Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS Security Ess not running and services missing


  • This topic is locked This topic is locked
10 replies to this topic

#1 mwagner17

mwagner17

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 22 September 2012 - 12:39 AM

My son clicked on the Adobe Reader updater pop up. It put a screen overlay (some Paypass FBI warning or something lol) that I had to go into Safe Mode, run RKILL and Malwarebytes to remove. MBAM removed a ton of infections including the overlay, but MS Security Ess. will not run now. Says service not found. RKILL log has 8 missing services. Here are my DDS, GMER, and I figured I should throw in the RKILL log as well. This RKILL was after running MBAM.

I usually can read the threads here to remove most of the time (I do it at work for over 60 machines) but I am having a hard time with finding the software to restore all of my missing services. Thank you so much for your help!

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/21/2012 10:12:00 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/21/2012 10:12:08 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Wagner at 22:19:05 on 2012-09-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3292.2056 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\PROGRA~1\RETROG~2\bar\1.bin\4wbarsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Retrogamer_4w\bar\1.bin\4wbrmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
TB: Retrogamer: {3392cfec-56f8-41ee-bdb4-4e301efd2c93} - c:\program files\retrogamer_4w\bar\1.bin\4wbar.dll
uRun: [PolkastLibrary] c:\program files\polkast\PolkastLibrary.exe
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [nertp] "c:\windows\system32\rundll32.exe" "c:\users\wagner\appdata\roaming\nertp.dll",convert_to_rfc1123
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Retrogamer_4w Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\4wbrmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\wagner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\wagner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: reyrey.com\www.gs
DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
DPF: PrintTemplateViewerCab - hxxps://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://www.gs.reyrey.com/clientdll/arview2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{09EFADD9-4EF4-45EA-A2BA-16BDB4FD091A} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9D42708D-1AF2-49A8-8D58-BCC7EFF4E8EE} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{AF04ECDD-77D2-413D-BD79-B61A193E4A66} : DhcpNameServer = 192.168.0.1 205.171.3.25
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-6-5 87400]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-7-17 116632]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-8-3 65657]
R2 Retrogamer_4wService;RetrogamerService;c:\progra~1\retrog~2\bar\1.bin\4wbarsvc.exe [2012-6-22 42528]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-7-31 2066968]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2009-11-6 214696]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-13 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-2 1343400]
.
=============== Created Last 30 ================
.
2012-09-22 04:02:46 468992 ----a-w- c:\users\wagner\appdata\roaming\nertp.dll
2012-09-22 04:01:56 175616 ----a-w- c:\users\wagner\appdata\roaming\avwet.dll
2012-09-21 10:29:44 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fdd4051f-118f-46e6-ba54-3a3e736deb09}\mpengine.dll
2012-09-20 10:32:26 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-18 21:32:06 -------- d-----w- c:\users\wagner\appdata\roaming\Uvfeod
2012-09-18 21:32:06 -------- d-----w- c:\users\wagner\appdata\roaming\Cyho
2012-09-18 21:32:06 -------- d-----w- c:\users\wagner\appdata\roaming\Boaf
2012-09-12 14:47:48 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:47:47 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:47:46 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:47:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:47:46 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:47:46 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-06 15:22:29 -------- d-----w- c:\users\wagner\appdata\local\Roblox
.
==================== Find3M ====================
.
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 03:32:00 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-06 03:32:00 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
============= FINISH: 22:19:26.73 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-21 22:39:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD800JD-75MSA3 rev.10.01E04
Running: 4s2m6l5c.exe; Driver: C:\Users\Wagner\AppData\Local\Temp\ufdiqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A913C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ACAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\sjqny.sys The system cannot find the path specified. !
? C:\Users\Wagner\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\Users\Wagner\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1316] kernel32.dll!CreateThread 778BDCC2 5 Bytes JMP 6F3575E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!EnableWindow 76688D02 5 Bytes JMP 6F399EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!GetAsyncKeyState 7668A256 5 Bytes JMP 6F33DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CallNextHookEx 7668ABE1 5 Bytes JMP 6F3B7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!UnhookWindowsHookEx 7668ADF9 5 Bytes JMP 6F3DECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DefWindowProcA 7668BB1C 7 Bytes JMP 6F35980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CreateWindowExA 7668BF40 5 Bytes JMP 6F363643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!SetWindowsHookExW 7668E30C 5 Bytes JMP 6F3925B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CreateWindowExW 7668EC7C 5 Bytes JMP 6F3C03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!GetKeyState 76692B4D 5 Bytes JMP 6F33DDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!IsDialogMessageW 76694104 5 Bytes JMP 6F4E99AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DefWindowProcW 7669507D 7 Bytes JMP 6F3B8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CreateDialogParamA 766A1F42 5 Bytes JMP 6F4E9218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!IsDialogMessage 766A2019 5 Bytes JMP 6F4E9982 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxParamW 766A3B9B 5 Bytes JMP 6F2F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CreateDialogIndirectParamA 766A721D 5 Bytes JMP 6F4E9288 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CreateDialogIndirectParamW 766AEA10 5 Bytes JMP 6F4E92C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxIndirectParamW 766B3B7F 5 Bytes JMP 6F4E8EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!EndDialog 766B3BA3 5 Bytes JMP 6F4E9C56 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!CreateDialogParamW 766B5630 5 Bytes JMP 6F4E9250 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!SetKeyboardState 766B695A 5 Bytes JMP 6F4EA273 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!SendInput 766B7019 5 Bytes JMP 6F4EA21B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!SetCursorPos 766CC1B0 5 Bytes JMP 6F4EA2F4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxParamA 766CCF42 5 Bytes JMP 6F4E8E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!DialogBoxIndirectParamA 766CD274 5 Bytes JMP 6F4E8F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxIndirectA 766DE869 5 Bytes JMP 6F4E8E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxIndirectW 766DE963 5 Bytes JMP 6F4E8D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxExA 766DE9C9 5 Bytes JMP 6F4E8D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!MessageBoxExW 766DE9ED 5 Bytes JMP 6F4E8CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] USER32.dll!keybd_event 766DEC3B 5 Bytes JMP 6F4EA1D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] SHELL32.dll!RealDriveType + 173D 769EFE30 4 Bytes [CF, 01, 82, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] SHELL32.dll!RealDriveType + 1745 769EFE38 8 Bytes [E0, 61, 81, 73, 79, F7, 81, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1316] ole32.dll!OleLoadFromStream 77656143 5 Bytes JMP 6F4E96B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1940] kernel32.dll!SetUnhandledExceptionFilter 778BF4FB 4 Bytes JMP 63B350B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[1940] ole32.dll!OleLoadFromStream 77656143 4 Bytes JMP 645FE11A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!EnableWindow 76688D02 5 Bytes JMP 6F399EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxParamW 766A3B9B 5 Bytes JMP 6F2F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxIndirectParamW 766B3B7F 5 Bytes JMP 6F4E8EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxParamA 766CCF42 5 Bytes JMP 6F4E8E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!DialogBoxIndirectParamA 766CD274 5 Bytes JMP 6F4E8F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectA 766DE869 5 Bytes JMP 6F4E8E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxIndirectW 766DE963 5 Bytes JMP 6F4E8D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxExA 766DE9C9 5 Bytes JMP 6F4E8D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2720] USER32.dll!MessageBoxExW 766DE9ED 5 Bytes JMP 6F4E8CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] kernel32.dll!CreateThread 778BDCC2 5 Bytes JMP 6F3575E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!EnableWindow 76688D02 5 Bytes JMP 6F399EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!GetAsyncKeyState 7668A256 5 Bytes JMP 6F33DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!CallNextHookEx 7668ABE1 5 Bytes JMP 6F3B7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!UnhookWindowsHookEx 7668ADF9 5 Bytes JMP 6F3DECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!DefWindowProcA 7668BB1C 7 Bytes JMP 6F35980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!CreateWindowExA 7668BF40 5 Bytes JMP 6F363643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!SetWindowsHookExW 7668E30C 5 Bytes JMP 6F3925B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!CreateWindowExW 7668EC7C 5 Bytes JMP 6F3C03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!GetKeyState 76692B4D 5 Bytes JMP 6F33DDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!IsDialogMessageW 76694104 5 Bytes JMP 6F4E99AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!DefWindowProcW 7669507D 7 Bytes JMP 6F3B8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!CreateDialogParamA 766A1F42 5 Bytes JMP 6F4E9218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!IsDialogMessage 766A2019 5 Bytes JMP 6F4E9982 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!DialogBoxParamW 766A3B9B 5 Bytes JMP 6F2F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!CreateDialogIndirectParamA 766A721D 5 Bytes JMP 6F4E9288 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!CreateDialogIndirectParamW 766AEA10 5 Bytes JMP 6F4E92C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!DialogBoxIndirectParamW 766B3B7F 5 Bytes JMP 6F4E8EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!EndDialog 766B3BA3 5 Bytes JMP 6F4E9C56 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!CreateDialogParamW 766B5630 5 Bytes JMP 6F4E9250 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!SetKeyboardState 766B695A 5 Bytes JMP 6F4EA273 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!SendInput 766B7019 5 Bytes JMP 6F4EA21B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!SetCursorPos 766CC1B0 5 Bytes JMP 6F4EA2F4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!DialogBoxParamA 766CCF42 5 Bytes JMP 6F4E8E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!DialogBoxIndirectParamA 766CD274 5 Bytes JMP 6F4E8F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!MessageBoxIndirectA 766DE869 5 Bytes JMP 6F4E8E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!MessageBoxIndirectW 766DE963 5 Bytes JMP 6F4E8D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!MessageBoxExA 766DE9C9 5 Bytes JMP 6F4E8D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!MessageBoxExW 766DE9ED 5 Bytes JMP 6F4E8CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] USER32.dll!keybd_event 766DEC3B 5 Bytes JMP 6F4EA1D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] SHELL32.dll!RealDriveType + 173D 769EFE30 4 Bytes [CF, 01, 82, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] SHELL32.dll!RealDriveType + 1745 769EFE38 8 Bytes [E0, 61, 81, 73, 79, F7, 81, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2912] ole32.dll!OleLoadFromStream 77656143 5 Bytes JMP 6F4E96B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] kernel32.dll!CreateThread 778BDCC2 5 Bytes JMP 6F3575E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!EnableWindow 76688D02 5 Bytes JMP 6F399EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!GetAsyncKeyState 7668A256 5 Bytes JMP 6F33DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!CallNextHookEx 7668ABE1 5 Bytes JMP 6F3B7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!UnhookWindowsHookEx 7668ADF9 5 Bytes JMP 6F3DECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!DefWindowProcA 7668BB1C 7 Bytes JMP 6F35980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!CreateWindowExA 7668BF40 5 Bytes JMP 6F363643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!SetWindowsHookExW 7668E30C 5 Bytes JMP 6F3925B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!CreateWindowExW 7668EC7C 5 Bytes JMP 6F3C03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!GetKeyState 76692B4D 5 Bytes JMP 6F33DDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!IsDialogMessageW 76694104 5 Bytes JMP 6F4E99AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!DefWindowProcW 7669507D 7 Bytes JMP 6F3B8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!CreateDialogParamA 766A1F42 5 Bytes JMP 6F4E9218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!IsDialogMessage 766A2019 5 Bytes JMP 6F4E9982 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!DialogBoxParamW 766A3B9B 5 Bytes JMP 6F2F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!CreateDialogIndirectParamA 766A721D 5 Bytes JMP 6F4E9288 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!CreateDialogIndirectParamW 766AEA10 5 Bytes JMP 6F4E92C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!DialogBoxIndirectParamW 766B3B7F 5 Bytes JMP 6F4E8EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!EndDialog 766B3BA3 5 Bytes JMP 6F4E9C56 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!CreateDialogParamW 766B5630 5 Bytes JMP 6F4E9250 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!SetKeyboardState 766B695A 5 Bytes JMP 6F4EA273 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!SendInput 766B7019 5 Bytes JMP 6F4EA21B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!SetCursorPos 766CC1B0 5 Bytes JMP 6F4EA2F4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!DialogBoxParamA 766CCF42 5 Bytes JMP 6F4E8E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!DialogBoxIndirectParamA 766CD274 5 Bytes JMP 6F4E8F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!MessageBoxIndirectA 766DE869 5 Bytes JMP 6F4E8E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!MessageBoxIndirectW 766DE963 5 Bytes JMP 6F4E8D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!MessageBoxExA 766DE9C9 5 Bytes JMP 6F4E8D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!MessageBoxExW 766DE9ED 5 Bytes JMP 6F4E8CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] USER32.dll!keybd_event 766DEC3B 5 Bytes JMP 6F4EA1D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] SHELL32.dll!RealDriveType + 173D 769EFE30 4 Bytes [CF, 01, 82, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] SHELL32.dll!RealDriveType + 1745 769EFE38 8 Bytes [E0, 61, 81, 73, 79, F7, 81, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3176] ole32.dll!OleLoadFromStream 77656143 5 Bytes JMP 6F4E96B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!EnableWindow 76688D02 5 Bytes JMP 6F399EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!DialogBoxParamW 766A3B9B 5 Bytes JMP 6F2F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!DialogBoxIndirectParamW 766B3B7F 5 Bytes JMP 6F4E8EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!DialogBoxParamA 766CCF42 5 Bytes JMP 6F4E8E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!DialogBoxIndirectParamA 766CD274 5 Bytes JMP 6F4E8F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!MessageBoxIndirectA 766DE869 5 Bytes JMP 6F4E8E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!MessageBoxIndirectW 766DE963 5 Bytes JMP 6F4E8D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!MessageBoxExA 766DE9C9 5 Bytes JMP 6F4E8D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3480] USER32.dll!MessageBoxExW 766DE9ED 5 Bytes JMP 6F4E8CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] kernel32.dll!CreateThread 778BDCC2 5 Bytes JMP 6F3575E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!EnableWindow 76688D02 5 Bytes JMP 6F399EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!GetAsyncKeyState 7668A256 5 Bytes JMP 6F33DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!CallNextHookEx 7668ABE1 5 Bytes JMP 6F3B7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!UnhookWindowsHookEx 7668ADF9 5 Bytes JMP 6F3DECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!DefWindowProcA 7668BB1C 7 Bytes JMP 6F35980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!CreateWindowExA 7668BF40 5 Bytes JMP 6F363643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!SetWindowsHookExW 7668E30C 5 Bytes JMP 6F3925B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!CreateWindowExW 7668EC7C 5 Bytes JMP 6F3C03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!GetKeyState 76692B4D 5 Bytes JMP 6F33DDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!IsDialogMessageW 76694104 5 Bytes JMP 6F4E99AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!DefWindowProcW 7669507D 7 Bytes JMP 6F3B8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!CreateDialogParamA 766A1F42 5 Bytes JMP 6F4E9218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!IsDialogMessage 766A2019 5 Bytes JMP 6F4E9982 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!DialogBoxParamW 766A3B9B 5 Bytes JMP 6F2F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!CreateDialogIndirectParamA 766A721D 5 Bytes JMP 6F4E9288 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!CreateDialogIndirectParamW 766AEA10 5 Bytes JMP 6F4E92C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!DialogBoxIndirectParamW 766B3B7F 5 Bytes JMP 6F4E8EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!EndDialog 766B3BA3 5 Bytes JMP 6F4E9C56 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!CreateDialogParamW 766B5630 5 Bytes JMP 6F4E9250 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!SetKeyboardState 766B695A 5 Bytes JMP 6F4EA273 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!SendInput 766B7019 5 Bytes JMP 6F4EA21B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!SetCursorPos 766CC1B0 5 Bytes JMP 6F4EA2F4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!DialogBoxParamA 766CCF42 5 Bytes JMP 6F4E8E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!DialogBoxIndirectParamA 766CD274 5 Bytes JMP 6F4E8F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!MessageBoxIndirectA 766DE869 5 Bytes JMP 6F4E8E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!MessageBoxIndirectW 766DE963 5 Bytes JMP 6F4E8D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!MessageBoxExA 766DE9C9 5 Bytes JMP 6F4E8D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!MessageBoxExW 766DE9ED 5 Bytes JMP 6F4E8CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] USER32.dll!keybd_event 766DEC3B 5 Bytes JMP 6F4EA1D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] SHELL32.dll!RealDriveType + 173D 769EFE30 4 Bytes [CF, 01, 82, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] SHELL32.dll!RealDriveType + 1745 769EFE38 8 Bytes [E0, 61, 81, 73, 79, F7, 81, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3780] ole32.dll!OleLoadFromStream 77656143 5 Bytes JMP 6F4E96B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----





Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 26 September 2012 - 08:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I have identified some malware the worst being A ZeroAccess infection.

Try to execute these following scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Lets find out what services is missing and will take it from there.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Please post the logs that were generated for my review.

#3 mwagner17

mwagner17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 26 September 2012 - 02:33 PM

Hi Nasdaq,

Thank you for your reply. Here are the logs requested.


12:06:15.0453 5544 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

12:06:16.0014 5544 ============================================================

12:06:16.0014 5544 Current date / time: 2012/09/26 12:06:16.0014

12:06:16.0014 5544 SystemInfo:

12:06:16.0014 5544

12:06:16.0014 5544 OS Version: 6.1.7601 ServicePack: 1.0

12:06:16.0014 5544 Product type: Workstation

12:06:16.0014 5544 ComputerName: WAGNER-PC

12:06:16.0014 5544 UserName: Wagner

12:06:16.0014 5544 Windows directory: C:\Windows

12:06:16.0014 5544 System windows directory: C:\Windows

12:06:16.0014 5544 Processor architecture: Intel x86

12:06:16.0014 5544 Number of processors: 2

12:06:16.0014 5544 Page size: 0x1000

12:06:16.0014 5544 Boot type: Normal boot

12:06:16.0014 5544 ============================================================

12:06:17.0340 5544 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

12:06:17.0340 5544 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

12:06:17.0340 5544 ============================================================

12:06:17.0340 5544 \Device\Harddisk0\DR0:

12:06:17.0340 5544 MBR partitions:

12:06:17.0340 5544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x94D7633

12:06:17.0340 5544 \Device\Harddisk1\DR1:

12:06:17.0340 5544 MBR partitions:

12:06:17.0340 5544 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

12:06:17.0340 5544 ============================================================

12:06:17.0371 5544 C: <-> \Device\Harddisk0\DR0\Partition1

12:06:17.0387 5544 E: <-> \Device\Harddisk1\DR1\Partition1

12:06:17.0387 5544 ============================================================

12:06:17.0387 5544 Initialize success

12:06:17.0387 5544 ============================================================

12:06:21.0396 1820 ============================================================

12:06:21.0396 1820 Scan started

12:06:21.0396 1820 Mode: Manual;

12:06:21.0396 1820 ============================================================

12:06:21.0864 1820 ================ Scan system memory ========================

12:06:21.0864 1820 System memory - ok

12:06:21.0864 1820 ================ Scan services =============================

12:06:21.0973 1820 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

12:06:21.0973 1820 1394ohci - ok

12:06:22.0051 1820 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys

12:06:22.0051 1820 ACPI - ok

12:06:22.0114 1820 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

12:06:22.0114 1820 AcpiPmi - ok

12:06:22.0239 1820 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

12:06:22.0239 1820 AdobeARMservice - ok

12:06:22.0317 1820 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:06:22.0317 1820 AdobeFlashPlayerUpdateSvc - ok

12:06:22.0379 1820 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

12:06:22.0395 1820 adp94xx - ok

12:06:22.0426 1820 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

12:06:22.0426 1820 adpahci - ok

12:06:22.0457 1820 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

12:06:22.0457 1820 adpu320 - ok

12:06:22.0488 1820 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

12:06:22.0488 1820 AeLookupSvc - ok

12:06:22.0535 1820 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys

12:06:22.0551 1820 AFD - ok

12:06:22.0597 1820 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys

12:06:22.0597 1820 agp440 - ok

12:06:22.0629 1820 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

12:06:22.0629 1820 aic78xx - ok

12:06:22.0660 1820 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

12:06:22.0660 1820 ALG - ok

12:06:22.0707 1820 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys

12:06:22.0707 1820 aliide - ok

12:06:22.0753 1820 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys

12:06:22.0753 1820 amdagp - ok

12:06:22.0769 1820 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys

12:06:22.0769 1820 amdide - ok

12:06:22.0785 1820 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

12:06:22.0785 1820 AmdK8 - ok

12:06:22.0800 1820 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

12:06:22.0800 1820 AmdPPM - ok

12:06:22.0847 1820 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys

12:06:22.0847 1820 amdsata - ok

12:06:22.0863 1820 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

12:06:22.0863 1820 amdsbs - ok

12:06:22.0894 1820 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys

12:06:22.0894 1820 amdxata - ok

12:06:22.0956 1820 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys

12:06:22.0956 1820 AppID - ok

12:06:22.0972 1820 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

12:06:22.0972 1820 AppIDSvc - ok

12:06:23.0034 1820 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll

12:06:23.0034 1820 Appinfo - ok

12:06:23.0081 1820 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll

12:06:23.0081 1820 AppMgmt - ok

12:06:23.0128 1820 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

12:06:23.0128 1820 arc - ok

12:06:23.0143 1820 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

12:06:23.0159 1820 arcsas - ok

12:06:23.0268 1820 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

12:06:23.0268 1820 aspnet_state - ok

12:06:23.0284 1820 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

12:06:23.0284 1820 AsyncMac - ok

12:06:23.0299 1820 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys

12:06:23.0299 1820 atapi - ok

12:06:23.0362 1820 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:06:23.0377 1820 AudioEndpointBuilder - ok

12:06:23.0393 1820 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll

12:06:23.0393 1820 Audiosrv - ok

12:06:23.0440 1820 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll

12:06:23.0440 1820 AxInstSV - ok

12:06:23.0487 1820 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

12:06:23.0502 1820 b06bdrv - ok

12:06:23.0549 1820 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

12:06:23.0549 1820 b57nd60x - ok

12:06:23.0705 1820 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

12:06:23.0705 1820 BBSvc - ok

12:06:23.0736 1820 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

12:06:23.0736 1820 BBUpdate - ok

12:06:23.0767 1820 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

12:06:23.0783 1820 BDESVC - ok

12:06:23.0799 1820 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

12:06:23.0799 1820 Beep - ok

12:06:23.0814 1820 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

12:06:23.0814 1820 blbdrive - ok

12:06:23.0845 1820 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

12:06:23.0845 1820 bowser - ok

12:06:23.0877 1820 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:06:23.0877 1820 BrFiltLo - ok

12:06:23.0892 1820 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:06:23.0892 1820 BrFiltUp - ok

12:06:23.0939 1820 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll

12:06:23.0939 1820 Browser - ok

12:06:23.0970 1820 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

12:06:23.0970 1820 Brserid - ok

12:06:23.0986 1820 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

12:06:23.0986 1820 BrSerWdm - ok

12:06:24.0001 1820 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

12:06:24.0001 1820 BrUsbMdm - ok

12:06:24.0017 1820 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

12:06:24.0017 1820 BrUsbSer - ok

12:06:24.0033 1820 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

12:06:24.0033 1820 BTHMODEM - ok

12:06:24.0079 1820 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

12:06:24.0079 1820 bthserv - ok

12:06:24.0111 1820 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

12:06:24.0157 1820 cdfs - ok

12:06:24.0313 1820 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

12:06:24.0313 1820 cdrom - ok

12:06:24.0376 1820 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll

12:06:24.0391 1820 CertPropSvc - ok

12:06:24.0407 1820 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

12:06:24.0407 1820 circlass - ok

12:06:24.0438 1820 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

12:06:24.0438 1820 CLFS - ok

12:06:24.0501 1820 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:06:24.0516 1820 clr_optimization_v2.0.50727_32 - ok

12:06:24.0563 1820 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:06:24.0563 1820 clr_optimization_v4.0.30319_32 - ok

12:06:24.0579 1820 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

12:06:24.0579 1820 CmBatt - ok

12:06:24.0594 1820 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys

12:06:24.0594 1820 cmdide - ok

12:06:24.0641 1820 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys

12:06:24.0657 1820 CNG - ok

12:06:24.0657 1820 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

12:06:24.0657 1820 Compbatt - ok

12:06:24.0688 1820 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

12:06:24.0688 1820 CompositeBus - ok

12:06:24.0688 1820 COMSysApp - ok

12:06:24.0703 1820 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

12:06:24.0703 1820 crcdisk - ok

12:06:24.0766 1820 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll

12:06:24.0766 1820 CryptSvc - ok

12:06:24.0828 1820 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys

12:06:24.0844 1820 CSC - ok

12:06:24.0906 1820 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll

12:06:24.0922 1820 CscService - ok

12:06:24.0953 1820 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll

12:06:24.0969 1820 DcomLaunch - ok

12:06:25.0000 1820 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

12:06:25.0000 1820 defragsvc - ok

12:06:25.0109 1820 [ 3430EAD65BBE8516572EB7C8B82ED8CD ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe

12:06:25.0109 1820 DeviceMonitorService - ok

12:06:25.0171 1820 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

12:06:25.0171 1820 DfsC - ok

12:06:25.0218 1820 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll

12:06:25.0218 1820 Dhcp - ok

12:06:25.0234 1820 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

12:06:25.0234 1820 discache - ok

12:06:25.0296 1820 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

12:06:25.0296 1820 Disk - ok

12:06:25.0327 1820 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

12:06:25.0327 1820 Dnscache - ok

12:06:25.0374 1820 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll

12:06:25.0374 1820 dot3svc - ok

12:06:25.0421 1820 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll

12:06:25.0421 1820 DPS - ok

12:06:25.0452 1820 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

12:06:25.0452 1820 drmkaud - ok

12:06:25.0499 1820 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

12:06:25.0499 1820 DXGKrnl - ok

12:06:25.0546 1820 [ 034FA3A00FFF4F68DD9F6D3793392274 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys

12:06:25.0546 1820 e1kexpress - ok

12:06:25.0593 1820 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

12:06:25.0593 1820 EapHost - ok

12:06:25.0686 1820 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

12:06:25.0764 1820 ebdrv - ok

12:06:25.0811 1820 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe

12:06:25.0811 1820 EFS - ok

12:06:25.0889 1820 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

12:06:25.0920 1820 ehRecvr - ok

12:06:25.0936 1820 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

12:06:25.0951 1820 ehSched - ok

12:06:25.0967 1820 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

12:06:25.0983 1820 elxstor - ok

12:06:26.0029 1820 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys

12:06:26.0029 1820 ErrDev - ok

12:06:26.0076 1820 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

12:06:26.0076 1820 EventSystem - ok

12:06:26.0107 1820 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

12:06:26.0107 1820 exfat - ok

12:06:26.0139 1820 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

12:06:26.0139 1820 fastfat - ok

12:06:26.0201 1820 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe

12:06:26.0217 1820 Fax - ok

12:06:26.0232 1820 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

12:06:26.0232 1820 fdc - ok

12:06:26.0263 1820 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

12:06:26.0263 1820 fdPHost - ok

12:06:26.0263 1820 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

12:06:26.0263 1820 FDResPub - ok

12:06:26.0279 1820 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

12:06:26.0295 1820 FileInfo - ok

12:06:26.0295 1820 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

12:06:26.0295 1820 Filetrace - ok

12:06:26.0326 1820 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

12:06:26.0326 1820 flpydisk - ok

12:06:26.0341 1820 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

12:06:26.0341 1820 FltMgr - ok

12:06:26.0404 1820 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll

12:06:26.0435 1820 FontCache - ok

12:06:26.0497 1820 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

12:06:26.0497 1820 FontCache3.0.0.0 - ok

12:06:26.0497 1820 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

12:06:26.0497 1820 FsDepends - ok

12:06:26.0544 1820 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

12:06:26.0544 1820 Fs_Rec - ok

12:06:26.0607 1820 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

12:06:26.0607 1820 fvevol - ok

12:06:26.0622 1820 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

12:06:26.0622 1820 gagp30kx - ok

12:06:26.0685 1820 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll

12:06:26.0716 1820 gpsvc - ok

12:06:26.0731 1820 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

12:06:26.0731 1820 hcw85cir - ok

12:06:26.0809 1820 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

12:06:26.0809 1820 HdAudAddService - ok

12:06:26.0856 1820 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

12:06:26.0856 1820 HDAudBus - ok

12:06:26.0887 1820 [ 88A67C34E37186665E916FD347B50D19 ] HECI C:\Windows\system32\DRIVERS\HECI.sys

12:06:26.0887 1820 HECI - ok

12:06:26.0919 1820 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

12:06:26.0919 1820 HidBatt - ok

12:06:26.0934 1820 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

12:06:26.0934 1820 HidBth - ok

12:06:26.0934 1820 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

12:06:26.0934 1820 HidIr - ok

12:06:26.0965 1820 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll

12:06:26.0965 1820 hidserv - ok

12:06:27.0028 1820 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

12:06:27.0028 1820 HidUsb - ok

12:06:27.0075 1820 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll

12:06:27.0075 1820 hkmsvc - ok

12:06:27.0121 1820 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

12:06:27.0121 1820 HomeGroupListener - ok

12:06:27.0184 1820 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

12:06:27.0184 1820 HomeGroupProvider - ok

12:06:27.0246 1820 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

12:06:27.0246 1820 HpSAMD - ok

12:06:27.0309 1820 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys

12:06:27.0324 1820 HTTP - ok

12:06:27.0387 1820 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

12:06:27.0387 1820 hwpolicy - ok

12:06:27.0418 1820 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

12:06:27.0418 1820 i8042prt - ok

12:06:27.0449 1820 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

12:06:27.0465 1820 iaStorV - ok

12:06:27.0543 1820 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:06:27.0574 1820 idsvc - ok

12:06:27.0808 1820 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

12:06:28.0011 1820 igfx - ok

12:06:28.0057 1820 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

12:06:28.0057 1820 iirsp - ok

12:06:28.0104 1820 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll

12:06:28.0135 1820 IKEEXT - ok

12:06:28.0167 1820 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys

12:06:28.0167 1820 intelide - ok

12:06:28.0182 1820 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

12:06:28.0182 1820 intelppm - ok

12:06:28.0213 1820 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

12:06:28.0213 1820 IPBusEnum - ok

12:06:28.0229 1820 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:06:28.0229 1820 IpFilterDriver - ok

12:06:28.0276 1820 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

12:06:28.0276 1820 IPMIDRV - ok

12:06:28.0291 1820 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

12:06:28.0307 1820 IPNAT - ok

12:06:28.0338 1820 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

12:06:28.0338 1820 IRENUM - ok

12:06:28.0354 1820 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys

12:06:28.0354 1820 isapnp - ok

12:06:28.0401 1820 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

12:06:28.0401 1820 iScsiPrt - ok

12:06:28.0447 1820 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

12:06:28.0463 1820 kbdclass - ok

12:06:28.0463 1820 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

12:06:28.0463 1820 kbdhid - ok

12:06:28.0479 1820 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe

12:06:28.0479 1820 KeyIso - ok

12:06:28.0541 1820 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

12:06:28.0541 1820 KSecDD - ok

12:06:28.0588 1820 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

12:06:28.0588 1820 KSecPkg - ok

12:06:28.0619 1820 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

12:06:28.0619 1820 KtmRm - ok

12:06:28.0666 1820 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll

12:06:28.0666 1820 LanmanServer - ok

12:06:28.0713 1820 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:06:28.0713 1820 LanmanWorkstation - ok

12:06:28.0759 1820 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

12:06:28.0759 1820 lltdio - ok

12:06:28.0791 1820 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

12:06:28.0791 1820 lltdsvc - ok

12:06:28.0822 1820 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

12:06:28.0822 1820 lmhosts - ok

12:06:28.0869 1820 [ 2763A02188FFB04287F5034EC5B6B451 ] LMS C:\Program Files\Intel\AMT\LMS.exe

12:06:28.0869 1820 LMS - ok

12:06:28.0900 1820 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

12:06:28.0900 1820 LSI_FC - ok

12:06:28.0915 1820 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

12:06:28.0915 1820 LSI_SAS - ok

12:06:28.0947 1820 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:06:28.0947 1820 LSI_SAS2 - ok

12:06:28.0962 1820 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:06:28.0962 1820 LSI_SCSI - ok

12:06:28.0993 1820 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

12:06:28.0993 1820 luafv - ok

12:06:29.0040 1820 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

12:06:29.0040 1820 Mcx2Svc - ok

12:06:29.0103 1820 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

12:06:29.0118 1820 MDM - ok

12:06:29.0134 1820 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

12:06:29.0134 1820 megasas - ok

12:06:29.0165 1820 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

12:06:29.0165 1820 MegaSR - ok

12:06:29.0196 1820 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

12:06:29.0196 1820 MMCSS - ok

12:06:29.0212 1820 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

12:06:29.0212 1820 Modem - ok

12:06:29.0227 1820 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

12:06:29.0227 1820 monitor - ok

12:06:29.0290 1820 [ 0A43169E115B5E9346A4BA1EFFCB04CB ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys

12:06:29.0321 1820 motandroidusb - ok

12:06:29.0415 1820 [ A8FD4605AACF006BBA3B2B90AC9565B2 ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

12:06:29.0477 1820 Motorola Device Manager - ok

12:06:29.0493 1820 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

12:06:29.0493 1820 mouclass - ok

12:06:29.0524 1820 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

12:06:29.0524 1820 mouhid - ok

12:06:29.0571 1820 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

12:06:29.0571 1820 mountmgr - ok

12:06:29.0649 1820 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

12:06:29.0649 1820 MpFilter - ok

12:06:29.0695 1820 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys

12:06:29.0695 1820 mpio - ok

12:06:29.0883 1820 [ A69630D039C38018689190234F866D77 ] MpKsl09179ba6 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49B94804-B626-450C-886D-0CF958C8102F}\MpKsl09179ba6.sys

12:06:29.0883 1820 MpKsl09179ba6 - ok

12:06:29.0898 1820 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

12:06:29.0898 1820 mpsdrv - ok

12:06:29.0945 1820 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

12:06:29.0945 1820 MRxDAV - ok

12:06:29.0992 1820 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

12:06:29.0992 1820 mrxsmb - ok

12:06:30.0039 1820 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:06:30.0039 1820 mrxsmb10 - ok

12:06:30.0054 1820 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:06:30.0054 1820 mrxsmb20 - ok

12:06:30.0070 1820 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys

12:06:30.0070 1820 msahci - ok

12:06:30.0101 1820 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys

12:06:30.0101 1820 msdsm - ok

12:06:30.0132 1820 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

12:06:30.0132 1820 MSDTC - ok

12:06:30.0148 1820 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

12:06:30.0148 1820 Msfs - ok

12:06:30.0163 1820 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

12:06:30.0163 1820 mshidkmdf - ok

12:06:30.0210 1820 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

12:06:30.0210 1820 msisadrv - ok

12:06:30.0257 1820 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

12:06:30.0257 1820 MSiSCSI - ok

12:06:30.0257 1820 msiserver - ok

12:06:30.0288 1820 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

12:06:30.0288 1820 MSKSSRV - ok

12:06:30.0382 1820 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe

12:06:30.0382 1820 MsMpSvc - ok

12:06:30.0397 1820 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

12:06:30.0413 1820 MSPCLOCK - ok

12:06:30.0413 1820 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

12:06:30.0413 1820 MSPQM - ok

12:06:30.0429 1820 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

12:06:30.0444 1820 MsRPC - ok

12:06:30.0460 1820 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

12:06:30.0460 1820 mssmbios - ok

12:06:30.0460 1820 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

12:06:30.0460 1820 MSTEE - ok

12:06:30.0507 1820 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

12:06:30.0507 1820 MTConfig - ok

12:06:30.0522 1820 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

12:06:30.0522 1820 Mup - ok

12:06:30.0569 1820 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll

12:06:30.0585 1820 napagent - ok

12:06:30.0631 1820 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

12:06:30.0631 1820 NativeWifiP - ok

12:06:30.0709 1820 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys

12:06:30.0725 1820 NDIS - ok

12:06:30.0756 1820 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

12:06:30.0756 1820 NdisCap - ok

12:06:30.0772 1820 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

12:06:30.0772 1820 NdisTapi - ok

12:06:30.0834 1820 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

12:06:30.0834 1820 Ndisuio - ok

12:06:30.0865 1820 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

12:06:30.0881 1820 NdisWan - ok

12:06:30.0881 1820 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

12:06:30.0881 1820 NDProxy - ok

12:06:30.0912 1820 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

12:06:30.0912 1820 NetBIOS - ok

12:06:30.0959 1820 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

12:06:30.0959 1820 NetBT - ok

12:06:30.0975 1820 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe

12:06:30.0975 1820 Netlogon - ok

12:06:31.0021 1820 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

12:06:31.0037 1820 Netman - ok

12:06:31.0068 1820 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:06:31.0068 1820 NetMsmqActivator - ok

12:06:31.0084 1820 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:06:31.0084 1820 NetPipeActivator - ok

12:06:31.0115 1820 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

12:06:31.0131 1820 netprofm - ok

12:06:31.0177 1820 [ 105A0947E6E01E5A6B76DAD87547CD89 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys

12:06:31.0193 1820 netr28u - ok

12:06:31.0209 1820 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:06:31.0209 1820 NetTcpActivator - ok

12:06:31.0209 1820 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

12:06:31.0209 1820 NetTcpPortSharing - ok

12:06:31.0240 1820 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

12:06:31.0240 1820 nfrd960 - ok

12:06:31.0271 1820 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

12:06:31.0271 1820 NisDrv - ok

12:06:31.0318 1820 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe

12:06:31.0318 1820 NisSrv - ok

12:06:31.0365 1820 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll

12:06:31.0365 1820 NlaSvc - ok

12:06:31.0396 1820 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

12:06:31.0396 1820 Npfs - ok

12:06:31.0411 1820 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

12:06:31.0427 1820 nsi - ok

12:06:31.0427 1820 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

12:06:31.0427 1820 nsiproxy - ok

12:06:31.0489 1820 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

12:06:31.0521 1820 Ntfs - ok

12:06:31.0536 1820 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

12:06:31.0536 1820 Null - ok

12:06:31.0567 1820 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys

12:06:31.0567 1820 nvraid - ok

12:06:31.0583 1820 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys

12:06:31.0583 1820 nvstor - ok

12:06:31.0599 1820 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

12:06:31.0614 1820 nv_agp - ok

12:06:31.0677 1820 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:06:31.0692 1820 odserv - ok

12:06:31.0723 1820 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

12:06:31.0723 1820 ohci1394 - ok

12:06:31.0770 1820 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:06:31.0770 1820 ose - ok

12:06:31.0817 1820 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

12:06:31.0817 1820 p2pimsvc - ok

12:06:31.0848 1820 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

12:06:31.0864 1820 p2psvc - ok

12:06:31.0895 1820 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

12:06:31.0895 1820 Parport - ok

12:06:31.0942 1820 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys

12:06:31.0942 1820 partmgr - ok

12:06:31.0957 1820 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

12:06:31.0957 1820 Parvdm - ok

12:06:31.0973 1820 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

12:06:31.0973 1820 PcaSvc - ok

12:06:31.0989 1820 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys

12:06:31.0989 1820 pci - ok

12:06:32.0035 1820 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys

12:06:32.0035 1820 pciide - ok

12:06:32.0067 1820 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

12:06:32.0082 1820 pcmcia - ok

12:06:32.0098 1820 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

12:06:32.0098 1820 pcw - ok

12:06:32.0129 1820 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

12:06:32.0145 1820 PEAUTH - ok

12:06:32.0207 1820 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

12:06:32.0223 1820 PeerDistSvc - ok

12:06:32.0316 1820 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll

12:06:32.0347 1820 pla - ok

12:06:32.0394 1820 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll

12:06:32.0410 1820 PlugPlay - ok

12:06:32.0457 1820 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

12:06:32.0457 1820 PNRPAutoReg - ok

12:06:32.0488 1820 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

12:06:32.0488 1820 PNRPsvc - ok

12:06:32.0519 1820 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

12:06:32.0535 1820 PolicyAgent - ok

12:06:32.0597 1820 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll

12:06:32.0597 1820 Power - ok

12:06:32.0613 1820 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

12:06:32.0628 1820 PptpMiniport - ok

12:06:32.0644 1820 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

12:06:32.0644 1820 Processor - ok

12:06:32.0691 1820 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll

12:06:32.0691 1820 ProfSvc - ok

12:06:32.0722 1820 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

12:06:32.0722 1820 ProtectedStorage - ok

12:06:32.0753 1820 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

12:06:32.0753 1820 Psched - ok

12:06:32.0862 1820 [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

12:06:33.0018 1820 PST Service - ok

12:06:33.0081 1820 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

12:06:33.0112 1820 ql2300 - ok

12:06:33.0127 1820 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

12:06:33.0143 1820 ql40xx - ok

12:06:33.0159 1820 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

12:06:33.0174 1820 QWAVE - ok

12:06:33.0190 1820 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

12:06:33.0190 1820 QWAVEdrv - ok

12:06:33.0205 1820 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

12:06:33.0205 1820 RasAcd - ok

12:06:33.0237 1820 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

12:06:33.0237 1820 RasAgileVpn - ok

12:06:33.0237 1820 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

12:06:33.0252 1820 RasAuto - ok

12:06:33.0252 1820 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

12:06:33.0252 1820 Rasl2tp - ok

12:06:33.0315 1820 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll

12:06:33.0330 1820 RasMan - ok

12:06:33.0346 1820 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

12:06:33.0346 1820 RasPppoe - ok

12:06:33.0361 1820 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

12:06:33.0361 1820 RasSstp - ok

12:06:33.0408 1820 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

12:06:33.0408 1820 rdbss - ok

12:06:33.0439 1820 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

12:06:33.0439 1820 rdpbus - ok

12:06:33.0471 1820 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

12:06:33.0471 1820 RDPCDD - ok

12:06:33.0517 1820 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

12:06:33.0517 1820 RDPDR - ok

12:06:33.0564 1820 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

12:06:33.0564 1820 RDPENCDD - ok

12:06:33.0564 1820 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

12:06:33.0564 1820 RDPREFMP - ok

12:06:33.0611 1820 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

12:06:33.0611 1820 RDPWD - ok

12:06:33.0658 1820 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

12:06:33.0658 1820 rdyboost - ok

12:06:33.0689 1820 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

12:06:33.0689 1820 RemoteAccess - ok

12:06:33.0705 1820 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

12:06:33.0720 1820 RemoteRegistry - ok

12:06:33.0798 1820 [ 72F8C1568A56C7059CB1074A7E529DC6 ] Retrogamer_4wService C:\PROGRA~1\RETROG~2\bar\1.bin\4wbarsvc.exe

12:06:33.0798 1820 Retrogamer_4wService - ok

12:06:33.0829 1820 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

12:06:33.0829 1820 RpcEptMapper - ok

12:06:33.0861 1820 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

12:06:33.0861 1820 RpcLocator - ok

12:06:33.0892 1820 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll

12:06:33.0892 1820 RpcSs - ok

12:06:33.0923 1820 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

12:06:33.0923 1820 rspndr - ok

12:06:33.0954 1820 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

12:06:33.0954 1820 s3cap - ok

12:06:33.0970 1820 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe

12:06:33.0970 1820 SamSs - ok

12:06:34.0017 1820 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

12:06:34.0017 1820 sbp2port - ok

12:06:34.0048 1820 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

12:06:34.0048 1820 SCardSvr - ok

12:06:34.0063 1820 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

12:06:34.0063 1820 scfilter - ok

12:06:34.0126 1820 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll

12:06:34.0141 1820 Schedule - ok

12:06:34.0157 1820 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll

12:06:34.0157 1820 SCPolicySvc - ok

12:06:34.0204 1820 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll

12:06:34.0204 1820 SDRSVC - ok

12:06:34.0235 1820 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

12:06:34.0251 1820 secdrv - ok

12:06:34.0251 1820 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

12:06:34.0266 1820 seclogon - ok

12:06:34.0297 1820 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll

12:06:34.0313 1820 SENS - ok

12:06:34.0344 1820 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

12:06:34.0344 1820 SensrSvc - ok

12:06:34.0360 1820 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

12:06:34.0360 1820 Serenum - ok

12:06:34.0375 1820 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

12:06:34.0375 1820 Serial - ok

12:06:34.0422 1820 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

12:06:34.0422 1820 sermouse - ok

12:06:34.0485 1820 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll

12:06:34.0485 1820 SessionEnv - ok

12:06:34.0547 1820 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

12:06:34.0547 1820 sffdisk - ok

12:06:34.0563 1820 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

12:06:34.0563 1820 sffp_mmc - ok

12:06:34.0578 1820 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

12:06:34.0578 1820 sffp_sd - ok

12:06:34.0594 1820 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

12:06:34.0594 1820 sfloppy - ok

12:06:34.0656 1820 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:06:34.0672 1820 ShellHWDetection - ok

12:06:34.0734 1820 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys

12:06:34.0734 1820 sisagp - ok

12:06:34.0750 1820 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:06:34.0750 1820 SiSRaid2 - ok

12:06:34.0765 1820 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

12:06:34.0765 1820 SiSRaid4 - ok

12:06:34.0797 1820 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

12:06:34.0797 1820 Smb - ok

12:06:34.0828 1820 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

12:06:34.0828 1820 SNMPTRAP - ok

12:06:34.0843 1820 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

12:06:34.0843 1820 spldr - ok

12:06:34.0906 1820 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe

12:06:34.0921 1820 Spooler - ok

12:06:35.0046 1820 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe

12:06:35.0140 1820 sppsvc - ok

12:06:35.0187 1820 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll

12:06:35.0187 1820 sppuinotify - ok

12:06:35.0249 1820 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys

12:06:35.0249 1820 srv - ok

12:06:35.0311 1820 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

12:06:35.0327 1820 srv2 - ok

12:06:35.0358 1820 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

12:06:35.0374 1820 srvnet - ok

12:06:35.0389 1820 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

12:06:35.0405 1820 SSDPSRV - ok

12:06:35.0436 1820 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

12:06:35.0436 1820 SstpSvc - ok

12:06:35.0499 1820 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

12:06:35.0499 1820 stexstor - ok

12:06:35.0545 1820 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

12:06:35.0545 1820 StillCam - ok

12:06:35.0608 1820 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll

12:06:35.0608 1820 StiSvc - ok

12:06:35.0623 1820 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

12:06:35.0623 1820 storflt - ok

12:06:35.0655 1820 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll

12:06:35.0655 1820 StorSvc - ok

12:06:35.0701 1820 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys

12:06:35.0701 1820 storvsc - ok

12:06:35.0748 1820 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys

12:06:35.0748 1820 swenum - ok

12:06:35.0779 1820 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

12:06:35.0795 1820 swprv - ok

12:06:35.0857 1820 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll

12:06:35.0904 1820 SysMain - ok

12:06:35.0951 1820 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:06:35.0951 1820 TabletInputService - ok

12:06:35.0998 1820 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll

12:06:35.0998 1820 TapiSrv - ok

12:06:36.0029 1820 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

12:06:36.0029 1820 TBS - ok

12:06:36.0107 1820 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys

12:06:36.0138 1820 Tcpip - ok

12:06:36.0185 1820 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

12:06:36.0201 1820 TCPIP6 - ok

12:06:36.0247 1820 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

12:06:36.0247 1820 tcpipreg - ok

12:06:36.0294 1820 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

12:06:36.0294 1820 TDPIPE - ok

12:06:36.0341 1820 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

12:06:36.0341 1820 TDTCP - ok

12:06:36.0403 1820 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

12:06:36.0403 1820 tdx - ok

12:06:36.0403 1820 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys

12:06:36.0403 1820 TermDD - ok

12:06:36.0466 1820 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll

12:06:36.0481 1820 TermService - ok

12:06:36.0497 1820 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

12:06:36.0497 1820 Themes - ok

12:06:36.0513 1820 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

12:06:36.0513 1820 THREADORDER - ok

12:06:36.0528 1820 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

12:06:36.0544 1820 TrkWks - ok

12:06:36.0606 1820 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:06:36.0606 1820 TrustedInstaller - ok

12:06:36.0669 1820 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

12:06:36.0669 1820 tssecsrv - ok

12:06:36.0715 1820 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

12:06:36.0715 1820 TsUsbFlt - ok

12:06:36.0778 1820 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

12:06:36.0778 1820 tunnel - ok

12:06:36.0809 1820 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

12:06:36.0809 1820 uagp35 - ok

12:06:36.0840 1820 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys

12:06:36.0840 1820 udfs - ok

12:06:36.0871 1820 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

12:06:36.0887 1820 UI0Detect - ok

12:06:36.0903 1820 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

12:06:36.0903 1820 uliagpkx - ok

12:06:36.0965 1820 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys

12:06:36.0965 1820 umbus - ok

12:06:36.0981 1820 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

12:06:36.0981 1820 UmPass - ok

12:06:37.0027 1820 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll

12:06:37.0027 1820 UmRdpService - ok

12:06:37.0121 1820 [ D47E82866A6FF02DAE9CEDF127C4BEE0 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

12:06:37.0168 1820 UNS - ok

12:06:37.0215 1820 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

12:06:37.0230 1820 upnphost - ok

12:06:37.0261 1820 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

12:06:37.0277 1820 usbccgp - ok

12:06:37.0308 1820 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys

12:06:37.0308 1820 usbcir - ok

12:06:37.0355 1820 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

12:06:37.0355 1820 usbehci - ok

12:06:37.0386 1820 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

12:06:37.0386 1820 usbhub - ok

12:06:37.0433 1820 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys

12:06:37.0433 1820 usbohci - ok

12:06:37.0433 1820 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

12:06:37.0433 1820 usbprint - ok

12:06:37.0464 1820 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:06:37.0464 1820 USBSTOR - ok

12:06:37.0511 1820 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

12:06:37.0511 1820 usbuhci - ok

12:06:37.0527 1820 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

12:06:37.0527 1820 UxSms - ok

12:06:37.0542 1820 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe

12:06:37.0542 1820 VaultSvc - ok

12:06:37.0542 1820 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

12:06:37.0558 1820 vdrvroot - ok

12:06:37.0605 1820 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe

12:06:37.0620 1820 vds - ok

12:06:37.0667 1820 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

12:06:37.0667 1820 vga - ok

12:06:37.0667 1820 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

12:06:37.0683 1820 VgaSave - ok

12:06:37.0714 1820 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

12:06:37.0714 1820 vhdmp - ok

12:06:37.0745 1820 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys

12:06:37.0745 1820 viaagp - ok

12:06:37.0761 1820 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

12:06:37.0761 1820 ViaC7 - ok

12:06:37.0776 1820 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys

12:06:37.0776 1820 viaide - ok

12:06:37.0823 1820 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys

12:06:37.0823 1820 vmbus - ok

12:06:37.0885 1820 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

12:06:37.0885 1820 VMBusHID - ok

12:06:37.0901 1820 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys

12:06:37.0901 1820 volmgr - ok

12:06:37.0917 1820 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

12:06:37.0932 1820 volmgrx - ok

12:06:37.0948 1820 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys

12:06:37.0948 1820 volsnap - ok

12:06:37.0979 1820 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

12:06:37.0979 1820 vsmraid - ok

12:06:38.0041 1820 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe

12:06:38.0073 1820 VSS - ok

12:06:38.0088 1820 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

12:06:38.0088 1820 vwifibus - ok

12:06:38.0104 1820 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

12:06:38.0104 1820 vwififlt - ok

12:06:38.0135 1820 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

12:06:38.0151 1820 W32Time - ok

12:06:38.0182 1820 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

12:06:38.0182 1820 WacomPen - ok

12:06:38.0213 1820 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

12:06:38.0213 1820 WANARP - ok

12:06:38.0213 1820 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

12:06:38.0213 1820 Wanarpv6 - ok

12:06:38.0291 1820 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

12:06:38.0322 1820 WatAdminSvc - ok

12:06:38.0385 1820 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe

12:06:38.0416 1820 wbengine - ok

12:06:38.0447 1820 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

12:06:38.0447 1820 WbioSrvc - ok

12:06:38.0494 1820 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll

12:06:38.0509 1820 wcncsvc - ok

12:06:38.0525 1820 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:06:38.0525 1820 WcsPlugInService - ok

12:06:38.0572 1820 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

12:06:38.0572 1820 Wd - ok

12:06:38.0603 1820 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

12:06:38.0619 1820 Wdf01000 - ok

12:06:38.0634 1820 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

12:06:38.0634 1820 WdiServiceHost - ok

12:06:38.0634 1820 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

12:06:38.0634 1820 WdiSystemHost - ok

12:06:38.0681 1820 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll

12:06:38.0697 1820 WebClient - ok

12:06:38.0712 1820 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

12:06:38.0712 1820 Wecsvc - ok

12:06:38.0712 1820 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

12:06:38.0728 1820 wercplsupport - ok

12:06:38.0743 1820 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

12:06:38.0743 1820 WerSvc - ok

12:06:38.0775 1820 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

12:06:38.0775 1820 WfpLwf - ok

12:06:38.0790 1820 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

12:06:38.0790 1820 WIMMount - ok

12:06:38.0806 1820 WinHttpAutoProxySvc - ok

12:06:38.0868 1820 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

12:06:38.0868 1820 Winmgmt - ok

12:06:38.0931 1820 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll

12:06:38.0977 1820 WinRM - ok

12:06:39.0040 1820 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

12:06:39.0040 1820 WinUsb - ok

12:06:39.0087 1820 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

12:06:39.0102 1820 Wlansvc - ok

12:06:39.0149 1820 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

12:06:39.0149 1820 WmiAcpi - ok

12:06:39.0180 1820 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

12:06:39.0180 1820 wmiApSrv - ok

12:06:39.0243 1820 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

12:06:39.0274 1820 WMPNetworkSvc - ok

12:06:39.0289 1820 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

12:06:39.0289 1820 WPCSvc - ok

12:06:39.0336 1820 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

12:06:39.0336 1820 WPDBusEnum - ok

12:06:39.0367 1820 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

12:06:39.0367 1820 ws2ifsl - ok

12:06:39.0383 1820 WSearch - ok

12:06:39.0399 1820 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

12:06:39.0399 1820 WudfPf - ok

12:06:39.0461 1820 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

12:06:39.0461 1820 WUDFRd - ok

12:06:39.0523 1820 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

12:06:39.0523 1820 wudfsvc - ok

12:06:39.0555 1820 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

12:06:39.0570 1820 WwanSvc - ok

12:06:39.0586 1820 ================ Scan global ===============================

12:06:39.0648 1820 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

12:06:39.0695 1820 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

12:06:39.0695 1820 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll

12:06:39.0726 1820 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

12:06:39.0757 1820 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

12:06:39.0773 1820 [Global] - ok

12:06:39.0773 1820 ================ Scan MBR ==================================

12:06:39.0773 1820 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

12:06:39.0976 1820 \Device\Harddisk0\DR0 - ok

12:06:39.0976 1820 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

12:06:39.0976 1820 \Device\Harddisk1\DR1 - ok

12:06:39.0976 1820 ================ Scan VBR ==================================

12:06:39.0976 1820 [ A10A747E8997CE78E6CF50C27E157920 ] \Device\Harddisk0\DR0\Partition1

12:06:39.0976 1820 \Device\Harddisk0\DR0\Partition1 - ok

12:06:39.0991 1820 [ DA5DEF75BB81028110FDB12E54669DC1 ] \Device\Harddisk1\DR1\Partition1

12:06:39.0991 1820 \Device\Harddisk1\DR1\Partition1 - ok

12:06:39.0991 1820 ============================================================

12:06:39.0991 1820 Scan finished

12:06:39.0991 1820 ============================================================

12:06:40.0007 4568 Detected object count: 0

12:06:40.0007 4568 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyrightę 2011 AVAST Software
Run date: 2012-09-26 12:09:32
-----------------------------
12:09:32.929 OS Version: Windows 6.1.7601 Service Pack 1
12:09:32.929 Number of processors: 2 586 0x170A
12:09:32.945 ComputerName: WAGNER-PC UserName: Wagner
12:09:33.304 Initialize success
12:11:30.524 AVAST engine defs: 12092600
12:11:56.061 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
12:11:56.061 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 11
12:11:56.077 Disk 0 MBR read successfully
12:11:56.077 Disk 0 MBR scan
12:11:56.077 Disk 0 Windows 7 default MBR code
12:11:56.092 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
12:11:56.108 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76206 MB offset 144585
12:11:56.139 Disk 0 scanning sectors +156216060
12:11:56.233 Disk 0 scanning C:\Windows\system32\drivers
12:12:11.489 Service scanning
12:12:24.547 Service MpKsl09179ba6 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49B94804-B626-450C-886D-0CF958C8102F}\MpKsl09179ba6.sys **LOCKED** 32
12:12:43.391 Modules scanning
12:12:54.031 Disk 0 trace - called modules:
12:12:54.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
12:12:54.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8610d030]
12:12:54.062 3 CLASSPNP.SYS[8b40459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85c3f908]
12:12:54.686 AVAST engine scan C:\Windows
12:12:57.447 AVAST engine scan C:\Windows\system32
12:16:50.402 AVAST engine scan C:\Windows\system32\drivers
12:17:07.843 AVAST engine scan C:\Users\Wagner
12:25:08.776 AVAST engine scan C:\ProgramData
12:26:14.889 Scan finished successfully
12:30:15.894 Disk 0 MBR has been saved successfully to "C:\Users\Wagner\Desktop\MBR.dat"
12:30:15.957 The log file has been saved successfully to "C:\Users\Wagner\Desktop\aswMBR.txt"


Farbar Service Scanner Version: 19-09-2012
Ran by Wagner (administrator) on 26-09-2012 at 12:32:43
Running from "C:\Users\Wagner\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-12 07:47] - [2012-08-22 10:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



Thank you for your help!




Attached Files

  • Attached File  MBR.zip   559bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 27 September 2012 - 08:30 AM

Please download Seven.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file to a temporary folder your desktop.

These files will be extracted:
afd.reg
bit.reg
bfe.reg
mpssvc.reg
nsiproxy.reg
sdrsvc.reg
tdx.reg
wscsvc.reg
windefend.reg
wuauserv.reg

legacy_afd.reg
legacy_bfe.reg
Legacy_bit.reg
legacy_mpssvc.reg
legacy_nsiproxy.reg
legacy_sdrsvc.reg
legacy_tdx.reg
Legacy_windefend.reg
legacy_wscsvc.reg
legacy_wuauserv.reg

start_services.bat

==============

Double-click each one of these 12 .reg files in turn and click Yes to add it to the Registry

bfe.reg
BITS.reg
MpsSvc.reg
WinDefend,reg
wscsvc,reg
wuauserv,reg

legacy_bfe.reg
Legacy_bit.reg
legacy_mpssvc.reg
Legacy_windefend.reg
legacy_wscsvc.reg
legacy_wuauserv.reg


Allow registry merge.
When the 12 file have been executed.

Restart computer.

Note: Ignore this error:
"Cannot import C:\...\Desktop\Legacy_xxx.reg:
Not all data was successfully written to the registry. Some keys are open by the system or other processes."
Just continue executing the remaining .reg files.
======

Please download This repair tool from: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe
Double click on the downloaded file. It should only take a few seconds to run.
When complete, it will say .. "Done!"

Again please restart the computer.

Run the Farbar Service Scanner tool and post a fresh FSS.txt log.

Let me know what problem persists.

#5 mwagner17

mwagner17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 28 September 2012 - 12:03 AM

All seemed to write to the reg ok. Here is a new FSS log.

Did we solve the A ZeroAccess infection though? The TDSSKiller didn't find anything and not sure on the MBR? So was wondering if the malware was removed because the only scans after were for services.

Thanks again!!




Farbar Service Scanner Version: 19-09-2012
Ran by Wagner (administrator) on 27-09-2012 at 21:57:33
Running from "C:\Users\Wagner\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-12 07:47] - [2012-08-22 10:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 28 September 2012 - 08:07 AM

Now that the computer is in a better working state lets continue.


Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

===

Please post the logs for my review.

Let me know what prolem persists.

#7 mwagner17

mwagner17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 28 September 2012 - 02:37 PM

Hello,

Here are both ComboFix and both DDS logs.

Thanks!
ComboFix 12-09-27.03 - Wagner 09/28/2012 12:11:52.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3292.2272 [GMT -7:00]
Running from: c:\users\Wagner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\23lldnur.pad
c:\users\Wagner\AppData\Roaming\avwet.dll
c:\users\Wagner\AppData\Roaming\Cyho
c:\users\Wagner\AppData\Roaming\Cyho\cylig.exu
c:\users\Wagner\AppData\Roaming\nertp.dll
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 19:16 . 2012-09-28 19:18 -------- d-----w- c:\users\Wagner\AppData\Local\temp
2012-09-28 05:11 . 2012-09-28 05:11 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C5F4E0B-19DB-4EDF-A726-5BDAE5E05091}\offreg.dll
2012-09-28 05:08 . 2012-09-28 05:08 -------- d-----w- c:\programdata\McAfee Security Scan
2012-09-28 05:07 . 2012-09-28 05:07 -------- d-----w- c:\program files\McAfee Security Scan
2012-09-28 05:07 . 2012-09-28 05:07 -------- d-----w- c:\program files\Common Files\Java
2012-09-28 05:06 . 2012-09-28 05:06 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-28 05:06 . 2012-09-19 07:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C5F4E0B-19DB-4EDF-A726-5BDAE5E05091}\mpengine.dll
2012-09-22 07:11 . 2012-09-22 07:12 -------- d-----w- C:\FRST
2012-09-22 06:28 . 2012-02-09 21:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{337126D8-1E6C-42A8-A414-8D377E66CB56}\gapaengine.dll
2012-09-22 06:27 . 2012-09-19 07:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-22 06:25 . 2012-09-22 06:25 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-18 21:32 . 2012-09-22 04:20 -------- d-----w- c:\users\Wagner\AppData\Roaming\Boaf
2012-09-18 21:32 . 2012-09-19 20:51 -------- d-----w- c:\users\Wagner\AppData\Roaming\Uvfeod
2012-09-12 14:47 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:47 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:47 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:47 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:47 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:47 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-06 15:22 . 2012-09-06 22:45 -------- d-----w- c:\users\Wagner\AppData\Local\Roblox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-28 05:06 . 2012-07-02 20:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-28 05:06 . 2011-06-26 17:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-08 00:04 . 2011-02-02 22:43 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 03:32 . 2012-04-13 22:20 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-06 03:32 . 2011-05-25 01:06 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 17:47 . 2012-08-22 20:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-22 20:59 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-22 20:59 102912 ----a-w- c:\windows\system32\browser.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-08-04 2005]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-21 796696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Retrogamer_4w Browser Plugin Loader"="c:\progra~1\RETROG~2\bar\1.bin\4wbrmon.exe" [2012-06-22 30096]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-11-24 113664]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 Retrogamer_4wService;RetrogamerService;c:\progra~1\RETROG~2\bar\1.bin\4wbarsvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 03:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: reyrey.com\www.gs
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
DPF: PrintTemplateViewerCab - hxxps://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-PolkastLibrary - c:\program files\Polkast\PolkastLibrary.exe
HKCU-Run-nertp - c:\users\Wagner\AppData\Roaming\nertp.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2052)
c:\users\Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-09-28 12:22:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-28 19:22
.
Pre-Run: 43,094,118,400 bytes free
Post-Run: 44,370,612,224 bytes free
.
- - End Of File - - EB3166C1D1AF1D82443E937B06C44065


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Wagner at 12:23:44 on 2012-09-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3292.2431 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\PROGRA~1\RETROG~2\bar\1.bin\4wbarsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Retrogamer_4w Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\4wbrmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\wagner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\wagner\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: reyrey.com\www.gs
DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
DPF: PrintTemplateViewerCab - hxxps://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://www.gs.reyrey.com/clientdll/arview2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{09EFADD9-4EF4-45EA-A2BA-16BDB4FD091A} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9D42708D-1AF2-49A8-8D58-BCC7EFF4E8EE} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{AF04ECDD-77D2-413D-BD79-B61A193E4A66} : DhcpNameServer = 192.168.0.1 205.171.3.25
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-6-5 87400]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-7-17 116632]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-8-3 65657]
R2 Retrogamer_4wService;RetrogamerService;c:\progra~1\retrog~2\bar\1.bin\4wbarsvc.exe [2012-6-22 42528]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-7-31 2066968]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2009-11-6 214696]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-13 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-2 1343400]
.
=============== Created Last 30 ================
.
2012-09-28 19:22:23 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-28 19:16:20 -------- d-----w- c:\users\wagner\appdata\local\temp
2012-09-28 19:11:11 98816 ----a-w- c:\windows\sed.exe
2012-09-28 19:11:11 518144 ----a-w- c:\windows\SWREG.exe
2012-09-28 19:11:11 256000 ----a-w- c:\windows\PEV.exe
2012-09-28 19:11:11 208896 ----a-w- c:\windows\MBR.exe
2012-09-28 05:11:33 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3c5f4e0b-19db-4edf-a726-5bdae5e05091}\offreg.dll
2012-09-28 05:08:02 -------- d-----w- c:\programdata\McAfee Security Scan
2012-09-28 05:07:55 -------- d-----w- c:\program files\McAfee Security Scan
2012-09-28 05:06:54 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-28 05:06:30 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3c5f4e0b-19db-4edf-a726-5bdae5e05091}\mpengine.dll
2012-09-22 07:11:44 -------- d-----w- C:\FRST
2012-09-22 06:28:13 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{337126d8-1e6c-42a8-a414-8d377e66cb56}\gapaengine.dll
2012-09-22 06:27:57 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-22 06:25:13 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-18 21:32:06 -------- d-----w- c:\users\wagner\appdata\roaming\Uvfeod
2012-09-18 21:32:06 -------- d-----w- c:\users\wagner\appdata\roaming\Boaf
2012-09-12 14:47:48 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:47:47 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:47:46 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:47:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:47:46 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:47:46 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-06 15:22:29 -------- d-----w- c:\users\wagner\appdata\local\Roblox
.
==================== Find3M ====================
.
2012-09-28 05:06:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-28 05:06:48 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 03:32:00 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-06 03:32:00 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
.
============= FINISH: 12:31:45.25 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/2/2011 2:22:42 PM
System Uptime: 9/28/2012 12:17:20 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0M863N
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPU | 2593/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 41.262 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 381.912 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP191: 9/16/2012 3:29:38 AM - Windows Update
RP192: 9/20/2012 3:31:30 AM - Windows Update
RP193: 9/27/2012 9:58:50 PM - Windows Update
RP194: 9/27/2012 10:06:12 PM - Installed Java 7 Update 7
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader X (10.1.4)
Adobe SVG Viewer 3.0
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Bing Bar
Bing Rewards Client Installer
Dell Resource CD
Dropbox
eWallet GO! 1.1.2
FileZilla Client 3.5.3
GameTap Web Player
Google Calendar Sync
HomeSite 4.5
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Update
I.R.I.S. OCR
Intel® Management Engine Interface
Intel« Active Management Technology
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Linksys Dual-Band Wireless-N USB Network Adapter
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
Macromedia HomeSite 5
Malwarebytes Anti-Malware version 1.65.0.1400
Marketsplash Shortcuts
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.9.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
Quicken 2010
QuickTime
ROBLOX Player for Wagner
Screenshot It Enabler
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
TopStyle Lite (Version 1.5)
TopStyle Lite (Version 2)
Tower Builder
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vuze
ZumoCast
.
==== Event Viewer Messages From Past Week ========
.
9/28/2012 12:14:08 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/28/2012 12:12:55 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/28/2012 12:12:55 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
9/28/2012 12:11:55 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
9/28/2012 12:11:55 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/28/2012 12:10:55 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/28/2012 12:09:55 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
9/27/2012 9:54:07 PM, Error: Service Control Manager [7023] - The BFE service terminated with the following error: Access is denied.
9/27/2012 9:51:28 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
9/27/2012 9:51:28 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
9/27/2012 11:57:28 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/27/2012 11:57:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/27/2012 10:09:58 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
9/27/2012 10:09:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
9/26/2012 11:57:29 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/26/2012 11:40:13 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/26/2012 11:40:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/26/2012 11:40:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/26/2012 11:40:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/26/2012 11:40:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/26/2012 11:39:55 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
9/25/2012 11:35:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/25/2012 11:35:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/24/2012 11:35:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/24/2012 11:35:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/23/2012 2:08:17 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/23/2012 11:35:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/23/2012 11:35:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/22/2012 11:35:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/22/2012 11:35:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.214.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/21/2012 11:26:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/21/2012 11:25:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 29 September 2012 - 08:04 AM

Open notepad and copy/paste the text in the quote box below into it:

Folder::
c:\progra~1\retrog~2

Driver::
Retrogamer_4wService

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Retrogamer_4w Browser Plugin Loader"="-

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

#9 mwagner17

mwagner17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 01 October 2012 - 01:30 PM

Hello,

Here is the latest ComboFix log. Thanks!

ComboFix 12-09-30.03 - Wagner 10/01/2012 11:18:29.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3292.2616 [GMT -7:00]
Running from: c:\users\Wagner\Desktop\ComboFix.exe
Command switches used :: c:\users\Wagner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\retrog~2
c:\progra~1\retrog~2\bar\1.bin\4wauxstb.dll
c:\progra~1\retrog~2\bar\1.bin\4wbarsvc.exe
c:\progra~1\retrog~2\bar\1.bin\4wbrmon.exe
c:\progra~1\retrog~2\bar\1.bin\4wbrstub.dll
c:\progra~1\retrog~2\bar\1.bin\4wdatact.dll
c:\progra~1\retrog~2\bar\1.bin\4wdlghk.dll
c:\progra~1\retrog~2\bar\1.bin\4wdyn.dll
c:\progra~1\retrog~2\bar\1.bin\4wfeedmg.dll
c:\progra~1\retrog~2\bar\1.bin\4whighin.exe
c:\progra~1\retrog~2\bar\1.bin\4whkstub.dll
c:\progra~1\retrog~2\bar\1.bin\4whtmlmu.dll
c:\progra~1\retrog~2\bar\1.bin\4whttpct.dll
c:\progra~1\retrog~2\bar\1.bin\4widle.dll
c:\progra~1\retrog~2\bar\1.bin\4wieovr.dll
c:\progra~1\retrog~2\bar\1.bin\4wimpipe.exe
c:\progra~1\retrog~2\bar\1.bin\4wmedint.exe
c:\progra~1\retrog~2\bar\1.bin\4wmlbtn.dll
c:\progra~1\retrog~2\bar\1.bin\4wmsg.dll
c:\progra~1\retrog~2\bar\1.bin\4wPlugin.dll
c:\progra~1\retrog~2\bar\1.bin\4wradio.dll
c:\progra~1\retrog~2\bar\1.bin\4wregfft.dll
c:\progra~1\retrog~2\bar\1.bin\4wreghk.dll
c:\progra~1\retrog~2\bar\1.bin\4wregiet.dll
c:\progra~1\retrog~2\bar\1.bin\4wscript.dll
c:\progra~1\retrog~2\bar\1.bin\4wskin.dll
c:\progra~1\retrog~2\bar\1.bin\4wsknlcr.dll
c:\progra~1\retrog~2\bar\1.bin\4wskplay.exe
c:\progra~1\retrog~2\bar\1.bin\4wtpinst.dll
c:\progra~1\retrog~2\bar\1.bin\4wuabtn.dll
c:\progra~1\retrog~2\bar\1.bin\CHROME.MANIFEST
c:\progra~1\retrog~2\bar\1.bin\chrome\4wffxtbr.jar
c:\progra~1\retrog~2\bar\1.bin\CREXT.DLL
c:\progra~1\retrog~2\bar\1.bin\CrExtP4w.exe
c:\progra~1\retrog~2\bar\1.bin\INSTALL.RDF
c:\progra~1\retrog~2\bar\1.bin\installKeys.js
c:\progra~1\retrog~2\bar\1.bin\LOGO.BMP
c:\progra~1\retrog~2\bar\1.bin\NP4wStub.dll
c:\progra~1\retrog~2\bar\1.bin\T8EXTEX.DLL
c:\progra~1\retrog~2\bar\1.bin\T8EXTPEX.DLL
c:\progra~1\retrog~2\bar\1.bin\T8HTML.DLL
c:\progra~1\retrog~2\bar\1.bin\T8RES.DLL
c:\progra~1\retrog~2\bar\1.bin\T8TICKER.DLL
c:\progra~1\retrog~2\bar\1.bin\ThirdPartyInstallers\GT_silent.exe
c:\progra~1\retrog~2\bar\gen1\COMMON.T8S
c:\progra~1\retrog~2\bar\IE9Mesg\COMMON.T8S
c:\progra~1\retrog~2\bar\Message\COMMON.T8S
c:\progra~1\retrog~2\bar\Settings\s_pid.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Retrogamer_4wService
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-10-01 18:22 . 2012-10-01 18:24 -------- d-----w- c:\users\Wagner\AppData\Local\temp
2012-10-01 18:22 . 2012-10-01 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 19:40 . 2012-09-19 07:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9A6ED07-25B5-4DF3-B6E5-21DEC20F9363}\mpengine.dll
2012-09-28 05:08 . 2012-09-28 05:08 -------- d-----w- c:\programdata\McAfee Security Scan
2012-09-28 05:07 . 2012-09-28 05:07 -------- d-----w- c:\program files\McAfee Security Scan
2012-09-28 05:07 . 2012-09-28 05:07 -------- d-----w- c:\program files\Common Files\Java
2012-09-28 05:06 . 2012-09-28 05:06 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-22 07:11 . 2012-09-22 07:12 -------- d-----w- C:\FRST
2012-09-22 06:28 . 2012-02-09 21:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{337126D8-1E6C-42A8-A414-8D377E66CB56}\gapaengine.dll
2012-09-22 06:27 . 2012-09-19 07:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-22 06:25 . 2012-09-22 06:25 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-18 21:32 . 2012-09-22 04:20 -------- d-----w- c:\users\Wagner\AppData\Roaming\Boaf
2012-09-18 21:32 . 2012-09-19 20:51 -------- d-----w- c:\users\Wagner\AppData\Roaming\Uvfeod
2012-09-12 14:47 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:47 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:47 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:47 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:47 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:47 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-06 15:22 . 2012-09-06 22:45 -------- d-----w- c:\users\Wagner\AppData\Local\Roblox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-28 05:06 . 2012-07-02 20:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-28 05:06 . 2011-06-26 17:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-08 00:04 . 2011-02-02 22:43 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 03:32 . 2012-04-13 22:20 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-06 03:32 . 2011-05-25 01:06 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 17:47 . 2012-08-22 20:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-22 20:59 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-22 20:59 102912 ----a-w- c:\windows\system32\browser.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MotoCast"="c:\program files\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-08-04 2005]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-21 796696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Wagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Wagner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-11-24 113664]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 03:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: reyrey.com\www.gs
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
DPF: PrintTemplateViewerCab - hxxps://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Retrogamer_4w Browser Plugin Loader - c:\progra~1\RETROG~2\bar\1.bin\4wbrmon.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3992)
c:\users\Wagner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-10-01 11:28:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-01 18:28
ComboFix2.txt 2012-09-28 19:22
.
Pre-Run: 44,249,657,344 bytes free
Post-Run: 43,955,937,280 bytes free
.
- - End Of File - - B76480E9904B91E22641A566F04A5391

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:57 AM

Posted 02 October 2012 - 07:22 AM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#11 mwagner17

mwagner17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 02 October 2012 - 04:07 PM

Thanks for your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users