Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Money Pac ,,, But the screen is lock


  • Please log in to reply
24 replies to this topic

#1 BAKERSFIELDBOY211

BAKERSFIELDBOY211

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Calif
  • Local time:02:47 AM

Posted 06 October 2012 - 06:53 PM

Ive kill many virus, but this one is locking me out of running MB,or any thing to kill it,
I try to click crlt alt del but as fast as i do it pops up with a white screen and stays there,If internet is running
it will goto FBI screen asking for $200 money pac. I've try it in safe mode with and with out networking but same thing locked screen each time. john

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:47 AM

Posted 06 October 2012 - 06:54 PM

what is your operating system?

#3 BAKERSFIELDBOY211

BAKERSFIELDBOY211
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Calif
  • Local time:02:47 AM

Posted 06 October 2012 - 07:00 PM

Windows 7

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:47 AM

Posted 06 October 2012 - 07:12 PM

Restart the PC

Press F8 on bootup

Select REPAIR YOUR COMPUTER

Click on REPAIR

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Can you get to this screen?

If yes

Select System restore

Restore to a previous restore point and see if you're able to boot up.

#5 BAKERSFIELDBOY211

BAKERSFIELDBOY211
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Calif
  • Local time:02:47 AM

Posted 06 October 2012 - 07:23 PM

Yes was abel to get to the screen, i did have a date to choose from, went back 1 week,
waiting now ! ! !
.
.
.
.waiting
.
.say it was successful
Logging on,,,,,,,,,,,,, system restore copleted successful
(DATE AND TIME) ??? ok butt a sysetem prograsive protect pop up scaning my system now...HELP !!!
i do have control

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:47 AM

Posted 06 October 2012 - 07:24 PM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#7 BAKERSFIELDBOY211

BAKERSFIELDBOY211
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Calif
  • Local time:02:47 AM

Posted 06 October 2012 - 08:04 PM

ok,heres the logs

17:32:11.0083 1824 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:32:11.0443 1824 ============================================================
17:32:11.0443 1824 Current date / time: 2012/10/06 17:32:11.0443
17:32:11.0443 1824 SystemInfo:
17:32:11.0443 1824
17:32:11.0443 1824 OS Version: 6.1.7601 ServicePack: 1.0
17:32:11.0443 1824 Product type: Workstation
17:32:11.0443 1824 ComputerName: KYLE-PC
17:32:11.0443 1824 UserName: Kyle
17:32:11.0443 1824 Windows directory: C:\Windows
17:32:11.0443 1824 System windows directory: C:\Windows
17:32:11.0443 1824 Running under WOW64
17:32:11.0443 1824 Processor architecture: Intel x64
17:32:11.0443 1824 Number of processors: 2
17:32:11.0443 1824 Page size: 0x1000
17:32:11.0443 1824 Boot type: Safe boot with network
17:32:11.0443 1824 ============================================================
17:32:12.0806 1824 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:32:12.0809 1824 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:32:13.0091 1824 ============================================================
17:32:13.0091 1824 \Device\Harddisk0\DR0:
17:32:13.0092 1824 MBR partitions:
17:32:13.0092 1824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:32:13.0092 1824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x10F48800
17:32:13.0092 1824 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10FAC800, BlocksNum 0x1A39800
17:32:13.0092 1824 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x129E6000, BlocksNum 0x336B0
17:32:13.0092 1824 \Device\Harddisk1\DR1:
17:32:13.0094 1824 MBR partitions:
17:32:13.0094 1824 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:32:13.0094 1824 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B60A000
17:32:13.0094 1824 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1B66E000, BlocksNum 0x1B23800
17:32:13.0094 1824 \Device\Harddisk1\DR1\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
17:32:13.0094 1824 ============================================================
17:32:13.0156 1824 C: <-> \Device\Harddisk0\DR0\Partition2
17:32:13.0209 1824 D: <-> \Device\Harddisk0\DR0\Partition3
17:32:13.0266 1824 F: <-> \Device\Harddisk1\DR1\Partition3
17:32:13.0344 1824 G: <-> \Device\Harddisk1\DR1\Partition2
17:32:13.0376 1824 H: <-> \Device\Harddisk1\DR1\Partition4
17:32:13.0415 1824 I: <-> \Device\Harddisk1\DR1\Partition1
17:32:13.0415 1824 ============================================================
17:32:13.0415 1824 Initialize success
17:32:13.0415 1824 ============================================================
17:32:16.0398 1948 ============================================================
17:32:16.0398 1948 Scan started
17:32:16.0398 1948 Mode: Manual;
17:32:16.0398 1948 ============================================================
17:32:17.0901 1948 ================ Scan system memory ========================
17:32:17.0901 1948 System memory - ok
17:32:17.0901 1948 ================ Scan services =============================
17:32:18.0087 1948 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:32:18.0091 1948 1394ohci - ok
17:32:18.0155 1948 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:32:18.0160 1948 ACPI - ok
17:32:18.0192 1948 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:32:18.0193 1948 AcpiPmi - ok
17:32:18.0267 1948 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:32:18.0273 1948 adp94xx - ok
17:32:18.0325 1948 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:32:18.0330 1948 adpahci - ok
17:32:18.0360 1948 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:32:18.0363 1948 adpu320 - ok
17:32:18.0388 1948 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:32:18.0390 1948 AeLookupSvc - ok
17:32:18.0494 1948 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
17:32:18.0496 1948 AESTFilters - ok
17:32:18.0570 1948 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys
17:32:18.0575 1948 AFD - ok
17:32:18.0665 1948 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
17:32:18.0666 1948 AgereModemAudio - ok
17:32:18.0723 1948 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
17:32:18.0755 1948 AgereSoftModem - ok
17:32:18.0810 1948 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:32:18.0812 1948 agp440 - ok
17:32:18.0858 1948 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:32:18.0860 1948 ALG - ok
17:32:18.0922 1948 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:32:18.0923 1948 aliide - ok
17:32:18.0994 1948 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:32:18.0998 1948 AMD External Events Utility - ok
17:32:19.0005 1948 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:32:19.0006 1948 amdide - ok
17:32:19.0058 1948 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:32:19.0060 1948 AmdK8 - ok
17:32:19.0101 1948 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:32:19.0102 1948 AmdPPM - ok
17:32:19.0157 1948 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:32:19.0159 1948 amdsata - ok
17:32:19.0211 1948 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:32:19.0214 1948 amdsbs - ok
17:32:19.0250 1948 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:32:19.0250 1948 amdxata - ok
17:32:19.0322 1948 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:32:19.0324 1948 AppID - ok
17:32:19.0355 1948 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:32:19.0356 1948 AppIDSvc - ok
17:32:19.0417 1948 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:32:19.0418 1948 Appinfo - ok
17:32:19.0448 1948 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:32:19.0450 1948 arc - ok
17:32:19.0465 1948 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:32:19.0467 1948 arcsas - ok
17:32:19.0514 1948 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:32:19.0516 1948 AsyncMac - ok
17:32:19.0544 1948 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:32:19.0545 1948 atapi - ok
17:32:19.0638 1948 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:32:19.0684 1948 athr - ok
17:32:19.0804 1948 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:32:19.0806 1948 AtiHdmiService - ok
17:32:19.0990 1948 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:32:20.0139 1948 atikmdag - ok
17:32:20.0170 1948 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
17:32:20.0170 1948 AtiPcie - ok
17:32:20.0248 1948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:32:20.0274 1948 AudioEndpointBuilder - ok
17:32:20.0286 1948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:32:20.0291 1948 AudioSrv - ok
17:32:20.0356 1948 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:32:20.0358 1948 AxInstSV - ok
17:32:20.0411 1948 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:32:20.0418 1948 b06bdrv - ok
17:32:20.0508 1948 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:32:20.0512 1948 b57nd60a - ok
17:32:20.0607 1948 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:32:20.0609 1948 BDESVC - ok
17:32:20.0625 1948 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:32:20.0626 1948 Beep - ok
17:32:20.0709 1948 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:32:20.0724 1948 BFE - ok
17:32:20.0855 1948 [ 4D7F8401EAE7EAA4EF702FA6F4153269 ] BHDrvx64 C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
17:32:20.0859 1948 BHDrvx64 - ok
17:32:20.0906 1948 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:32:20.0925 1948 BITS - ok
17:32:20.0957 1948 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:32:20.0958 1948 blbdrive - ok
17:32:21.0016 1948 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:32:21.0017 1948 bowser - ok
17:32:21.0044 1948 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:32:21.0045 1948 BrFiltLo - ok
17:32:21.0059 1948 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:32:21.0060 1948 BrFiltUp - ok
17:32:21.0103 1948 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
17:32:21.0105 1948 Browser - ok
17:32:21.0145 1948 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:32:21.0149 1948 Brserid - ok
17:32:21.0166 1948 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:32:21.0168 1948 BrSerWdm - ok
17:32:21.0186 1948 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:32:21.0187 1948 BrUsbMdm - ok
17:32:21.0202 1948 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:32:21.0203 1948 BrUsbSer - ok
17:32:21.0238 1948 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:32:21.0240 1948 BTHMODEM - ok
17:32:21.0275 1948 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:32:21.0277 1948 bthserv - ok
17:32:21.0349 1948 [ A2E6AB452B9393CA8D11D28827E0E1A1 ] ccHP C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
17:32:21.0354 1948 ccHP - ok
17:32:21.0402 1948 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:32:21.0404 1948 cdfs - ok
17:32:21.0478 1948 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:32:21.0480 1948 cdrom - ok
17:32:21.0544 1948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:32:21.0546 1948 CertPropSvc - ok
17:32:21.0586 1948 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:32:21.0588 1948 circlass - ok
17:32:21.0640 1948 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:32:21.0646 1948 CLFS - ok
17:32:21.0703 1948 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:32:21.0709 1948 clr_optimization_v2.0.50727_32 - ok
17:32:21.0767 1948 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:32:21.0771 1948 clr_optimization_v2.0.50727_64 - ok
17:32:21.0793 1948 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:32:21.0794 1948 CmBatt - ok
17:32:21.0826 1948 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:32:21.0826 1948 cmdide - ok
17:32:21.0884 1948 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
17:32:21.0891 1948 CNG - ok
17:32:21.0988 1948 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:32:21.0993 1948 Com4QLBEx - ok
17:32:22.0035 1948 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:32:22.0036 1948 Compbatt - ok
17:32:22.0087 1948 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:32:22.0088 1948 CompositeBus - ok
17:32:22.0108 1948 COMSysApp - ok
17:32:22.0154 1948 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:32:22.0156 1948 crcdisk - ok
17:32:22.0229 1948 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:32:22.0232 1948 CryptSvc - ok
17:32:22.0297 1948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:32:22.0316 1948 DcomLaunch - ok
17:32:22.0382 1948 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:32:22.0387 1948 defragsvc - ok
17:32:22.0438 1948 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:32:22.0440 1948 DfsC - ok
17:32:22.0509 1948 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:32:22.0514 1948 Dhcp - ok
17:32:22.0547 1948 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:32:22.0547 1948 discache - ok
17:32:22.0611 1948 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:32:22.0612 1948 Disk - ok
17:32:22.0658 1948 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:32:22.0661 1948 Dnscache - ok
17:32:22.0697 1948 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:32:22.0701 1948 dot3svc - ok
17:32:22.0732 1948 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:32:22.0736 1948 DPS - ok
17:32:22.0796 1948 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:32:22.0797 1948 drmkaud - ok
17:32:22.0868 1948 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:32:22.0876 1948 DXGKrnl - ok
17:32:22.0927 1948 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:32:22.0930 1948 EapHost - ok
17:32:23.0029 1948 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:32:23.0109 1948 ebdrv - ok
17:32:23.0223 1948 [ 066108AE4C35835081598827A1A7D08D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:32:23.0227 1948 eeCtrl - ok
17:32:23.0270 1948 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
17:32:23.0271 1948 EFS - ok
17:32:23.0373 1948 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:32:23.0389 1948 ehRecvr - ok
17:32:23.0419 1948 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:32:23.0421 1948 ehSched - ok
17:32:23.0468 1948 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:32:23.0484 1948 elxstor - ok
17:32:23.0556 1948 [ 12866876E3851F1E5D462B2A83E25578 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:32:23.0558 1948 EraserUtilRebootDrv - ok
17:32:23.0581 1948 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:32:23.0582 1948 ErrDev - ok
17:32:23.0673 1948 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:32:23.0679 1948 EventSystem - ok
17:32:23.0764 1948 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:32:23.0767 1948 exfat - ok
17:32:23.0784 1948 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:32:23.0786 1948 fastfat - ok
17:32:23.0858 1948 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:32:23.0873 1948 Fax - ok
17:32:23.0886 1948 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:32:23.0887 1948 fdc - ok
17:32:23.0933 1948 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:32:23.0935 1948 fdPHost - ok
17:32:23.0950 1948 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:32:23.0952 1948 FDResPub - ok
17:32:23.0971 1948 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:32:23.0973 1948 FileInfo - ok
17:32:23.0984 1948 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:32:23.0986 1948 Filetrace - ok
17:32:24.0010 1948 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:32:24.0011 1948 flpydisk - ok
17:32:24.0055 1948 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:32:24.0060 1948 FltMgr - ok
17:32:24.0112 1948 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
17:32:24.0146 1948 FontCache - ok
17:32:24.0193 1948 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:32:24.0195 1948 FontCache3.0.0.0 - ok
17:32:24.0201 1948 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:32:24.0203 1948 FsDepends - ok
17:32:24.0220 1948 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:32:24.0221 1948 Fs_Rec - ok
17:32:24.0283 1948 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:32:24.0287 1948 fvevol - ok
17:32:24.0315 1948 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:32:24.0317 1948 gagp30kx - ok
17:32:24.0428 1948 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:32:24.0432 1948 GamesAppService - ok
17:32:24.0485 1948 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:32:24.0505 1948 gpsvc - ok
17:32:24.0601 1948 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:32:24.0604 1948 gupdate - ok
17:32:24.0636 1948 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:32:24.0637 1948 gupdatem - ok
17:32:24.0718 1948 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:32:24.0722 1948 gusvc - ok
17:32:24.0739 1948 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:32:24.0740 1948 hcw85cir - ok
17:32:24.0822 1948 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:32:24.0828 1948 HdAudAddService - ok
17:32:24.0872 1948 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:32:24.0874 1948 HDAudBus - ok
17:32:24.0898 1948 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:32:24.0900 1948 HidBatt - ok
17:32:24.0929 1948 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:32:24.0931 1948 HidBth - ok
17:32:24.0967 1948 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:32:24.0968 1948 HidIr - ok
17:32:24.0993 1948 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:32:24.0995 1948 hidserv - ok
17:32:25.0038 1948 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:32:25.0040 1948 HidUsb - ok
17:32:25.0114 1948 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:32:25.0116 1948 hkmsvc - ok
17:32:25.0181 1948 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:32:25.0185 1948 HomeGroupListener - ok
17:32:25.0238 1948 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:32:25.0242 1948 HomeGroupProvider - ok
17:32:25.0272 1948 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:32:25.0273 1948 HpqKbFiltr - ok
17:32:25.0342 1948 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:32:25.0344 1948 hpqwmiex - ok
17:32:25.0387 1948 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:32:25.0389 1948 HpSAMD - ok
17:32:25.0437 1948 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:32:25.0444 1948 HTTP - ok
17:32:25.0492 1948 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:32:25.0493 1948 hwpolicy - ok
17:32:25.0555 1948 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:32:25.0557 1948 i8042prt - ok
17:32:25.0615 1948 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:32:25.0621 1948 iaStorV - ok
17:32:25.0697 1948 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:32:25.0701 1948 IDriverT - ok
17:32:25.0783 1948 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:32:25.0802 1948 idsvc - ok
17:32:25.0985 1948 [ 8F9FAA4583E634A1505BAD8D0C04C5C9 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110419.002\IDSvia64.sys
17:32:25.0991 1948 IDSVia64 - ok
17:32:26.0183 1948 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:32:26.0321 1948 igfx - ok
17:32:26.0338 1948 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:32:26.0339 1948 iirsp - ok
17:32:26.0397 1948 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:32:26.0418 1948 IKEEXT - ok
17:32:26.0456 1948 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:32:26.0457 1948 intelide - ok
17:32:26.0488 1948 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:32:26.0490 1948 intelppm - ok
17:32:26.0544 1948 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:32:26.0547 1948 IPBusEnum - ok
17:32:26.0587 1948 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:32:26.0588 1948 IpFilterDriver - ok
17:32:26.0642 1948 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:32:26.0657 1948 iphlpsvc - ok
17:32:26.0692 1948 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:32:26.0694 1948 IPMIDRV - ok
17:32:26.0726 1948 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:32:26.0728 1948 IPNAT - ok
17:32:26.0785 1948 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:32:26.0786 1948 IRENUM - ok
17:32:26.0841 1948 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:32:26.0842 1948 isapnp - ok
17:32:26.0881 1948 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:32:26.0885 1948 iScsiPrt - ok
17:32:26.0930 1948 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:32:26.0931 1948 kbdclass - ok
17:32:26.0986 1948 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:32:26.0987 1948 kbdhid - ok
17:32:27.0005 1948 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
17:32:27.0006 1948 KeyIso - ok
17:32:27.0020 1948 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:32:27.0022 1948 KSecDD - ok
17:32:27.0062 1948 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:32:27.0065 1948 KSecPkg - ok
17:32:27.0080 1948 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:32:27.0080 1948 ksthunk - ok
17:32:27.0117 1948 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:32:27.0123 1948 KtmRm - ok
17:32:27.0160 1948 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:32:27.0165 1948 LanmanServer - ok
17:32:27.0206 1948 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:32:27.0209 1948 LanmanWorkstation - ok
17:32:27.0298 1948 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:32:27.0299 1948 LightScribeService - ok
17:32:27.0351 1948 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:32:27.0352 1948 lltdio - ok
17:32:27.0388 1948 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:32:27.0393 1948 lltdsvc - ok
17:32:27.0405 1948 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:32:27.0406 1948 lmhosts - ok
17:32:27.0472 1948 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:32:27.0474 1948 LSI_FC - ok
17:32:27.0497 1948 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:32:27.0499 1948 LSI_SAS - ok
17:32:27.0518 1948 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:32:27.0520 1948 LSI_SAS2 - ok
17:32:27.0574 1948 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:32:27.0577 1948 LSI_SCSI - ok
17:32:27.0610 1948 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:32:27.0611 1948 luafv - ok
17:32:27.0677 1948 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:32:27.0681 1948 McComponentHostService - ok
17:32:27.0744 1948 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:32:27.0746 1948 Mcx2Svc - ok
17:32:27.0777 1948 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:32:27.0778 1948 megasas - ok
17:32:27.0802 1948 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:32:27.0806 1948 MegaSR - ok
17:32:27.0860 1948 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:32:27.0862 1948 MMCSS - ok
17:32:27.0871 1948 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:32:27.0872 1948 Modem - ok
17:32:27.0918 1948 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:32:27.0919 1948 monitor - ok
17:32:27.0981 1948 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:32:27.0982 1948 mouclass - ok
17:32:28.0024 1948 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:32:28.0025 1948 mouhid - ok
17:32:28.0079 1948 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:32:28.0081 1948 mountmgr - ok
17:32:28.0125 1948 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:32:28.0128 1948 mpio - ok
17:32:28.0148 1948 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:32:28.0149 1948 mpsdrv - ok
17:32:28.0202 1948 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:32:28.0219 1948 MpsSvc - ok
17:32:28.0266 1948 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:32:28.0269 1948 MRxDAV - ok
17:32:28.0335 1948 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:32:28.0337 1948 mrxsmb - ok
17:32:28.0357 1948 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:32:28.0360 1948 mrxsmb10 - ok
17:32:28.0396 1948 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:32:28.0398 1948 mrxsmb20 - ok
17:32:28.0432 1948 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:32:28.0432 1948 msahci - ok
17:32:28.0462 1948 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:32:28.0464 1948 msdsm - ok
17:32:28.0490 1948 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:32:28.0493 1948 MSDTC - ok
17:32:28.0546 1948 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:32:28.0547 1948 Msfs - ok
17:32:28.0576 1948 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:32:28.0577 1948 mshidkmdf - ok
17:32:28.0609 1948 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:32:28.0610 1948 msisadrv - ok
17:32:28.0655 1948 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:32:28.0659 1948 MSiSCSI - ok
17:32:28.0664 1948 msiserver - ok
17:32:28.0737 1948 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:32:28.0738 1948 MSKSSRV - ok
17:32:28.0787 1948 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:32:28.0789 1948 MSPCLOCK - ok
17:32:28.0802 1948 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:32:28.0803 1948 MSPQM - ok
17:32:28.0855 1948 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:32:28.0860 1948 MsRPC - ok
17:32:28.0909 1948 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:32:28.0910 1948 mssmbios - ok
17:32:28.0928 1948 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:32:28.0929 1948 MSTEE - ok
17:32:28.0965 1948 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:32:28.0966 1948 MTConfig - ok
17:32:28.0986 1948 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:32:28.0987 1948 Mup - ok
17:32:29.0039 1948 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:32:29.0046 1948 napagent - ok
17:32:29.0125 1948 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:32:29.0128 1948 NativeWifiP - ok
17:32:29.0183 1948 NAVENG - ok
17:32:29.0188 1948 NAVEX15 - ok
17:32:29.0253 1948 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:32:29.0288 1948 NDIS - ok
17:32:29.0333 1948 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:32:29.0334 1948 NdisCap - ok
17:32:29.0381 1948 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:32:29.0382 1948 NdisTapi - ok
17:32:29.0442 1948 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:32:29.0443 1948 Ndisuio - ok
17:32:29.0488 1948 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:32:29.0490 1948 NdisWan - ok
17:32:29.0525 1948 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:32:29.0526 1948 NDProxy - ok
17:32:29.0580 1948 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:32:29.0581 1948 NetBIOS - ok
17:32:29.0617 1948 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:32:29.0620 1948 NetBT - ok
17:32:29.0640 1948 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
17:32:29.0641 1948 Netlogon - ok
17:32:29.0697 1948 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:32:29.0703 1948 Netman - ok
17:32:29.0747 1948 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:32:29.0754 1948 netprofm - ok
17:32:29.0776 1948 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:32:29.0778 1948 NetTcpPortSharing - ok
17:32:29.0934 1948 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
17:32:30.0061 1948 netw5v64 - ok
17:32:30.0107 1948 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:32:30.0108 1948 nfrd960 - ok
17:32:30.0161 1948 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:32:30.0166 1948 NlaSvc - ok
17:32:30.0235 1948 NOBU - ok
17:32:30.0319 1948 [ 64C89DB40949FD0E7C8FF303676A91F1 ] Norton Internet Security C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
17:32:30.0320 1948 Norton Internet Security - ok
17:32:30.0339 1948 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:32:30.0340 1948 Npfs - ok
17:32:30.0361 1948 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:32:30.0362 1948 nsi - ok
17:32:30.0377 1948 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:32:30.0378 1948 nsiproxy - ok
17:32:30.0474 1948 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:32:30.0520 1948 Ntfs - ok
17:32:30.0538 1948 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:32:30.0538 1948 Null - ok
17:32:30.0604 1948 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:32:30.0607 1948 nvraid - ok
17:32:30.0625 1948 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:32:30.0628 1948 nvstor - ok
17:32:30.0678 1948 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:32:30.0681 1948 nv_agp - ok
17:32:30.0784 1948 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:32:30.0792 1948 odserv - ok
17:32:30.0855 1948 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:32:30.0857 1948 ohci1394 - ok
17:32:30.0956 1948 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:32:30.0959 1948 ose - ok
17:32:30.0985 1948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:32:30.0991 1948 p2pimsvc - ok
17:32:31.0025 1948 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:32:31.0032 1948 p2psvc - ok
17:32:31.0048 1948 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:32:31.0056 1948 Parport - ok
17:32:31.0092 1948 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:32:31.0094 1948 partmgr - ok
17:32:31.0114 1948 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:32:31.0118 1948 PcaSvc - ok
17:32:31.0144 1948 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:32:31.0148 1948 pci - ok
17:32:31.0195 1948 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:32:31.0196 1948 pciide - ok
17:32:31.0236 1948 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:32:31.0240 1948 pcmcia - ok
17:32:31.0273 1948 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:32:31.0274 1948 pcw - ok
17:32:31.0311 1948 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:32:31.0316 1948 PEAUTH - ok
17:32:31.0434 1948 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:32:31.0437 1948 PerfHost - ok
17:32:31.0518 1948 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:32:31.0562 1948 pla - ok
17:32:31.0631 1948 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:32:31.0637 1948 PlugPlay - ok
17:32:31.0667 1948 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:32:31.0669 1948 PNRPAutoReg - ok
17:32:31.0685 1948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:32:31.0689 1948 PNRPsvc - ok
17:32:31.0721 1948 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:32:31.0728 1948 PolicyAgent - ok
17:32:31.0767 1948 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:32:31.0771 1948 Power - ok
17:32:31.0828 1948 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:32:31.0829 1948 PptpMiniport - ok
17:32:31.0874 1948 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:32:31.0876 1948 Processor - ok
17:32:31.0905 1948 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
17:32:31.0909 1948 ProfSvc - ok
17:32:31.0930 1948 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
17:32:31.0931 1948 ProtectedStorage - ok
17:32:31.0972 1948 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:32:31.0973 1948 Psched - ok
17:32:32.0044 1948 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:32:32.0089 1948 ql2300 - ok
17:32:32.0123 1948 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:32:32.0125 1948 ql40xx - ok
17:32:32.0164 1948 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:32:32.0169 1948 QWAVE - ok
17:32:32.0192 1948 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:32:32.0193 1948 QWAVEdrv - ok
17:32:32.0210 1948 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:32:32.0211 1948 RasAcd - ok
17:32:32.0266 1948 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:32:32.0267 1948 RasAgileVpn - ok
17:32:32.0286 1948 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:32:32.0289 1948 RasAuto - ok
17:32:32.0331 1948 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:32:32.0332 1948 Rasl2tp - ok
17:32:32.0371 1948 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:32:32.0378 1948 RasMan - ok
17:32:32.0420 1948 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:32:32.0422 1948 RasPppoe - ok
17:32:32.0464 1948 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:32:32.0465 1948 RasSstp - ok
17:32:32.0513 1948 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:32:32.0516 1948 rdbss - ok
17:32:32.0533 1948 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:32:32.0534 1948 rdpbus - ok
17:32:32.0556 1948 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:32:32.0557 1948 RDPCDD - ok
17:32:32.0602 1948 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:32:32.0603 1948 RDPENCDD - ok
17:32:32.0625 1948 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:32:32.0626 1948 RDPREFMP - ok
17:32:32.0664 1948 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:32:32.0668 1948 RDPWD - ok
17:32:32.0728 1948 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:32:32.0732 1948 rdyboost - ok
17:32:32.0759 1948 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:32:32.0762 1948 RemoteAccess - ok
17:32:32.0791 1948 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:32:32.0795 1948 RemoteRegistry - ok
17:32:32.0866 1948 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:32:32.0871 1948 RichVideo - ok
17:32:32.0886 1948 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:32:32.0888 1948 RpcEptMapper - ok
17:32:32.0925 1948 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:32:32.0926 1948 RpcLocator - ok
17:32:32.0970 1948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:32:32.0975 1948 RpcSs - ok
17:32:33.0021 1948 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:32:33.0022 1948 rspndr - ok
17:32:33.0061 1948 RSUSBSTOR - ok
17:32:33.0112 1948 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:32:33.0114 1948 RTL8167 - ok
17:32:33.0143 1948 RtsUIR - ok
17:32:33.0164 1948 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
17:32:33.0165 1948 SamSs - ok
17:32:33.0174 1948 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:32:33.0176 1948 sbp2port - ok
17:32:33.0233 1948 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:32:33.0237 1948 SCardSvr - ok
17:32:33.0287 1948 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:32:33.0289 1948 scfilter - ok
17:32:33.0345 1948 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:32:33.0381 1948 Schedule - ok
17:32:33.0418 1948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:32:33.0419 1948 SCPolicySvc - ok
17:32:33.0483 1948 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:32:33.0485 1948 sdbus - ok
17:32:33.0523 1948 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:32:33.0526 1948 SDRSVC - ok
17:32:33.0630 1948 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:32:33.0633 1948 SeaPort - ok
17:32:33.0702 1948 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:32:33.0703 1948 secdrv - ok
17:32:33.0738 1948 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:32:33.0740 1948 seclogon - ok
17:32:33.0776 1948 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:32:33.0778 1948 SENS - ok
17:32:33.0840 1948 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:32:33.0842 1948 SensrSvc - ok
17:32:33.0870 1948 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:32:33.0872 1948 Serenum - ok
17:32:33.0916 1948 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:32:33.0918 1948 Serial - ok
17:32:33.0974 1948 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:32:33.0976 1948 sermouse - ok
17:32:34.0043 1948 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:32:34.0046 1948 SessionEnv - ok
17:32:34.0082 1948 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:32:34.0084 1948 sffdisk - ok
17:32:34.0101 1948 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:32:34.0103 1948 sffp_mmc - ok
17:32:34.0118 1948 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:32:34.0119 1948 sffp_sd - ok
17:32:34.0150 1948 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:32:34.0151 1948 sfloppy - ok
17:32:34.0213 1948 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:32:34.0219 1948 SharedAccess - ok
17:32:34.0259 1948 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:32:34.0265 1948 ShellHWDetection - ok
17:32:34.0290 1948 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:32:34.0291 1948 SiSRaid2 - ok
17:32:34.0311 1948 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:32:34.0313 1948 SiSRaid4 - ok
17:32:34.0340 1948 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:32:34.0342 1948 Smb - ok
17:32:34.0397 1948 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:32:34.0399 1948 SNMPTRAP - ok
17:32:34.0412 1948 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:32:34.0413 1948 spldr - ok
17:32:34.0505 1948 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
17:32:34.0524 1948 Spooler - ok
17:32:34.0644 1948 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:32:34.0736 1948 sppsvc - ok
17:32:34.0751 1948 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:32:34.0753 1948 sppuinotify - ok
17:32:34.0833 1948 [ 9E399476E5D5E0D3C8822C857A7E9A9A ] SRTSP C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
17:32:34.0840 1948 SRTSP - ok
17:32:34.0875 1948 [ 3D7717B582F0365E75071556936E5A6B ] SRTSPX C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
17:32:34.0876 1948 SRTSPX - ok
17:32:34.0913 1948 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:32:34.0920 1948 srv - ok
17:32:34.0976 1948 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:32:34.0983 1948 srv2 - ok
17:32:35.0054 1948 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:32:35.0059 1948 SrvHsfHDA - ok
17:32:35.0109 1948 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:32:35.0143 1948 SrvHsfV92 - ok
17:32:35.0185 1948 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:32:35.0202 1948 SrvHsfWinac - ok
17:32:35.0233 1948 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:32:35.0236 1948 srvnet - ok
17:32:35.0286 1948 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:32:35.0290 1948 SSDPSRV - ok
17:32:35.0309 1948 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:32:35.0312 1948 SstpSvc - ok
17:32:35.0456 1948 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
17:32:35.0459 1948 STacSV - ok
17:32:35.0485 1948 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:32:35.0486 1948 stexstor - ok
17:32:35.0557 1948 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:32:35.0564 1948 STHDA - ok
17:32:35.0605 1948 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:32:35.0622 1948 stisvc - ok
17:32:35.0655 1948 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:32:35.0655 1948 swenum - ok
17:32:35.0708 1948 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:32:35.0724 1948 swprv - ok
17:32:35.0789 1948 [ 4F87BB5389A93778EBC363B28271A65B ] SymEFA C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
17:32:35.0795 1948 SymEFA - ok
17:32:35.0846 1948 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:32:35.0849 1948 SymEvent - ok
17:32:35.0885 1948 SYMFW - ok
17:32:35.0912 1948 [ 212BBF5A964513980D5DE9397381534F ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
17:32:35.0913 1948 SymIM - ok
17:32:35.0942 1948 SYMNDISV - ok
17:32:35.0990 1948 [ 33B37CB0A74F1F4B78A665ECE9184095 ] SYMTDI C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
17:32:35.0992 1948 SYMTDI - ok
17:32:36.0044 1948 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:32:36.0046 1948 SynTP - ok
17:32:36.0124 1948 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:32:36.0170 1948 SysMain - ok
17:32:36.0220 1948 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:32:36.0222 1948 TabletInputService - ok
17:32:36.0289 1948 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:32:36.0295 1948 TapiSrv - ok
17:32:36.0328 1948 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:32:36.0330 1948 TBS - ok
17:32:36.0415 1948 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:32:36.0461 1948 Tcpip - ok
17:32:36.0541 1948 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:32:36.0553 1948 TCPIP6 - ok
17:32:36.0585 1948 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:32:36.0587 1948 tcpipreg - ok
17:32:36.0647 1948 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:32:36.0648 1948 TDPIPE - ok
17:32:36.0670 1948 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:32:36.0671 1948 TDTCP - ok
17:32:36.0728 1948 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:32:36.0730 1948 tdx - ok
17:32:36.0765 1948 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:32:36.0766 1948 TermDD - ok
17:32:36.0808 1948 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:32:36.0826 1948 TermService - ok
17:32:36.0848 1948 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:32:36.0850 1948 Themes - ok
17:32:36.0899 1948 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:32:36.0900 1948 THREADORDER - ok
17:32:36.0921 1948 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:32:36.0924 1948 TrkWks - ok
17:32:37.0010 1948 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:32:37.0013 1948 TrustedInstaller - ok
17:32:37.0044 1948 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:32:37.0046 1948 tssecsrv - ok
17:32:37.0118 1948 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:32:37.0119 1948 TsUsbFlt - ok
17:32:37.0169 1948 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:32:37.0171 1948 tunnel - ok
17:32:37.0212 1948 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:32:37.0214 1948 uagp35 - ok
17:32:37.0251 1948 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:32:37.0256 1948 udfs - ok
17:32:37.0280 1948 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:32:37.0282 1948 UI0Detect - ok
17:32:37.0311 1948 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:32:37.0312 1948 uliagpkx - ok
17:32:37.0352 1948 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:32:37.0353 1948 umbus - ok
17:32:37.0379 1948 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:32:37.0380 1948 UmPass - ok
17:32:37.0424 1948 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:32:37.0430 1948 upnphost - ok
17:32:37.0477 1948 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
17:32:37.0479 1948 usbccgp - ok
17:32:37.0484 1948 USBCCID - ok
17:32:37.0526 1948 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:32:37.0529 1948 usbcir - ok
17:32:37.0552 1948 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:32:37.0554 1948 usbehci - ok
17:32:37.0603 1948 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
17:32:37.0604 1948 usbfilter - ok
17:32:37.0646 1948 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
17:32:37.0651 1948 usbhub - ok
17:32:37.0666 1948 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:32:37.0667 1948 usbohci - ok
17:32:37.0696 1948 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:32:37.0697 1948 usbprint - ok
17:32:37.0734 1948 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:32:37.0735 1948 USBSTOR - ok
17:32:37.0779 1948 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:32:37.0780 1948 usbuhci - ok
17:32:37.0803 1948 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:32:37.0807 1948 usbvideo - ok
17:32:37.0829 1948 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:32:37.0832 1948 UxSms - ok
17:32:37.0845 1948 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
17:32:37.0846 1948 VaultSvc - ok
17:32:37.0899 1948 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:32:37.0901 1948 vdrvroot - ok
17:32:37.0972 1948 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:32:37.0987 1948 vds - ok
17:32:38.0022 1948 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:32:38.0024 1948 vga - ok
17:32:38.0039 1948 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:32:38.0040 1948 VgaSave - ok
17:32:38.0060 1948 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:32:38.0063 1948 vhdmp - ok
17:32:38.0101 1948 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:32:38.0102 1948 viaide - ok
17:32:38.0112 1948 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:32:38.0113 1948 volmgr - ok
17:32:38.0163 1948 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:32:38.0168 1948 volmgrx - ok
17:32:38.0199 1948 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:32:38.0201 1948 volsnap - ok
17:32:38.0235 1948 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:32:38.0239 1948 vsmraid - ok
17:32:38.0314 1948 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:32:38.0360 1948 VSS - ok
17:32:38.0380 1948 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:32:38.0381 1948 vwifibus - ok
17:32:38.0413 1948 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:32:38.0414 1948 vwififlt - ok
17:32:38.0453 1948 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:32:38.0454 1948 vwifimp - ok
17:32:38.0506 1948 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:32:38.0513 1948 W32Time - ok
17:32:38.0555 1948 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:32:38.0557 1948 WacomPen - ok
17:32:38.0622 1948 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:32:38.0624 1948 WANARP - ok
17:32:38.0629 1948 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:32:38.0630 1948 Wanarpv6 - ok
17:32:38.0735 1948 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:32:38.0769 1948 WatAdminSvc - ok
17:32:38.0879 1948 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:32:38.0925 1948 wbengine - ok
17:32:38.0979 1948 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:32:38.0983 1948 WbioSrvc - ok
17:32:39.0049 1948 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:32:39.0056 1948 wcncsvc - ok
17:32:39.0073 1948 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:32:39.0075 1948 WcsPlugInService - ok
17:32:39.0116 1948 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:32:39.0118 1948 Wd - ok
17:32:39.0198 1948 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:32:39.0214 1948 Wdf01000 - ok
17:32:39.0249 1948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:32:39.0252 1948 WdiServiceHost - ok
17:32:39.0256 1948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:32:39.0258 1948 WdiSystemHost - ok
17:32:39.0369 1948 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:32:39.0375 1948 WebClient - ok
17:32:39.0421 1948 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:32:39.0426 1948 Wecsvc - ok
17:32:39.0478 1948 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:32:39.0481 1948 wercplsupport - ok
17:32:39.0613 1948 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:32:39.0616 1948 WerSvc - ok
17:32:39.0654 1948 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:32:39.0655 1948 WfpLwf - ok
17:32:39.0693 1948 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:32:39.0695 1948 WIMMount - ok
17:32:39.0713 1948 WinDefend - ok
17:32:39.0737 1948 WinHttpAutoProxySvc - ok
17:32:39.0826 1948 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:32:39.0830 1948 Winmgmt - ok
17:32:39.0929 1948 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:32:39.0986 1948 WinRM - ok
17:32:40.0160 1948 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:32:40.0194 1948 Wlansvc - ok
17:32:40.0414 1948 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:32:40.0472 1948 wlidsvc - ok
17:32:40.0530 1948 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:32:40.0530 1948 WmiAcpi - ok
17:32:40.0588 1948 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:32:40.0591 1948 wmiApSrv - ok
17:32:40.0638 1948 WMPNetworkSvc - ok
17:32:40.0665 1948 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:32:40.0667 1948 WPCSvc - ok
17:32:40.0712 1948 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:32:40.0715 1948 WPDBusEnum - ok
17:32:40.0774 1948 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:32:40.0776 1948 ws2ifsl - ok
17:32:40.0805 1948 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:32:40.0808 1948 wscsvc - ok
17:32:40.0813 1948 WSearch - ok
17:32:40.0898 1948 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
17:32:40.0957 1948 wuauserv - ok
17:32:40.0983 1948 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:32:40.0985 1948 WudfPf - ok
17:32:41.0042 1948 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:32:41.0045 1948 WUDFRd - ok
17:32:41.0087 1948 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:32:41.0090 1948 wudfsvc - ok
17:32:41.0148 1948 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:32:41.0154 1948 WwanSvc - ok
17:32:41.0196 1948 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
17:32:41.0202 1948 yukonw7 - ok
17:32:41.0211 1948 ================ Scan global ===============================
17:32:41.0242 1948 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:32:41.0276 1948 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:32:41.0309 1948 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:32:41.0339 1948 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:32:41.0381 1948 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:32:41.0387 1948 [Global] - ok
17:32:41.0387 1948 ================ Scan MBR ==================================
17:32:41.0403 1948 [ 957F1B3DC3F265CA278B171E97636138 ] \Device\Harddisk0\DR0
17:32:41.0693 1948 \Device\Harddisk0\DR0 - ok
17:32:41.0698 1948 [ D835269850354C701E31F5C587E0BD53 ] \Device\Harddisk1\DR1
17:32:41.0985 1948 \Device\Harddisk1\DR1 ( Rootkit.Boot.SST.a ) - infected
17:32:41.0985 1948 \Device\Harddisk1\DR1 - detected Rootkit.Boot.SST.a (0)
17:32:41.0985 1948 ================ Scan VBR ==================================
17:32:42.0039 1948 [ 1FB261C4F518D82F51A3A975328BEA95 ] \Device\Harddisk0\DR0\Partition1
17:32:42.0040 1948 \Device\Harddisk0\DR0\Partition1 - ok
17:32:42.0103 1948 [ 16E4556C7A2CB455AECC4CCC405E6913 ] \Device\Harddisk0\DR0\Partition2
17:32:42.0105 1948 \Device\Harddisk0\DR0\Partition2 - ok
17:32:42.0146 1948 [ 57E0DE048E2C74ACD47EFFAC006A5361 ] \Device\Harddisk0\DR0\Partition3
17:32:42.0148 1948 \Device\Harddisk0\DR0\Partition3 - ok
17:32:42.0169 1948 [ 531BB7FC57BA638D685A83C88DF2065F ] \Device\Harddisk0\DR0\Partition4
17:32:42.0170 1948 \Device\Harddisk0\DR0\Partition4 - ok
17:32:42.0209 1948 [ DED079AA54F9A43F70D17049FB9BADBC ] \Device\Harddisk1\DR1\Partition1
17:32:42.0214 1948 \Device\Harddisk1\DR1\Partition1 - ok
17:32:42.0220 1948 [ 6FC113E566D5ED549C59D4C6F6A892CA ] \Device\Harddisk1\DR1\Partition2
17:32:42.0224 1948 \Device\Harddisk1\DR1\Partition2 - ok
17:32:42.0229 1948 [ CCB17D0CE38E5F594C49A84980B662A9 ] \Device\Harddisk1\DR1\Partition3
17:32:42.0234 1948 \Device\Harddisk1\DR1\Partition3 - ok
17:32:42.0251 1948 [ F3117751F5362EDA6402428E853D3BC4 ] \Device\Harddisk1\DR1\Partition4
17:32:42.0252 1948 \Device\Harddisk1\DR1\Partition4 - ok
17:32:42.0253 1948 ============================================================
17:32:42.0253 1948 Scan finished
17:32:42.0253 1948 ============================================================
17:32:42.0264 0320 Detected object count: 1
17:32:42.0264 0320 Actual detected object count: 1
17:32:45.0585 0320 \Device\Harddisk1\DR1\# - copied to quarantine
17:32:45.0586 0320 \Device\Harddisk1\DR1 - copied to quarantine
17:32:45.0792 0320 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
17:32:45.0839 0320 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
17:32:45.0889 0320 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
17:32:45.0924 0320 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
17:32:45.0928 0320 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
17:32:45.0930 0320 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
17:32:45.0935 0320 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
17:32:45.0943 0320 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
17:32:45.0950 0320 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
17:32:45.0954 0320 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
17:32:45.0960 0320 \Device\Harddisk1\DR1 - processing error
17:32:51.0514 0320 \Device\Harddisk1\DR1 ( Rootkit.Boot.SST.a ) - User select action: Cure
17:32:54.0229 1840 Deinitialize success


:
:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-06 17:41:43
-----------------------------
17:41:43.648 OS Version: Windows x64 6.1.7601 Service Pack 1
17:41:43.649 Number of processors: 2 586 0x602
17:41:43.649 ComputerName: KYLE-PC UserName: Kyle
17:41:44.212 Initialize success
17:46:53.324 AVAST engine defs: 12100601
17:48:19.116 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:48:19.119 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT1 13.01A13 Size: 152627MB BusType: 11
17:48:19.161 Disk 0 MBR read successfully
17:48:19.164 Disk 0 MBR scan
17:48:19.180 Disk 0 unknown MBR code
17:48:19.200 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:48:19.217 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 138897 MB offset 409600
17:48:19.248 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13427 MB offset 284870656
17:48:19.282 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 312369152
17:48:19.324 Disk 0 scanning C:\Windows\system32\drivers
17:48:30.483 Service scanning
17:48:55.068 Modules scanning
17:48:55.079 Disk 0 trace - called modules:
17:48:55.139 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:48:55.146 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030e4060]
17:48:55.153 3 CLASSPNP.SYS[fffff880010b443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800307a680]
17:48:56.001 AVAST engine scan C:\Windows
17:48:58.089 AVAST engine scan C:\Windows\system32
17:51:46.974 AVAST engine scan C:\Windows\system32\drivers
17:52:00.082 AVAST engine scan C:\Users\Kyle
17:52:00.865 File: C:\Users\Kyle\AppData\Local\awexuyoy.dll **INFECTED** Win32:MalOb-EG [Cryp]
17:53:24.348 File: C:\Users\Kyle\AppData\Local\Temp\DWWIepad.dll **INFECTED** Win32:Dropper-gen [Drp]
17:53:29.674 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Documents\logj\MBR.dat"
17:53:29.685 The log file has been saved successfully to "C:\Users\Kyle\Documents\logj\aswMBR.txt"
17:54:01.743 File: C:\Users\Kyle\AppData\Local\Temp\xcewrsnoam.exe **INFECTED** Win32:MalOb-CB [Cryp]
17:54:30.626 File: C:\Users\Kyle\AppData\Roaming\msconfig.dat **INFECTED** Win32:MalOb-KU [Trj]
17:54:31.860 File: C:\Users\Kyle\lsass.exe **INFECTED** Win32:Trojan-gen
17:54:32.936 AVAST engine scan C:\ProgramData
17:55:37.256 Scan finished successfully
17:56:16.619 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Documents\logj\MBR.dat"
17:56:16.627 The log file has been saved successfully to "C:\Users\Kyle\Documents\logj\aswMBR.txt"


also eset want me to remove found threats ,, cant find a log or list like you ask 4, i have not close aswmbr yet do i clickon fix mbr ?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:47 AM

Posted 06 October 2012 - 08:40 PM

Do not click on FIXMBR

Run TDSSkiller again and post the new log

also eset want me to remove found threats ,, cant find a log or list like you ask 4, i have not close aswmbr yet do i clickon fix mbr ?


Remove the threats,run the scan again and make sure it comes out clean

Reboot to normal mode

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 BAKERSFIELDBOY211

BAKERSFIELDBOY211
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Calif
  • Local time:02:47 AM

Posted 06 October 2012 - 11:45 PM

mailwarebytes, cant kill 4 or 5. Thay keep coming back


# AdwCleaner v2.003 - Logfile created 10/06/2012 at 21:30:53
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kyle - KYLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WQZAN0M\2-adwcleaner[1].exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Kyle\AppData\Local\Temp\boost_interprocess
Folder Found : C:\Users\Kyle\AppData\LocalLow\AskToolbar
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4189 octets] - [06/10/2012 21:30:53]

########## EOF - C:\AdwCleaner[R1].txt - [4249 octets] ##########

Farbar Service Scanner Version: 19-09-2012
Ran by Kyle (administrator) on 06-10-2012 at 21:08:56
Running from "C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROE70A0U"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.9 (10.06.2012)
OS: Windows 7 Home Premium x64
Ran by Kyle on Sat 10/06/2012 at 21:24:22.36
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Sat 10/06/2012 at 21:24:22.81
End of Report
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kyle :: KYLE-PC [administrator]

Protection: Enabled

10/6/2012 7:17:43 PM
mbam-log-2012-10-06 (19-17-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207841
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LSA Shellu (Trojan.Agent) -> Data: C:\Users\Kyle\lsass.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.

Files Detected: 14
C:\ProgramData\5073E7BA3E5DD7EC00B75073311FAFD8\5073E7BA3E5DD7EC00B75073311FAFD8.exe (Trojan.ExploitDrop) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Roaming\msconfig.dat (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$f1430300e695d7c5f5834f169566af66\n (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2487052138-459417440-2021583028-1000\$f1430300e695d7c5f5834f169566af66\n (Trojan.0Access) -> Quarantined and deleted successfully.
C:\Users\Kyle\1pfn.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Kyle\2pfn.exe (Trojan.ExploitDrop) -> Quarantined and deleted successfully.
C:\Users\Kyle\zpfn.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Kyle\Local Settings\Temporary Internet Files\Content.IE5\BYJR60UM\2[1] (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Kyle\Local Settings\Temporary Internet Files\Content.IE5\XQCESYSZ\ee1[1] (Trojan.ExploitDrop) -> Quarantined and deleted successfully.
C:\Users\Kyle\Local Settings\Temporary Internet Files\Content.IE5\XQCESYSZ\z[1] (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Kyle\start1.exe (Trojan.ZADrop1) -> Quarantined and deleted successfully.
C:\Users\Kyle\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Kyle\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Quarantined and deleted successfully.

(end)
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.06.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kyle :: KYLE-PC [administrator]

Protection: Enabled

10/6/2012 7:30:47 PM
mbam-log-2012-10-06 (19-30-47).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 369595
Time elapsed: 1 hour(s), 8 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\$Recycle.Bin\S-1-5-18\$f1430300e695d7c5f5834f169566af66\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$f1430300e695d7c5f5834f169566af66\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$f1430300e695d7c5f5834f169566af66\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$f1430300e695d7c5f5834f169566af66\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$f1430300e695d7c5f5834f169566af66\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WQZAN0M\z[1] (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROE70A0U\2[1] (Trojan.Zbot) -> Quarantined and deleted successfully.

(end)
2012/10/06 18:54:33 -0700 KYLE-PC Kyle MESSAGE Starting protection
2012/10/06 18:54:33 -0700 KYLE-PC Kyle MESSAGE Protection started successfully
2012/10/06 18:54:33 -0700 KYLE-PC Kyle MESSAGE Starting IP protection
2012/10/06 18:54:38 -0700 KYLE-PC Kyle MESSAGE IP Protection started successfully
2012/10/06 18:55:19 -0700 KYLE-PC Kyle MESSAGE Starting database refresh
2012/10/06 18:55:19 -0700 KYLE-PC Kyle MESSAGE Stopping IP protection
2012/10/06 18:55:19 -0700 KYLE-PC Kyle MESSAGE IP Protection stopped successfully
2012/10/06 18:55:22 -0700 KYLE-PC Kyle MESSAGE Database refreshed successfully
2012/10/06 18:55:22 -0700 KYLE-PC Kyle MESSAGE Starting IP protection
2012/10/06 18:55:28 -0700 KYLE-PC Kyle MESSAGE IP Protection started successfully
2012/10/06 19:06:29 -0700 KYLE-PC Kyle MESSAGE Executing scheduled update: Daily
2012/10/06 19:06:30 -0700 KYLE-PC Kyle MESSAGE Database already up-to-date
2012/10/06 19:23:26 -0700 KYLE-PC Kyle MESSAGE Starting protection
2012/10/06 19:23:26 -0700 KYLE-PC Kyle MESSAGE Protection started successfully
2012/10/06 19:23:26 -0700 KYLE-PC Kyle MESSAGE Starting IP protection
2012/10/06 19:23:32 -0700 KYLE-PC Kyle MESSAGE IP Protection started successfully
2012/10/06 19:27:43 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\start1.exe Trojan.ZADrop1 QUARANTINE
2012/10/06 19:27:45 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\1pfn.exe Trojan.Zbot QUARANTINE
2012/10/06 19:27:47 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\zpfn.exe Trojan.Zbot QUARANTINE
2012/10/06 19:30:38 -0700 KYLE-PC Kyle DETECTION C:\$Recycle.Bin\S-1-5-18\$f1430300e695d7c5f5834f169566af66\U\80000032.@ Trojan.0Access QUARANTINE
2012/10/06 19:42:01 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 19:50:29 -0700 KYLE-PC Kyle DETECTION C:\$Recycle.Bin\S-1-5-18\$f1430300e695d7c5f5834f169566af66\U\80000064.@ Trojan.0Access QUARANTINE
2012/10/06 19:57:29 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 19:58:29 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:01:55 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:02:14 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:03:57 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:04:02 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:04:07 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:06:30 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:29:05 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:36:53 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:37:04 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:37:11 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:39:13 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:40:52 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:46:46 -0700 KYLE-PC Kyle DETECTION c:\$recycle.bin\s-1-5-18\$f1430300e695d7c5f5834f169566af66\u\80000032.@ Trojan.0Access DENY
2012/10/06 20:57:00 -0700 KYLE-PC Kyle MESSAGE Starting protection
2012/10/06 20:57:00 -0700 KYLE-PC Kyle MESSAGE Protection started successfully
2012/10/06 20:57:00 -0700 KYLE-PC Kyle MESSAGE Starting IP protection
2012/10/06 20:57:07 -0700 KYLE-PC Kyle MESSAGE IP Protection started successfully
2012/10/06 21:00:02 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\start1.exe Trojan.ZADrop1 QUARANTINE
2012/10/06 21:00:07 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\1pfn.exe Trojan.Zbot QUARANTINE
2012/10/06 21:01:27 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\zpfn.exe Trojan.Zbot ALLOW
2012/10/06 21:01:30 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\2pfn.exe Trojan.ExploitDrop ALLOW
2012/10/06 21:01:30 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\zpfn.exe Trojan.Zbot ALLOW
2012/10/06 21:03:46 -0700 KYLE-PC Kyle MESSAGE Starting protection
2012/10/06 21:03:46 -0700 KYLE-PC Kyle MESSAGE Protection started successfully
2012/10/06 21:03:46 -0700 KYLE-PC Kyle MESSAGE Starting IP protection
2012/10/06 21:03:51 -0700 KYLE-PC Kyle MESSAGE IP Protection started successfully
2012/10/06 21:06:45 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\start1.exe Trojan.ZADrop1 QUARANTINE
2012/10/06 21:06:50 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\1pfn.exe Trojan.Zbot QUARANTINE
2012/10/06 21:06:53 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\2pfn.exe Trojan.ExploitDrop QUARANTINE
2012/10/06 21:06:55 -0700 KYLE-PC Kyle DETECTION C:\Users\Kyle\zpfn.exe Trojan.Zbot QUARANTINE
MiniToolBox by Farbar Version: 23-07-2012
Ran by Kyle (administrator) on 06-10-2012 at 21:29:21
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)
Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kyle-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : att.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 0A-60-76-4C-1D-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : sbx13596.renoxnv.wayport.net
Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 0C-60-76-4C-1D-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : att.net
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-26-9E-46-60-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2602:306:cd33:a5b0:a460:1848:2e36:25da(Preferred)
Temporary IPv6 Address. . . . . . : 2602:306:cd33:a5b0:5c8a:5c17:446d:36f2(Preferred)
Link-local IPv6 Address . . . . . : fe80::a460:1848:2e36:25da%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.229(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, October 06, 2012 9:02:59 PM
Lease Expires . . . . . . . . . . : Sunday, October 07, 2012 9:02:59 PM
Default Gateway . . . . . . . . . : fe80::1e14:48ff:fe09:cc20%10
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 184559262
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-2E-8F-3B-00-26-9E-46-60-49
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.sbx13596.renoxnv.wayport.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3431:2f5e:3f57:fe1a(Preferred)
Link-local IPv6 Address . . . . . : fe80::3431:2f5e:3f57:fe1a%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{C36EC979-D5B9-47C3-8EC8-CD3F847FFE0A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.att.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : att.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dsldevice.att.net
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4007:801::1005
74.125.224.200
74.125.224.201
74.125.224.206
74.125.224.192
74.125.224.193
74.125.224.194
74.125.224.195
74.125.224.196
74.125.224.197
74.125.224.198
74.125.224.199


Pinging google.com [74.125.239.9] with 32 bytes of data:
Reply from 74.125.239.9: bytes=32 time=18ms TTL=55
Reply from 74.125.239.9: bytes=32 time=41ms TTL=55

Ping statistics for 74.125.239.9:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 41ms, Average = 29ms
Server: dsldevice.att.net
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=120ms TTL=45
Reply from 98.139.183.24: bytes=32 time=96ms TTL=45

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 96ms, Maximum = 120ms, Average = 108ms
Server: dsldevice.att.net
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=9ms TTL=128
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 9ms, Average = 6ms
===========================================================================
Interface List
14...0a 60 76 4c 1d 7b ......Microsoft Virtual WiFi Miniport Adapter
11...0c 60 76 4c 1d 7b ......Atheros AR9285 802.11b/g/n WiFi Adapter
10...00 26 9e 46 60 49 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.229 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.229 276
192.168.1.229 255.255.255.255 On-link 192.168.1.229 276
192.168.1.255 255.255.255.255 On-link 192.168.1.229 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.229 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.229 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 276 ::/0 fe80::1e14:48ff:fe09:cc20
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:953c:3431:2f5e:3f57:fe1a/128
On-link
10 28 2602:306:cd33:a5b0::/64 On-link
10 276 2602:306:cd33:a5b0:5c8a:5c17:446d:36f2/128
On-link
10 276 2602:306:cd33:a5b0:a460:1848:2e36:25da/128
On-link
10 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::3431:2f5e:3f57:fe1a/128
On-link
10 276 fe80::a460:1848:2e36:25da/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/06/2012 06:01:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2012 08:35:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: 2vxz.exe, version: 6.0.2900.5512, time stamp: 0x4436a88e
Faulting module name: 2vxz.exe, version: 6.0.2900.5512, time stamp: 0x4436a88e
Exception code: 0xc0000005
Fault offset: 0x0011803b
Faulting process id: 0x104c
Faulting application start time: 0x2vxz.exe0
Faulting application path: 2vxz.exe1
Faulting module path: 2vxz.exe2
Report Id: 2vxz.exe3

Error: (10/04/2012 08:12:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (10/03/2012 08:52:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 8.0.7601.17699, time stamp: 0x4e86961f
Exception code: 0xc00000fd
Fault offset: 0x000a695b
Faulting process id: 0x13b8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/03/2012 06:56:57 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 100c

Start Time: 01cda1d37171913c

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: c1a3d13b-0dc6-11e2-9780-00269e466049

Error: (10/03/2012 03:01:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/02/2012 06:38:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mshtml.dll, version: 8.0.7601.17699, time stamp: 0x4e86961f
Exception code: 0xc00000fd
Fault offset: 0x000a424c
Faulting process id: 0x1774
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (10/02/2012 05:37:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xcc0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/02/2012 05:36:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x828
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/02/2012 05:36:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x13ec
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (10/06/2012 06:55:54 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/06/2012 06:44:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 06:44:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 06:44:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 06:41:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 06:41:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 06:41:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 06:39:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 06:39:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/06/2012 06:39:18 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
AMD USB Filter Driver (Version: 1.0.10.84)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.4.0)
Ask Toolbar Updater (Version: 1.2.2.23821)
Atheros Driver Installation Program (Version: 5.2)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full Existing (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full New (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Light (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Previews Common (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0702.1239.20840)
Catalyst Control Center InstallProxy (Version: 2009.0702.1239.20840)
Catalyst Control Center Localization All (Version: 2009.0702.1239.20840)
ccc-core-static (Version: 2009.0702.1239.20840)
ccc-utility64 (Version: 2009.0702.1239.20840)
CCC Help Chinese Standard (Version: 2009.0702.1238.20840)
CCC Help Chinese Traditional (Version: 2009.0702.1238.20840)
CCC Help Czech (Version: 2009.0702.1238.20840)
CCC Help Danish (Version: 2009.0702.1238.20840)
CCC Help Dutch (Version: 2009.0702.1238.20840)
CCC Help English (Version: 2009.0702.1238.20840)
CCC Help Finnish (Version: 2009.0702.1238.20840)
CCC Help French (Version: 2009.0702.1238.20840)
CCC Help German (Version: 2009.0702.1238.20840)
CCC Help Greek (Version: 2009.0702.1238.20840)
CCC Help Hungarian (Version: 2009.0702.1238.20840)
CCC Help Italian (Version: 2009.0702.1238.20840)
CCC Help Japanese (Version: 2009.0702.1238.20840)
CCC Help Korean (Version: 2009.0702.1238.20840)
CCC Help Norwegian (Version: 2009.0702.1238.20840)
CCC Help Polish (Version: 2009.0702.1238.20840)
CCC Help Portuguese (Version: 2009.0702.1238.20840)
CCC Help Russian (Version: 2009.0702.1238.20840)
CCC Help Spanish (Version: 2009.0702.1238.20840)
CCC Help Swedish (Version: 2009.0702.1238.20840)
CCC Help Thai (Version: 2009.0702.1238.20840)
CCC Help Turkish (Version: 2009.0702.1238.20840)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CyberLink DVD Suite (Version: 6.0.3101)
CyberLink YouCam (Version: 2.0.3115)
ESET Online Scanner v3
Google Chrome (Version: 21.0.1180.89)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Homepage Protection (Version: )
HP Advisor (Version: 3.2.8946.3086)
HP Customer Experience Enhancements (Version: 5.7.0.3036)
HP DVD Play 3.7 (Version: 3.7.0.6623)
HP Games (Version: 1.0.0.71)
HP Quick Launch Buttons (Version: 6.50.3.1)
HP Setup (Version: 1.2.3220.3079)
HP Smart Web Printing (Version: 131.1.35898)
HP Support Assistant (Version: 4.2.8.3)
HP Update (Version: 5.001.000.014)
HP User Guides 0148 (Version: 1.01.0005)
HP Wireless Assistant (Version: 3.50.9.1)
IDT Audio (Version: 1.0.6225.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Java™ 6 Update 35 (Version: 6.0.350)
Junk Mail filter update (Version: 14.0.8064.206)
LabelPrint (Version: 2.5.1913)
LightScribe System Software (Version: 1.18.6.1)
LSI HDA Modem (Version: 2.1.94)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Live Search Toolbar (Version: 3.0.560.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Works (Version: 9.7.0621)
MSN Toolbar (Version: 4.0.0334.0)
MSN Toolbar Platform (Version: 4.0.0380.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.40.10061)
Norton Internet Security (Version: 16.8.3.6)
Norton Online Backup (Version: 2.0.13139)
Power2Go (Version: 6.0.3101)
PowerDirector (Version: 7.0.3101)
PowerRecover (Version: 5.5.1923)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.72.80.56)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007)
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30094)
Slingbox - Watch Your TV Anywhere (Version: 1.0.0)
SlingPlayer (Version: 1.04.0206)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 13.2.4.12)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update Installer for WildTangent Games App
WildTangent Games App (HP Games) (Version: 4.0.4.12)
WildTangent Games App (Version: 4.0.4.12)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8064.0206)
Windows Live Essentials (Version: 14.0.8064.206)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8064.0206)
Windows Live Messenger (Version: 14.0.8064.0206)
Windows Live Photo Gallery (Version: 14.0.8064.206)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8064.0206)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2812.2 MB
Available physical RAM: 1561.13 MB
Total Pagefile: 5622.59 MB
Available Pagefile: 4051.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:135.64 GB) (Free:96.94 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:2.19 GB) NTFS

========================= Users: ========================================

User accounts for \\KYLE-PC

Administrator Guest Kyle

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

16-04-2012 02:06:17 Windows Backup
05-05-2012 01:35:45 Windows Backup
18-06-2012 04:13:35 Windows Backup
21-07-2012 09:25:11 Windows Backup
15-08-2012 23:34:43 Windows Backup
03-09-2012 21:19:01 Installed Java™ 6 Update 35
03-09-2012 21:19:46 Windows Backup
03-09-2012 21:20:40 Installed Java Runtime Environment
03-09-2012 22:17:41 Installed QuickTime
16-09-2012 01:08:31 Windows Backup
22-09-2012 17:37:13 Windows Backup
25-09-2012 00:09:51 Windows Backup
01-10-2012 23:25:50 Windows Backup
07-10-2012 01:55:49 Windows Backup

**** End of log ****

#10 BAKERSFIELDBOY211

BAKERSFIELDBOY211
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Calif
  • Local time:02:47 AM

Posted 07 October 2012 - 01:06 AM

Sry ESET is still running 3 out of 4 is done it so far found,8 Infection. i will post log when it is done.

#11 BAKERSFIELDBOY211

BAKERSFIELDBOY211
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Calif
  • Local time:02:47 AM

Posted 07 October 2012 - 01:53 AM

well heres eset log,
or what it found.

C:\TDSSKiller_Quarantine\06.10.2012_17.32.11\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.10.2012_17.32.11\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.10.2012_17.32.11\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.10.2012_17.32.11\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.10.2012_17.32.11\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\06.10.2012_17.32.11\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\Kyle\ruaj.com a variant of Win32/VBObfus.CS trojan cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Temp\xcewrsnoam.exe a variant of Win32/Kryptik.LIR trojan cleaned by deleting - quarantined
D:\autorun.inf Win32/AutoRun.UG worm cleaned by deleting - quarantined
D:\Start.exe probably a variant of Win32/IRCBot.AFP trojan cleaned by deleting - quarantined
after i reboot i get 4 files that mailwrebytes finds and i quertine them and it at that point now.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:47 AM

Posted 07 October 2012 - 04:16 AM

Launch Adware cleaner and select DELETE ,post the generated log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Run malwarebytes again and post the clean log

Edited by narenxp, 07 October 2012 - 02:01 PM.


#13 BAKERSFIELDBOY211

BAKERSFIELDBOY211
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Calif
  • Local time:02:47 AM

Posted 07 October 2012 - 12:37 PM

ok things are gtting bad, i cant run stuff without being in safemode.
here are the logs, i hope this is the log you want in autorun program.
not sure if safemode is messing with it or not...
after running adware clener it reboots not leving anything. (LOG)..



"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "SunJavaUpdateSched" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jusched.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files (x86)\hp\hp software update\hpwuschd2.exe"
+ "Microsoft Default Manager" "Microsoft Default Manager" "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\default manager\defmgr.exe"
+ "MSN Toolbar" "MSN® Toolbar" "Microsoft Corp." "c:\program files (x86)\msn toolbar\platform\4.0.0380.1\mswinext.exe"
+ "NortonOnlineBackup" "Norton Online Backup Service" "Symantec Corporation" "c:\program files (x86)\symantec\norton online backup\nobuclient.exe"
+ "QlbCtrl.exe" "Quick Launch Buttons" " Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch buttons\qlbctrl.exe"
+ "QPService" "HP QuickPlay Resident Program" "CyberLink Corp." "c:\program files (x86)\hp\quickplay\qpservice.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "UCam_Menu" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe"
+ "UpdatePRCShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\hewlett-packard\recovery\muitransfer\muistartmenu.exe"
+ "WirelessAssistant" "HP Wireless Assistant Main Program" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp wireless assistant\hpwamain.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "McAfee Security Scan Plus.lnk" "McAfee Security Scanner Scheduler" "McAfee, Inc." "c:\program files (x86)\mcafee security scan\2.0.181\ssscheduler.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "LightScribe Control Panel" "" "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lsrunonce.exe"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "cscrsetx" "Heal Security" "Heal Technologies Inc" "c:\users\kyle\appdata\local\temp\dwwiepad64.dll"
+ "dpapions" "Heal Security" "Heal Technologies Inc" "c:\users\kyle\appdata\local\temp\dwwiepad.dll"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "wiijiu" "" "" "c:\users\kyle\wiijiu.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "5073E7BA3E5DD7EC00B75073311FAFD8" "" "" "c:\programdata\5073e7ba3e5dd7ec00b75073311fafd8\5073e7ba3e5dd7ec00b75073311fafd8.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\16.8.3.6\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\16.8.3.6\navshext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\16.8.3.6\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine64\16.8.3.6\navshext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg64.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.7.7725.1624\swg.dll"
+ "HP Print Enhancer" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "hpBHO Class" "Homepage Protection" "AOL Products" "c:\program files (x86)\common files\homepage protection\homepageprotection.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "MSN Toolbar BHO" "MSN® Toolbar" "Microsoft Corporation" "c:\program files (x86)\msn toolbar\platform\4.0.0380.1\npwinext.dll"
+ "Search Helper" "Search Helper for Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
+ "Symantec Intrusion Prevention" "IPS Browser Helper DLL" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\16.8.3.6\ipsbho.dll"
+ "Symantec NCO BHO" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\16.8.3.6\coieplg.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "MSN Toolbar" "MSN® Toolbar" "Microsoft Corporation" "c:\program files (x86)\msn toolbar\platform\4.0.0380.1\npwinext.dll"
+ "Norton Toolbar" "coIEPlugIn" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\16.8.3.6\coieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
+ "Show or hide HP Smart Web Printing" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AESTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\aestsr64.exe"
+ "AgereModemAudio" "LSI Soft Modem Call Progress Service" "LSI Corporation" "c:\program files\lsi softmodem\agr64svc.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Com4QLBEx" "Com for QLB application" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch buttons\com4qlbex.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files (x86)\wildtangent games\app\gamesappservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lssrvc.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files (x86)\mcafee security scan\2.0.181\mcchsvc.exe"
+ "NOBU" "Provides online file and data backup." "Symantec Corporation" "c:\program files (x86)\symantec\norton online backup\nobuagent.exe"
+ "Norton Internet Security" "Norton Internet Security" "Symantec Corporation" "c:\program files (x86)\norton internet security\engine\16.8.3.6\ccsvchst.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "RichVideo" "RichVideo Module" "" "c:\program files (x86)\cyberlink\shared files\richvideo.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\seaport\seaport.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "AgereSoftModem" "SoftModem Device Driver" "LSI Corporation" "c:\windows\system32\drivers\agrsm64.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "AtiHdmiService" "Ati High Definition Audio Function Driver" "ATI Research Inc." "c:\windows\system32\drivers\atihdmi.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AtiPcie" "AMD PCIE Filter Driver for ATI PCIE chipset" "Advanced Micro Devices Inc." "c:\windows\system32\drivers\atipcie.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BHDrvx64" "BASH Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1008030.006\bhdrvx64.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "ccHP" "Common Client Hash Provider Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1008030.006\cchpx64.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpqKbFiltr" "HpqKbFiltr Keyboard Filter Driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\hpqkbfiltr.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IDSVia64" "Symantec Intrusion Prevention Driver" "Symantec Corporation" "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110419.002\idsvia64.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "NAVENG" "" "" "File not found: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110417.004\ENG64.SYS"
+ "NAVEX15" "" "" "File not found: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110417.004\EX64.SYS"
+ "netr7364" "Ralink 802.11 USB Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr7364.sys"
+ "netw5v64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "" "" "File not found: System32\Drivers\RtsUStor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "RtsUIR" "" "" "File not found: system32\DRIVERS\Rts516xIR.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1008030.006\srtsp64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1008030.006\srtspx64.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "SymEFA" "Symantec Extended File Attributes" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1008030.006\symefa64.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "SYMFW" "" "" "File not found: C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS"
+ "SymIM" "Symantec Network Security Intermediate Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symimv.sys"
+ "SYMNDISV" "" "" "File not found: C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\nisx64\1008030.006\symtdi.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "USBCCID" "" "" "File not found: system32\DRIVERS\RtsUCcid.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "yukonw7" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk62x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.l3codecp" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codecp.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "MainConcept (Muvee) MP4 Demultiplexer" "MPEG-4 Demultiplexer Direct Show Filter" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveemp4demux.ax"
+ "MainConcept (Muvee) MP4 Multiplexer" "MPEG-4 Multiplexer Direct Show Filter" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveemp4mux.ax"
+ "MainConcept (Muvee) MPEG Demultiplexer" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveempgdmx.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "QP LPCM Decoder 64 Bit" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\hp\quickplay\kernel\movie\cllpcmaud64.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder (QP)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\hp\quickplay\kernel\movie\claud.ax"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\hp\quickplay\kernel\movie\claudiocd.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gdump.ax"
+ "CyberLink DVD Navigator (QP3)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\hp\quickplay\kernel\movie\clnavx.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2greader.ax"
+ "CyberLink Line21 Decoder Filter (QP)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\hp\quickplay\kernel\movie\clline21.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\hp\quickplay\kernel\movie\clauts.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\youcam\yctlmsplter.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax"
+ "Cyberlink Track Filter" "Cyberlink Track Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\youcam\yctrack.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\hp\quickplay\kernel\movie\clvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"
+ "CyberLink Video Regulator" "Video Regulator" "Cyberlink" "c:\program files (x86)\cyberlink\youcam\ycrgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax"
+ "CyberLink Video/SP Decoder (QP)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\hp\quickplay\kernel\movie\clvsd.ax"
+ "CyberLink WebCamera NULL Render" "CLWEBCAMERARENDER" "CyberLink" "c:\program files (x86)\cyberlink\youcam\ycwebcamerarender.ax"
+ "CyberLink WMV Dumper" "CLWMVDump Dynamic Link Library" "" "c:\program files (x86)\cyberlink\youcam\ycwmvdump.ax"
+ "MainConcept (Muvee Consumer) AVC/H.264 Video Decoder" "AVC/H.264 Video Decoder" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveestdavcvd.ax"
+ "MainConcept (Muvee) AAC Decoder" "AAC audio decoder filter" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveedaac.ax"
+ "MainConcept (Muvee) MP4 Demultiplexer" "MPEG-4 Demultiplexer Direct Show Filter" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveemp4demux.ax"
+ "MainConcept (Muvee) MP4 Multiplexer" "MPEG-4 Multiplexer Direct Show Filter" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveemp4mux.ax"
+ "MainConcept (Muvee) MPEG Demultiplexer" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveempgdmx.ax"
+ "MainConcept (Muvee) MPEG Multiplexer" "MPEG Multiplexer" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveemuxmpeg.ax"
+ "MainConcept (Muvee) MPEG Multiplexer-Plus" "MPEG Multiplexer-Plus DS Filter" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveempeg2mux.ax"
+ "MainConcept (Muvee) MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveem2vd.ax"
+ "MainConcept (Muvee) Stream Parser" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muveempgdmx.ax"
+ "MainConcept (Muvee2) Layer II Audio Decoder" "Layer II Audio Decoder" "MainConcept GmbH" "c:\program files (x86)\common files\muvee technologies\mainconcept3(muvee)\muvee2l2ad.ax"
+ "MainConcept MPEG Audio Encoder" "MPEG Audio Encoder" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\071203\mvburnerdll\mceampeg.ax"
+ "MainConcept MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\071203\mvburnerdll\mcesmpeg.ax"
+ "MainConcept MPEG Multiplexer" "MPEG Multiplexer" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\071203\mvburnerdll\mcmuxmpeg.ax"
+ "MainConcept MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\071203\mvburnerdll\mcspmpeg.ax"
+ "MainConcept MPEG Video Encoder" "MPEG Video Encoder" "MainConcept AG" "c:\program files (x86)\common files\muvee technologies\071203\mvburnerdll\mcevmpeg.ax"
+ "MediaWriter Filter" "MediaWriter Filter" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mediawriter.ax"
+ "MES Audio Source" "MESAudio Dynamic Link Library" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mesaudiosource.ax"
+ "MES Video Source" "MESVideo Dynamic Link Library" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mesvideosource.ax"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "muvee Audio Scope" "Audio Scope Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvaudioscope.ax"
+ "muvee Deinterlace Filter" "mvDeInte Dynamic Link Library" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvdeinterlace.ax"
+ "muvee FileDump Filter" "muvee FileDump Filter" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvfiledump.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvmanalyse.ax"
+ "muvee Source Filter" "muveeSource Module" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\muveesource.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvvanalyse.ax"
+ "muvee WAV Encoder" "muvee WAV Encoder Filter for muvee Reveal" "muvee Technologies Pte Ltd" "c:\program files (x86)\common files\muvee technologies\071203\mvwavencoder.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\cyberlink\power2go\p2gresample.ax"
+ "QuickPlay Audio Wizard (HP)" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\hp\quickplay\kernel\movie\claudwizard.ax"
+ "QuickPlay Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\hp\quickplay\kernel\movie\cldemuxer.ax"
+ "QuickTime Encoder" "" "" "c:\program files (x86)\common files\muvee technologies\071203\quicktimesink.ax"
+ "QuickTime Source Filter" "QuickTim Dynamic Link Library" "" "c:\program files (x86)\common files\muvee technologies\071203\quicktimesource.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "YC_EVRWindow" "CLEvr" "CyberLink Corp." "c:\program files (x86)\cyberlink\youcam\ycevr.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/07/2012 10:04:15 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:47 AM

Posted 07 October 2012 - 12:42 PM

RKILL log is incomplete.

ok things are gtting bad, i cant run stuff without being in safemode.


Please explain

#15 BAKERSFIELDBOY211

BAKERSFIELDBOY211
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Calif
  • Local time:02:47 AM

Posted 07 October 2012 - 01:27 PM

Sorry, the computer will not run programs like Mailwarebytes,rkill,rkillexplorer,ect in regular mode only in safemode do thay run. anything like internet explorer
fox reader,games all run fine. i have to run the computer in safe mode to run Rkill,autorun,Rogue Killer,adware cleaner,ect they did last night.,also every time i start the computer
i get a mailwarebytes pop up asking to quarantine 5 or 6 files,Heres the log.

Rkill doesent seem to kill any thing, but i will download a new one run it again, and post a log for you. It could be a bad download so i will try it again,i dont know why it incomplete.


Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Kyle :: KYLE-PC [administrator]

Protection: Disabled

10/7/2012 10:50:43 AM
mbam-log-2012-10-07 (10-54-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206522
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dpapions (IPH.Trojan.Agent.CPN) -> Data: rundll32 "C:\Users\Kyle\AppData\Local\Temp\DWWIepad.dll",CreateProcessNotify -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cscrsetx (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\Kyle\AppData\Local\Temp\DWWIepad64.dll",CreateProcessNotify -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|5073E7BA3E5DD7EC00B75073311FAFD8 (Trojan.FakeAlert.SSGen) -> Data: C:\ProgramData\5073E7BA3E5DD7EC00B75073311FAFD8\5073E7BA3E5DD7EC00B75073311FAFD8.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Kyle\AppData\Local\Temp\DWWIepad.dll (IPH.Trojan.Agent.CPN) -> No action taken.
C:\Users\Kyle\AppData\Local\Temp\DWWIepad64.dll (Trojan.RedirRdll4.Gen) -> No action taken.
C:\ProgramData\5073E7BA3E5DD7EC00B75073311FAFD8\5073E7BA3E5DD7EC00B75073311FAFD8.exe (Trojan.FakeAlert.SSGen) -> No action taken.



Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Kyle :: KYLE-PC [administrator]

Protection: Disabled

10/7/2012 10:50:43 AM
mbam-log-2012-10-07 (10-50-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206522
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dpapions (IPH.Trojan.Agent.CPN) -> Data: rundll32 "C:\Users\Kyle\AppData\Local\Temp\DWWIepad.dll",CreateProcessNotify -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cscrsetx (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\Kyle\AppData\Local\Temp\DWWIepad64.dll",CreateProcessNotify -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|5073E7BA3E5DD7EC00B75073311FAFD8 (Trojan.FakeAlert.SSGen) -> Data: C:\ProgramData\5073E7BA3E5DD7EC00B75073311FAFD8\5073E7BA3E5DD7EC00B75073311FAFD8.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Kyle\AppData\Local\Temp\DWWIepad.dll (IPH.Trojan.Agent.CPN) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\DWWIepad64.dll (Trojan.RedirRdll4.Gen) -> Quarantined and deleted successfully.
C:\ProgramData\5073E7BA3E5DD7EC00B75073311FAFD8\5073E7BA3E5DD7EC00B75073311FAFD8.exe (Trojan.FakeAlert.SSGen) -> Quarantined and deleted successfully.

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users