Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

click.scour infection google redirect


  • This topic is locked This topic is locked
30 replies to this topic

#1 pumpkinbutts

pumpkinbutts

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 September 2012 - 07:10 AM

Every time we search something in google and then click on the first results link it redirects the computer to click.scour.com or sometimes other search results web pages. have been unsuccessful at finding or removing it. Th computer has also been sluggish and acting funny. please help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by denise at 22:43:46 on 2012-09-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1769 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\denise\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=111913&tt=3412_2&babsrc=HP_ss&mntrId=742836c500000000000000251166c06d
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173605112106p0335v145r4911s427
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Spotify Web Helper] "C:\Users\denise\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AD447820-2E69-47A6-A2D6-47C72A9E5FEE} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\denise\AppData\Roaming\Mozilla\Firefox\Profiles\kd0gdcp7.default\
FF - prefs.js: browser.startup.homepage - www.optonline.net
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z127&form=ZGAADF&install_date=20111216&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111913&tt=3412_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 742836c500000000000000251166c06d
FF - user.js: extensions.BabylonToolbar.instlDay - 15573
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.623:39:15
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-5 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-5 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 676936]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-10-29 240160]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-9 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe --> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-9 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-14 02:22:02 -------- d-----w- C:\$RECYCLE.BIN
2012-09-14 01:44:40 98816 ----a-w- C:\Windows\sed.exe
2012-09-14 01:44:40 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-14 01:44:40 256000 ----a-w- C:\Windows\PEV.exe
2012-09-14 01:44:40 208896 ----a-w- C:\Windows\MBR.exe
2012-09-12 08:08:17 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 08:08:17 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 08:08:16 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 08:08:15 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 08:08:15 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 08:08:15 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 08:08:14 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-01 18:37:04 -------- d-----w- C:\Users\denise\AppData\Roaming\Gamelab
2012-08-30 18:50:27 -------- d-----w- C:\Users\denise\AppData\Roaming\Microsoft Games
2012-08-30 18:50:27 -------- d-----w- C:\ProgramData\Microsoft Games
2012-08-30 18:45:42 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-08-29 19:43:31 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-08-27 01:22:04 -------- d-----w- C:\Program Files (x86)\Disney
2012-08-24 18:08:52 -------- d-----w- C:\Users\denise\AppData\Local\{5A19E90D-AE26-42B6-8050-6186D20DCBBC}
2012-08-22 02:02:24 -------- d-----w- C:\Users\denise\AppData\Local\{B36157F9-AFB8-4917-AB57-457FC95136C0}
2012-08-21 03:38:08 -------- d-----w- C:\ProgramData\Babylon
2012-08-21 03:38:07 -------- d-----w- C:\Users\denise\AppData\Roaming\Babylon
2012-08-21 03:37:53 -------- d-----w- C:\Users\denise\AppData\Roaming\PerformerSoft
2012-08-21 03:37:46 19000 ----a-w- C:\Windows\System32\roboot64.exe
2012-08-15 11:39:16 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 11:39:16 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 11:39:09 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 11:39:09 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 11:39:09 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 11:39:08 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 11:39:05 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-15 11:39:05 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
==================== Find3M ====================
.
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-28 21:17:48 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:44:46.07 ===============
Attached File  Attach.txt   8.53KB   1 downloads

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:23 PM

Posted 14 September 2012 - 09:29 AM

Hello pumpkinbutts,

Welcome to the forum.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 pumpkinbutts

pumpkinbutts
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 September 2012 - 09:39 AM

i dont have a flash drive. do i need to go buy one?

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:23 PM

Posted 14 September 2012 - 09:48 AM

You can use an external drive. But if you don't have that too, put the tool on the root of C drive. You need to check the drive letter when you booted to recovery environment and use the right drive letter as instructed to be able to run the tool.

#5 pumpkinbutts

pumpkinbutts
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 September 2012 - 10:43 AM

thank you. here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2012 01
Ran by SYSTEM at 14-09-2012 11:35:57
Running from C:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-14] (NVIDIA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [162336 2009-07-21] ()
HKU\denise\...\Run: [Spotify Web Helper] "C:\Users\denise\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-20] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services ====================

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
3 GameConsoleService; "C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]

==================== Drivers =================================

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-05-08] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-14 07:19 - 2012-09-14 07:19 - 00000056 ____A C:\Windows\setupact.log
2012-09-14 07:19 - 2012-09-14 07:19 - 00000000 ____A C:\Windows\setuperr.log
2012-09-14 07:07 - 2012-09-14 07:07 - 01453821 ____A (Farbar) C:\FRST64.exe
2012-09-14 04:27 - 2012-09-14 04:27 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-09-14 04:26 - 2012-09-14 04:34 - 00000000 ____D C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-14 04:25 - 2012-09-14 04:25 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\denise\Downloads\SpyHunter-Installer.exe
2012-09-14 04:23 - 2012-09-14 04:23 - 00000000 ____D C:\Users\denise\Documents\tdsskiller
2012-09-14 04:04 - 2012-09-14 04:04 - 00000474 ____A C:\Users\denise\Downloads\defogger_disable.log
2012-09-14 04:04 - 2012-09-14 04:04 - 00000000 ____A C:\Users\denise\defogger_reenable
2012-09-14 04:03 - 2012-09-14 04:03 - 00050477 ____A C:\Users\denise\Downloads\Defogger.exe
2012-09-13 18:47 - 2012-09-13 18:47 - 00509440 ____A (Tech Support Guy System) C:\Users\denise\Downloads\SysInfo.exe
2012-09-13 18:46 - 2012-09-13 18:46 - 00008732 ____A C:\Users\denise\Desktop\Attach.txt
2012-09-13 18:45 - 2012-09-13 18:45 - 00015603 ____A C:\Users\denise\Desktop\DDS.txt
2012-09-13 18:42 - 2012-09-13 18:42 - 00607260 ____R (Swearware) C:\Users\denise\Desktop\dds.com
2012-09-13 18:41 - 2012-09-13 18:42 - 00009536 ____A C:\Users\denise\Desktop\hijackthis.log
2012-09-13 18:39 - 2012-09-13 18:39 - 00388608 ____A (Trend Micro Inc.) C:\Users\denise\Desktop\HijackThis.exe
2012-09-13 18:26 - 2012-09-13 18:26 - 00010634 ____A C:\ComboFix.txt
2012-09-13 17:44 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-13 17:44 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-13 17:44 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-13 17:44 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-13 17:44 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-13 17:44 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-13 17:44 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-13 17:44 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-13 17:43 - 2012-09-13 18:26 - 00000000 ____D C:\Qoobox
2012-09-13 17:43 - 2012-09-13 18:24 - 00000000 ____D C:\Windows\erdnt
2012-09-13 17:42 - 2012-09-13 17:43 - 04749794 ____R (Swearware) C:\Users\denise\Downloads\ComboFix.exe
2012-09-13 17:40 - 2012-09-13 17:40 - 00448512 ____A (OldTimer Tools) C:\Users\denise\Downloads\TFC.exe
2012-09-13 17:28 - 2012-09-13 17:29 - 00002388 ____A C:\Users\denise\Desktop\Rkill.txt
2012-09-13 17:28 - 2012-09-13 17:28 - 01659808 ____A (Bleeping Computer, LLC) C:\Users\denise\Downloads\rkill.exe
2012-09-13 17:28 - 2012-09-13 17:28 - 00000000 ____D C:\Users\denise\Desktop\rkill
2012-09-13 17:22 - 2012-09-13 17:22 - 00001205 ____A C:\Users\denise\Downloads\FixNCR.reg
2012-09-13 17:16 - 2012-09-13 17:16 - 01932256 ____A (Symantec Corporation) C:\Users\denise\Desktop\FixTDSS.exe
2012-09-12 00:08 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 00:08 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 00:08 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 00:08 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 00:08 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 00:08 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 00:08 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-06 16:12 - 2012-09-06 16:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-01 10:37 - 2012-09-01 10:37 - 00000000 ____D C:\Users\denise\AppData\Roaming\Gamelab
2012-09-01 10:33 - 2012-09-01 10:33 - 00352952 ____A (Softonic) C:\Users\denise\Downloads\SoftonicDownloader_for_miss-management.exe
2012-08-30 10:50 - 2012-08-30 10:50 - 00000000 ____D C:\Users\denise\AppData\Roaming\Microsoft Games
2012-08-30 10:50 - 2012-08-30 10:50 - 00000000 ____D C:\Users\All Users\Microsoft Games
2012-08-30 10:47 - 2012-08-30 10:47 - 00002094 ____A C:\Users\Public\Desktop\Zoo Tycoon 2.lnk
2012-08-30 10:45 - 2012-08-30 10:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2012-08-29 11:43 - 2009-03-18 13:35 - 00033856 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys
2012-08-29 10:40 - 2012-09-01 10:36 - 00000000 ____D C:\Users\denise\Desktop\world
2012-08-27 18:42 - 2012-08-27 18:42 - 00322530 ____A C:\Users\denise\Documents\Iíve tried playing it cool, girl when.pptx
2012-08-26 17:22 - 2012-08-26 17:22 - 00000000 ____D C:\Program Files (x86)\Disney
2012-08-26 17:21 - 2012-08-26 17:21 - 01271392 ____A C:\Users\denise\Downloads\Toontown-setup.exe
2012-08-26 16:40 - 2012-08-26 16:41 - 03927560 ____A (Piriform Ltd) C:\Users\denise\Downloads\ccsetup322.exe
2012-08-24 18:18 - 2012-08-24 18:18 - 00000000 ____D C:\Users\denise\Documents\Iím Broken, Do you hear me
2012-08-24 10:08 - 2012-08-24 10:09 - 00000000 ____D C:\Users\denise\AppData\Local\{5A19E90D-AE26-42B6-8050-6186D20DCBBC}
2012-08-24 10:08 - 2012-08-24 10:08 - 00000000 ____D C:\Users\denise\Documents\your insucure
2012-08-22 16:34 - 2012-08-22 16:34 - 00030045 ____A C:\Users\denise\Documents\Presentation1.pptx
2012-08-21 18:02 - 2012-08-21 18:02 - 00000000 ____D C:\Users\denise\AppData\Local\{B36157F9-AFB8-4917-AB57-457FC95136C0}
2012-08-21 18:01 - 2012-08-21 18:01 - 00000000 ____D C:\Users\denise\Documents\1d
2012-08-21 17:42 - 2012-08-24 19:56 - 00151517 ____A C:\Users\denise\Documents\Iím Broken, Do you hear me.pptm
2012-08-20 19:40 - 2012-08-20 19:40 - 00000304 ____A C:\user.js
2012-08-20 19:38 - 2012-08-20 19:38 - 00000000 ____D C:\Users\denise\AppData\Roaming\Babylon
2012-08-20 19:38 - 2012-08-20 19:38 - 00000000 ____D C:\Users\All Users\Babylon
2012-08-20 19:37 - 2012-08-20 19:41 - 00000000 ____D C:\Users\denise\AppData\Roaming\PerformerSoft
2012-08-20 19:37 - 2012-03-14 11:47 - 00019000 ____A (PerformerSoft LLC) C:\Windows\System32\roboot64.exe
2012-08-18 20:44 - 2012-08-18 20:44 - 01239976 ____A (Microsoft Corporation) C:\Users\denise\Downloads\wlsetup-web.exe
2012-08-15 18:38 - 2012-08-15 18:38 - 03907920 ____A (Piriform Ltd) C:\Users\denise\Downloads\ccsetup321.exe
2012-08-15 03:39 - 2012-06-15 21:16 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-15 03:39 - 2012-06-15 21:15 - 00911360 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 03:39 - 2012-06-15 20:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 03:39 - 2012-06-15 20:26 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-15 03:39 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 03:39 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-15 03:39 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 03:39 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-15 03:39 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-15 03:39 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-15 03:38 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 03:38 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 03:38 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 03:38 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 03:38 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 03:38 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-15 03:38 - 2012-06-26 23:06 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 03:38 - 2012-06-26 23:06 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 03:38 - 2012-06-26 23:06 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 03:38 - 2012-06-26 23:03 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 03:38 - 2012-06-26 23:03 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-15 03:38 - 2012-06-26 23:03 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 03:38 - 2012-06-26 23:02 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 03:38 - 2012-06-26 23:02 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 03:38 - 2012-06-26 23:02 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 03:38 - 2012-06-26 23:02 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 03:38 - 2012-06-26 21:53 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 03:38 - 2012-06-26 21:53 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 03:38 - 2012-06-26 21:53 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 03:38 - 2012-06-26 21:51 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 03:38 - 2012-06-26 21:51 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-15 03:38 - 2012-06-26 21:51 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 03:38 - 2012-06-26 21:50 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 03:38 - 2012-06-26 21:50 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 03:38 - 2012-06-26 21:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 03:38 - 2012-06-26 21:50 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 03:38 - 2012-06-26 20:53 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 03:38 - 2012-06-26 20:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 03:38 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll


==================== 3 Months Modified Files ================================

2012-09-14 07:26 - 2012-04-17 04:25 - 01749820 ____A C:\Windows\WindowsUpdate.log
2012-09-14 07:26 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-14 07:26 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-14 07:24 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-14 07:20 - 2011-05-09 02:10 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-14 07:19 - 2012-09-14 07:19 - 00000056 ____A C:\Windows\setupact.log
2012-09-14 07:19 - 2012-09-14 07:19 - 00000000 ____A C:\Windows\setuperr.log
2012-09-14 07:19 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-14 07:07 - 2012-09-14 07:07 - 01453821 ____A (Farbar) C:\FRST64.exe
2012-09-14 07:07 - 2011-05-09 02:10 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-14 04:25 - 2012-09-14 04:25 - 00725440 ____A (Enigma Software Group USA, LLC.) C:\Users\denise\Downloads\SpyHunter-Installer.exe
2012-09-14 04:04 - 2012-09-14 04:04 - 00000474 ____A C:\Users\denise\Downloads\defogger_disable.log
2012-09-14 04:04 - 2012-09-14 04:04 - 00000000 ____A C:\Users\denise\defogger_reenable
2012-09-14 04:03 - 2012-09-14 04:03 - 00050477 ____A C:\Users\denise\Downloads\Defogger.exe
2012-09-13 18:47 - 2012-09-13 18:47 - 00509440 ____A (Tech Support Guy System) C:\Users\denise\Downloads\SysInfo.exe
2012-09-13 18:46 - 2012-09-13 18:46 - 00008732 ____A C:\Users\denise\Desktop\Attach.txt
2012-09-13 18:45 - 2012-09-13 18:45 - 00015603 ____A C:\Users\denise\Desktop\DDS.txt
2012-09-13 18:42 - 2012-09-13 18:42 - 00607260 ____R (Swearware) C:\Users\denise\Desktop\dds.com
2012-09-13 18:42 - 2012-09-13 18:41 - 00009536 ____A C:\Users\denise\Desktop\hijackthis.log
2012-09-13 18:39 - 2012-09-13 18:39 - 00388608 ____A (Trend Micro Inc.) C:\Users\denise\Desktop\HijackThis.exe
2012-09-13 18:26 - 2012-09-13 18:26 - 00010634 ____A C:\ComboFix.txt
2012-09-13 18:22 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-13 17:43 - 2012-09-13 17:42 - 04749794 ____R (Swearware) C:\Users\denise\Downloads\ComboFix.exe
2012-09-13 17:40 - 2012-09-13 17:40 - 00448512 ____A (OldTimer Tools) C:\Users\denise\Downloads\TFC.exe
2012-09-13 17:32 - 2012-01-22 08:51 - 00001118 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-13 17:29 - 2012-09-13 17:28 - 00002388 ____A C:\Users\denise\Desktop\Rkill.txt
2012-09-13 17:28 - 2012-09-13 17:28 - 01659808 ____A (Bleeping Computer, LLC) C:\Users\denise\Downloads\rkill.exe
2012-09-13 17:22 - 2012-09-13 17:22 - 00001205 ____A C:\Users\denise\Downloads\FixNCR.reg
2012-09-13 17:16 - 2012-09-13 17:16 - 01932256 ____A (Symantec Corporation) C:\Users\denise\Desktop\FixTDSS.exe
2012-09-12 23:00 - 2011-05-11 03:19 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-07 13:04 - 2011-07-01 11:22 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-01 10:33 - 2012-09-01 10:33 - 00352952 ____A (Softonic) C:\Users\denise\Downloads\SoftonicDownloader_for_miss-management.exe
2012-08-30 10:47 - 2012-08-30 10:47 - 00002094 ____A C:\Users\Public\Desktop\Zoo Tycoon 2.lnk
2012-08-27 18:42 - 2012-08-27 18:42 - 00322530 ____A C:\Users\denise\Documents\Iíve tried playing it cool, girl when.pptx
2012-08-26 17:21 - 2012-08-26 17:21 - 01271392 ____A C:\Users\denise\Downloads\Toontown-setup.exe
2012-08-26 16:41 - 2012-08-26 16:40 - 03927560 ____A (Piriform Ltd) C:\Users\denise\Downloads\ccsetup322.exe
2012-08-26 16:41 - 2011-05-09 02:17 - 00000831 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-24 19:56 - 2012-08-21 17:42 - 00151517 ____A C:\Users\denise\Documents\Iím Broken, Do you hear me.pptm
2012-08-22 16:37 - 2011-10-11 16:40 - 00007606 ____A C:\Users\denise\AppData\Local\Resmon.ResmonCfg
2012-08-22 16:34 - 2012-08-22 16:34 - 00030045 ____A C:\Users\denise\Documents\Presentation1.pptx
2012-08-22 10:12 - 2012-09-12 00:08 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 00:08 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 00:08 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 00:08 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-20 19:40 - 2012-08-20 19:40 - 00000304 ____A C:\user.js
2012-08-18 20:44 - 2012-08-18 20:44 - 01239976 ____A (Microsoft Corporation) C:\Users\denise\Downloads\wlsetup-web.exe
2012-08-15 23:25 - 2009-07-13 20:45 - 04979472 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 19:21 - 2009-07-13 21:08 - 00032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-15 18:38 - 2012-08-15 18:38 - 03907920 ____A (Piriform Ltd) C:\Users\denise\Downloads\ccsetup321.exe
2012-08-12 15:55 - 2012-08-12 15:55 - 00248308 ____A C:\Users\denise\Desktop\Gods.jar
2012-08-02 09:58 - 2012-09-12 00:08 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 00:08 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-28 13:17 - 2012-07-28 13:17 - 03092640 ____A (Adobe Systems, Inc.) C:\Users\denise\Downloads\install_flash_player_10_plugin.exe
2012-07-28 13:17 - 2012-07-28 13:17 - 00404640 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-28 12:37 - 2012-07-28 12:37 - 00686792 ____A (Adobe Systems Incorporated) C:\Users\denise\Downloads\uninstall_flash_player(1).exe
2012-07-28 12:30 - 2012-07-28 12:30 - 13085120 ____A (Microsoft Corporation) C:\Users\denise\Downloads\Silverlight_x64.exe
2012-07-27 15:10 - 2012-07-27 15:10 - 00052736 ____A (Technic) C:\Users\denise\Downloads\TechnicLauncher(1).exe
2012-07-27 15:09 - 2012-07-27 15:09 - 00052736 ____A (Technic) C:\Users\denise\Downloads\TechnicLauncher.exe
2012-07-18 10:15 - 2012-08-15 03:38 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 18:22 - 2011-05-08 21:48 - 00111232 ____A C:\Users\denise\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-11 23:08 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-07 12:47 - 2012-07-07 12:48 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-07 12:47 - 2012-07-07 12:48 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-07 12:46 - 2012-07-07 12:46 - 00894448 ____A (Oracle Corporation) C:\Users\denise\Downloads\jxpiinstall.exe
2012-07-07 09:28 - 2012-07-07 09:28 - 00686792 ____A (Adobe Systems Incorporated) C:\Users\denise\Downloads\uninstall_flash_player.exe
2012-07-07 09:14 - 2012-07-07 09:14 - 00002028 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-07-07 09:10 - 2012-07-07 09:10 - 05637221 ____A C:\Users\denise\Downloads\PDFReaderSetup.exe
2012-07-04 18:01 - 2012-07-04 18:01 - 00012992 ____A C:\Users\denise\Downloads\hs_err_pid968.log
2012-07-04 14:32 - 2012-07-04 14:32 - 03884544 ____A C:\Users\denise\Downloads\hamachi.msi
2012-07-04 14:16 - 2012-08-15 03:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-15 03:38 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-15 03:38 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-15 03:38 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-15 03:38 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-12 00:08 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-06-26 23:06 - 2012-08-15 03:38 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-26 23:06 - 2012-08-15 03:38 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-26 23:06 - 2012-08-15 03:38 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-26 23:03 - 2012-08-15 03:38 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-26 23:03 - 2012-08-15 03:38 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-26 23:03 - 2012-08-15 03:38 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-26 23:02 - 2012-08-15 03:38 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-26 23:02 - 2012-08-15 03:38 - 02453504 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-26 23:02 - 2012-08-15 03:38 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-26 23:02 - 2012-08-15 03:38 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-26 21:53 - 2012-08-15 03:38 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-26 21:53 - 2012-08-15 03:38 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-26 21:53 - 2012-08-15 03:38 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-26 21:51 - 2012-08-15 03:38 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-26 21:51 - 2012-08-15 03:38 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-26 21:51 - 2012-08-15 03:38 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-26 21:50 - 2012-08-15 03:38 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-26 21:50 - 2012-08-15 03:38 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-26 21:50 - 2012-08-15 03:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-26 21:50 - 2012-08-15 03:38 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-26 20:53 - 2012-08-15 03:38 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-26 20:10 - 2012-08-15 03:38 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-04 20:00:20
Restore point made on: 2012-08-12 20:00:25
Restore point made on: 2012-08-15 23:00:35
Restore point made on: 2012-08-23 21:35:14
Restore point made on: 2012-08-23 21:36:37
Restore point made on: 2012-08-23 22:47:53
Restore point made on: 2012-08-31 20:10:48
Restore point made on: 2012-09-01 10:31:17
Restore point made on: 2012-09-02 15:27:31
Restore point made on: 2012-09-09 21:41:26
Restore point made on: 2012-09-12 23:00:29
Restore point made on: 2012-09-14 04:26:49
Restore point made on: 2012-09-14 04:30:09
Restore point made on: 2012-09-14 04:31:30
Restore point made on: 2012-09-14 04:33:39

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 2815.23 MB
Available physical RAM: 2156.34 MB
Total Pagefile: 2813.38 MB
Available Pagefile: 2155.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: (eMachines) (Fixed) (Total:452.66 GB) (Free:372.44 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:4 GB) NTFS
3 Drive f: (ZOOTYCN2) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 452 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C eMachines NTFS Partition 452 GB Healthy

==================================================================================

Last Boot: 2012-09-05 20:25

==================== End Of Log =============================

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:23 PM

Posted 14 September 2012 - 11:24 AM

I see you have already run meany tools. You do have still redirection?

  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
  • Download aswMBR.exe ( 511KB ) to your desktop.
    • Double click the aswMBR.exe to run it.
    • If it asks to install Avast click "No".
    • Click the "Scan" button.
    • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also the utility makes a file on your desktop named MBR.dat. Right click MBR.dat, select Send To =>Compressed (zipped) folder. Please attach the zipped file to your next reply.


#7 pumpkinbutts

pumpkinbutts
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 September 2012 - 11:50 AM

it doesnt seem to be doing it as much, but occassionally it is still doing it.

12:41:46.0944 1608 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:41:47.0207 1608 ============================================================
12:41:47.0207 1608 Current date / time: 2012/09/14 12:41:47.0207
12:41:47.0207 1608 SystemInfo:
12:41:47.0207 1608
12:41:47.0207 1608 OS Version: 6.1.7601 ServicePack: 1.0
12:41:47.0207 1608 Product type: Workstation
12:41:47.0207 1608 ComputerName: DENISE-PC
12:41:47.0207 1608 UserName: denise
12:41:47.0207 1608 Windows directory: C:\Windows
12:41:47.0207 1608 System windows directory: C:\Windows
12:41:47.0207 1608 Running under WOW64
12:41:47.0207 1608 Processor architecture: Intel x64
12:41:47.0207 1608 Number of processors: 1
12:41:47.0207 1608 Page size: 0x1000
12:41:47.0207 1608 Boot type: Normal boot
12:41:47.0207 1608 ============================================================
12:41:48.0193 1608 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:41:48.0213 1608 ============================================================
12:41:48.0213 1608 \Device\Harddisk0\DR0:
12:41:48.0214 1608 MBR partitions:
12:41:48.0214 1608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
12:41:48.0214 1608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
12:41:48.0214 1608 ============================================================
12:41:48.0238 1608 C: <-> \Device\Harddisk0\DR0\Partition2
12:41:48.0238 1608 ============================================================
12:41:48.0238 1608 Initialize success
12:41:48.0238 1608 ============================================================
12:41:51.0192 3924 ============================================================
12:41:51.0192 3924 Scan started
12:41:51.0192 3924 Mode: Manual;
12:41:51.0192 3924 ============================================================
12:41:51.0781 3924 ================ Scan system memory ========================
12:41:51.0781 3924 System memory - ok
12:41:51.0787 3924 ================ Scan services =============================
12:41:51.0932 3924 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:41:51.0945 3924 1394ohci - ok
12:41:51.0988 3924 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:41:51.0992 3924 ACPI - ok
12:41:52.0032 3924 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:41:52.0036 3924 AcpiPmi - ok
12:41:52.0124 3924 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:41:52.0145 3924 AdobeARMservice - ok
12:41:52.0243 3924 AdobeFlashPlayerUpdateSvc - ok
12:41:52.0295 3924 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:41:52.0311 3924 adp94xx - ok
12:41:52.0329 3924 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:41:52.0343 3924 adpahci - ok
12:41:52.0368 3924 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:41:52.0378 3924 adpu320 - ok
12:41:52.0416 3924 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:41:52.0417 3924 AeLookupSvc - ok
12:41:52.0466 3924 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:41:52.0501 3924 AFD - ok
12:41:52.0554 3924 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:41:52.0561 3924 agp440 - ok
12:41:52.0582 3924 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:41:52.0590 3924 ALG - ok
12:41:52.0614 3924 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:41:52.0620 3924 aliide - ok
12:41:52.0644 3924 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:41:52.0660 3924 amdide - ok
12:41:52.0681 3924 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:41:52.0690 3924 AmdK8 - ok
12:41:52.0712 3924 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:41:52.0720 3924 AmdPPM - ok
12:41:52.0763 3924 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:41:52.0771 3924 amdsata - ok
12:41:52.0793 3924 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:41:52.0803 3924 amdsbs - ok
12:41:52.0827 3924 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:41:52.0828 3924 amdxata - ok
12:41:52.0904 3924 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:41:52.0924 3924 AntiVirSchedulerService - ok
12:41:52.0960 3924 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:41:52.0961 3924 AntiVirService - ok
12:41:53.0002 3924 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:41:53.0009 3924 AppID - ok
12:41:53.0035 3924 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:41:53.0046 3924 AppIDSvc - ok
12:41:53.0091 3924 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:41:53.0092 3924 Appinfo - ok
12:41:53.0160 3924 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:41:53.0181 3924 Apple Mobile Device - ok
12:41:53.0241 3924 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:41:53.0251 3924 arc - ok
12:41:53.0273 3924 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:41:53.0282 3924 arcsas - ok
12:41:53.0315 3924 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:41:53.0320 3924 AsyncMac - ok
12:41:53.0364 3924 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:41:53.0364 3924 atapi - ok
12:41:53.0406 3924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:41:53.0413 3924 AudioEndpointBuilder - ok
12:41:53.0432 3924 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:41:53.0437 3924 AudioSrv - ok
12:41:53.0483 3924 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:41:53.0484 3924 avgntflt - ok
12:41:53.0529 3924 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:41:53.0540 3924 avipbb - ok
12:41:53.0563 3924 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:41:53.0572 3924 avkmgr - ok
12:41:53.0616 3924 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:41:53.0634 3924 AxInstSV - ok
12:41:53.0660 3924 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:41:53.0678 3924 b06bdrv - ok
12:41:53.0706 3924 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:41:53.0718 3924 b57nd60a - ok
12:41:53.0750 3924 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:41:53.0764 3924 BDESVC - ok
12:41:53.0785 3924 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:41:53.0789 3924 Beep - ok
12:41:53.0848 3924 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:41:53.0857 3924 BFE - ok
12:41:53.0919 3924 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:41:53.0930 3924 BITS - ok
12:41:53.0949 3924 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:41:53.0957 3924 blbdrive - ok
12:41:53.0983 3924 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:41:53.0985 3924 bowser - ok
12:41:54.0013 3924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:41:54.0017 3924 BrFiltLo - ok
12:41:54.0037 3924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:41:54.0041 3924 BrFiltUp - ok
12:41:54.0081 3924 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:41:54.0089 3924 BridgeMP - ok
12:41:54.0130 3924 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:41:54.0131 3924 Browser - ok
12:41:54.0158 3924 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:41:54.0171 3924 Brserid - ok
12:41:54.0196 3924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:41:54.0202 3924 BrSerWdm - ok
12:41:54.0222 3924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:41:54.0226 3924 BrUsbMdm - ok
12:41:54.0243 3924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:41:54.0247 3924 BrUsbSer - ok
12:41:54.0272 3924 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:41:54.0280 3924 BTHMODEM - ok
12:41:54.0330 3924 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:41:54.0340 3924 bthserv - ok
12:41:54.0359 3924 catchme - ok
12:41:54.0387 3924 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:41:54.0389 3924 cdfs - ok
12:41:54.0428 3924 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:41:54.0438 3924 cdrom - ok
12:41:54.0487 3924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:41:54.0488 3924 CertPropSvc - ok
12:41:54.0509 3924 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:41:54.0516 3924 circlass - ok
12:41:54.0545 3924 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:41:54.0565 3924 CLFS - ok
12:41:54.0642 3924 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:41:54.0661 3924 clr_optimization_v2.0.50727_32 - ok
12:41:54.0697 3924 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:41:54.0705 3924 clr_optimization_v2.0.50727_64 - ok
12:41:54.0790 3924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:41:54.0791 3924 clr_optimization_v4.0.30319_32 - ok
12:41:54.0818 3924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:41:54.0822 3924 clr_optimization_v4.0.30319_64 - ok
12:41:54.0854 3924 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:41:54.0860 3924 CmBatt - ok
12:41:54.0893 3924 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:41:54.0899 3924 cmdide - ok
12:41:54.0939 3924 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:41:54.0945 3924 CNG - ok
12:41:54.0981 3924 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:41:54.0987 3924 Compbatt - ok
12:41:55.0025 3924 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:41:55.0032 3924 CompositeBus - ok
12:41:55.0056 3924 COMSysApp - ok
12:41:55.0086 3924 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:41:55.0092 3924 crcdisk - ok
12:41:55.0145 3924 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:41:55.0147 3924 CryptSvc - ok
12:41:55.0197 3924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:41:55.0205 3924 DcomLaunch - ok
12:41:55.0237 3924 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:41:55.0241 3924 defragsvc - ok
12:41:55.0283 3924 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:41:55.0284 3924 DfsC - ok
12:41:55.0328 3924 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:41:55.0332 3924 Dhcp - ok
12:41:55.0354 3924 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:41:55.0360 3924 discache - ok
12:41:55.0383 3924 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:41:55.0384 3924 Disk - ok
12:41:55.0415 3924 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:41:55.0418 3924 Dnscache - ok
12:41:55.0457 3924 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:41:55.0470 3924 dot3svc - ok
12:41:55.0507 3924 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:41:55.0509 3924 DPS - ok
12:41:55.0535 3924 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:41:55.0552 3924 drmkaud - ok
12:41:55.0608 3924 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:41:55.0642 3924 DXGKrnl - ok
12:41:55.0678 3924 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:41:55.0680 3924 EapHost - ok
12:41:55.0749 3924 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:41:55.0853 3924 ebdrv - ok
12:41:55.0883 3924 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:41:55.0885 3924 EFS - ok
12:41:55.0929 3924 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:41:55.0962 3924 ehRecvr - ok
12:41:55.0992 3924 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:41:56.0002 3924 ehSched - ok
12:41:56.0041 3924 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:41:56.0065 3924 elxstor - ok
12:41:56.0095 3924 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:41:56.0101 3924 ErrDev - ok
12:41:56.0152 3924 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:41:56.0157 3924 EventSystem - ok
12:41:56.0188 3924 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:41:56.0211 3924 exfat - ok
12:41:56.0236 3924 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:41:56.0247 3924 fastfat - ok
12:41:56.0295 3924 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:41:56.0303 3924 Fax - ok
12:41:56.0338 3924 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:41:56.0345 3924 fdc - ok
12:41:56.0368 3924 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:41:56.0373 3924 fdPHost - ok
12:41:56.0390 3924 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:41:56.0398 3924 FDResPub - ok
12:41:56.0414 3924 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:41:56.0417 3924 FileInfo - ok
12:41:56.0431 3924 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:41:56.0438 3924 Filetrace - ok
12:41:56.0458 3924 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:41:56.0463 3924 flpydisk - ok
12:41:56.0503 3924 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:41:56.0506 3924 FltMgr - ok
12:41:56.0546 3924 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:41:56.0588 3924 FontCache - ok
12:41:56.0645 3924 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:41:56.0669 3924 FontCache3.0.0.0 - ok
12:41:56.0693 3924 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:41:56.0700 3924 FsDepends - ok
12:41:56.0723 3924 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:41:56.0729 3924 Fs_Rec - ok
12:41:56.0787 3924 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:41:56.0789 3924 fvevol - ok
12:41:56.0824 3924 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:41:56.0832 3924 gagp30kx - ok
12:41:56.0903 3924 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
12:41:56.0928 3924 GameConsoleService - ok
12:41:56.0984 3924 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:41:56.0990 3924 GEARAspiWDM - ok
12:41:57.0037 3924 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:41:57.0079 3924 gpsvc - ok
12:41:57.0152 3924 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
12:41:57.0160 3924 Greg_Service - ok
12:41:57.0234 3924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:41:57.0235 3924 gupdate - ok
12:41:57.0259 3924 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:41:57.0262 3924 gupdatem - ok
12:41:57.0294 3924 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
12:41:57.0300 3924 hamachi - ok
12:41:57.0327 3924 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:41:57.0334 3924 hcw85cir - ok
12:41:57.0386 3924 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:41:57.0401 3924 HdAudAddService - ok
12:41:57.0430 3924 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:41:57.0431 3924 HDAudBus - ok
12:41:57.0459 3924 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:41:57.0464 3924 HidBatt - ok
12:41:57.0487 3924 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:41:57.0496 3924 HidBth - ok
12:41:57.0518 3924 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:41:57.0524 3924 HidIr - ok
12:41:57.0557 3924 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:41:57.0565 3924 hidserv - ok
12:41:57.0599 3924 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:41:57.0605 3924 HidUsb - ok
12:41:57.0640 3924 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:41:57.0642 3924 hkmsvc - ok
12:41:57.0686 3924 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:41:57.0703 3924 HomeGroupListener - ok
12:41:57.0736 3924 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:41:57.0748 3924 HomeGroupProvider - ok
12:41:57.0783 3924 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:41:57.0804 3924 HpSAMD - ok
12:41:57.0853 3924 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:41:57.0895 3924 HTTP - ok
12:41:57.0935 3924 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:41:57.0936 3924 hwpolicy - ok
12:41:57.0961 3924 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:41:57.0973 3924 i8042prt - ok
12:41:58.0000 3924 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:41:58.0015 3924 iaStorV - ok
12:41:58.0056 3924 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:41:58.0112 3924 idsvc - ok
12:41:58.0154 3924 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:41:58.0160 3924 iirsp - ok
12:41:58.0194 3924 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:41:58.0204 3924 IKEEXT - ok
12:41:58.0293 3924 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:41:58.0374 3924 IntcAzAudAddService - ok
12:41:58.0399 3924 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:41:58.0404 3924 intelide - ok
12:41:58.0444 3924 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:41:58.0445 3924 intelppm - ok
12:41:58.0491 3924 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:41:58.0500 3924 IPBusEnum - ok
12:41:58.0528 3924 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:41:58.0535 3924 IpFilterDriver - ok
12:41:58.0573 3924 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:41:58.0580 3924 iphlpsvc - ok
12:41:58.0622 3924 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:41:58.0631 3924 IPMIDRV - ok
12:41:58.0659 3924 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:41:58.0667 3924 IPNAT - ok
12:41:58.0748 3924 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:41:58.0754 3924 iPod Service - ok
12:41:58.0779 3924 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:41:58.0785 3924 IRENUM - ok
12:41:58.0807 3924 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:41:58.0824 3924 isapnp - ok
12:41:58.0854 3924 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:41:58.0869 3924 iScsiPrt - ok
12:41:58.0905 3924 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:41:58.0913 3924 kbdclass - ok
12:41:58.0948 3924 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:41:58.0954 3924 kbdhid - ok
12:41:58.0976 3924 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:41:58.0978 3924 KeyIso - ok
12:41:59.0013 3924 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:41:59.0014 3924 KSecDD - ok
12:41:59.0054 3924 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:41:59.0056 3924 KSecPkg - ok
12:41:59.0075 3924 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:41:59.0080 3924 ksthunk - ok
12:41:59.0115 3924 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:41:59.0132 3924 KtmRm - ok
12:41:59.0188 3924 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:41:59.0192 3924 LanmanServer - ok
12:41:59.0232 3924 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:41:59.0235 3924 LanmanWorkstation - ok
12:41:59.0262 3924 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:41:59.0269 3924 lltdio - ok
12:41:59.0325 3924 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:41:59.0345 3924 lltdsvc - ok
12:41:59.0367 3924 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:41:59.0374 3924 lmhosts - ok
12:41:59.0404 3924 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:41:59.0419 3924 LSI_FC - ok
12:41:59.0444 3924 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:41:59.0452 3924 LSI_SAS - ok
12:41:59.0473 3924 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:41:59.0480 3924 LSI_SAS2 - ok
12:41:59.0517 3924 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:41:59.0537 3924 LSI_SCSI - ok
12:41:59.0561 3924 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:41:59.0563 3924 luafv - ok
12:41:59.0626 3924 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:41:59.0627 3924 MBAMProtector - ok
12:41:59.0672 3924 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:41:59.0698 3924 MBAMScheduler - ok
12:41:59.0725 3924 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:41:59.0730 3924 MBAMService - ok
12:41:59.0769 3924 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:41:59.0777 3924 Mcx2Svc - ok
12:41:59.0796 3924 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:41:59.0805 3924 megasas - ok
12:41:59.0824 3924 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:41:59.0836 3924 MegaSR - ok
12:41:59.0913 3924 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:41:59.0938 3924 Microsoft Office Groove Audit Service - ok
12:41:59.0989 3924 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:41:59.0991 3924 MMCSS - ok
12:42:00.0015 3924 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:42:00.0021 3924 Modem - ok
12:42:00.0057 3924 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:42:00.0057 3924 monitor - ok
12:42:00.0093 3924 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:42:00.0100 3924 mouclass - ok
12:42:00.0129 3924 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:42:00.0136 3924 mouhid - ok
12:42:00.0176 3924 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:42:00.0179 3924 mountmgr - ok
12:42:00.0244 3924 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:42:00.0263 3924 MozillaMaintenance - ok
12:42:00.0300 3924 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:42:00.0312 3924 mpio - ok
12:42:00.0336 3924 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:42:00.0343 3924 mpsdrv - ok
12:42:00.0398 3924 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:42:00.0407 3924 MpsSvc - ok
12:42:00.0443 3924 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:42:00.0453 3924 MRxDAV - ok
12:42:00.0484 3924 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:42:00.0486 3924 mrxsmb - ok
12:42:00.0524 3924 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:42:00.0527 3924 mrxsmb10 - ok
12:42:00.0546 3924 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:42:00.0549 3924 mrxsmb20 - ok
12:42:00.0589 3924 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:42:00.0595 3924 msahci - ok
12:42:00.0629 3924 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:42:00.0639 3924 msdsm - ok
12:42:00.0663 3924 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:42:00.0674 3924 MSDTC - ok
12:42:00.0710 3924 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:42:00.0712 3924 Msfs - ok
12:42:00.0741 3924 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:42:00.0746 3924 mshidkmdf - ok
12:42:00.0778 3924 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:42:00.0779 3924 msisadrv - ok
12:42:00.0813 3924 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:42:00.0823 3924 MSiSCSI - ok
12:42:00.0836 3924 msiserver - ok
12:42:00.0869 3924 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:42:00.0873 3924 MSKSSRV - ok
12:42:00.0902 3924 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:42:00.0908 3924 MSPCLOCK - ok
12:42:00.0929 3924 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:42:00.0933 3924 MSPQM - ok
12:42:00.0977 3924 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:42:00.0981 3924 MsRPC - ok
12:42:01.0003 3924 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:42:01.0004 3924 mssmbios - ok
12:42:01.0033 3924 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:42:01.0037 3924 MSTEE - ok
12:42:01.0059 3924 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:42:01.0066 3924 MTConfig - ok
12:42:01.0105 3924 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:42:01.0107 3924 Mup - ok
12:42:01.0155 3924 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:42:01.0162 3924 napagent - ok
12:42:01.0192 3924 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:42:01.0197 3924 NativeWifiP - ok
12:42:01.0251 3924 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:42:01.0261 3924 NDIS - ok
12:42:01.0281 3924 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:42:01.0287 3924 NdisCap - ok
12:42:01.0309 3924 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:42:01.0315 3924 NdisTapi - ok
12:42:01.0359 3924 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:42:01.0365 3924 Ndisuio - ok
12:42:01.0402 3924 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:42:01.0423 3924 NdisWan - ok
12:42:01.0464 3924 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:42:01.0472 3924 NDProxy - ok
12:42:01.0532 3924 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:42:01.0577 3924 Nero BackItUp Scheduler 4.0 - ok
12:42:01.0598 3924 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:42:01.0599 3924 NetBIOS - ok
12:42:01.0639 3924 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:42:01.0653 3924 NetBT - ok
12:42:01.0675 3924 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:42:01.0677 3924 Netlogon - ok
12:42:01.0727 3924 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:42:01.0732 3924 Netman - ok
12:42:01.0757 3924 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:42:01.0790 3924 netprofm - ok
12:42:01.0818 3924 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:42:01.0838 3924 NetTcpPortSharing - ok
12:42:01.0871 3924 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:42:01.0878 3924 nfrd960 - ok
12:42:01.0921 3924 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:42:01.0925 3924 NlaSvc - ok
12:42:01.0943 3924 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:42:01.0945 3924 Npfs - ok
12:42:01.0959 3924 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:42:01.0961 3924 nsi - ok
12:42:01.0981 3924 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:42:01.0986 3924 nsiproxy - ok
12:42:02.0045 3924 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:42:02.0077 3924 Ntfs - ok
12:42:02.0100 3924 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:42:02.0104 3924 Null - ok
12:42:02.0317 3924 [ D7A2CD1D76E6CC996A0852D566AF2F73 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:42:02.0568 3924 nvlddmkm - ok
12:42:02.0607 3924 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:42:02.0615 3924 nvraid - ok
12:42:02.0648 3924 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:42:02.0658 3924 nvstor - ok
12:42:02.0691 3924 [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
12:42:02.0694 3924 nvstor64 - ok
12:42:02.0739 3924 [ 59DD481E0063F8F7EA8B9F149FCACF32 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:42:02.0773 3924 nvsvc - ok
12:42:02.0800 3924 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:42:02.0809 3924 nv_agp - ok
12:42:02.0893 3924 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:42:02.0930 3924 odserv - ok
12:42:02.0973 3924 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:42:02.0981 3924 ohci1394 - ok
12:42:03.0015 3924 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:42:03.0036 3924 ose - ok
12:42:03.0074 3924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:42:03.0087 3924 p2pimsvc - ok
12:42:03.0147 3924 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:42:03.0171 3924 p2psvc - ok
12:42:03.0210 3924 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:42:03.0218 3924 Parport - ok
12:42:03.0255 3924 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:42:03.0256 3924 partmgr - ok
12:42:03.0280 3924 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:42:03.0283 3924 PcaSvc - ok
12:42:03.0303 3924 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:42:03.0306 3924 pci - ok
12:42:03.0340 3924 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:42:03.0341 3924 pciide - ok
12:42:03.0365 3924 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:42:03.0378 3924 pcmcia - ok
12:42:03.0403 3924 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:42:03.0404 3924 pcw - ok
12:42:03.0433 3924 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:42:03.0475 3924 PEAUTH - ok
12:42:03.0556 3924 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:42:03.0563 3924 PerfHost - ok
12:42:03.0637 3924 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:42:03.0673 3924 pla - ok
12:42:03.0722 3924 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:42:03.0728 3924 PlugPlay - ok
12:42:03.0747 3924 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:42:03.0757 3924 PNRPAutoReg - ok
12:42:03.0782 3924 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:42:03.0788 3924 PNRPsvc - ok
12:42:03.0814 3924 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:42:03.0839 3924 PolicyAgent - ok
12:42:03.0878 3924 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:42:03.0882 3924 Power - ok
12:42:03.0923 3924 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:42:03.0932 3924 PptpMiniport - ok
12:42:03.0963 3924 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:42:03.0971 3924 Processor - ok
12:42:04.0022 3924 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:42:04.0026 3924 ProfSvc - ok
12:42:04.0054 3924 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:42:04.0056 3924 ProtectedStorage - ok
12:42:04.0096 3924 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:42:04.0106 3924 Psched - ok
12:42:04.0149 3924 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:42:04.0184 3924 ql2300 - ok
12:42:04.0210 3924 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:42:04.0220 3924 ql40xx - ok
12:42:04.0252 3924 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:42:04.0266 3924 QWAVE - ok
12:42:04.0287 3924 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:42:04.0293 3924 QWAVEdrv - ok
12:42:04.0316 3924 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:42:04.0320 3924 RasAcd - ok
12:42:04.0368 3924 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:42:04.0375 3924 RasAgileVpn - ok
12:42:04.0397 3924 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:42:04.0407 3924 RasAuto - ok
12:42:04.0447 3924 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:42:04.0456 3924 Rasl2tp - ok
12:42:04.0492 3924 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:42:04.0519 3924 RasMan - ok
12:42:04.0552 3924 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:42:04.0560 3924 RasPppoe - ok
12:42:04.0584 3924 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:42:04.0591 3924 RasSstp - ok
12:42:04.0628 3924 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:42:04.0632 3924 rdbss - ok
12:42:04.0667 3924 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:42:04.0672 3924 rdpbus - ok
12:42:04.0696 3924 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:42:04.0701 3924 RDPCDD - ok
12:42:04.0737 3924 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:42:04.0741 3924 RDPENCDD - ok
12:42:04.0768 3924 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:42:04.0771 3924 RDPREFMP - ok
12:42:04.0805 3924 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:42:04.0815 3924 RDPWD - ok
12:42:04.0863 3924 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:42:04.0865 3924 rdyboost - ok
12:42:04.0892 3924 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:42:04.0901 3924 RemoteAccess - ok
12:42:04.0935 3924 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:42:04.0948 3924 RemoteRegistry - ok
12:42:04.0985 3924 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:42:04.0991 3924 RimUsb - ok
12:42:05.0048 3924 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
12:42:05.0060 3924 RimVSerPort - ok
12:42:05.0093 3924 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
12:42:05.0097 3924 ROOTMODEM - ok
12:42:05.0128 3924 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:42:05.0130 3924 RpcEptMapper - ok
12:42:05.0152 3924 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:42:05.0156 3924 RpcLocator - ok
12:42:05.0196 3924 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:42:05.0202 3924 RpcSs - ok
12:42:05.0225 3924 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:42:05.0234 3924 rspndr - ok
12:42:05.0286 3924 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:42:05.0295 3924 RTL8167 - ok
12:42:05.0316 3924 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:42:05.0318 3924 SamSs - ok
12:42:05.0352 3924 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:42:05.0362 3924 sbp2port - ok
12:42:05.0386 3924 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:42:05.0397 3924 SCardSvr - ok
12:42:05.0432 3924 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:42:05.0438 3924 scfilter - ok
12:42:05.0470 3924 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:42:05.0482 3924 Schedule - ok
12:42:05.0520 3924 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:42:05.0521 3924 SCPolicySvc - ok
12:42:05.0558 3924 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:42:05.0576 3924 SDRSVC - ok
12:42:05.0618 3924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:42:05.0623 3924 secdrv - ok
12:42:05.0660 3924 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:42:05.0668 3924 seclogon - ok
12:42:05.0685 3924 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:42:05.0687 3924 SENS - ok
12:42:05.0720 3924 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:42:05.0730 3924 SensrSvc - ok
12:42:05.0752 3924 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:42:05.0757 3924 Serenum - ok
12:42:05.0781 3924 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:42:05.0789 3924 Serial - ok
12:42:05.0829 3924 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:42:05.0834 3924 sermouse - ok
12:42:05.0889 3924 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:42:05.0898 3924 SessionEnv - ok
12:42:05.0936 3924 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:42:05.0942 3924 sffdisk - ok
12:42:05.0958 3924 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:42:05.0962 3924 sffp_mmc - ok
12:42:05.0981 3924 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:42:05.0985 3924 sffp_sd - ok
12:42:06.0005 3924 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:42:06.0009 3924 sfloppy - ok
12:42:06.0046 3924 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:42:06.0066 3924 SharedAccess - ok
12:42:06.0105 3924 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:42:06.0110 3924 ShellHWDetection - ok
12:42:06.0135 3924 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:42:06.0142 3924 SiSRaid2 - ok
12:42:06.0161 3924 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:42:06.0172 3924 SiSRaid4 - ok
12:42:06.0207 3924 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:42:06.0215 3924 Smb - ok
12:42:06.0274 3924 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:42:06.0281 3924 SNMPTRAP - ok
12:42:06.0297 3924 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:42:06.0298 3924 spldr - ok
12:42:06.0342 3924 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:42:06.0350 3924 Spooler - ok
12:42:06.0435 3924 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:42:06.0493 3924 sppsvc - ok
12:42:06.0531 3924 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:42:06.0540 3924 sppuinotify - ok
12:42:06.0633 3924 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:42:06.0648 3924 srv - ok
12:42:06.0736 3924 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:42:06.0741 3924 srv2 - ok
12:42:06.0801 3924 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:42:06.0803 3924 srvnet - ok
12:42:06.0866 3924 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:42:06.0871 3924 SSDPSRV - ok
12:42:06.0897 3924 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:42:06.0920 3924 SstpSvc - ok
12:42:06.0945 3924 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:42:06.0951 3924 stexstor - ok
12:42:07.0020 3924 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:42:07.0040 3924 stisvc - ok
12:42:07.0100 3924 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:42:07.0107 3924 swenum - ok
12:42:07.0246 3924 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:42:07.0292 3924 SwitchBoard - ok
12:42:07.0354 3924 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:42:07.0367 3924 swprv - ok
12:42:07.0485 3924 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:42:07.0505 3924 SysMain - ok
12:42:07.0554 3924 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:42:07.0564 3924 TabletInputService - ok
12:42:07.0607 3924 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:42:07.0699 3924 TapiSrv - ok
12:42:07.0729 3924 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:42:07.0744 3924 TBS - ok
12:42:07.0808 3924 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:42:07.0856 3924 Tcpip - ok
12:42:07.0947 3924 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:42:07.0962 3924 TCPIP6 - ok
12:42:08.0009 3924 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:42:08.0031 3924 tcpipreg - ok
12:42:08.0062 3924 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:42:08.0066 3924 TDPIPE - ok
12:42:08.0105 3924 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:42:08.0141 3924 TDTCP - ok
12:42:08.0194 3924 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:42:08.0203 3924 tdx - ok
12:42:08.0226 3924 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:42:08.0235 3924 TermDD - ok
12:42:08.0269 3924 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:42:08.0279 3924 TermService - ok
12:42:08.0301 3924 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:42:08.0304 3924 Themes - ok
12:42:08.0338 3924 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:42:08.0340 3924 THREADORDER - ok
12:42:08.0360 3924 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:42:08.0371 3924 TrkWks - ok
12:42:08.0427 3924 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:42:08.0429 3924 TrustedInstaller - ok
12:42:08.0474 3924 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:42:08.0484 3924 tssecsrv - ok
12:42:08.0521 3924 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:42:08.0539 3924 TsUsbFlt - ok
12:42:08.0593 3924 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:42:08.0630 3924 tunnel - ok
12:42:08.0662 3924 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:42:08.0670 3924 uagp35 - ok
12:42:08.0721 3924 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:42:08.0754 3924 udfs - ok
12:42:08.0792 3924 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:42:08.0795 3924 UI0Detect - ok
12:42:08.0819 3924 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:42:08.0831 3924 uliagpkx - ok
12:42:08.0869 3924 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:42:08.0888 3924 umbus - ok
12:42:08.0909 3924 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:42:08.0915 3924 UmPass - ok
12:42:08.0969 3924 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
12:42:09.0019 3924 Updater Service - ok
12:42:09.0046 3924 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:42:09.0062 3924 upnphost - ok
12:42:09.0096 3924 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:42:09.0135 3924 USBAAPL64 - ok
12:42:09.0182 3924 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:42:09.0193 3924 usbaudio - ok
12:42:09.0269 3924 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:42:09.0286 3924 usbccgp - ok
12:42:09.0349 3924 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:42:09.0377 3924 usbcir - ok
12:42:09.0414 3924 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:42:09.0432 3924 usbehci - ok
12:42:09.0465 3924 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:42:09.0509 3924 usbhub - ok
12:42:09.0527 3924 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:42:09.0533 3924 usbohci - ok
12:42:09.0566 3924 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:42:09.0571 3924 usbprint - ok
12:42:09.0599 3924 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:42:09.0608 3924 USBSTOR - ok
12:42:09.0628 3924 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:42:09.0635 3924 usbuhci - ok
12:42:09.0668 3924 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:42:09.0671 3924 UxSms - ok
12:42:09.0691 3924 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:42:09.0693 3924 VaultSvc - ok
12:42:09.0740 3924 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:42:09.0743 3924 vdrvroot - ok
12:42:09.0794 3924 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:42:09.0847 3924 vds - ok
12:42:09.0871 3924 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:42:09.0894 3924 vga - ok
12:42:09.0921 3924 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:42:09.0927 3924 VgaSave - ok
12:42:09.0967 3924 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:42:10.0020 3924 vhdmp - ok
12:42:10.0046 3924 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:42:10.0054 3924 viaide - ok
12:42:10.0069 3924 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:42:10.0070 3924 volmgr - ok
12:42:10.0121 3924 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:42:10.0126 3924 volmgrx - ok
12:42:10.0148 3924 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:42:10.0153 3924 volsnap - ok
12:42:10.0187 3924 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:42:10.0248 3924 vsmraid - ok
12:42:10.0308 3924 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:42:10.0338 3924 VSS - ok
12:42:10.0358 3924 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:42:10.0392 3924 vwifibus - ok
12:42:10.0430 3924 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:42:10.0436 3924 W32Time - ok
12:42:10.0462 3924 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:42:10.0475 3924 WacomPen - ok
12:42:10.0512 3924 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:42:10.0548 3924 WANARP - ok
12:42:10.0573 3924 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:42:10.0574 3924 Wanarpv6 - ok
12:42:10.0648 3924 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:42:10.0703 3924 WatAdminSvc - ok
12:42:10.0762 3924 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:42:10.0801 3924 wbengine - ok
12:42:10.0824 3924 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:42:10.0836 3924 WbioSrvc - ok
12:42:10.0879 3924 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:42:10.0894 3924 wcncsvc - ok
12:42:10.0915 3924 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:42:10.0924 3924 WcsPlugInService - ok
12:42:10.0948 3924 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:42:10.0954 3924 Wd - ok
12:42:10.0984 3924 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:42:10.0991 3924 Wdf01000 - ok
12:42:11.0011 3924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:42:11.0022 3924 WdiServiceHost - ok
12:42:11.0037 3924 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:42:11.0040 3924 WdiSystemHost - ok
12:42:11.0092 3924 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:42:11.0113 3924 WebClient - ok
12:42:11.0153 3924 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:42:11.0165 3924 Wecsvc - ok
12:42:11.0209 3924 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:42:11.0212 3924 wercplsupport - ok
12:42:11.0239 3924 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:42:11.0242 3924 WerSvc - ok
12:42:11.0281 3924 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:42:11.0286 3924 WfpLwf - ok
12:42:11.0311 3924 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:42:11.0317 3924 WIMMount - ok
12:42:11.0336 3924 WinDefend - ok
12:42:11.0354 3924 WinHttpAutoProxySvc - ok
12:42:11.0390 3924 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:42:11.0393 3924 Winmgmt - ok
12:42:11.0458 3924 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:42:11.0536 3924 WinRM - ok
12:42:11.0597 3924 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:42:11.0605 3924 WinUsb - ok
12:42:11.0643 3924 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:42:11.0670 3924 Wlansvc - ok
12:42:11.0760 3924 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:42:11.0818 3924 wlidsvc - ok
12:42:11.0848 3924 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:42:11.0851 3924 WmiAcpi - ok
12:42:11.0878 3924 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:42:11.0888 3924 wmiApSrv - ok
12:42:11.0915 3924 WMPNetworkSvc - ok
12:42:11.0945 3924 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:42:11.0952 3924 WPCSvc - ok
12:42:11.0991 3924 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:42:12.0003 3924 WPDBusEnum - ok
12:42:12.0036 3924 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:42:12.0041 3924 ws2ifsl - ok
12:42:12.0060 3924 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:42:12.0063 3924 wscsvc - ok
12:42:12.0077 3924 WSearch - ok
12:42:12.0155 3924 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:42:12.0206 3924 wuauserv - ok
12:42:12.0269 3924 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:42:12.0277 3924 WudfPf - ok
12:42:12.0307 3924 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:42:12.0316 3924 WUDFRd - ok
12:42:12.0358 3924 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:42:12.0367 3924 wudfsvc - ok
12:42:12.0389 3924 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:42:12.0404 3924 WwanSvc - ok
12:42:12.0428 3924 ================ Scan global ===============================
12:42:12.0459 3924 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:42:12.0491 3924 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:42:12.0505 3924 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:42:12.0543 3924 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:42:12.0575 3924 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:42:12.0581 3924 [Global] - ok
12:42:12.0585 3924 ================ Scan MBR ==================================
12:42:12.0601 3924 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
12:42:15.0315 3924 \Device\Harddisk0\DR0 - ok
12:42:15.0321 3924 ================ Scan VBR ==================================
12:42:15.0326 3924 [ 034B1AC14ABDB0D822B98FA7D10521EB ] \Device\Harddisk0\DR0\Partition1
12:42:15.0327 3924 \Device\Harddisk0\DR0\Partition1 - ok
12:42:15.0342 3924 [ B8BBF7394978661ECA3CC30DDC314C23 ] \Device\Harddisk0\DR0\Partition2
12:42:15.0344 3924 \Device\Harddisk0\DR0\Partition2 - ok
12:42:15.0349 3924 ============================================================


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-14 12:47:37
-----------------------------
12:47:37.833 OS Version: Windows x64 6.1.7601 Service Pack 1
12:47:37.833 Number of processors: 1 586 0x1601
12:47:37.834 ComputerName: DENISE-PC UserName: denise
12:47:39.035 Initialize success
12:48:03.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
12:48:03.160 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
12:48:03.176 Disk 0 MBR read successfully
12:48:03.182 Disk 0 MBR scan
12:48:03.189 Disk 0 unknown MBR code
12:48:03.194 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
12:48:03.212 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
12:48:03.224 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824
12:48:03.250 Disk 0 scanning C:\Windows\system32\drivers
12:48:15.750 Service scanning
12:48:39.088 Modules scanning
12:48:39.101 Disk 0 trace - called modules:
12:48:39.124 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
12:48:39.474 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031b6730]
12:48:39.483 3 CLASSPNP.SYS[fffff880019a343f] -> nt!IofCallDriver -> [0xfffffa8002f916a0]
12:48:39.493 5 ACPI.sys[fffff88000ec07a1] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8002d4c9c0]
12:48:39.504 Scan finished successfully
12:48:54.252 Disk 0 MBR has been saved successfully to "C:\Users\denise\Desktop\MBR.dat"
12:48:54.261 The log file has been saved successfully to "C:\Users\denise\Desktop\aswMBR.txt"


Attached File  MBR.zip   469bytes   1 downloads
12:42:15.0349 3924 Scan finished
12:42:15.0349 3924 ============================================================
12:42:15.0370 3984 Detected object count: 0
12:42:15.0370 3984 Actual detected object count: 0
12:42:18.0358 3968 Deinitialize success

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:23 PM

Posted 14 September 2012 - 01:08 PM

The logs looks good. This is the end of trying to run the tools.

We will restore the registry to the time before infection and see how it goes.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the same location as as FRST64 is located (in this case C drive) fixlist.txt

start
Last Boot: 2012-09-05 20:25
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart, boot normally and tell me if you still have redirection.

#9 pumpkinbutts

pumpkinbutts
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 September 2012 - 01:54 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-09-2012 01
Ran by SYSTEM at 2012-09-14 14:43:50 Run:1
Running from C:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

it's still redirecting. now it seems to be going to this link: http://8.26.70.252/see/display.php?q=fun+games&affsub=46938-10090&subid=e10, with the q=part, equaling whatever it is that i've searched for in google.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:23 PM

Posted 14 September 2012 - 02:06 PM

Do you remember the approximate date you got this redirection? It doesn't have to be precise, just a an estimation would be sufficient for us.

#11 pumpkinbutts

pumpkinbutts
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 September 2012 - 02:10 PM

we just noticed it starting yesterday.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:23 PM

Posted 14 September 2012 - 03:10 PM

That is what I thought. Let's try a restore point about two weeks ego.

Please follow my first post to boot to System Restore Options, This time select "System Restore".

Select the Restore Point made on: 2012-09-01 10:31:17

Confirm any prompt. When finished let it start in normal mode. Check the system and tell me if you have still the redirection.

#13 pumpkinbutts

pumpkinbutts
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 September 2012 - 04:04 PM

it's getting worse. when i tried to do the system restore i didnt see thae 2012-09-01 option that you asked me to select, so i selected the nearest one to that which was 2012-08-31. it went through the restore process and then gave me this message:

system restore did not complete successfully. your computer system files and setting were not changed.
details: an unspecified error occurred during system restore (0x800700b7)

when i rebooted, it gave me a fatal error box saying no language file found.

i then tried to go to a google search result link and was redirected to http://63.209.69.107/search/web/fungames/a22/46938-10090/v5.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:23 PM

Posted 14 September 2012 - 05:28 PM

Please let me know if the error at startup appeared again.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#15 pumpkinbutts

pumpkinbutts
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 14 September 2012 - 05:54 PM

yes, im still getting the error at startup.

i tried to run OTL 3 times, and all 3 times it stopped responding when it got to the scanning firefox settings stage. when i brought up the task manager to get out of it, OTL was using 100% CPU.

should i try letting it run longer???




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users