.0810 5052 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:16:06.0817 5052 usbhub - ok
08:16:06.0828 5052 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:16:06.0830 5052 usbohci - ok
08:16:06.0875 5052 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:16:06.0876 5052 usbprint - ok
08:16:06.0926 5052 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:16:06.0929 5052 usbscan - ok
08:16:06.0946 5052 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:16:06.0949 5052 USBSTOR - ok
08:16:06.0967 5052 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:16:06.0970 5052 usbuhci - ok
08:16:06.0992 5052 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:16:06.0996 5052 UxSms - ok
08:16:07.0032 5052 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:16:07.0034 5052 VaultSvc - ok
08:16:07.0061 5052 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:16:07.0061 5052 vdrvroot - ok
08:16:07.0134 5052 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:16:07.0155 5052 vds - ok
08:16:07.0209 5052 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:16:07.0211 5052 vga - ok
08:16:07.0229 5052 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:16:07.0231 5052 VgaSave - ok
08:16:07.0265 5052 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:16:07.0269 5052 vhdmp - ok
08:16:07.0294 5052 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:16:07.0295 5052 viaide - ok
08:16:07.0314 5052 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:16:07.0316 5052 volmgr - ok
08:16:07.0364 5052 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:16:07.0370 5052 volmgrx - ok
08:16:07.0395 5052 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:16:07.0439 5052 volsnap - ok
08:16:07.0525 5052 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:16:07.0529 5052 vsmraid - ok
08:16:07.0655 5052 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:16:07.0705 5052 VSS - ok
08:16:07.0754 5052 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:16:07.0757 5052 vwifibus - ok
08:16:07.0869 5052 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:16:07.0878 5052 W32Time - ok
08:16:07.0932 5052 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:16:07.0935 5052 WacomPen - ok
08:16:08.0105 5052 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:16:08.0109 5052 WANARP - ok
08:16:08.0201 5052 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:16:08.0202 5052 Wanarpv6 - ok
08:16:08.0259 5052 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:16:08.0287 5052 WatAdminSvc - ok
08:16:08.0360 5052 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:16:08.0386 5052 wbengine - ok
08:16:08.0439 5052 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:16:08.0446 5052 WbioSrvc - ok
08:16:08.0500 5052 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:16:08.0506 5052 wcncsvc - ok
08:16:08.0520 5052 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:16:08.0524 5052 WcsPlugInService - ok
08:16:08.0566 5052 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:16:08.0568 5052 Wd - ok
08:16:08.0595 5052 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:16:08.0611 5052 Wdf01000 - ok
08:16:08.0624 5052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:16:08.0627 5052 WdiServiceHost - ok
08:16:08.0631 5052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:16:08.0633 5052 WdiSystemHost - ok
08:16:08.0678 5052 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:16:08.0683 5052 WebClient - ok
08:16:08.0698 5052 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:16:08.0703 5052 Wecsvc - ok
08:16:08.0717 5052 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:16:08.0720 5052 wercplsupport - ok
08:16:08.0733 5052 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:16:08.0737 5052 WerSvc - ok
08:16:08.0761 5052 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:16:08.0763 5052 WfpLwf - ok
08:16:08.0815 5052 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:16:08.0817 5052 WIMMount - ok
08:16:08.0884 5052 WinDefend - ok
08:16:08.0889 5052 WinHttpAutoProxySvc - ok
08:16:09.0008 5052 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:16:09.0012 5052 Winmgmt - ok
08:16:09.0097 5052 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:16:09.0132 5052 WinRM - ok
08:16:09.0179 5052 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:16:09.0181 5052 WinUsb - ok
08:16:09.0239 5052 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:16:09.0257 5052 Wlansvc - ok
08:16:09.0283 5052 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:16:09.0284 5052 WmiAcpi - ok
08:16:09.0343 5052 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:16:09.0347 5052 wmiApSrv - ok
08:16:09.0412 5052 WMPNetworkSvc - ok
08:16:09.0500 5052 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:16:09.0503 5052 WPCSvc - ok
08:16:09.0558 5052 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:16:09.0564 5052 WPDBusEnum - ok
08:16:09.0612 5052 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:16:09.0621 5052 ws2ifsl - ok
08:16:09.0682 5052 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:16:09.0686 5052 wscsvc - ok
08:16:09.0691 5052 WSearch - ok
08:16:09.0724 5052 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:16:09.0733 5052 WudfPf - ok
08:16:09.0805 5052 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:16:09.0814 5052 wudfsvc - ok
08:16:09.0846 5052 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:16:09.0929 5052 WwanSvc - ok
08:16:10.0067 5052 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
08:16:10.0075 5052 yukonw7 - ok
08:16:10.0113 5052 ================ Scan global ===============================
08:16:10.0184 5052 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:16:10.0293 5052 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:16:10.0352 5052 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:16:10.0436 5052 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:16:10.0496 5052 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:16:10.0499 5052 [Global] - ok
08:16:10.0499 5052 ================ Scan MBR ==================================
08:16:10.0514 5052 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:16:10.0711 5052 \Device\Harddisk0\DR0 - ok
08:16:10.0726 5052 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
08:16:10.0948 5052 \Device\Harddisk1\DR1 - ok
08:16:10.0949 5052 ================ Scan VBR ==================================
08:16:10.0954 5052 [ 862A190355F799DD87A6D87288FF482C ] \Device\Harddisk0\DR0\Partition1
08:16:10.0956 5052 \Device\Harddisk0\DR0\Partition1 - ok
08:16:10.0962 5052 [ F32EF912905B70B115DFD3F4194F11F7 ] \Device\Harddisk1\DR1\Partition1
08:16:10.0965 5052 \Device\Harddisk1\DR1\Partition1 - ok
08:16:10.0966 5052 ============================================================
08:16:10.0966 5052 Scan finished
08:16:10.0966 5052 ============================================================
08:16:10.0985 3240 Detected object count: 0
08:16:10.0985 3240 Actual detected object count: 0





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 08:17:35
-----------------------------
08:17:35.913 OS Version: Windows x64 6.1.7601 Service Pack 1
08:17:35.913 Number of processors: 2 586 0x203
08:17:35.913 ComputerName: MEYER-PC UserName: Meyer
08:17:38.662 Initialize success
08:18:14.423 AVAST engine defs: 12083000
08:18:22.810 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:18:22.813 Disk 0 Vendor: ST3320813AS SD23 Size: 305245MB BusType: 3
08:18:22.818 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-5
08:18:22.823 Disk 1 Vendor: ST380013AS 8.05 Size: 76293MB BusType: 3
08:18:22.840 Disk 0 MBR read successfully
08:18:22.844 Disk 0 MBR scan
08:18:22.848 Disk 0 Windows 7 default MBR code
08:18:22.855 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15000 MB offset 2048
08:18:22.868 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 290243 MB offset 30722048
08:18:22.884 Disk 0 scanning C:\Windows\system32\drivers
08:18:40.686 Service scanning
08:19:15.838 Modules scanning
08:19:15.850 Disk 0 trace - called modules:
08:19:15.874 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
08:19:15.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e65060]
08:19:15.884 3 CLASSPNP.SYS[fffff8800195c43f] -> nt!IofCallDriver -> [0xfffffa8005dc4520]
08:19:15.893 5 ACPI.sys[fffff88000ea77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005dc0680]
08:19:19.296 AVAST engine scan C:\Windows
08:19:23.518 AVAST engine scan C:\Windows\system32
08:22:36.131 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:22:39.756 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:24:26.325 AVAST engine scan C:\Windows\system32\drivers
08:24:44.624 AVAST engine scan C:\Users\Meyer
08:45:28.422 Disk 0 MBR has been saved successfully to "C:\jason\redirect\MBR.dat"
08:45:28.430 The log file has been saved successfully to "C:\jason\redirect\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 08:55:42
-----------------------------
08:55:42.367 OS Version: Windows x64 6.1.7601 Service Pack 1
08:55:42.367 Number of processors: 2 586 0x203
08:55:42.367 ComputerName: MEYER-PC UserName: Meyer
08:55:44.941 Initialize success
08:55:54.285 AVAST engine defs: 12083000
08:55:55.970 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:55:55.970 Disk 0 Vendor: ST3320813AS SD23 Size: 305245MB BusType: 3
08:55:55.970 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-5
08:55:55.970 Disk 1 Vendor: ST380013AS 8.05 Size: 76293MB BusType: 3
08:55:56.033 Disk 0 MBR read successfully
08:55:56.033 Disk 0 MBR scan
08:55:56.033 Disk 0 Windows 7 default MBR code
08:55:56.064 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15000 MB offset 2048
08:55:56.095 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 290243 MB offset 30722048
08:55:56.220 Disk 0 scanning C:\Windows\system32\drivers
08:56:40.075 Service scanning
08:57:12.101 Modules scanning
08:57:12.101 Disk 0 trace - called modules:
08:57:12.647 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
08:57:12.647 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e65060]
08:57:12.647 3 CLASSPNP.SYS[fffff8800195c43f] -> nt!IofCallDriver -> [0xfffffa8005dc4520]
08:57:12.663 5 ACPI.sys[fffff88000ea77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005dc0680]
08:57:16.844 AVAST engine scan C:\Windows
08:57:52.184 AVAST engine scan C:\Windows\system32
09:03:07.130 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:03:11.685 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:04:54.634 AVAST engine scan C:\Windows\system32\drivers
09:05:12.745 AVAST engine scan C:\Users\Meyer
09:23:08.361 AVAST engine scan C:\ProgramData
09:24:11.853 Scan finished successfully
20:34:26.697 Disk 0 MBR has been saved successfully to "C:\jason\redirect\MBR.dat"
20:34:26.697 The log file has been saved successfully to "C:\jason\redirect\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users