Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit notification from avast in safe mode


  • This topic is locked This topic is locked
30 replies to this topic

#1 johnnyboard

johnnyboard

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 21 September 2012 - 01:18 PM

I was recently infected with zeroaccess, although not very seriously. The initial infection seems to have come from a dummy adobe update window that I clicked yes to. It was very convincing, this was the first time i have ever been taken in by a virus. The reason no huge warning bells went off in my head was that the 'update window' only appeared after i had finished browsing and had opened a pdf.

Anyway, the main symptoms were that McAfee security center would not turn on real time scanning, occasionally the firewall would also go down. I tried scanning with McAfee, but obviously that did not work. At this point system restore was not working. I downloaded and scanned using malwarebytes and that quarantined and deleted a trojan (trojan.phex.THAGen6 according to the log). I then ran malwarebytes in safe mode and deleted a whole more viruses, for some reason I have no log of that so I can not say which ones. After this system restore was an option, so I restored back to a point over a month before the assumed date of infection and after a reinstall of McAfee I was symptom free.

I thought I might have a rootkit hanging around in there somewhere, so I found some antirootkit tools (kaspersky, McAfee, Sophos, Avast, unhackme) and ran them. Although everything comes up clean in regular mode, when I ran avast antirootkit in safe mode it showed 7 rootkits but gave errors when trying to delete them. Sophos in regular mode found 2 of these (identified as parts of zeroaccess, the bits that look for other zeroaccess files) but I can not shift the other 5. I have used the windows utility to clean the computer of temporary files and all but the last restore point, but still they are there. This is only if the Avast antirootkit scan is done in safe mode. I am hoping that these are false positives, or that they are the mangled remains of this thing, but I have no way of knowing.

I have pasted the first and last avast! antirootkit logs straight after this message. There is not much change between these points except that 2 are gone.

In all other respects my computer is symptom free. I am worried that I have something that is either hiding more nasties, or that is about to give me more nasties. Or that is just sitting there waiting for me to enter my banking details.....

It is probably apparent that my level of skill has been quickly exhausted and that my level of paranoia is quite high right now. Even if I knew what these files were it would be a help, the only reference I can find on google is about recycler, but that is old now and surely the rootkit finders would find that. I would really like to erradicate these files if they really are bad, and it would be really good to have a definative way of saying that my machine is clean.

I am using 64 bit windows 7 home premium (hence no GMER log). All updates are current.

Obviously any questions that you have I will gladly answer. Any advice you can give will be gratefully received.

Thanks

avast! Antirootkit, version 0.9.6
Scan started: September-16-12 8:32:49 PM

File C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c **HIDDEN**
File C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c\@ **HIDDEN**
File C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c\L **HIDDEN**
File C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c\U **HIDDEN**
File C:\$Recycle.Bin\S-1-5-21-1357649632-1784832993-3649618266-1001\$e49b658d76ecc7631938dcf3fd32395c\@ **HIDDEN**
File C:\$Recycle.Bin\S-1-5-21-1357649632-1784832993-3649618266-1001\$e49b658d76ecc7631938dcf3fd32395c\L **HIDDEN**
File C:\$Recycle.Bin\S-1-5-21-1357649632-1784832993-3649618266-1001\$e49b658d76ecc7631938dcf3fd32395c\U **HIDDEN**

Scan finished: September-16-12 8:35:49 PM
Hidden files found: 7
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0

avast! Antirootkit, version 0.9.6
Scan started: September-21-12 9:56:41 AM

File C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c **HIDDEN**
File C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c\L **HIDDEN**
File C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c\U **HIDDEN**
File C:\$Recycle.Bin\S-1-5-21-1357649632-1784832993-3649618266-1001\$e49b658d76ecc7631938dcf3fd32395c\L **HIDDEN**
File C:\$Recycle.Bin\S-1-5-21-1357649632-1784832993-3649618266-1001\$e49b658d76ecc7631938dcf3fd32395c\U **HIDDEN**

Scan finished: September-21-12 9:56:50 AM
Hidden files found: 5
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by The Boards at 11:46:17 on 2012-09-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8086.5027 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\AMBSpiE.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files\mcafee\VirusScan\mcods.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627082906.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Face recognition web login for FastAccess: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [FAStartup]
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{29F6D4F8-501F-4514-BCE7-1EA2C1785597} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{29F6D4F8-501F-4514-BCE7-1EA2C1785597}\37072796475623 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{29F6D4F8-501F-4514-BCE7-1EA2C1785597}\64C657666697 : DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
TCP: Interfaces\{E6AFFC00-9409-40DF-8B62-87041F064E14} : DhcpNameServer = 130.15.126.54 130.15.126.52
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627082906.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [FAStartup]
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs.sys --> C:\Windows\system32\drivers\cbfs.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-13 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-8-2 173056]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-8-19 2451440]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-20 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-20 676936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-27 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-13 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-3-13 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-13 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-3 381248]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-13 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/03/13 19:12:30;C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-21 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-3-13 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-3-13 79360]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-21 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-3-13 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-3-13 79360]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-21 12:39:56 16200 ----a-w- C:\Windows\stinger.sys
2012-09-21 00:04:23 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-20 04:00:37 -------- d-----w- C:\Program Files (x86)\stinger
2012-09-18 01:51:43 -------- d-----w- C:\ProgramData\Sophos
2012-09-18 01:22:05 -------- d-----w- C:\Users\The Boards\Pavark
2012-09-18 00:34:20 39184 ----a-w- C:\Windows\System32\Partizan.exe
2012-09-18 00:29:03 -------- d-----w- C:\ProgramData\RegRun
2012-09-18 00:28:48 2 --shatr- C:\Windows\winstart.bat
2012-09-18 00:28:40 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-09-17 00:22:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-17 00:22:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-13 03:42:19 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-12 03:37:03 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 03:37:03 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 03:37:02 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 03:37:02 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 03:37:01 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 03:37:01 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 03:37:01 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-31 20:19:15 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-31 18:22:10 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2012-08-31 18:12:20 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-08-31 05:10:15 -------- d-----w- C:\Users\The Boards\AppData\Roaming\Malwarebytes
2012-08-31 05:09:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-31 05:09:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-09-13 03:42:11 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-13 18:15:46 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 18:15:46 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-24 03:38:44 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-06-24 03:38:43 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-06-24 03:38:43 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-06-24 03:38:43 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH: 11:47:18.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:13 AM

Posted 21 September 2012 - 01:54 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#3 johnnyboard

johnnyboard
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 21 September 2012 - 03:15 PM

Hi. Thanks for the really quick reply. I was working which is why it took a little while to get back to you. I ran the tool and it found nothing. The text is below.

Thanks for the help. It has really been puzzling me why these nasties, which I can only assume are zeroaccess related, have not shown up in any of the antirootkit programs I have run. Especially as some of them specifically target zeroaccess.

Thanks again.

16:09:27.0300 9060 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:09:27.0846 9060 ============================================================
16:09:27.0846 9060 Current date / time: 2012/09/21 16:09:27.0846
16:09:27.0846 9060 SystemInfo:
16:09:27.0846 9060
16:09:27.0846 9060 OS Version: 6.1.7601 ServicePack: 1.0
16:09:27.0846 9060 Product type: Workstation
16:09:27.0846 9060 ComputerName: FLUFFYBEAST
16:09:27.0846 9060 UserName: The Boards
16:09:27.0846 9060 Windows directory: C:\Windows
16:09:27.0846 9060 System windows directory: C:\Windows
16:09:27.0846 9060 Running under WOW64
16:09:27.0846 9060 Processor architecture: Intel x64
16:09:27.0846 9060 Number of processors: 8
16:09:27.0846 9060 Page size: 0x1000
16:09:27.0846 9060 Boot type: Normal boot
16:09:27.0846 9060 ============================================================
16:09:28.0314 9060 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:09:28.0595 9060 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:09:28.0611 9060 ============================================================
16:09:28.0611 9060 \Device\Harddisk0\DR0:
16:09:28.0611 9060 MBR partitions:
16:09:28.0611 9060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
16:09:28.0611 9060 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x54E01EF0
16:09:28.0611 9060 \Device\Harddisk1\DR1:
16:09:28.0611 9060 MBR partitions:
16:09:28.0611 9060 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
16:09:28.0611 9060 ============================================================
16:09:28.0673 9060 C: <-> \Device\Harddisk0\DR0\Partition2
16:09:28.0704 9060 D: <-> \Device\Harddisk1\DR1\Partition1
16:09:28.0704 9060 ============================================================
16:09:28.0704 9060 Initialize success
16:09:28.0704 9060 ============================================================
16:09:32.0947 8868 ============================================================
16:09:32.0947 8868 Scan started
16:09:32.0947 8868 Mode: Manual;
16:09:32.0947 8868 ============================================================
16:09:34.0008 8868 ================ Scan system memory ========================
16:09:34.0008 8868 System memory - ok
16:09:34.0008 8868 ================ Scan services =============================
16:09:34.0242 8868 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:09:34.0242 8868 1394ohci - ok
16:09:34.0289 8868 [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
16:09:34.0336 8868 Acceler - ok
16:09:34.0367 8868 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:09:34.0367 8868 ACPI - ok
16:09:34.0414 8868 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:09:34.0429 8868 AcpiPmi - ok
16:09:34.0632 8868 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:09:34.0632 8868 AdobeARMservice - ok
16:09:34.0679 8868 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:09:34.0679 8868 adp94xx - ok
16:09:34.0710 8868 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:09:34.0710 8868 adpahci - ok
16:09:34.0710 8868 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:09:34.0710 8868 adpu320 - ok
16:09:34.0726 8868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:09:34.0726 8868 AeLookupSvc - ok
16:09:34.0788 8868 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:09:34.0804 8868 AERTFilters - ok
16:09:34.0835 8868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:09:34.0851 8868 AFD - ok
16:09:34.0882 8868 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:09:34.0882 8868 agp440 - ok
16:09:34.0913 8868 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:09:34.0913 8868 ALG - ok
16:09:34.0929 8868 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:09:34.0929 8868 aliide - ok
16:09:34.0929 8868 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:09:34.0944 8868 amdide - ok
16:09:34.0944 8868 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:09:34.0944 8868 AmdK8 - ok
16:09:34.0944 8868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:09:34.0960 8868 AmdPPM - ok
16:09:34.0991 8868 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:09:34.0991 8868 amdsata - ok
16:09:34.0991 8868 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:09:35.0007 8868 amdsbs - ok
16:09:35.0022 8868 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:09:35.0022 8868 amdxata - ok
16:09:35.0053 8868 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
16:09:35.0053 8868 AMPPAL - ok
16:09:35.0069 8868 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
16:09:35.0069 8868 AMPPALP - ok
16:09:35.0147 8868 [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:09:35.0147 8868 AMPPALR3 - ok
16:09:35.0178 8868 [ A98662AF1F4FE95E0B1DAF75B98CFAE3 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
16:09:35.0178 8868 AnyDVD - ok
16:09:35.0209 8868 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:09:35.0209 8868 AppID - ok
16:09:35.0241 8868 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:09:35.0241 8868 AppIDSvc - ok
16:09:35.0256 8868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:09:35.0256 8868 Appinfo - ok
16:09:35.0272 8868 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:09:35.0272 8868 arc - ok
16:09:35.0287 8868 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:09:35.0303 8868 arcsas - ok
16:09:35.0412 8868 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:09:35.0475 8868 aspnet_state - ok
16:09:35.0553 8868 aswArKrn - ok
16:09:35.0568 8868 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:09:35.0584 8868 AsyncMac - ok
16:09:35.0615 8868 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:09:35.0615 8868 atapi - ok
16:09:35.0677 8868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:09:35.0677 8868 AudioEndpointBuilder - ok
16:09:35.0693 8868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:09:35.0693 8868 AudioSrv - ok
16:09:35.0709 8868 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:09:35.0709 8868 AxInstSV - ok
16:09:35.0755 8868 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:09:35.0755 8868 b06bdrv - ok
16:09:35.0787 8868 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:09:35.0802 8868 b57nd60a - ok
16:09:35.0849 8868 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
16:09:35.0943 8868 BBSvc - ok
16:09:35.0974 8868 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
16:09:35.0974 8868 BBUpdate - ok
16:09:36.0005 8868 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:09:36.0005 8868 BDESVC - ok
16:09:36.0036 8868 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:09:36.0052 8868 Beep - ok
16:09:36.0083 8868 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:09:36.0099 8868 BFE - ok
16:09:36.0130 8868 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:09:36.0130 8868 BITS - ok
16:09:36.0192 8868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:09:36.0192 8868 blbdrive - ok
16:09:36.0426 8868 [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
16:09:36.0442 8868 Bluetooth Device Monitor - ok
16:09:36.0535 8868 [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
16:09:36.0551 8868 Bluetooth Media Service - ok
16:09:36.0582 8868 [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
16:09:36.0598 8868 Bluetooth OBEX Service - ok
16:09:36.0629 8868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:09:36.0629 8868 bowser - ok
16:09:36.0660 8868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:09:36.0676 8868 BrFiltLo - ok
16:09:36.0676 8868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:09:36.0676 8868 BrFiltUp - ok
16:09:36.0707 8868 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:09:36.0707 8868 Browser - ok
16:09:36.0707 8868 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:09:36.0707 8868 Brserid - ok
16:09:36.0707 8868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:09:36.0707 8868 BrSerWdm - ok
16:09:36.0707 8868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:09:36.0707 8868 BrUsbMdm - ok
16:09:36.0723 8868 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:09:36.0723 8868 BrUsbSer - ok
16:09:36.0738 8868 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:09:36.0738 8868 BthEnum - ok
16:09:36.0769 8868 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:09:36.0769 8868 BTHMODEM - ok
16:09:36.0785 8868 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:09:36.0785 8868 BthPan - ok
16:09:36.0832 8868 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:09:36.0863 8868 BTHPORT - ok
16:09:36.0910 8868 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:09:36.0910 8868 bthserv - ok
16:09:36.0925 8868 [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:09:36.0925 8868 BTHSSecurityMgr - ok
16:09:36.0941 8868 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:09:36.0957 8868 BTHUSB - ok
16:09:36.0988 8868 [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
16:09:36.0988 8868 btmaux - ok
16:09:37.0035 8868 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
16:09:37.0097 8868 btmhsf - ok
16:09:37.0113 8868 [ D8466DF7629A7ACD2BED0CDE206E5DF9 ] CbFs C:\Windows\system32\drivers\cbfs.sys
16:09:37.0113 8868 CbFs - ok
16:09:37.0128 8868 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:09:37.0144 8868 cdfs - ok
16:09:37.0175 8868 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:09:37.0175 8868 cdrom - ok
16:09:37.0206 8868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:09:37.0206 8868 CertPropSvc - ok
16:09:37.0237 8868 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
16:09:37.0237 8868 cfwids - ok
16:09:37.0253 8868 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:09:37.0253 8868 circlass - ok
16:09:37.0284 8868 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:09:37.0284 8868 CLFS - ok
16:09:37.0347 8868 [ BB86F147B2A7152E4B4D71A2F0A87D41 ] CLKMSVC10_9EC60124 c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
16:09:37.0362 8868 CLKMSVC10_9EC60124 - ok
16:09:37.0409 8868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:09:37.0425 8868 clr_optimization_v2.0.50727_32 - ok
16:09:37.0456 8868 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:09:37.0471 8868 clr_optimization_v2.0.50727_64 - ok
16:09:37.0534 8868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:09:37.0581 8868 clr_optimization_v4.0.30319_32 - ok
16:09:37.0612 8868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:09:37.0659 8868 clr_optimization_v4.0.30319_64 - ok
16:09:37.0690 8868 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:09:37.0690 8868 CmBatt - ok
16:09:37.0690 8868 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:09:37.0690 8868 cmdide - ok
16:09:37.0752 8868 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:09:37.0768 8868 CNG - ok
16:09:37.0783 8868 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:09:37.0783 8868 Compbatt - ok
16:09:37.0815 8868 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:09:37.0815 8868 CompositeBus - ok
16:09:37.0815 8868 COMSysApp - ok
16:09:37.0830 8868 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:09:37.0830 8868 crcdisk - ok
16:09:37.0893 8868 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
16:09:37.0971 8868 Creative ALchemy AL6 Licensing Service - ok
16:09:38.0002 8868 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
16:09:38.0064 8868 Creative Audio Engine Licensing Service - ok
16:09:38.0095 8868 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:09:38.0095 8868 CryptSvc - ok
16:09:38.0142 8868 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
16:09:38.0158 8868 CTAudSvcService - ok
16:09:38.0205 8868 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:09:38.0205 8868 CtClsFlt - ok
16:09:38.0251 8868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:09:38.0267 8868 DcomLaunch - ok
16:09:38.0283 8868 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:09:38.0298 8868 defragsvc - ok
16:09:38.0345 8868 [ 88D5FE2109F1A52CF69BA410082A833A ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
16:09:38.0345 8868 DellDigitalDelivery - ok
16:09:38.0376 8868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:09:38.0376 8868 DfsC - ok
16:09:38.0423 8868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:09:38.0423 8868 Dhcp - ok
16:09:38.0439 8868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:09:38.0439 8868 discache - ok
16:09:38.0485 8868 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:09:38.0485 8868 Disk - ok
16:09:38.0517 8868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:09:38.0517 8868 Dnscache - ok
16:09:38.0548 8868 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:09:38.0548 8868 dot3svc - ok
16:09:38.0563 8868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:09:38.0563 8868 DPS - ok
16:09:38.0595 8868 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:09:38.0595 8868 drmkaud - ok
16:09:38.0641 8868 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:09:38.0657 8868 DXGKrnl - ok
16:09:38.0688 8868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:09:38.0688 8868 EapHost - ok
16:09:38.0766 8868 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:09:38.0782 8868 ebdrv - ok
16:09:38.0813 8868 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:09:38.0844 8868 EFS - ok
16:09:38.0922 8868 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:09:38.0938 8868 ehRecvr - ok
16:09:38.0938 8868 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:09:38.0938 8868 ehSched - ok
16:09:38.0985 8868 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
16:09:38.0985 8868 ElbyCDIO - ok
16:09:39.0016 8868 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:09:39.0031 8868 elxstor - ok
16:09:39.0031 8868 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:09:39.0031 8868 ErrDev - ok
16:09:39.0078 8868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:09:39.0078 8868 EventSystem - ok
16:09:39.0172 8868 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:09:39.0203 8868 EvtEng - ok
16:09:39.0219 8868 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:09:39.0219 8868 exfat - ok
16:09:39.0265 8868 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
16:09:39.0281 8868 FACAP - ok
16:09:39.0390 8868 [ A363FF99DC160B7844A1C1E0D6CEBBE3 ] FAService C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
16:09:39.0406 8868 FAService - ok
16:09:39.0406 8868 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:09:39.0406 8868 fastfat - ok
16:09:39.0437 8868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:09:39.0499 8868 Fax - ok
16:09:39.0531 8868 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:09:39.0531 8868 fdc - ok
16:09:39.0562 8868 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:09:39.0562 8868 fdPHost - ok
16:09:39.0577 8868 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:09:39.0577 8868 FDResPub - ok
16:09:39.0593 8868 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:09:39.0593 8868 FileInfo - ok
16:09:39.0593 8868 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:09:39.0593 8868 Filetrace - ok
16:09:39.0609 8868 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:09:39.0609 8868 flpydisk - ok
16:09:39.0624 8868 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:09:39.0640 8868 FltMgr - ok
16:09:39.0671 8868 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:09:39.0687 8868 FontCache - ok
16:09:39.0733 8868 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:09:39.0796 8868 FontCache3.0.0.0 - ok
16:09:39.0796 8868 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:09:39.0796 8868 FsDepends - ok
16:09:39.0827 8868 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:09:39.0827 8868 Fs_Rec - ok
16:09:39.0843 8868 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:09:39.0843 8868 fvevol - ok
16:09:39.0874 8868 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:09:39.0874 8868 gagp30kx - ok
16:09:39.0921 8868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:09:39.0967 8868 gpsvc - ok
16:09:40.0014 8868 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:09:40.0014 8868 gupdate - ok
16:09:40.0030 8868 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:09:40.0030 8868 gupdatem - ok
16:09:40.0077 8868 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:09:40.0155 8868 gusvc - ok
16:09:40.0170 8868 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:09:40.0170 8868 hcw85cir - ok
16:09:40.0217 8868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:09:40.0217 8868 HDAudBus - ok
16:09:40.0233 8868 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:09:40.0248 8868 HidBatt - ok
16:09:40.0248 8868 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:09:40.0264 8868 HidBth - ok
16:09:40.0279 8868 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:09:40.0279 8868 HidIr - ok
16:09:40.0295 8868 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:09:40.0295 8868 hidserv - ok
16:09:40.0326 8868 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:09:40.0326 8868 HidUsb - ok
16:09:40.0342 8868 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:09:40.0342 8868 hkmsvc - ok
16:09:40.0373 8868 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:09:40.0373 8868 HomeGroupListener - ok
16:09:40.0404 8868 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:09:40.0404 8868 HomeGroupProvider - ok
16:09:40.0435 8868 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:09:40.0435 8868 HpSAMD - ok
16:09:40.0482 8868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:09:40.0498 8868 HTTP - ok
16:09:40.0513 8868 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:09:40.0513 8868 hwpolicy - ok
16:09:40.0545 8868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:09:40.0560 8868 i8042prt - ok
16:09:40.0591 8868 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:09:40.0591 8868 iaStor - ok
16:09:40.0623 8868 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:09:40.0623 8868 iaStorV - ok
16:09:40.0638 8868 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
16:09:40.0638 8868 iBtFltCoex - ok
16:09:40.0701 8868 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:09:40.0747 8868 idsvc - ok
16:09:40.0966 8868 [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:09:41.0153 8868 igfx - ok
16:09:41.0215 8868 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:09:41.0215 8868 iirsp - ok
16:09:41.0262 8868 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:09:41.0278 8868 IKEEXT - ok
16:09:41.0309 8868 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
16:09:41.0309 8868 intaud_WaveExtensible - ok
16:09:41.0418 8868 [ A5F7CEF8A939EBE270462EDEFD629F20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:09:41.0434 8868 IntcAzAudAddService - ok
16:09:41.0465 8868 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:09:41.0481 8868 IntcDAud - ok
16:09:41.0496 8868 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:09:41.0496 8868 intelide - ok
16:09:41.0527 8868 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:09:41.0527 8868 intelppm - ok
16:09:41.0559 8868 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:09:41.0574 8868 IPBusEnum - ok
16:09:41.0590 8868 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:09:41.0605 8868 IpFilterDriver - ok
16:09:41.0637 8868 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:09:41.0637 8868 iphlpsvc - ok
16:09:41.0652 8868 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:09:41.0652 8868 IPMIDRV - ok
16:09:41.0668 8868 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:09:41.0668 8868 IPNAT - ok
16:09:41.0699 8868 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:09:41.0699 8868 IRENUM - ok
16:09:41.0715 8868 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:09:41.0715 8868 isapnp - ok
16:09:41.0730 8868 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:09:41.0730 8868 iScsiPrt - ok
16:09:41.0746 8868 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
16:09:41.0746 8868 iwdbus - ok
16:09:41.0777 8868 [ DD931496F49CDDF4F0B440455423E162 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
16:09:41.0777 8868 JMCR - ok
16:09:41.0808 8868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:09:41.0808 8868 kbdclass - ok
16:09:41.0839 8868 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:09:41.0839 8868 kbdhid - ok
16:09:41.0855 8868 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:09:41.0855 8868 KeyIso - ok
16:09:41.0902 8868 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:09:41.0902 8868 KSecDD - ok
16:09:41.0933 8868 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:09:41.0933 8868 KSecPkg - ok
16:09:41.0949 8868 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:09:41.0949 8868 ksthunk - ok
16:09:41.0980 8868 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:09:41.0980 8868 KtmRm - ok
16:09:42.0027 8868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:09:42.0027 8868 LanmanServer - ok
16:09:42.0058 8868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:09:42.0058 8868 LanmanWorkstation - ok
16:09:42.0089 8868 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:09:42.0089 8868 lltdio - ok
16:09:42.0120 8868 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:09:42.0120 8868 lltdsvc - ok
16:09:42.0151 8868 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:09:42.0151 8868 lmhosts - ok
16:09:42.0198 8868 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:09:42.0214 8868 LMS - ok
16:09:42.0229 8868 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:09:42.0245 8868 LSI_FC - ok
16:09:42.0261 8868 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:09:42.0261 8868 LSI_SAS - ok
16:09:42.0261 8868 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:09:42.0261 8868 LSI_SAS2 - ok
16:09:42.0276 8868 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:09:42.0276 8868 LSI_SCSI - ok
16:09:42.0292 8868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:09:42.0292 8868 luafv - ok
16:09:42.0307 8868 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:09:42.0323 8868 MBAMProtector - ok
16:09:42.0370 8868 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:09:42.0432 8868 MBAMScheduler - ok
16:09:42.0463 8868 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:09:42.0463 8868 MBAMService - ok
16:09:42.0557 8868 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:09:42.0557 8868 McAfee SiteAdvisor Service - ok
16:09:42.0619 8868 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
16:09:42.0666 8868 McAWFwk - ok
16:09:42.0666 8868 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:09:42.0666 8868 McMPFSvc - ok
16:09:42.0697 8868 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:09:42.0697 8868 mcmscsvc - ok
16:09:42.0713 8868 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:09:42.0729 8868 McNaiAnn - ok
16:09:42.0744 8868 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:09:42.0744 8868 McNASvc - ok
16:09:42.0807 8868 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
16:09:42.0807 8868 McODS - ok
16:09:42.0838 8868 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:09:42.0838 8868 McOobeSv - ok
16:09:42.0853 8868 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
16:09:42.0853 8868 McProxy - ok
16:09:42.0900 8868 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:09:42.0947 8868 McShield - ok
16:09:42.0963 8868 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:09:42.0963 8868 Mcx2Svc - ok
16:09:42.0978 8868 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:09:42.0978 8868 megasas - ok
16:09:43.0025 8868 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:09:43.0025 8868 MegaSR - ok
16:09:43.0056 8868 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:09:43.0056 8868 MEIx64 - ok
16:09:43.0103 8868 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
16:09:43.0103 8868 mfeapfk - ok
16:09:43.0119 8868 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
16:09:43.0119 8868 mfeavfk - ok
16:09:43.0150 8868 mfeavfk01 - ok
16:09:43.0181 8868 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:09:43.0243 8868 mfefire - ok
16:09:43.0259 8868 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
16:09:43.0275 8868 mfefirek - ok
16:09:43.0290 8868 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
16:09:43.0306 8868 mfehidk - ok
16:09:43.0337 8868 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
16:09:43.0337 8868 mfenlfk - ok
16:09:43.0353 8868 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
16:09:43.0353 8868 mferkdet - ok
16:09:43.0384 8868 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Windows\system32\mfevtps.exe
16:09:43.0462 8868 mfevtp - ok
16:09:43.0462 8868 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
16:09:43.0462 8868 mfewfpk - ok
16:09:43.0524 8868 Microsoft SharePoint Workspace Audit Service - ok
16:09:43.0555 8868 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:09:43.0555 8868 MMCSS - ok
16:09:43.0571 8868 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:09:43.0571 8868 Modem - ok
16:09:43.0602 8868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:09:43.0602 8868 monitor - ok
16:09:43.0633 8868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:09:43.0633 8868 mouclass - ok
16:09:43.0649 8868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:09:43.0649 8868 mouhid - ok
16:09:43.0680 8868 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:09:43.0680 8868 mountmgr - ok
16:09:43.0680 8868 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:09:43.0696 8868 mpio - ok
16:09:43.0696 8868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:09:43.0696 8868 mpsdrv - ok
16:09:43.0743 8868 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:09:43.0758 8868 MpsSvc - ok
16:09:43.0774 8868 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:09:43.0774 8868 MRxDAV - ok
16:09:43.0789 8868 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:09:43.0789 8868 mrxsmb - ok
16:09:43.0805 8868 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:09:43.0805 8868 mrxsmb10 - ok
16:09:43.0821 8868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:09:43.0821 8868 mrxsmb20 - ok
16:09:43.0852 8868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:09:43.0852 8868 msahci - ok
16:09:43.0883 8868 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:09:43.0899 8868 msdsm - ok
16:09:43.0914 8868 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:09:43.0930 8868 MSDTC - ok
16:09:43.0945 8868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:09:43.0945 8868 Msfs - ok
16:09:43.0977 8868 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:09:43.0977 8868 mshidkmdf - ok
16:09:44.0008 8868 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:09:44.0008 8868 msisadrv - ok
16:09:44.0023 8868 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:09:44.0039 8868 MSiSCSI - ok
16:09:44.0039 8868 msiserver - ok
16:09:44.0070 8868 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:09:44.0070 8868 MSK80Service - ok
16:09:44.0086 8868 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:09:44.0101 8868 MSKSSRV - ok
16:09:44.0101 8868 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:09:44.0117 8868 MSPCLOCK - ok
16:09:44.0133 8868 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:09:44.0133 8868 MSPQM - ok
16:09:44.0179 8868 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:09:44.0179 8868 MsRPC - ok
16:09:44.0195 8868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:09:44.0195 8868 mssmbios - ok
16:09:44.0211 8868 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:09:44.0226 8868 MSTEE - ok
16:09:44.0226 8868 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:09:44.0226 8868 MTConfig - ok
16:09:44.0242 8868 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:09:44.0242 8868 Mup - ok
16:09:44.0289 8868 [ 265937BC59819DF1DAB65E27C60F94C0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:09:44.0367 8868 MyWiFiDHCPDNS - ok
16:09:44.0398 8868 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:09:44.0413 8868 napagent - ok
16:09:44.0429 8868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:09:44.0445 8868 NativeWifiP - ok
16:09:44.0538 8868 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
16:09:44.0554 8868 NAUpdate - ok
16:09:44.0616 8868 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:09:44.0632 8868 NDIS - ok
16:09:44.0647 8868 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:09:44.0647 8868 NdisCap - ok
16:09:44.0663 8868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:09:44.0663 8868 NdisTapi - ok
16:09:44.0679 8868 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:09:44.0694 8868 Ndisuio - ok
16:09:44.0710 8868 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:09:44.0710 8868 NdisWan - ok
16:09:44.0725 8868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:09:44.0725 8868 NDProxy - ok
16:09:44.0757 8868 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:09:44.0757 8868 NetBIOS - ok
16:09:44.0788 8868 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:09:44.0788 8868 NetBT - ok
16:09:44.0803 8868 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:09:44.0803 8868 Netlogon - ok
16:09:44.0835 8868 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:09:44.0850 8868 Netman - ok
16:09:44.0881 8868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:09:44.0928 8868 NetMsmqActivator - ok
16:09:44.0928 8868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:09:44.0928 8868 NetPipeActivator - ok
16:09:44.0944 8868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:09:44.0944 8868 netprofm - ok
16:09:44.0944 8868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:09:44.0944 8868 NetTcpActivator - ok
16:09:44.0944 8868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:09:44.0944 8868 NetTcpPortSharing - ok
16:09:45.0131 8868 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
16:09:45.0271 8868 NETwNs64 - ok
16:09:45.0303 8868 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:09:45.0303 8868 nfrd960 - ok
16:09:45.0334 8868 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:09:45.0349 8868 NlaSvc - ok
16:09:45.0365 8868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:09:45.0365 8868 Npfs - ok
16:09:45.0381 8868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:09:45.0381 8868 nsi - ok
16:09:45.0396 8868 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:09:45.0396 8868 nsiproxy - ok
16:09:45.0474 8868 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:09:45.0474 8868 Ntfs - ok
16:09:45.0490 8868 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:09:45.0490 8868 Null - ok
16:09:45.0521 8868 [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
16:09:45.0521 8868 nusb3hub - ok
16:09:45.0537 8868 [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:09:45.0552 8868 nusb3xhc - ok
16:09:45.0583 8868 [ D980B1551DD0C8BDC3B07D617B4D42A6 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
16:09:45.0599 8868 nvkflt - ok
16:09:45.0833 8868 [ 386FB2E1EF51495629089231957B7D9A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:09:46.0067 8868 nvlddmkm - ok
16:09:46.0083 8868 [ E0CABFD2564CB064EAA5789CD6960C4A ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
16:09:46.0083 8868 nvpciflt - ok
16:09:46.0114 8868 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:09:46.0114 8868 nvraid - ok
16:09:46.0145 8868 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:09:46.0145 8868 nvstor - ok
16:09:46.0192 8868 [ 4DC87CDA61D7B185E79618581F46B85A ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
16:09:46.0239 8868 NvStUSB - ok
16:09:46.0301 8868 [ 3947AD5D03E6ABCCE037801162FDB90D ] nvsvc C:\Windows\system32\nvvsvc.exe
16:09:46.0348 8868 nvsvc - ok
16:09:46.0426 8868 [ C5B3BB5DC9C62700C4A72C2A89CA1D58 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:09:46.0441 8868 nvUpdatusService - ok
16:09:46.0473 8868 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:09:46.0473 8868 nv_agp - ok
16:09:46.0473 8868 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:09:46.0473 8868 ohci1394 - ok
16:09:46.0535 8868 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:09:46.0582 8868 ose - ok
16:09:46.0738 8868 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:09:46.0831 8868 osppsvc - ok
16:09:46.0847 8868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:09:46.0863 8868 p2pimsvc - ok
16:09:46.0863 8868 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:09:46.0878 8868 p2psvc - ok
16:09:46.0894 8868 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:09:46.0909 8868 Parport - ok
16:09:46.0925 8868 Partizan - ok
16:09:46.0941 8868 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:09:46.0941 8868 partmgr - ok
16:09:46.0972 8868 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:09:46.0987 8868 PcaSvc - ok
16:09:47.0019 8868 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:09:47.0019 8868 pci - ok
16:09:47.0050 8868 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:09:47.0050 8868 pciide - ok
16:09:47.0081 8868 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:09:47.0081 8868 pcmcia - ok
16:09:47.0097 8868 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:09:47.0097 8868 pcw - ok
16:09:47.0128 8868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:09:47.0159 8868 PEAUTH - ok
16:09:47.0237 8868 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:09:47.0253 8868 PerfHost - ok
16:09:47.0299 8868 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:09:47.0331 8868 pla - ok
16:09:47.0362 8868 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:09:47.0377 8868 PlugPlay - ok
16:09:47.0393 8868 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:09:47.0393 8868 PNRPAutoReg - ok
16:09:47.0409 8868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:09:47.0409 8868 PNRPsvc - ok
16:09:47.0440 8868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:09:47.0487 8868 PolicyAgent - ok
16:09:47.0518 8868 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
16:09:47.0518 8868 Power - ok
16:09:47.0549 8868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:09:47.0549 8868 PptpMiniport - ok
16:09:47.0565 8868 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:09:47.0580 8868 Processor - ok
16:09:47.0611 8868 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:09:47.0611 8868 ProfSvc - ok
16:09:47.0627 8868 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:09:47.0627 8868 ProtectedStorage - ok
16:09:47.0658 8868 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:09:47.0658 8868 Psched - ok
16:09:47.0689 8868 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:09:47.0689 8868 PxHlpa64 - ok
16:09:47.0721 8868 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
16:09:47.0721 8868 qicflt - ok
16:09:47.0767 8868 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:09:47.0783 8868 ql2300 - ok
16:09:47.0783 8868 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:09:47.0783 8868 ql40xx - ok
16:09:47.0799 8868 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:09:47.0814 8868 QWAVE - ok
16:09:47.0830 8868 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:09:47.0830 8868 QWAVEdrv - ok
16:09:47.0845 8868 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:09:47.0845 8868 RasAcd - ok
16:09:47.0877 8868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:09:47.0877 8868 RasAgileVpn - ok
16:09:47.0908 8868 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:09:47.0908 8868 RasAuto - ok
16:09:47.0923 8868 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:09:47.0923 8868 Rasl2tp - ok
16:09:47.0955 8868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:09:47.0955 8868 RasMan - ok
16:09:48.0001 8868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:09:48.0001 8868 RasPppoe - ok
16:09:48.0017 8868 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:09:48.0017 8868 RasSstp - ok
16:09:48.0048 8868 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:09:48.0048 8868 rdbss - ok
16:09:48.0079 8868 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:09:48.0079 8868 rdpbus - ok
16:09:48.0095 8868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:09:48.0111 8868 RDPCDD - ok
16:09:48.0126 8868 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:09:48.0126 8868 RDPENCDD - ok
16:09:48.0126 8868 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:09:48.0142 8868 RDPREFMP - ok
16:09:48.0173 8868 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:09:48.0189 8868 RDPWD - ok
16:09:48.0220 8868 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:09:48.0235 8868 rdyboost - ok
16:09:48.0313 8868 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:09:48.0329 8868 RegSrvc - ok
16:09:48.0345 8868 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:09:48.0345 8868 RemoteAccess - ok
16:09:48.0360 8868 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:09:48.0360 8868 RemoteRegistry - ok
16:09:48.0407 8868 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:09:48.0407 8868 RFCOMM - ok
16:09:48.0501 8868 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
16:09:48.0532 8868 RoxMediaDB12OEM - ok
16:09:48.0563 8868 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
16:09:48.0563 8868 RoxWatch12 - ok
16:09:48.0579 8868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:09:48.0594 8868 RpcEptMapper - ok
16:09:48.0610 8868 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:09:48.0625 8868 RpcLocator - ok
16:09:48.0641 8868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:09:48.0657 8868 RpcSs - ok
16:09:48.0672 8868 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:09:48.0672 8868 rspndr - ok
16:09:48.0703 8868 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:09:48.0719 8868 RTL8167 - ok
16:09:48.0719 8868 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:09:48.0719 8868 SamSs - ok
16:09:48.0735 8868 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:09:48.0735 8868 sbp2port - ok
16:09:48.0750 8868 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:09:48.0766 8868 SCardSvr - ok
16:09:48.0781 8868 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:09:48.0781 8868 scfilter - ok
16:09:48.0813 8868 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:09:48.0844 8868 Schedule - ok
16:09:48.0859 8868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:09:48.0859 8868 SCPolicySvc - ok
16:09:48.0891 8868 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:09:48.0891 8868 sdbus - ok
16:09:48.0922 8868 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:09:48.0922 8868 SDRSVC - ok
16:09:48.0953 8868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:09:48.0969 8868 secdrv - ok
16:09:48.0969 8868 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:09:48.0984 8868 seclogon - ok
16:09:49.0015 8868 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:09:49.0015 8868 SENS - ok
16:09:49.0047 8868 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:09:49.0047 8868 SensrSvc - ok
16:09:49.0093 8868 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:09:49.0093 8868 Serenum - ok
16:09:49.0109 8868 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:09:49.0109 8868 Serial - ok
16:09:49.0125 8868 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:09:49.0125 8868 sermouse - ok
16:09:49.0156 8868 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:09:49.0156 8868 SessionEnv - ok
16:09:49.0171 8868 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:09:49.0171 8868 sffdisk - ok
16:09:49.0171 8868 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:09:49.0171 8868 sffp_mmc - ok
16:09:49.0171 8868 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:09:49.0203 8868 sffp_sd - ok
16:09:49.0203 8868 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:09:49.0203 8868 sfloppy - ok
16:09:49.0218 8868 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:09:49.0234 8868 SharedAccess - ok
16:09:49.0249 8868 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:09:49.0265 8868 ShellHWDetection - ok
16:09:49.0265 8868 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:09:49.0265 8868 SiSRaid2 - ok
16:09:49.0265 8868 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:09:49.0265 8868 SiSRaid4 - ok
16:09:49.0312 8868 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:09:49.0327 8868 SkypeUpdate - ok
16:09:49.0343 8868 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:09:49.0343 8868 Smb - ok
16:09:49.0390 8868 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:09:49.0390 8868 SNMPTRAP - ok
16:09:49.0421 8868 [ 9B24DCA429F819DB314F30EE4C6C80FD ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
16:09:49.0483 8868 Sound Blaster X-Fi MB Licensing Service - ok
16:09:49.0515 8868 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:09:49.0515 8868 spldr - ok
16:09:49.0530 8868 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:09:49.0546 8868 Spooler - ok
16:09:49.0624 8868 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:09:49.0639 8868 sppsvc - ok
16:09:49.0655 8868 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:09:49.0655 8868 sppuinotify - ok
16:09:49.0671 8868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:09:49.0686 8868 srv - ok
16:09:49.0702 8868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:09:49.0702 8868 srv2 - ok
16:09:49.0702 8868 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:09:49.0702 8868 srvnet - ok
16:09:49.0733 8868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:09:49.0733 8868 SSDPSRV - ok
16:09:49.0733 8868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:09:49.0749 8868 SstpSvc - ok
16:09:49.0780 8868 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
16:09:49.0780 8868 stdcfltn - ok
16:09:49.0811 8868 Steam Client Service - ok
16:09:49.0858 8868 [ B69E79470474A8BEF06BE2130D0210A8 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:09:49.0873 8868 Stereo Service - ok
16:09:49.0889 8868 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:09:49.0889 8868 stexstor - ok
16:09:49.0936 8868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:09:49.0951 8868 stisvc - ok
16:09:49.0998 8868 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:09:50.0061 8868 stllssvr - ok
16:09:50.0076 8868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:09:50.0076 8868 swenum - ok
16:09:50.0139 8868 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:09:50.0139 8868 SwitchBoard - ok
16:09:50.0185 8868 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:09:50.0201 8868 swprv - ok
16:09:50.0232 8868 [ C4CE3CE7E1858B25ADB16938258CD1C9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:09:50.0232 8868 SynTP - ok
16:09:50.0263 8868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:09:50.0279 8868 SysMain - ok
16:09:50.0310 8868 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:09:50.0310 8868 TabletInputService - ok
16:09:50.0326 8868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:09:50.0341 8868 TapiSrv - ok
16:09:50.0341 8868 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:09:50.0357 8868 TBS - ok
16:09:50.0419 8868 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:09:50.0435 8868 Tcpip - ok
16:09:50.0482 8868 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:09:50.0482 8868 TCPIP6 - ok
16:09:50.0497 8868 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:09:50.0497 8868 tcpipreg - ok
16:09:50.0513 8868 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:09:50.0513 8868 TDPIPE - ok
16:09:50.0544 8868 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:09:50.0544 8868 TDTCP - ok
16:09:50.0560 8868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:09:50.0560 8868 tdx - ok
16:09:50.0591 8868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:09:50.0607 8868 TermDD - ok
16:09:50.0638 8868 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:09:50.0653 8868 TermService - ok
16:09:50.0669 8868 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:09:50.0669 8868 Themes - ok
16:09:50.0685 8868 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:09:50.0685 8868 THREADORDER - ok
16:09:50.0700 8868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:09:50.0716 8868 TrkWks - ok
16:09:50.0747 8868 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:09:50.0747 8868 TrustedInstaller - ok
16:09:50.0763 8868 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:09:50.0763 8868 tssecsrv - ok
16:09:50.0778 8868 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:09:50.0778 8868 TsUsbFlt - ok
16:09:50.0794 8868 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:09:50.0794 8868 TsUsbGD - ok
16:09:50.0825 8868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:09:50.0825 8868 tunnel - ok
16:09:50.0856 8868 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
16:09:50.0856 8868 TurboB - ok
16:09:50.0887 8868 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:09:50.0934 8868 TurboBoost - ok
16:09:50.0950 8868 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:09:50.0950 8868 uagp35 - ok
16:09:50.0950 8868 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:09:50.0950 8868 udfs - ok
16:09:50.0981 8868 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:09:50.0981 8868 UI0Detect - ok
16:09:51.0012 8868 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:09:51.0012 8868 uliagpkx - ok
16:09:51.0043 8868 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:09:51.0090 8868 umbus - ok
16:09:51.0106 8868 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:09:51.0106 8868 UmPass - ok
16:09:51.0184 8868 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:09:51.0199 8868 UNS - ok
16:09:51.0215 8868 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:09:51.0215 8868 upnphost - ok
16:09:51.0246 8868 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:09:51.0309 8868 usbccgp - ok
16:09:51.0324 8868 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:09:51.0324 8868 usbcir - ok
16:09:51.0340 8868 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:09:51.0340 8868 usbehci - ok
16:09:51.0371 8868 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:09:51.0387 8868 usbhub - ok
16:09:51.0418 8868 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:09:51.0418 8868 usbohci - ok
16:09:51.0449 8868 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:09:51.0449 8868 usbprint - ok
16:09:51.0480 8868 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:09:51.0480 8868 usbscan - ok
16:09:51.0527 8868 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:09:51.0527 8868 USBSTOR - ok
16:09:51.0558 8868 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:09:51.0558 8868 usbuhci - ok
16:09:51.0589 8868 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:09:51.0589 8868 usbvideo - ok
16:09:51.0621 8868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:09:51.0636 8868 UxSms - ok
16:09:51.0652 8868 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:09:51.0652 8868 VaultSvc - ok
16:09:51.0683 8868 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
16:09:51.0683 8868 VClone - ok
16:09:51.0699 8868 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:09:51.0699 8868 vdrvroot - ok
16:09:51.0730 8868 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:09:51.0745 8868 vds - ok
16:09:51.0761 8868 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:09:51.0761 8868 vga - ok
16:09:51.0761 8868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:09:51.0761 8868 VgaSave - ok
16:09:51.0761 8868 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:09:51.0777 8868 vhdmp - ok
16:09:51.0777 8868 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:09:51.0777 8868 viaide - ok
16:09:51.0792 8868 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:09:51.0792 8868 volmgr - ok
16:09:51.0808 8868 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:09:51.0823 8868 volmgrx - ok
16:09:51.0855 8868 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:09:51.0855 8868 volsnap - ok
16:09:51.0886 8868 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:09:51.0901 8868 vsmraid - ok
16:09:51.0948 8868 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:09:51.0964 8868 VSS - ok
16:09:51.0979 8868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:09:51.0979 8868 vwifibus - ok
16:09:51.0995 8868 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:09:51.0995 8868 vwififlt - ok
16:09:52.0026 8868 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:09:52.0026 8868 vwifimp - ok
16:09:52.0073 8868 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:09:52.0089 8868 W32Time - ok
16:09:52.0104 8868 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:09:52.0104 8868 WacomPen - ok
16:09:52.0120 8868 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:09:52.0120 8868 WANARP - ok
16:09:52.0120 8868 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:09:52.0120 8868 Wanarpv6 - ok
16:09:52.0198 8868 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:09:52.0276 8868 WatAdminSvc - ok
16:09:52.0338 8868 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:09:52.0354 8868 wbengine - ok
16:09:52.0354 8868 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:09:52.0354 8868 WbioSrvc - ok
16:09:52.0385 8868 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:09:52.0385 8868 wcncsvc - ok
16:09:52.0401 8868 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:09:52.0401 8868 WcsPlugInService - ok
16:09:52.0416 8868 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:09:52.0416 8868 Wd - ok
16:09:52.0447 8868 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:09:52.0494 8868 WDC_SAM - ok
16:09:52.0525 8868 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:09:52.0525 8868 Wdf01000 - ok
16:09:52.0541 8868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:09:52.0541 8868 WdiServiceHost - ok
16:09:52.0541 8868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:09:52.0541 8868 WdiSystemHost - ok
16:09:52.0557 8868 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:09:52.0572 8868 WebClient - ok
16:09:52.0572 8868 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:09:52.0572 8868 Wecsvc - ok
16:09:52.0572 8868 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:09:52.0572 8868 wercplsupport - ok
16:09:52.0603 8868 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:09:52.0603 8868 WerSvc - ok
16:09:52.0635 8868 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:09:52.0635 8868 WfpLwf - ok
16:09:52.0666 8868 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
16:09:52.0681 8868 WimFltr - ok
16:09:52.0713 8868 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:09:52.0713 8868 WIMMount - ok
16:09:52.0728 8868 WinDefend - ok
16:09:52.0744 8868 WinHttpAutoProxySvc - ok
16:09:52.0775 8868 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:09:52.0775 8868 Winmgmt - ok
16:09:52.0837 8868 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:09:52.0869 8868 WinRM - ok
16:09:52.0884 8868 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:09:52.0884 8868 WinUsb - ok
16:09:52.0915 8868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:09:52.0947 8868 Wlansvc - ok
16:09:52.0978 8868 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:09:53.0025 8868 wlcrasvc - ok
16:09:53.0118 8868 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:09:53.0134 8868 wlidsvc - ok
16:09:53.0149 8868 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:09:53.0149 8868 WmiAcpi - ok
16:09:53.0181 8868 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:09:53.0181 8868 wmiApSrv - ok
16:09:53.0212 8868 WMPNetworkSvc - ok
16:09:53.0227 8868 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:09:53.0243 8868 WPCSvc - ok
16:09:53.0259 8868 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:09:53.0259 8868 WPDBusEnum - ok
16:09:53.0290 8868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:09:53.0290 8868 ws2ifsl - ok
16:09:53.0305 8868 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:09:53.0321 8868 wscsvc - ok
16:09:53.0321 8868 WSearch - ok
16:09:53.0415 8868 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:09:53.0430 8868 wuauserv - ok
16:09:53.0446 8868 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:09:53.0446 8868 WudfPf - ok
16:09:53.0477 8868 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:09:53.0477 8868 WUDFRd - ok
16:09:53.0493 8868 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:09:53.0508 8868 wudfsvc - ok
16:09:53.0524 8868 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:09:53.0539 8868 WwanSvc - ok
16:09:53.0571 8868 ================ Scan global ===============================
16:09:53.0602 8868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:09:53.0633 8868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:09:53.0649 8868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:09:53.0680 8868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:09:53.0711 8868 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:09:53.0727 8868 [Global] - ok
16:09:53.0727 8868 ================ Scan MBR ==================================
16:09:53.0742 8868 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:09:54.0007 8868 \Device\Harddisk0\DR0 - ok
16:09:54.0007 8868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:09:54.0007 8868 \Device\Harddisk1\DR1 - ok
16:09:54.0007 8868 ================ Scan VBR ==================================
16:09:54.0023 8868 [ 6A72DE7C2FD2256692BF1189EDAEDB55 ] \Device\Harddisk0\DR0\Partition1
16:09:54.0023 8868 \Device\Harddisk0\DR0\Partition1 - ok
16:09:54.0039 8868 [ 7A764E925C0FE0777C3443585E8F08EC ] \Device\Harddisk0\DR0\Partition2
16:09:54.0039 8868 \Device\Harddisk0\DR0\Partition2 - ok
16:09:54.0039 8868 [ 86DD00C2CFE0E29837D1095D83846F06 ] \Device\Harddisk1\DR1\Partition1
16:09:54.0039 8868 \Device\Harddisk1\DR1\Partition1 - ok
16:09:54.0039 8868 ============================================================
16:09:54.0039 8868 Scan finished
16:09:54.0039 8868 ============================================================
16:09:54.0039 8648 Detected object count: 0
16:09:54.0039 8648 Actual detected object count: 0

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:13 AM

Posted 22 September 2012 - 01:48 PM

Good evening. :)

I'm tempted to suggest that you are seeing some leftovers of the infection, but the fact that avast only sees them in Safe Mode suggests otherwise - at least there seems to be more than just some hidden folders present.
Do you have a flashdrive of at least 64 Mb that you can wipe clean?

So long, and thanks for all the fish.

 

 


#5 johnnyboard

johnnyboard
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 22 September 2012 - 02:31 PM

I have a usb3 hard-drive of 500 GB which I could wipe and another usb2 (maybe usb1) drive which I think is about 120 GB. Is a USB hard-drive OK? Actually the 120 GB drive is a hard-drive caddy with an old laptop drive in, so I could lift the maybe infected drive out of the computer and mount it in there to use on another machine if that makes things easier (I already did this to scan with norton on another computer but it came up clean).

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:13 AM

Posted 22 September 2012 - 02:38 PM

Don't see why you can't use a usb hard drive - normally a flashdrive is used because most people have one handy.

  • Download ListParts64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Posted Image

  • Select the Command Prompt option.
  • A command window will open.
  • Type notepad then hit Enter.
  • Notepad will open.
  • Click File > Open then select Computer.
  • Note down the drive letter for your USB Drive.
  • Close Notepad.
[*]Back in the command window ....
  • Type e:\listparts64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
  • ListParts will start to run.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive.
[*]Close the command window.
[*]Boot back into normal mode and post me the Result.txt log please.
[/list]

So long, and thanks for all the fish.

 

 


#7 johnnyboard

johnnyboard
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 22 September 2012 - 02:48 PM

Sorry, mis-read it. I thought you had written 64 GB, muppettry! I have a flash drive that will do the job nicely. It'll take me a while as I have to be a handyman as well today, also I have to find the drive and we have just moved house.

#8 johnnyboard

johnnyboard
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 22 September 2012 - 03:40 PM

Here we go.... I have two '750 GB' drives on that computer. The machine is a Dell XPS laptop if that helps identify the partitions.

ListParts by Farbar Version: 17-09-2012
Ran by SYSTEM (administrator) on 22-09-2012 at 16:31:56
Windows 7 (X64)
Running From: G:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 8086.17 MB
Available physical RAM: 7422.65 MB
Total Pagefile: 8084.37 MB
Available Pagefile: 7406.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:679 GB) (Free:608.28 GB) NTFS
2 Drive d: () (Fixed) (Total:698.63 GB) (Free:177.2 GB) NTFS
4 Drive f: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (USB DISK) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 698 GB 2048 KB
Disk 2 Online 3820 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 698 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 19 GB 104 MB
Partition 3 Primary 679 GB 19 GB

======================================================================================================

Disk: 1
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 101 MB Healthy Hidden

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F RECOVERY NTFS Partition 19 GB Healthy

======================================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 679 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3816 MB 4032 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB DISK FAT32 Removable 3816 MB Healthy

======================================================================================================

****** End Of Log ******

#9 johnnyboard

johnnyboard
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 22 September 2012 - 06:05 PM

I just re-read my original post and realised that I did not mention that I had to manually remove some quarantined files, for which I needed help from the McAfee community forum. This was apparently because system restore had effectively corrupted them, so McAfee was not able to delete them from within itself. There were 5 files that were variations on zeroaccess. Remember that until Sophos removed two files, avast was finding 7 rootkits. The time and date of infection corresponded to a time when my computer was not on (but way after the date of system restore), which I suppose is consistent with the files being leftover from before system restore. It was a little weird. Just thought I should mention it for the sake of completeness.

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:13 AM

Posted 23 September 2012 - 02:16 PM

Good evening. :)

We'll try something else. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options.

  • To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt.
  • In the Command Window type in notepad and hit <ENTER>.
  • When a notepad window opens, under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and hit <ENTER>.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

So long, and thanks for all the fish.

 

 


#11 johnnyboard

johnnyboard
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 23 September 2012 - 07:23 PM

Hiya, happy monday :lol:

Thanks for all the help. I really appreciate it. Here is the log, I noticed some zeroaccess files in it which I assume are the ones we are hunting that avast found in safe mode. I hope the info helps decide if these files are an issue or not, hopefully we can get rid of them either way!

Thanks again.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2012
Ran by SYSTEM at 23-09-2012 20:01:30
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-26] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7284328 2011-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [540992 2011-11-04] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-11-01] (Intel® Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-08-29] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [CTMasterOnOffMonitor] Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch [x]
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [96240 2011-08-19] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2011-12-31] ()
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\The Boards\...\Run: [AdobeBridge] [x]
HKU\The Boards\...\Run: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" [x]
HKLM-x32\...\runonceex: [Flags] 128
HKLM-x32\...\runonceex: [Title] UnHackMe Rootkit Check
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Lsa: [Notification Packages] scecli FAPassSync

==================== Services (Whitelisted) ===================

2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [936272 2011-10-18] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1354064 2011-10-18] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-10-18] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [135440 2011-10-20] (Intel® Corporation)
2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [173056 2012-08-02] (Dell Products, LP.)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [224704 2011-03-08] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()

==================== Drivers (Whitelisted) =====================

3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-03-09] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138360 2012-03-09] (SlySoft, Inc.)
1 CbFs; C:\Windows\System32\Drivers\CbFs.sys [191960 2010-02-16] (EldoS Corporation)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2011-11-04] (NVIDIA Corporation)
3 aswArKrn; \??\C:\Users\THEBOA~1\AppData\Local\Temp\aswArKrn.sys [x]
3 mfeavfk01; [x]
0 Partizan; C:\Windows\System32\drivers\Partizan.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-22 15:48 - 2012-08-24 06:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 15:48 - 2012-08-24 05:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 15:48 - 2012-08-24 05:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 15:48 - 2012-08-24 05:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 15:48 - 2012-08-24 05:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 15:48 - 2012-08-24 05:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 15:48 - 2012-08-24 05:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 15:48 - 2012-08-24 05:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 15:48 - 2012-08-24 05:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 15:48 - 2012-08-24 05:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 15:48 - 2012-08-24 05:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 15:48 - 2012-08-24 05:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 15:48 - 2012-08-24 05:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 15:48 - 2012-08-24 05:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 15:48 - 2012-08-24 05:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 15:48 - 2012-08-24 05:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 15:48 - 2012-08-24 02:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-22 15:48 - 2012-08-24 02:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-22 15:48 - 2012-08-24 01:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-22 15:48 - 2012-08-24 01:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-22 15:48 - 2012-08-24 01:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-22 15:48 - 2012-08-24 01:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-22 15:48 - 2012-08-24 01:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-22 15:48 - 2012-08-24 01:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-22 15:48 - 2012-08-24 01:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-22 15:48 - 2012-08-24 01:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-22 15:48 - 2012-08-24 01:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-22 15:48 - 2012-08-24 01:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-22 15:48 - 2012-08-24 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-22 15:48 - 2012-08-24 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-22 15:48 - 2012-08-24 01:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-22 15:48 - 2012-08-24 01:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 10:42 - 2012-09-21 10:42 - 00000000 ____A C:\Users\The Boards\defogger_reenable
2012-09-21 08:57 - 2012-09-23 18:52 - 00001074 ____A C:\Windows\setupact.log
2012-09-21 08:57 - 2012-09-21 08:57 - 00000000 ____A C:\Windows\setuperr.log
2012-09-21 07:39 - 2012-09-21 07:39 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-09-19 23:00 - 2012-09-21 07:47 - 00000000 ____D C:\Program Files (x86)\stinger
2012-09-19 08:23 - 2012-09-19 08:58 - 00000000 ____D C:\Users\The Boards\Desktop\Sarah's 2nd Year Photo Book
2012-09-17 20:51 - 2012-09-17 20:51 - 00000000 ____D C:\Users\All Users\Sophos
2012-09-17 20:51 - 2012-09-17 20:51 - 00000000 ____D C:\Users\All Users\Application Data\Sophos
2012-09-17 20:22 - 2012-09-17 20:22 - 00000000 ____D C:\Users\The Boards\Pavark
2012-09-17 19:35 - 2012-09-21 06:26 - 00000250 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2012-09-17 19:34 - 2012-09-17 19:34 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2012-09-17 19:29 - 2012-09-21 06:28 - 00000000 ____D C:\Users\All Users\RegRun
2012-09-17 19:29 - 2012-09-21 06:28 - 00000000 ____D C:\Users\All Users\Application Data\RegRun
2012-09-17 19:28 - 2012-09-21 06:29 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2012-09-17 19:28 - 2012-09-17 19:28 - 00000002 RASHOT C:\Windows\winstart.bat
2012-09-17 19:28 - 2012-09-17 19:28 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-09-17 19:28 - 2012-09-17 19:28 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-09-16 19:25 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120916-202513.backup
2012-09-16 19:22 - 2012-09-21 07:19 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-09-16 19:22 - 2012-09-21 07:19 - 00000000 ____D C:\Users\All Users\Application Data\Spybot - Search & Destroy
2012-09-16 19:22 - 2012-09-21 07:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-16 17:00 - 2012-09-16 17:00 - 16409960 ____A (Safer Networking Limited ) C:\Users\Public\Downloads\spybotsd162.exe
2012-09-16 16:58 - 2012-09-16 16:58 - 00231390 ____A C:\Users\Public\Downloads\RootkitRevealer.zip
2012-09-16 16:58 - 2012-09-16 16:58 - 00000000 ____D C:\Users\Public\Downloads\RootkitRevealer
2012-09-12 22:42 - 2012-09-12 22:42 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-12 22:42 - 2012-09-12 22:42 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-12 22:42 - 2012-09-12 22:42 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-12 22:42 - 2012-09-12 22:42 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-11 22:37 - 2012-08-22 13:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-11 22:37 - 2012-08-22 13:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-11 22:37 - 2012-08-22 13:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-11 22:37 - 2012-08-22 13:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-11 22:37 - 2012-08-02 12:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-11 22:37 - 2012-08-02 11:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-11 22:37 - 2012-07-04 15:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-08-31 15:19 - 2012-07-06 15:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-31 13:15 - 2012-07-18 13:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-31 13:15 - 2012-07-04 17:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-31 13:15 - 2012-07-04 17:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-31 13:15 - 2012-07-04 17:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-31 13:15 - 2012-07-04 16:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-31 13:15 - 2012-07-04 16:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-31 13:15 - 2012-05-14 00:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-31 13:15 - 2012-05-05 03:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-31 13:15 - 2012-05-05 02:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-31 13:15 - 2012-02-11 01:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-31 13:15 - 2012-02-11 01:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-31 13:15 - 2012-02-11 01:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-31 13:15 - 2012-02-11 00:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-31 13:12 - 2012-08-31 13:12 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2012-08-31 00:10 - 2012-08-31 00:10 - 00000000 ____D C:\Users\The Boards\Application Data\Malwarebytes
2012-08-31 00:10 - 2012-08-31 00:10 - 00000000 ____D C:\Users\The Boards\AppData\Roaming\Malwarebytes
2012-08-31 00:09 - 2012-08-31 00:09 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-31 00:09 - 2012-08-31 00:09 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes


==================== 3 Months Modified Files ==================

2012-09-23 18:56 - 2012-03-13 20:01 - 01656210 ____A C:\Windows\WindowsUpdate.log
2012-09-23 18:54 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-23 18:52 - 2012-09-21 08:57 - 00001074 ____A C:\Windows\setupact.log
2012-09-23 18:51 - 2012-04-21 16:32 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-23 13:30 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-23 13:30 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-23 11:23 - 2012-04-21 16:32 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-23 11:23 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-21 10:42 - 2012-09-21 10:42 - 00000000 ____A C:\Users\The Boards\defogger_reenable
2012-09-21 08:57 - 2012-09-21 08:57 - 00000000 ____A C:\Windows\setuperr.log
2012-09-21 07:39 - 2012-09-21 07:39 - 00016200 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-09-21 06:26 - 2012-09-17 19:35 - 00000250 ____A C:\Windows\SysWOW64\PARTIZAN.TXT
2012-09-17 19:34 - 2012-09-17 19:34 - 00039184 ____A (Greatis Software) C:\Windows\System32\Partizan.exe
2012-09-17 19:28 - 2012-09-17 19:28 - 00000002 RASHOT C:\Windows\winstart.bat
2012-09-17 19:28 - 2012-09-17 19:28 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT
2012-09-17 19:28 - 2012-09-17 19:28 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2012-09-16 17:00 - 2012-09-16 17:00 - 16409960 ____A (Safer Networking Limited ) C:\Users\Public\Downloads\spybotsd162.exe
2012-09-16 16:58 - 2012-09-16 16:58 - 00231390 ____A C:\Users\Public\Downloads\RootkitRevealer.zip
2012-09-16 11:30 - 2010-11-20 22:47 - 00064298 ____A C:\Windows\PFRO.log
2012-09-12 22:42 - 2012-09-12 22:42 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-12 22:42 - 2012-09-12 22:42 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-12 22:42 - 2012-09-12 22:42 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-12 22:42 - 2012-09-12 22:42 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-12 22:42 - 2012-04-16 21:25 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-09-11 22:38 - 2012-03-24 14:57 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-31 15:44 - 2009-07-13 23:45 - 05023864 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-31 13:20 - 2012-03-21 20:05 - 00126072 ____A C:\Users\The Boards\Local Settings\GDIPFONTCACHEV1.DAT
2012-08-31 13:20 - 2012-03-21 20:05 - 00126072 ____A C:\Users\The Boards\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-08-31 13:20 - 2012-03-21 20:05 - 00126072 ____A C:\Users\The Boards\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-24 06:15 - 2012-09-22 15:48 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 05:39 - 2012-09-22 15:48 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 05:31 - 2012-09-22 15:48 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 05:22 - 2012-09-22 15:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 05:21 - 2012-09-22 15:48 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 05:20 - 2012-09-22 15:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 05:18 - 2012-09-22 15:48 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 05:17 - 2012-09-22 15:48 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 05:14 - 2012-09-22 15:48 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 05:14 - 2012-09-22 15:48 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 05:13 - 2012-09-22 15:48 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 05:12 - 2012-09-22 15:48 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 05:11 - 2012-09-22 15:48 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 05:10 - 2012-09-22 15:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 05:09 - 2012-09-22 15:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 05:04 - 2012-09-22 15:48 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-24 02:27 - 2012-09-22 15:48 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-24 02:03 - 2012-09-22 15:48 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-24 01:59 - 2012-09-22 15:48 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-24 01:51 - 2012-09-22 15:48 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-24 01:51 - 2012-09-22 15:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-24 01:51 - 2012-09-22 15:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-24 01:49 - 2012-09-22 15:48 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-24 01:48 - 2012-09-22 15:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-24 01:47 - 2012-09-22 15:48 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-24 01:47 - 2012-09-22 15:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-24 01:47 - 2012-09-22 15:48 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-24 01:45 - 2012-09-22 15:48 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-24 01:44 - 2012-09-22 15:48 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-24 01:44 - 2012-09-22 15:48 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-24 01:43 - 2012-09-22 15:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-24 01:40 - 2012-09-22 15:48 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 13:12 - 2012-09-11 22:37 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 13:12 - 2012-09-11 22:37 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 13:12 - 2012-09-11 22:37 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 13:12 - 2012-09-11 22:37 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-02 12:58 - 2012-09-11 22:37 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 11:57 - 2012-09-11 22:37 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-21 18:02 - 2012-03-13 19:06 - 00217518 ____A C:\Windows\DirectX.log
2012-07-18 13:15 - 2012-08-31 13:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-13 13:15 - 2012-03-28 21:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-13 13:15 - 2012-03-13 18:09 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-06 15:07 - 2012-08-31 15:19 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 17:16 - 2012-08-31 13:15 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 17:13 - 2012-08-31 13:15 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 17:13 - 2012-08-31 13:15 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 16:16 - 2012-08-31 13:15 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 16:14 - 2012-08-31 13:15 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 15:26 - 2012-09-11 22:37 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-07-01 12:50 - 2012-03-28 20:01 - 00000083 ___SH C:\Users\All Users\Application Data\.zreglib
2012-07-01 12:50 - 2012-03-28 20:01 - 00000083 ___SH C:\Users\All Users\.zreglib
2012-06-26 22:04 - 2012-06-26 22:03 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log


ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c
C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c\L
C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1357649632-1784832993-3649618266-1001\$e49b658d76ecc7631938dcf3fd32395c
C:\$Recycle.Bin\S-1-5-21-1357649632-1784832993-3649618266-1001\$e49b658d76ecc7631938dcf3fd32395c\L
C:\$Recycle.Bin\S-1-5-21-1357649632-1784832993-3649618266-1001\$e49b658d76ecc7631938dcf3fd32395c\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-21 07:21:27
Restore point made on: 2012-09-22 15:48:18

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8086.17 MB
Available physical RAM: 7272.34 MB
Total Pagefile: 8084.37 MB
Available Pagefile: 7268.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:679 GB) (Free:607.7 GB) NTFS
2 Drive d: () (Fixed) (Total:698.63 GB) (Free:177.2 GB) NTFS
4 Drive f: (USB DISK) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
5 Drive g: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 2048 KB
Disk 1 Online 698 GB 0 B
Disk 2 Online 3820 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 19 GB 104 MB
Partition 3 Primary 679 GB 19 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 101 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 G RECOVERY NTFS Partition 19 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 679 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 698 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3816 MB 4032 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F USB DISK FAT32 Removable 3816 MB Healthy

=========================================================

Last Boot: 2012-09-19 20:03

==================== End Of Log =============================

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:13 AM

Posted 24 September 2012 - 03:41 PM

Good evening. :)

Hiya, happy monday :lol:

I see you have a sense of humour - Mondays, happy, :censored:

* Please read to the end BEFORE you follow these instructions.

Copy and paste the following text into a new Notepad window and save it alongside FRST as fixlist.txt:

CMD: ren "C:\$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c" "junkfolder1"
CMD: ren "C:\$Recycle.Bin\S-1-5-21-1357649632-1784832993-3649618266-1001\$e49b658d76ecc7631938dcf3fd32395c" "junkfolder2"

Run FRST as previously, but this time click the Fix button just once and wait.
Once complete the results will be written to the textfile Fixlog.txt, saved alongside FRST as before - please let me have the contents of the file in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The fact that avast only picks up the folders in Safe Mode still worries me so, rather than delete the folders i've chosen to rename them for now. Should your PC not behave properly afterwards you can change the names back, but you will need to edit the text file fixlist.txt to read as follows, and run the fix instructions again:

CMD: ren "C:\junkfolder1" "$Recycle.Bin\S-1-5-18\$e49b658d76ecc7631938dcf3fd32395c"
CMD: ren "C:\junkfolder2" "$Recycle.Bin\S-1-5-21-1357649632-1784832993-3649618266-1001\$e49b658d76ecc7631938dcf3fd32395c"

Do you have access to a second PC so that you can edit the text file should the PC fail to boot?

So long, and thanks for all the fish.

 

 


#13 johnnyboard

johnnyboard
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 24 September 2012 - 04:02 PM

Sense of humor most of the time 100%. Sense of humor concerning viruses and malware scum 0%. :)

Thanks for the potential fix.

Yes, I have a second PC (we have been using it for our banking etc ever since the infection) so I can change the text file no problem. Is there any danger of bricking the computer doing this, or is it totally reversible?

Is it common for OS or friendly files to be hidden like this? Also, the FRST program showed them as zeroaccess so is there any doubt they are zeroaccess related? I ask purely out of curiosity as my experience is pretty much the sum of this forum page, I am not advocating just deleting them as I am usually a fairly cautious guy in this respect. I am definately OK with any information about this you can give me as I am almost pathologically curious.

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:11:13 AM

Posted 24 September 2012 - 04:43 PM

Is there any danger of bricking the computer doing this, or is it totally reversible?

If all you do is to rename some folders and something gets upset about it, renaming them back to their original names will turn back the clock and make the PC happy again.

Is it common for OS or friendly files to be hidden like this?

Not like this.

Also, the FRST program showed them as zeroaccess so is there any doubt they are zeroaccess related?

These files are part of one of the zeroaccess variants that is around.

I'm guessing, and it is a guess, that System Restore undid some of the infection but not all of it. I don't know why avast will only flag the folders in Safe Mode so i'm cautious as there could be at least one component active on your machine, but it could just be that avast doesn't pick the folders up and that is that. It's a poor infection that is beaten by a boot into Safe Mode and this infection isn't a poor one.

Renaming the folders will prevent anything that calls files in them to find them, much in the same way as changing your house number will confuse the postie. If nothing is calling any files in there, then it will make no difference whatsoever.

So long, and thanks for all the fish.

 

 


#15 johnnyboard

johnnyboard
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 25 September 2012 - 10:48 AM

Hiya, thanks for the reassurance and the explaination. Because my computer is (currently) symptom free I had been working on the assumption that system restore had hobbled the infection and that avast was either seeing dead remnants or a rootkit designed to hide things that are no longer there. On the basis that I have zero experience I have been using the computer infrequently and definately not for banking etc. It seems I may have been working on broadly the right lines.

Is it possible that after these folders are renamed that more infection files will become visible? I have read that rootkits are sometimes there to hide other things.

I was on babysitting duty last night and could not run FRST again, I should be able to do it tonight. If the computer is stable is there something else that I should run and post the logs for? I have not had the computer on for a day, so McAfee is probably going to scan in the background - is this OK?

Thanks again for the help. I felt that as I had no current symptoms that I may be pretty low down on the triage list so I really appreciate the attention that I am receiving.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users