Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected / Browser redirects


  • This topic is locked This topic is locked
22 replies to this topic

#1 mumkelly

mumkelly

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 14 October 2012 - 03:41 PM

As requested per Broni, here is what I have so far.

Ran step 6, DeFogger. No reboot needed after running program.

Step 7, ran DDS, logs are attached.

Step 8, Gmer is still currently running and has been for a couple of hours. I will post that as it becomes available.


This is my original post:

About a week ago I contracted a virus on my pc called FBI MoneyPak. I was successfully able to remove it, but once this was found I've had ongoing issues and now I cannot use Bing or Google or the address bar to search. I've been trying unsuccessfully to fix the redirects by following various posts on forums, but I cannot seem to make it go away. I have tried Malaware Bytes, SUPERAntispyware, Hitman Pro, & Kaspersky (which does find stuff, but the redirects persist). I've reset the hosts file to it's original state (it showed blank), I've reset my router to factory settings, I've power cycled my modem and router, but to no avail. I have also run TDSSKiller. It found and deleted a few things, but alas the issue is still present. I am at my wits end. I have to search everyday for my job and this redirecting is making things incredibly difficult. Any help would be greatly appreciated.

Thank you in advance,
Kelly


Also I just remembered I had ataport.sys bluescreen errors on Thursday. I think that is taken care of since I can now load my pc without the bluescreen and haven't crashed since fixing that, but I wanted to make sure it was mentioned.

Attached Files



BC AdBot (Login to Remove)

 


#2 mumkelly

mumkelly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 14 October 2012 - 06:57 PM

I have tried running gmer as suggested. I let it run for hours then it quit and said "h5nhifvk has stopped working". I've tried several more times, but it stops. Are there any other suggestions?

Thanks,
Kelly

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:10 AM

Posted 14 October 2012 - 11:38 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 mumkelly

mumkelly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 15 October 2012 - 06:12 AM

As requested:

Security Checkup

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java™ 6 Update 35
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````



Adw Cleaner

# AdwCleaner v2.005 - Logfile created 10/15/2012 at 06:59:51
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Kelly - KELLY-PC
# Boot Mode : Normal
# Running from : C:\Users\Kelly\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Kelly\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Kelly\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1685 octets] - [15/10/2012 06:59:51]

########## EOF - C:\AdwCleaner[S1].txt - [1745 octets] ##########


RogueKiller

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Kelly [Admin rights]
Mode : Scan -- Date : 10/15/2012 07:05:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][BLPATH] HPCustParticipation HP Deskjet 3050 J610 series : "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe" /UA 9.0 /DDV 0x0805 -> FOUND
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Kelly\AppData\Local\Temp\IHU38C4.tmp.exe -> FOUND
[TASK][SUSP PATH] {15DCA1C1-0C2F-4478-98DA-7D4F44C0AF8E} : C:\Windows\System32\pcalua.exe -a C:\Users\Kelly\Desktop\HijackThis.exe -d C:\Users\Kelly\Desktop -> FOUND
[TASK][SUSP PATH] {2C6A4266-35C9-41BC-B095-47825202B435} : C:\ProgramData\Sony Online Entertainment\Station Launcher\StationLauncher.exe -> FOUND
[TASK][SUSP PATH] {5305D227-4058-481B-8588-A8BF5B6A5BEA} : C:\Windows\System32\pcalua.exe -a "C:\Users\Kelly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TTHC0SS\AmazonMP3Installer[1].exe" -d C:\Users\Kelly\Desktop -> FOUND
[TASK][SUSP PATH] {55FC91C9-DD37-42DB-B8B6-C044FA39F038} : C:\Windows\System32\pcalua.exe -a "C:\Users\Kelly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7G1N5C8K\InstallerControl_setup[1].exe" -d C:\Users\Kelly\Desktop -> FOUND
[TASK][SUSP PATH] {5B10FDBD-1581-450C-8FC0-2B8F73C465D0} : C:\ProgramData\Sony Online Entertainment\Station Launcher\StationLauncher.exe -> FOUND
[TASK][SUSP PATH] {B75A12F2-3E53-4910-B46D-518D398D72ED} : C:\Windows\System32\pcalua.exe -a "C:\Users\Kelly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V4N3TFRR\ts3_overlay-v3.1.4[1].exe" -d C:\Users\Kelly\Desktop -> FOUND
[TASK][SUSP PATH] {C5A3537E-0EE1-4D4E-8CCD-2B356B2169BA} : C:\Windows\System32\pcalua.exe -a C:\Users\Kelly\Desktop\connect_addin_75SP1\setup.exe -d C:\Users\Kelly\Desktop\connect_addin_75SP1 -> FOUND
[TASK][SUSP PATH] {D3FBA8DB-286C-4C06-9340-4ACADA4AB8DC} : C:\Windows\System32\pcalua.exe -a C:\Users\Kelly\Desktop\AmazonMP3Installer.exe -d C:\Users\Kelly\Desktop -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250410AS ATA Device +++++
--- User ---
[MBR] 9addb4d9a7715159cc5be2b8e034199b
[BSP] e1865ef9d635b19e973a801e49637073 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#5 mumkelly

mumkelly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 15 October 2012 - 06:17 AM

Overnight I ran eset scanner as I was trying to rid myself of this awful mess. Here are those results as well.

C:\TDSSKiller_Quarantine\11.10.2012_19.55.37\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.10.2012_10.20.23\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.10.2012_10.20.23\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.OX trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.10.2012_10.20.23\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.10.2012_10.20.23\tdlfs0001\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.10.2012_10.20.23\tdlfs0001\tsk0003.dta a variant of Win32/Rootkit.Kryptik.OX trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.10.2012_10.20.23\tdlfs0001\tsk0004.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\Windows\System32\basesrvg.dll Win32/Ponmocup.AA trojan cleaned by deleting (after the next restart) - quarantined

After running it said to reboot, which I did. Then came here and saw the request for additional programs to be run.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:10 AM

Posted 15 October 2012 - 11:42 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Windows\System32\basesrvg.dll"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mumkelly

mumkelly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 15 October 2012 - 01:04 PM

I ran the delfile.bat and Defogger, combofix wasn't used. I also ran the clean it tool.

At this time I am still being redirected when I search. I also cannot load MSE. I noticed it was gone a couple days ago and have had no luck in installing it and getting it to run again. The screen blips like it wants to load, but never fully does.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:10 AM

Posted 15 October 2012 - 04:48 PM

Hello

Sorry i did not ask you to run the eset scan and when I seen it that is normally the last thing that I ask for

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mumkelly

mumkelly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 15 October 2012 - 07:23 PM

ComboFix 12-10-15.01 - Kelly 10/15/2012 20:01:50.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2015 [GMT -4:00]
Running from: c:\users\Kelly\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\cf72b6e7.pad
c:\programdata\ntuser.dat
c:\users\Kelly\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\Kelly\WINDOWS
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 00:15 . 2012-10-16 00:16 -------- d-----w- c:\users\Kelly\AppData\Local\temp
2012-10-16 00:15 . 2012-10-16 00:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-16 00:15 . 2012-10-16 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 23:56 . 2012-10-15 23:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE80A45C-5568-4574-A3F9-34FCBB274F00}\offreg.dll
2012-10-15 21:08 . 2012-10-15 21:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-15 20:44 . 2012-10-15 20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-15 20:44 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-15 20:44 . 2012-10-15 20:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-15 19:16 . 2012-10-15 19:16 -------- d-----w- c:\windows\ELAMBKUP
2012-10-15 19:16 . 2012-10-15 19:16 -------- d-----w- c:\program files\Kaspersky Lab
2012-10-15 19:16 . 2012-08-13 22:24 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-10-15 02:19 . 2012-10-15 02:19 -------- d-----w- c:\program files\Common Files\Java
2012-10-14 23:06 . 2011-11-28 18:46 13944 ----a-w- c:\windows\system32\drivers\urfltwlh.sys
2012-10-14 19:51 . 2012-10-14 22:43 -------- d-----w- c:\users\Kelly\AppData\Local\LogMeIn Rescue Applet
2012-10-14 02:02 . 2012-10-15 23:56 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-13 21:36 . 2012-10-13 21:36 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-10-13 21:31 . 2012-10-13 21:31 -------- d-----w- c:\program files\HitmanPro
2012-10-13 21:28 . 2012-10-13 21:36 -------- d-----w- c:\programdata\HitmanPro
2012-10-13 21:00 . 2012-10-13 21:00 -------- d-----w- C:\WINSSLog
2012-10-13 04:17 . 2012-10-13 04:17 3584 ----a-r- c:\users\Kelly\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-10-13 03:25 . 2012-10-13 03:25 -------- d-----w- c:\users\Kelly\AppData\Local\VS Revo Group
2012-10-13 03:25 . 2012-10-13 03:25 -------- d-----w- c:\program files\VS Revo Group
2012-10-12 20:29 . 2012-09-19 04:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE80A45C-5568-4574-A3F9-34FCBB274F00}\mpengine.dll
2012-10-12 00:10 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-12 00:05 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-12 00:05 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-12 00:05 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 23:56 . 2012-10-14 14:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-11 21:28 . 2012-10-11 21:35 -------- d-----w- c:\programdata\Norton
2012-10-11 20:25 . 2012-10-11 20:26 -------- d-----w- c:\programdata\PCPitstop
2012-10-11 19:59 . 2012-10-11 22:31 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2012-10-05 21:45 . 2012-10-06 01:12 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-10-05 21:45 . 2012-10-05 21:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-10-05 21:21 . 2012-10-05 21:21 -------- d-----w- c:\programdata\Malwarebytes
2012-10-05 21:14 . 2012-10-05 21:14 -------- d-----w- c:\users\Kelly\AppData\Local\Threat Expert
2012-10-05 21:08 . 2012-10-06 01:02 -------- d-----w- c:\program files\Common Files\PC Tools
2012-10-05 21:08 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-10-05 21:08 . 2012-10-05 21:28 -------- d-----w- c:\programdata\PC Tools
2012-10-05 21:08 . 2012-10-05 21:08 -------- d-----w- c:\users\Kelly\AppData\Roaming\TestApp
2012-10-05 21:04 . 2012-10-05 21:28 -------- d-----w- c:\program files\DownloadManager
2012-10-05 21:01 . 2012-10-05 21:01 98304 --sha-r- c:\windows\system32\basesrvg.dll
2012-09-26 10:29 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-21 15:23 . 2012-09-25 15:36 -------- d-----w- c:\users\Kelly\AppData\Local\F5A43FBA-6E9B-481C-9A21-D9A97DE4D29D.aplzod
2012-09-21 12:36 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-21 12:35 . 2012-09-21 12:35 -------- d-----w- c:\program files\iPod
2012-09-21 12:35 . 2012-09-21 12:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 19:41 . 2012-07-25 18:53 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-10-15 19:41 . 2012-05-25 23:38 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-10-14 15:14 . 2012-08-29 21:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-14 15:14 . 2010-07-11 04:30 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-12 00:23 . 2012-03-31 12:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-12 00:23 . 2011-05-17 12:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 17:16 . 2012-09-12 11:11 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 11:11 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 11:11 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 11:11 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01 . 2010-07-11 03:15 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-08-13 20:49 . 2012-08-13 20:49 144344 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-08-02 19:09 . 2012-08-02 19:09 24408 ----a-w- c:\windows\system32\drivers\klim6.sys
2012-08-02 16:57 . 2012-09-12 11:11 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-28 02:47 . 2012-07-28 02:47 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:\windows\system32\amdocl.dll
2012-07-18 17:47 . 2012-08-16 00:34 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-10-11 01:06 . 2012-10-15 21:08 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1109072]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 1629280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-18 218880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-7-13 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2012-09-10 20:58 59280 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
2012-08-18 01:43 218880 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comcast_McciTrayApp]
2012-06-12 00:01 1966592 ----a-w- c:\program files\Comcast\pcTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2009-09-13 03:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2012-08-29 18:00 59280 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-09-07 21:04 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-09-07 21:04 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-23 00:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-02-24 21:00 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [x]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [x]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnwlh.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:23]
.
2012-10-15 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-06-14 20:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: alpineaccess.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
FF - ProfilePath - c:\users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\t3uck8t6.default\
FF - ExtSQL: 2012-10-15 15:16; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-10-15 15:17; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-10-15 15:17; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-28319566.sys
MSConfigStartUp-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
MSConfigStartUp-BingDesktop - c:\program files\Microsoft\BingDesktop\BingDesktop.exe
MSConfigStartUp-ddoctorv2 - c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
MSConfigStartUp-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Facebook Update - c:\users\Kelly\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Intel AppUp(SM) center - c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk
MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
MSConfigStartUp-Spotify - c:\users\Kelly\AppData\Roaming\Spotify\Spotify.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\Update\realsched.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-15 20:19:34
ComboFix-quarantined-files.txt 2012-10-16 00:19
.
Pre-Run: 127,490,191,360 bytes free
Post-Run: 127,586,865,152 bytes free
.
- - End Of File - - BD02568AE90A3E5EA1213EC8FF98F0F5

#10 mumkelly

mumkelly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 15 October 2012 - 07:38 PM

I posted the scan 13 minutes ago. Rebooted and have had no redirects *yet* in searching with Bing or Google.

I have not tried to reinstall MSE, which was what I used in the past for security software. Should I try to install it again or not? Also the items I disabled are still currently disabled while I wait for further instruction.

Kelly

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:10 AM

Posted 15 October 2012 - 11:44 PM

Greetings mumkelly

After you run these next tools go ahead and reinstall MSE and check to make sure it is working then you can turn back on what was disabled,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mumkelly

mumkelly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 16 October 2012 - 08:56 AM

09:05:22.0427 5884 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
09:05:22.0786 5884 ============================================================
09:05:22.0786 5884 Current date / time: 2012/10/16 09:05:22.0786
09:05:22.0786 5884 SystemInfo:
09:05:22.0786 5884
09:05:22.0786 5884 OS Version: 6.1.7601 ServicePack: 1.0
09:05:22.0786 5884 Product type: Workstation
09:05:22.0786 5884 ComputerName: KELLY-PC
09:05:22.0786 5884 UserName: Kelly
09:05:22.0786 5884 Windows directory: C:\Windows
09:05:22.0786 5884 System windows directory: C:\Windows
09:05:22.0786 5884 Processor architecture: Intel x86
09:05:22.0786 5884 Number of processors: 2
09:05:22.0786 5884 Page size: 0x1000
09:05:22.0786 5884 Boot type: Normal boot
09:05:22.0786 5884 ============================================================
09:05:24.0284 5884 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:05:24.0284 5884 ============================================================
09:05:24.0284 5884 \Device\Harddisk0\DR0:
09:05:24.0284 5884 MBR partitions:
09:05:24.0284 5884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
09:05:24.0284 5884 ============================================================
09:05:24.0299 5884 C: <-> \Device\Harddisk0\DR0\Partition1
09:05:24.0299 5884 ============================================================
09:05:24.0299 5884 Initialize success
09:05:24.0299 5884 ============================================================
09:05:32.0832 5236 ============================================================
09:05:32.0832 5236 Scan started
09:05:32.0832 5236 Mode: Manual;
09:05:32.0832 5236 ============================================================
09:05:33.0441 5236 ================ Scan system memory ========================
09:05:33.0441 5236 System memory - ok
09:05:33.0441 5236 ================ Scan services =============================
09:05:33.0612 5236 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:05:33.0612 5236 1394ohci - ok
09:05:33.0659 5236 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:05:33.0659 5236 ACPI - ok
09:05:33.0706 5236 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:05:33.0706 5236 AcpiPmi - ok
09:05:33.0846 5236 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:05:33.0846 5236 AdobeARMservice - ok
09:05:33.0971 5236 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:05:33.0971 5236 AdobeFlashPlayerUpdateSvc - ok
09:05:34.0034 5236 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:05:34.0049 5236 adp94xx - ok
09:05:34.0065 5236 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:05:34.0080 5236 adpahci - ok
09:05:34.0096 5236 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:05:34.0096 5236 adpu320 - ok
09:05:34.0143 5236 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:05:34.0143 5236 AeLookupSvc - ok
09:05:34.0205 5236 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:05:34.0205 5236 AFD - ok
09:05:34.0252 5236 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:05:34.0252 5236 agp440 - ok
09:05:34.0268 5236 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:05:34.0283 5236 aic78xx - ok
09:05:34.0299 5236 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:05:34.0299 5236 ALG - ok
09:05:34.0314 5236 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:05:34.0314 5236 aliide - ok
09:05:34.0377 5236 [ 50EBBB86E493BD9AB7DDF914A90EEF8E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:05:34.0392 5236 AMD External Events Utility - ok
09:05:34.0486 5236 AMD FUEL Service - ok
09:05:34.0502 5236 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:05:34.0502 5236 amdagp - ok
09:05:34.0548 5236 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:05:34.0548 5236 amdide - ok
09:05:34.0595 5236 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
09:05:34.0595 5236 amdiox86 - ok
09:05:34.0658 5236 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:05:34.0658 5236 AmdK8 - ok
09:05:34.0860 5236 [ 70EB74785AB7FC603FEF19D87B7A7946 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:05:35.0016 5236 amdkmdag - ok
09:05:35.0048 5236 [ BA99833BBDE9C4FF389FC8114FB14843 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:05:35.0048 5236 amdkmdap - ok
09:05:35.0063 5236 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:05:35.0063 5236 AmdPPM - ok
09:05:35.0110 5236 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:05:35.0110 5236 amdsata - ok
09:05:35.0141 5236 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:05:35.0141 5236 amdsbs - ok
09:05:35.0157 5236 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:05:35.0157 5236 amdxata - ok
09:05:35.0204 5236 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:05:35.0204 5236 AppID - ok
09:05:35.0235 5236 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:05:35.0235 5236 AppIDSvc - ok
09:05:35.0266 5236 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:05:35.0282 5236 Appinfo - ok
09:05:35.0391 5236 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:05:35.0391 5236 Apple Mobile Device - ok
09:05:35.0438 5236 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:05:35.0453 5236 arc - ok
09:05:35.0453 5236 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:05:35.0469 5236 arcsas - ok
09:05:35.0500 5236 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\Windows\system32\drivers\AsIO.sys
09:05:35.0500 5236 AsIO - ok
09:05:35.0625 5236 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:05:35.0625 5236 aspnet_state - ok
09:05:35.0656 5236 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:05:35.0656 5236 AsyncMac - ok
09:05:35.0687 5236 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:05:35.0687 5236 atapi - ok
09:05:35.0734 5236 [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
09:05:35.0734 5236 AtiHDAudioService - ok
09:05:35.0906 5236 [ 70EB74785AB7FC603FEF19D87B7A7946 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:05:35.0952 5236 atikmdag - ok
09:05:35.0999 5236 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:05:36.0015 5236 AudioEndpointBuilder - ok
09:05:36.0030 5236 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:05:36.0030 5236 Audiosrv - ok
09:05:36.0077 5236 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:05:36.0077 5236 AxInstSV - ok
09:05:36.0124 5236 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:05:36.0140 5236 b06bdrv - ok
09:05:36.0171 5236 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:05:36.0171 5236 b57nd60x - ok
09:05:36.0218 5236 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:05:36.0218 5236 BDESVC - ok
09:05:36.0233 5236 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:05:36.0233 5236 Beep - ok
09:05:36.0264 5236 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:05:36.0264 5236 BFE - ok
09:05:36.0311 5236 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
09:05:36.0327 5236 BITS - ok
09:05:36.0358 5236 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:05:36.0358 5236 blbdrive - ok
09:05:36.0405 5236 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:05:36.0405 5236 bowser - ok
09:05:36.0420 5236 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:05:36.0436 5236 BrFiltLo - ok
09:05:36.0436 5236 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:05:36.0436 5236 BrFiltUp - ok
09:05:36.0483 5236 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:05:36.0483 5236 BridgeMP - ok
09:05:36.0514 5236 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:05:36.0514 5236 Browser - ok
09:05:36.0530 5236 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:05:36.0545 5236 Brserid - ok
09:05:36.0561 5236 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:05:36.0561 5236 BrSerWdm - ok
09:05:36.0576 5236 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:05:36.0576 5236 BrUsbMdm - ok
09:05:36.0576 5236 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:05:36.0592 5236 BrUsbSer - ok
09:05:36.0608 5236 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:05:36.0608 5236 BTHMODEM - ok
09:05:36.0654 5236 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:05:36.0654 5236 bthserv - ok
09:05:36.0764 5236 catchme - ok
09:05:36.0779 5236 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:05:36.0779 5236 cdfs - ok
09:05:36.0842 5236 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:05:36.0842 5236 cdrom - ok
09:05:36.0888 5236 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:05:36.0888 5236 CertPropSvc - ok
09:05:36.0935 5236 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:05:36.0935 5236 circlass - ok
09:05:36.0982 5236 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:05:36.0982 5236 CLFS - ok
09:05:37.0060 5236 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:05:37.0060 5236 clr_optimization_v2.0.50727_32 - ok
09:05:37.0107 5236 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:05:37.0107 5236 clr_optimization_v4.0.30319_32 - ok
09:05:37.0122 5236 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:05:37.0122 5236 CmBatt - ok
09:05:37.0138 5236 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:05:37.0138 5236 cmdide - ok
09:05:37.0185 5236 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
09:05:37.0200 5236 CNG - ok
09:05:37.0216 5236 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:05:37.0216 5236 Compbatt - ok
09:05:37.0263 5236 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:05:37.0263 5236 CompositeBus - ok
09:05:37.0278 5236 COMSysApp - ok
09:05:37.0294 5236 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:05:37.0294 5236 crcdisk - ok
09:05:37.0341 5236 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:05:37.0341 5236 CryptSvc - ok
09:05:37.0388 5236 [ A1998B05CDB931DEB5C653DE13D56E13 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
09:05:37.0419 5236 ctxusbm - ok
09:05:37.0450 5236 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:05:37.0466 5236 DcomLaunch - ok
09:05:37.0497 5236 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:05:37.0512 5236 defragsvc - ok
09:05:37.0544 5236 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:05:37.0544 5236 DfsC - ok
09:05:37.0575 5236 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:05:37.0590 5236 Dhcp - ok
09:05:37.0653 5236 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:05:37.0668 5236 discache - ok
09:05:37.0762 5236 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:05:37.0762 5236 Disk - ok
09:05:37.0793 5236 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:05:37.0809 5236 Dnscache - ok
09:05:37.0840 5236 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:05:37.0840 5236 dot3svc - ok
09:05:37.0887 5236 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:05:37.0887 5236 DPS - ok
09:05:37.0918 5236 [ FF6E54B49607CC0F37D675B763735570 ] DrmCAudio C:\Windows\system32\drivers\DrmCAudio.sys
09:05:37.0934 5236 DrmCAudio - ok
09:05:37.0980 5236 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:05:37.0980 5236 drmkaud - ok
09:05:37.0996 5236 [ FF6E54B49607CC0F37D675B763735570 ] DrmRAudio C:\Windows\system32\drivers\DrmRAudio.sys
09:05:38.0027 5236 DrmRAudio - ok
09:05:38.0074 5236 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:05:38.0074 5236 DXGKrnl - ok
09:05:38.0121 5236 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:05:38.0121 5236 EapHost - ok
09:05:38.0214 5236 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:05:38.0277 5236 ebdrv - ok
09:05:38.0308 5236 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:05:38.0308 5236 EFS - ok
09:05:38.0386 5236 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:05:38.0402 5236 ehRecvr - ok
09:05:38.0448 5236 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:05:38.0448 5236 ehSched - ok
09:05:38.0480 5236 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:05:38.0480 5236 elxstor - ok
09:05:38.0511 5236 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:05:38.0511 5236 ErrDev - ok
09:05:38.0558 5236 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:05:38.0573 5236 EventSystem - ok
09:05:38.0589 5236 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:05:38.0589 5236 exfat - ok
09:05:38.0651 5236 [ 24AA397903C27B70B4B6159A28C1ACB9 ] f5ipfw C:\Windows\system32\drivers\urfltwlh.sys
09:05:38.0651 5236 f5ipfw - ok
09:05:38.0667 5236 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:05:38.0682 5236 fastfat - ok
09:05:38.0729 5236 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:05:38.0745 5236 Fax - ok
09:05:38.0792 5236 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:05:38.0792 5236 fdc - ok
09:05:38.0792 5236 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:05:38.0807 5236 fdPHost - ok
09:05:38.0807 5236 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:05:38.0807 5236 FDResPub - ok
09:05:38.0823 5236 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:05:38.0823 5236 FileInfo - ok
09:05:38.0838 5236 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:05:38.0838 5236 Filetrace - ok
09:05:38.0854 5236 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:05:38.0854 5236 flpydisk - ok
09:05:38.0870 5236 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:05:38.0885 5236 FltMgr - ok
09:05:38.0932 5236 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:05:38.0948 5236 FontCache - ok
09:05:39.0026 5236 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:05:39.0026 5236 FontCache3.0.0.0 - ok
09:05:39.0041 5236 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:05:39.0041 5236 FsDepends - ok
09:05:39.0088 5236 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:05:39.0088 5236 fssfltr - ok
09:05:39.0182 5236 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:05:39.0213 5236 fsssvc - ok
09:05:39.0244 5236 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:05:39.0244 5236 Fs_Rec - ok
09:05:39.0306 5236 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:05:39.0306 5236 fvevol - ok
09:05:39.0338 5236 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:05:39.0338 5236 gagp30kx - ok
09:05:39.0384 5236 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:05:39.0384 5236 GEARAspiWDM - ok
09:05:39.0431 5236 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:05:39.0447 5236 gpsvc - ok
09:05:39.0509 5236 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:05:39.0509 5236 gusvc - ok
09:05:39.0525 5236 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:05:39.0525 5236 hcw85cir - ok
09:05:39.0587 5236 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:05:39.0587 5236 HdAudAddService - ok
09:05:39.0618 5236 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:05:39.0618 5236 HDAudBus - ok
09:05:39.0634 5236 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:05:39.0634 5236 HidBatt - ok
09:05:39.0650 5236 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:05:39.0665 5236 HidBth - ok
09:05:39.0681 5236 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:05:39.0681 5236 HidIr - ok
09:05:39.0712 5236 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:05:39.0712 5236 hidserv - ok
09:05:39.0743 5236 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:05:39.0743 5236 HidUsb - ok
09:05:39.0774 5236 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:05:39.0790 5236 hkmsvc - ok
09:05:39.0852 5236 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:05:39.0852 5236 HomeGroupListener - ok
09:05:39.0899 5236 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:05:39.0899 5236 HomeGroupProvider - ok
09:05:39.0930 5236 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:05:39.0930 5236 HpSAMD - ok
09:05:39.0977 5236 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:05:39.0993 5236 HTTP - ok
09:05:40.0024 5236 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:05:40.0024 5236 hwpolicy - ok
09:05:40.0055 5236 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:05:40.0055 5236 i8042prt - ok
09:05:40.0086 5236 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:05:40.0102 5236 iaStorV - ok
09:05:40.0133 5236 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:05:40.0133 5236 IDriverT - ok
09:05:40.0196 5236 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:05:40.0211 5236 idsvc - ok
09:05:40.0242 5236 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:05:40.0242 5236 iirsp - ok
09:05:40.0274 5236 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:05:40.0305 5236 IKEEXT - ok
09:05:40.0352 5236 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:05:40.0352 5236 intelide - ok
09:05:40.0383 5236 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:05:40.0383 5236 intelppm - ok
09:05:40.0430 5236 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:05:40.0430 5236 IPBusEnum - ok
09:05:40.0445 5236 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:05:40.0445 5236 IpFilterDriver - ok
09:05:40.0476 5236 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:05:40.0492 5236 iphlpsvc - ok
09:05:40.0508 5236 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:05:40.0508 5236 IPMIDRV - ok
09:05:40.0539 5236 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:05:40.0539 5236 IPNAT - ok
09:05:40.0632 5236 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:05:40.0664 5236 iPod Service - ok
09:05:40.0710 5236 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:05:40.0710 5236 IRENUM - ok
09:05:40.0742 5236 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:05:40.0742 5236 isapnp - ok
09:05:40.0758 5236 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:05:40.0758 5236 iScsiPrt - ok
09:05:40.0789 5236 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:05:40.0789 5236 kbdclass - ok
09:05:40.0821 5236 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:05:40.0821 5236 kbdhid - ok
09:05:40.0836 5236 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:05:40.0836 5236 KeyIso - ok
09:05:40.0883 5236 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:05:40.0883 5236 KSecDD - ok
09:05:40.0930 5236 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:05:40.0930 5236 KSecPkg - ok
09:05:40.0961 5236 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:05:40.0977 5236 KtmRm - ok
09:05:41.0008 5236 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:05:41.0008 5236 LanmanServer - ok
09:05:41.0023 5236 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:05:41.0023 5236 LanmanWorkstation - ok
09:05:41.0070 5236 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:05:41.0086 5236 lltdio - ok
09:05:41.0117 5236 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:05:41.0117 5236 lltdsvc - ok
09:05:41.0148 5236 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:05:41.0148 5236 lmhosts - ok
09:05:41.0179 5236 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:05:41.0179 5236 LSI_FC - ok
09:05:41.0211 5236 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:05:41.0211 5236 LSI_SAS - ok
09:05:41.0226 5236 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:05:41.0226 5236 LSI_SAS2 - ok
09:05:41.0242 5236 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:05:41.0242 5236 LSI_SCSI - ok
09:05:41.0273 5236 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:05:41.0273 5236 luafv - ok
09:05:41.0320 5236 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:05:41.0320 5236 Mcx2Svc - ok
09:05:41.0335 5236 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:05:41.0335 5236 megasas - ok
09:05:41.0367 5236 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:05:41.0367 5236 MegaSR - ok
09:05:41.0398 5236 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:05:41.0413 5236 MMCSS - ok
09:05:41.0429 5236 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:05:41.0429 5236 Modem - ok
09:05:41.0460 5236 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:05:41.0460 5236 monitor - ok
09:05:41.0507 5236 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:05:41.0507 5236 mouclass - ok
09:05:41.0523 5236 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:05:41.0523 5236 mouhid - ok
09:05:41.0554 5236 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:05:41.0554 5236 mountmgr - ok
09:05:41.0601 5236 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:05:41.0601 5236 MozillaMaintenance - ok
09:05:41.0647 5236 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:05:41.0647 5236 MpFilter - ok
09:05:41.0663 5236 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:05:41.0679 5236 mpio - ok
09:05:41.0866 5236 [ A69630D039C38018689190234F866D77 ] MpKslf3339255 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F909B3DD-96C2-4C46-BBC8-3E52E6C76067}\MpKslf3339255.sys
09:05:41.0866 5236 MpKslf3339255 - ok
09:05:41.0897 5236 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:05:41.0897 5236 mpsdrv - ok
09:05:41.0944 5236 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:05:41.0944 5236 MpsSvc - ok
09:05:42.0022 5236 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
09:05:42.0022 5236 MREMP50 - ok
09:05:42.0037 5236 MREMPR5 - ok
09:05:42.0037 5236 MRENDIS5 - ok
09:05:42.0069 5236 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
09:05:42.0069 5236 MRESP50 - ok
09:05:42.0084 5236 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:05:42.0100 5236 MRxDAV - ok
09:05:42.0131 5236 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:05:42.0131 5236 mrxsmb - ok
09:05:42.0178 5236 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:05:42.0178 5236 mrxsmb10 - ok
09:05:42.0209 5236 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:05:42.0225 5236 mrxsmb20 - ok
09:05:42.0240 5236 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:05:42.0240 5236 msahci - ok
09:05:42.0271 5236 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:05:42.0271 5236 msdsm - ok
09:05:42.0287 5236 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:05:42.0303 5236 MSDTC - ok
09:05:42.0349 5236 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:05:42.0365 5236 Msfs - ok
09:05:42.0381 5236 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:05:42.0381 5236 mshidkmdf - ok
09:05:42.0427 5236 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:05:42.0427 5236 msisadrv - ok
09:05:42.0459 5236 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:05:42.0459 5236 MSiSCSI - ok
09:05:42.0459 5236 msiserver - ok
09:05:42.0490 5236 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:05:42.0490 5236 MSKSSRV - ok
09:05:42.0568 5236 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:05:42.0568 5236 MsMpSvc - ok
09:05:42.0599 5236 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:05:42.0599 5236 MSPCLOCK - ok
09:05:42.0599 5236 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:05:42.0599 5236 MSPQM - ok
09:05:42.0630 5236 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:05:42.0630 5236 MsRPC - ok
09:05:42.0646 5236 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:05:42.0646 5236 mssmbios - ok
09:05:42.0646 5236 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:05:42.0646 5236 MSTEE - ok
09:05:42.0661 5236 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:05:42.0661 5236 MTConfig - ok
09:05:42.0693 5236 [ 0F24624106D8042E7F27882D9D6FF5C0 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
09:05:42.0693 5236 MTsensor - ok
09:05:42.0708 5236 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:05:42.0708 5236 Mup - ok
09:05:42.0755 5236 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:05:42.0771 5236 napagent - ok
09:05:42.0833 5236 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:05:42.0833 5236 NativeWifiP - ok
09:05:42.0911 5236 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:05:42.0927 5236 NDIS - ok
09:05:42.0942 5236 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:05:42.0942 5236 NdisCap - ok
09:05:42.0958 5236 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:05:42.0958 5236 NdisTapi - ok
09:05:43.0005 5236 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:05:43.0020 5236 Ndisuio - ok
09:05:43.0067 5236 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:05:43.0067 5236 NdisWan - ok
09:05:43.0114 5236 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:05:43.0114 5236 NDProxy - ok
09:05:43.0129 5236 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:05:43.0129 5236 NetBIOS - ok
09:05:43.0176 5236 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:05:43.0176 5236 NetBT - ok
09:05:43.0192 5236 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:05:43.0192 5236 Netlogon - ok
09:05:43.0254 5236 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:05:43.0254 5236 Netman - ok
09:05:43.0301 5236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:05:43.0301 5236 NetMsmqActivator - ok
09:05:43.0332 5236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:05:43.0332 5236 NetPipeActivator - ok
09:05:43.0348 5236 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:05:43.0363 5236 netprofm - ok
09:05:43.0379 5236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:05:43.0379 5236 NetTcpActivator - ok
09:05:43.0395 5236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:05:43.0395 5236 NetTcpPortSharing - ok
09:05:43.0426 5236 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:05:43.0426 5236 nfrd960 - ok
09:05:43.0473 5236 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:05:43.0473 5236 NisDrv - ok
09:05:43.0504 5236 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:05:43.0504 5236 NisSrv - ok
09:05:43.0551 5236 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:05:43.0566 5236 NlaSvc - ok
09:05:43.0582 5236 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:05:43.0582 5236 Npfs - ok
09:05:43.0613 5236 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:05:43.0613 5236 nsi - ok
09:05:43.0629 5236 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:05:43.0629 5236 nsiproxy - ok
09:05:43.0691 5236 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:05:43.0722 5236 Ntfs - ok
09:05:43.0738 5236 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:05:43.0738 5236 Null - ok
09:05:43.0769 5236 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:05:43.0769 5236 nvraid - ok
09:05:43.0785 5236 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:05:43.0785 5236 nvstor - ok
09:05:43.0831 5236 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:05:43.0831 5236 nv_agp - ok
09:05:43.0941 5236 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:05:43.0956 5236 odserv - ok
09:05:43.0972 5236 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:05:43.0987 5236 ohci1394 - ok
09:05:44.0019 5236 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:05:44.0019 5236 ose - ok
09:05:44.0065 5236 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:05:44.0065 5236 p2pimsvc - ok
09:05:44.0081 5236 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:05:44.0097 5236 p2psvc - ok
09:05:44.0128 5236 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:05:44.0128 5236 Parport - ok
09:05:44.0175 5236 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:05:44.0175 5236 partmgr - ok
09:05:44.0190 5236 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:05:44.0190 5236 Parvdm - ok
09:05:44.0206 5236 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:05:44.0206 5236 PcaSvc - ok
09:05:44.0253 5236 [ 3E73B088F57666A8F0F15496F0A602EE ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe
09:05:44.0377 5236 pcCMService - ok
09:05:44.0409 5236 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:05:44.0409 5236 pci - ok
09:05:44.0424 5236 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:05:44.0424 5236 pciide - ok
09:05:44.0455 5236 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:05:44.0455 5236 pcmcia - ok
09:05:44.0518 5236 [ A4D6449CEBB5931685AE310DC2D7966D ] pcServiceHost C:\Program Files\Common Files\Motive\pcServiceHost.exe
09:05:44.0533 5236 pcServiceHost - ok
09:05:44.0549 5236 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:05:44.0549 5236 pcw - ok
09:05:44.0565 5236 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:05:44.0580 5236 PEAUTH - ok
09:05:44.0658 5236 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:05:44.0705 5236 pla - ok
09:05:44.0752 5236 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:05:44.0783 5236 PlugPlay - ok
09:05:44.0814 5236 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:05:44.0814 5236 PNRPAutoReg - ok
09:05:44.0830 5236 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:05:44.0830 5236 PNRPsvc - ok
09:05:44.0861 5236 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:05:44.0861 5236 PolicyAgent - ok
09:05:44.0892 5236 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:05:44.0908 5236 Power - ok
09:05:44.0955 5236 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:05:44.0955 5236 PptpMiniport - ok
09:05:44.0970 5236 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:05:44.0970 5236 Processor - ok
09:05:45.0017 5236 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:05:45.0033 5236 ProfSvc - ok
09:05:45.0033 5236 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:05:45.0033 5236 ProtectedStorage - ok
09:05:45.0048 5236 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:05:45.0048 5236 Psched - ok
09:05:45.0095 5236 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:05:45.0126 5236 ql2300 - ok
09:05:45.0142 5236 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:05:45.0142 5236 ql40xx - ok
09:05:45.0173 5236 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:05:45.0189 5236 QWAVE - ok
09:05:45.0204 5236 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:05:45.0204 5236 QWAVEdrv - ok
09:05:45.0220 5236 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:05:45.0220 5236 RasAcd - ok
09:05:45.0235 5236 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:05:45.0235 5236 RasAgileVpn - ok
09:05:45.0251 5236 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:05:45.0251 5236 RasAuto - ok
09:05:45.0267 5236 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:05:45.0267 5236 Rasl2tp - ok
09:05:45.0313 5236 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:05:45.0329 5236 RasMan - ok
09:05:45.0345 5236 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:05:45.0360 5236 RasPppoe - ok
09:05:45.0376 5236 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:05:45.0376 5236 RasSstp - ok
09:05:45.0407 5236 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:05:45.0423 5236 rdbss - ok
09:05:45.0438 5236 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:05:45.0438 5236 rdpbus - ok
09:05:45.0469 5236 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:05:45.0469 5236 RDPCDD - ok
09:05:45.0501 5236 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:05:45.0501 5236 RDPENCDD - ok
09:05:45.0516 5236 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:05:45.0516 5236 RDPREFMP - ok
09:05:45.0547 5236 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:05:45.0547 5236 RDPWD - ok
09:05:45.0610 5236 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:05:45.0610 5236 rdyboost - ok
09:05:45.0641 5236 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:05:45.0641 5236 RemoteAccess - ok
09:05:45.0688 5236 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:05:45.0688 5236 RemoteRegistry - ok
09:05:45.0703 5236 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:05:45.0719 5236 RpcEptMapper - ok
09:05:45.0750 5236 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:05:45.0750 5236 RpcLocator - ok
09:05:45.0781 5236 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:05:45.0781 5236 RpcSs - ok
09:05:45.0797 5236 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:05:45.0797 5236 rspndr - ok
09:05:45.0859 5236 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
09:05:45.0859 5236 RTL8167 - ok
09:05:45.0875 5236 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:05:45.0875 5236 SamSs - ok
09:05:45.0937 5236 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:05:45.0937 5236 sbp2port - ok
09:05:45.0953 5236 SBRE - ok
09:05:45.0984 5236 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:05:46.0000 5236 SCardSvr - ok
09:05:46.0031 5236 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:05:46.0031 5236 scfilter - ok
09:05:46.0078 5236 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:05:46.0093 5236 Schedule - ok
09:05:46.0109 5236 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:05:46.0109 5236 SCPolicySvc - ok
09:05:46.0171 5236 [ CC0ECD80978F29A41F5D4B4F5AF890E8 ] SCR3XX2K C:\Windows\system32\DRIVERS\SCR3XX2K.sys
09:05:46.0171 5236 SCR3XX2K - ok
09:05:46.0203 5236 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:05:46.0203 5236 SDRSVC - ok
09:05:46.0234 5236 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:05:46.0234 5236 secdrv - ok
09:05:46.0249 5236 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:05:46.0249 5236 seclogon - ok
09:05:46.0296 5236 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:05:46.0296 5236 SENS - ok
09:05:46.0343 5236 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:05:46.0343 5236 SensrSvc - ok
09:05:46.0359 5236 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:05:46.0359 5236 Serenum - ok
09:05:46.0390 5236 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:05:46.0390 5236 Serial - ok
09:05:46.0405 5236 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:05:46.0405 5236 sermouse - ok
09:05:46.0468 5236 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:05:46.0468 5236 SessionEnv - ok
09:05:46.0515 5236 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:05:46.0515 5236 sffdisk - ok
09:05:46.0515 5236 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:05:46.0515 5236 sffp_mmc - ok
09:05:46.0530 5236 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:05:46.0530 5236 sffp_sd - ok
09:05:46.0546 5236 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:05:46.0546 5236 sfloppy - ok
09:05:46.0593 5236 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:05:46.0608 5236 SharedAccess - ok
09:05:46.0639 5236 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:05:46.0639 5236 ShellHWDetection - ok
09:05:46.0686 5236 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:05:46.0686 5236 sisagp - ok
09:05:46.0717 5236 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:05:46.0717 5236 SiSRaid2 - ok
09:05:46.0733 5236 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:05:46.0733 5236 SiSRaid4 - ok
09:05:46.0764 5236 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:05:46.0764 5236 Smb - ok
09:05:46.0811 5236 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:05:46.0811 5236 SNMPTRAP - ok
09:05:46.0827 5236 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:05:46.0827 5236 spldr - ok
09:05:46.0873 5236 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:05:46.0873 5236 Spooler - ok
09:05:46.0951 5236 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:05:47.0029 5236 sppsvc - ok
09:05:47.0076 5236 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:05:47.0076 5236 sppuinotify - ok
09:05:47.0123 5236 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:05:47.0123 5236 srv - ok
09:05:47.0170 5236 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:05:47.0170 5236 srv2 - ok
09:05:47.0185 5236 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:05:47.0201 5236 srvnet - ok
09:05:47.0232 5236 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:05:47.0248 5236 SSDPSRV - ok
09:05:47.0248 5236 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:05:47.0263 5236 SstpSvc - ok
09:05:47.0295 5236 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:05:47.0295 5236 stexstor - ok
09:05:47.0341 5236 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
09:05:47.0357 5236 StillCam - ok
09:05:47.0404 5236 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:05:47.0419 5236 StiSvc - ok
09:05:47.0466 5236 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:05:47.0466 5236 swenum - ok
09:05:47.0482 5236 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:05:47.0482 5236 swprv - ok
09:05:47.0544 5236 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:05:47.0575 5236 SysMain - ok
09:05:47.0591 5236 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:05:47.0591 5236 TabletInputService - ok
09:05:47.0638 5236 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:05:47.0638 5236 TapiSrv - ok
09:05:47.0685 5236 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:05:47.0685 5236 TBS - ok
09:05:47.0747 5236 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:05:47.0794 5236 Tcpip - ok
09:05:47.0825 5236 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:05:47.0841 5236 TCPIP6 - ok
09:05:47.0872 5236 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:05:47.0887 5236 tcpipreg - ok
09:05:47.0934 5236 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:05:47.0934 5236 TDPIPE - ok
09:05:47.0965 5236 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:05:47.0965 5236 TDTCP - ok
09:05:48.0012 5236 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:05:48.0012 5236 tdx - ok
09:05:48.0043 5236 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:05:48.0043 5236 TermDD - ok
09:05:48.0090 5236 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:05:48.0106 5236 TermService - ok
09:05:48.0121 5236 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:05:48.0137 5236 Themes - ok
09:05:48.0153 5236 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:05:48.0153 5236 THREADORDER - ok
09:05:48.0168 5236 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:05:48.0168 5236 TrkWks - ok
09:05:48.0215 5236 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:05:48.0215 5236 TrustedInstaller - ok
09:05:48.0231 5236 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:05:48.0231 5236 tssecsrv - ok
09:05:48.0277 5236 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:05:48.0277 5236 TsUsbFlt - ok
09:05:48.0324 5236 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:05:48.0340 5236 tunnel - ok
09:05:48.0371 5236 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:05:48.0371 5236 uagp35 - ok
09:05:48.0402 5236 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:05:48.0402 5236 udfs - ok
09:05:48.0449 5236 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:05:48.0465 5236 UI0Detect - ok
09:05:48.0496 5236 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:05:48.0496 5236 uliagpkx - ok
09:05:48.0511 5236 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:05:48.0511 5236 umbus - ok
09:05:48.0543 5236 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:05:48.0543 5236 UmPass - ok
09:05:48.0589 5236 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:05:48.0589 5236 upnphost - ok
09:05:48.0636 5236 [ 39FBCA3D9F76A7942FEE123B3015146F ] urvpndrv C:\Windows\system32\DRIVERS\covpnwlh.sys
09:05:48.0636 5236 urvpndrv - ok
09:05:48.0683 5236 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:05:48.0683 5236 USBAAPL - ok
09:05:48.0730 5236 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:05:48.0745 5236 usbaudio - ok
09:05:48.0761 5236 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:05:48.0761 5236 usbccgp - ok
09:05:48.0792 5236 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:05:48.0792 5236 usbcir - ok
09:05:48.0823 5236 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:05:48.0839 5236 usbehci - ok
09:05:48.0870 5236 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:05:48.0870 5236 usbhub - ok
09:05:48.0901 5236 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:05:48.0901 5236 usbohci - ok
09:05:48.0964 5236 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:05:48.0964 5236 usbprint - ok
09:05:48.0995 5236 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:05:48.0995 5236 usbscan - ok
09:05:49.0026 5236 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:05:49.0026 5236 USBSTOR - ok
09:05:49.0042 5236 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:05:49.0042 5236 usbuhci - ok
09:05:49.0073 5236 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:05:49.0073 5236 UxSms - ok
09:05:49.0104 5236 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:05:49.0104 5236 VaultSvc - ok
09:05:49.0120 5236 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:05:49.0120 5236 vdrvroot - ok
09:05:49.0167 5236 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:05:49.0182 5236 vds - ok
09:05:49.0198 5236 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:05:49.0198 5236 vga - ok
09:05:49.0213 5236 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:05:49.0213 5236 VgaSave - ok
09:05:49.0245 5236 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:05:49.0245 5236 vhdmp - ok
09:05:49.0291 5236 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:05:49.0291 5236 viaagp - ok
09:05:49.0291 5236 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:05:49.0307 5236 ViaC7 - ok
09:05:49.0323 5236 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:05:49.0323 5236 viaide - ok
09:05:49.0338 5236 VMnetAdapter - ok
09:05:49.0354 5236 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:05:49.0354 5236 volmgr - ok
09:05:49.0369 5236 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:05:49.0369 5236 volmgrx - ok
09:05:49.0385 5236 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:05:49.0401 5236 volsnap - ok
09:05:49.0432 5236 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:05:49.0447 5236 vsmraid - ok
09:05:49.0494 5236 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:05:49.0525 5236 VSS - ok
09:05:49.0541 5236 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:05:49.0541 5236 vwifibus - ok
09:05:49.0572 5236 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:05:49.0588 5236 W32Time - ok
09:05:49.0603 5236 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:05:49.0603 5236 WacomPen - ok
09:05:49.0635 5236 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:05:49.0635 5236 WANARP - ok
09:05:49.0635 5236 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:05:49.0635 5236 Wanarpv6 - ok
09:05:49.0713 5236 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:05:49.0744 5236 WatAdminSvc - ok
09:05:49.0822 5236 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:05:49.0853 5236 wbengine - ok
09:05:49.0884 5236 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:05:49.0884 5236 WbioSrvc - ok
09:05:49.0931 5236 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:05:49.0947 5236 wcncsvc - ok
09:05:49.0947 5236 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:05:49.0947 5236 WcsPlugInService - ok
09:05:49.0993 5236 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:05:49.0993 5236 Wd - ok
09:05:50.0009 5236 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:05:50.0009 5236 Wdf01000 - ok
09:05:50.0025 5236 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:05:50.0040 5236 WdiServiceHost - ok
09:05:50.0040 5236 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:05:50.0040 5236 WdiSystemHost - ok
09:05:50.0087 5236 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:05:50.0087 5236 WebClient - ok
09:05:50.0103 5236 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:05:50.0103 5236 Wecsvc - ok
09:05:50.0118 5236 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:05:50.0118 5236 wercplsupport - ok
09:05:50.0149 5236 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:05:50.0149 5236 WerSvc - ok
09:05:50.0181 5236 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:05:50.0181 5236 WfpLwf - ok
09:05:50.0196 5236 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:05:50.0196 5236 WIMMount - ok
09:05:50.0259 5236 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:05:50.0274 5236 WinDefend - ok
09:05:50.0290 5236 WinHttpAutoProxySvc - ok
09:05:50.0368 5236 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:05:50.0368 5236 Winmgmt - ok
09:05:50.0430 5236 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:05:50.0461 5236 WinRM - ok
09:05:50.0508 5236 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:05:50.0508 5236 WinUsb - ok
09:05:50.0571 5236 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:05:50.0586 5236 Wlansvc - ok
09:05:50.0680 5236 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:05:50.0680 5236 wlcrasvc - ok
09:05:50.0773 5236 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:05:50.0805 5236 wlidsvc - ok
09:05:50.0836 5236 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:05:50.0836 5236 WmiAcpi - ok
09:05:50.0884 5236 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:05:50.0884 5236 wmiApSrv - ok
09:05:50.0962 5236 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:05:50.0993 5236 WMPNetworkSvc - ok
09:05:51.0024 5236 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:05:51.0040 5236 WPCSvc - ok
09:05:51.0071 5236 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:05:51.0071 5236 WPDBusEnum - ok
09:05:51.0118 5236 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:05:51.0118 5236 ws2ifsl - ok
09:05:51.0149 5236 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
09:05:51.0164 5236 WsAudio_DeviceS(1) - ok
09:05:51.0196 5236 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
09:05:51.0211 5236 WsAudio_DeviceS(2) - ok
09:05:51.0242 5236 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
09:05:51.0258 5236 WsAudio_DeviceS(3) - ok
09:05:51.0305 5236 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
09:05:51.0320 5236 WsAudio_DeviceS(4) - ok
09:05:51.0352 5236 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
09:05:51.0367 5236 WsAudio_DeviceS(5) - ok
09:05:51.0398 5236 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
09:05:51.0414 5236 wscsvc - ok
09:05:51.0445 5236 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:05:51.0445 5236 WSDPrintDevice - ok
09:05:51.0461 5236 WSearch - ok
09:05:51.0523 5236 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:05:51.0570 5236 wuauserv - ok
09:05:51.0586 5236 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:05:51.0586 5236 WudfPf - ok
09:05:51.0632 5236 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:05:51.0632 5236 WUDFRd - ok
09:05:51.0679 5236 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:05:51.0679 5236 wudfsvc - ok
09:05:51.0726 5236 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:05:51.0726 5236 WwanSvc - ok
09:05:51.0742 5236 ================ Scan global ===============================
09:05:51.0773 5236 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:05:51.0820 5236 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
09:05:51.0835 5236 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
09:05:51.0851 5236 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:05:51.0898 5236 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:05:51.0898 5236 [Global] - ok
09:05:51.0898 5236 ================ Scan MBR ==================================
09:05:51.0913 5236 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:05:52.0054 5236 \Device\Harddisk0\DR0 - ok
09:05:52.0054 5236 ================ Scan VBR ==================================
09:05:52.0054 5236 [ FB8823826C56BA7BF02B840BD1B4CC5E ] \Device\Harddisk0\DR0\Partition1
09:05:52.0069 5236 \Device\Harddisk0\DR0\Partition1 - ok
09:05:52.0069 5236 ============================================================
09:05:52.0069 5236 Scan finished
09:05:52.0069 5236 ============================================================
09:05:52.0069 3908 Detected object count: 0
09:05:52.0069 3908 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-16 09:10:06
-----------------------------
09:10:06.308 OS Version: Windows 6.1.7601 Service Pack 1
09:10:06.308 Number of processors: 2 586 0x6B02
09:10:06.308 ComputerName: KELLY-PC UserName: Kelly
09:10:25.622 Initialize success
09:11:28.187 AVAST engine defs: 12101600
09:13:00.521 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-4
09:13:00.521 Disk 0 Vendor: ST3250410AS 4.AAA Size: 238475MB BusType: 3
09:13:00.536 Disk 0 MBR read successfully
09:13:00.536 Disk 0 MBR scan
09:13:00.614 Disk 0 Windows 7 default MBR code
09:13:00.614 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
09:13:00.661 Disk 0 scanning sectors +488376000
09:13:00.770 Disk 0 scanning C:\Windows\system32\drivers
09:13:17.837 Service scanning
09:13:40.239 Service MpKslf3339255 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F909B3DD-96C2-4C46-BBC8-3E52E6C76067}\MpKslf3339255.sys **LOCKED** 32
09:14:15.912 Modules scanning
09:14:27.271 Disk 0 trace - called modules:
09:14:27.297 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
09:14:27.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8674f8a0]
09:14:27.655 3 CLASSPNP.SYS[8c38d59e] -> nt!IofCallDriver -> [0x86249918]
09:14:27.671 5 ACPI.sys[8bdbf3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-4[0x862d0908]
09:14:29.483 AVAST engine scan C:\Windows
09:14:34.272 AVAST engine scan C:\Windows\system32
09:14:50.007 File: C:\Windows\system32\basesrvg.dll **INFECTED** Win32:Crypt-NYP [Trj]
09:19:40.359 AVAST engine scan C:\Windows\system32\drivers
09:20:02.174 AVAST engine scan C:\Users\Kelly
09:45:30.652 Disk 0 MBR has been saved successfully to "C:\Users\Kelly\Desktop\MBR.dat"
09:45:30.729 The log file has been saved successfully to "C:\Users\Kelly\Desktop\aswMBR.txt"


MSE installed properly and is currently running successfully.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:10 AM

Posted 16 October 2012 - 01:04 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\system32\basesrvg.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mumkelly

mumkelly
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 16 October 2012 - 04:36 PM

ComboFix 12-10-16.02 - Kelly 10/16/2012 17:18:43.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.1818 [GMT -4:00]
Running from: c:\users\Kelly\Desktop\ComboFix.exe
Command switches used :: c:\users\Kelly\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\basesrvg.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\system32\basesrvg.dll
c:\windows\system32\msstdfmt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 21:28 . 2012-10-16 21:28 -------- d-----w- c:\users\Turk\AppData\Local\temp
2012-10-16 21:28 . 2012-10-16 21:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-16 21:28 . 2012-10-16 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 13:05 . 2012-10-16 13:05 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F909B3DD-96C2-4C46-BBC8-3E52E6C76067}\MpKslf3339255.sys
2012-10-16 12:47 . 2012-10-16 12:47 -------- d-----w- c:\programdata\Citrix
2012-10-16 01:32 . 2012-10-16 01:32 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D8020DC-941E-46C9-B670-F708F72E66A9}\gapaengine.dll
2012-10-16 01:32 . 2012-08-30 05:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F909B3DD-96C2-4C46-BBC8-3E52E6C76067}\mpengine.dll
2012-10-16 01:31 . 2012-10-16 01:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-16 00:19 . 2012-10-16 21:29 -------- d-----w- c:\users\Kelly\AppData\Local\temp
2012-10-15 21:08 . 2012-10-15 21:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-15 20:44 . 2012-10-16 03:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-15 02:19 . 2012-10-15 02:19 -------- d-----w- c:\program files\Common Files\Java
2012-10-14 23:06 . 2011-11-28 18:46 13944 ----a-w- c:\windows\system32\drivers\urfltwlh.sys
2012-10-14 19:51 . 2012-10-14 22:43 -------- d-----w- c:\users\Kelly\AppData\Local\LogMeIn Rescue Applet
2012-10-13 21:36 . 2012-10-13 21:36 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-10-13 21:31 . 2012-10-13 21:31 -------- d-----w- c:\program files\HitmanPro
2012-10-13 21:28 . 2012-10-13 21:36 -------- d-----w- c:\programdata\HitmanPro
2012-10-13 21:00 . 2012-10-13 21:00 -------- d-----w- C:\WINSSLog
2012-10-13 04:17 . 2012-10-13 04:17 3584 ----a-r- c:\users\Kelly\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-10-13 03:25 . 2012-10-13 03:25 -------- d-----w- c:\users\Kelly\AppData\Local\VS Revo Group
2012-10-13 03:25 . 2012-10-13 03:25 -------- d-----w- c:\program files\VS Revo Group
2012-10-12 20:29 . 2012-09-19 04:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE80A45C-5568-4574-A3F9-34FCBB274F00}\mpengine.dll
2012-10-12 00:10 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-12 00:05 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-12 00:05 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-12 00:05 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 23:56 . 2012-10-14 14:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-11 21:28 . 2012-10-11 21:35 -------- d-----w- c:\programdata\Norton
2012-10-11 20:25 . 2012-10-11 20:26 -------- d-----w- c:\programdata\PCPitstop
2012-10-11 19:59 . 2012-10-11 22:31 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2012-10-05 21:45 . 2012-10-06 01:12 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-10-05 21:45 . 2012-10-05 21:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-10-05 21:21 . 2012-10-05 21:21 -------- d-----w- c:\programdata\Malwarebytes
2012-10-05 21:14 . 2012-10-05 21:14 -------- d-----w- c:\users\Kelly\AppData\Local\Threat Expert
2012-10-05 21:08 . 2012-10-06 01:02 -------- d-----w- c:\program files\Common Files\PC Tools
2012-10-05 21:08 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-10-05 21:08 . 2012-10-05 21:28 -------- d-----w- c:\programdata\PC Tools
2012-10-05 21:08 . 2012-10-05 21:08 -------- d-----w- c:\users\Kelly\AppData\Roaming\TestApp
2012-10-05 21:04 . 2012-10-05 21:28 -------- d-----w- c:\program files\DownloadManager
2012-09-26 10:29 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-21 15:23 . 2012-09-25 15:36 -------- d-----w- c:\users\Kelly\AppData\Local\F5A43FBA-6E9B-481C-9A21-D9A97DE4D29D.aplzod
2012-09-21 12:36 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-21 12:35 . 2012-09-21 12:35 -------- d-----w- c:\program files\iPod
2012-09-21 12:35 . 2012-09-21 12:36 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-14 15:14 . 2012-08-29 21:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-14 15:14 . 2010-07-11 04:30 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-12 00:23 . 2012-03-31 12:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-12 00:23 . 2011-05-17 12:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 02:03 . 2012-08-31 02:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-22 17:16 . 2012-09-12 11:11 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 11:11 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 11:11 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 11:11 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01 . 2010-07-11 03:15 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-08-02 16:57 . 2012-09-12 11:11 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-28 02:47 . 2012-07-28 02:47 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 02:47 . 2012-07-28 02:47 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-28 02:47 . 2012-07-28 02:47 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-28 02:46 . 2012-07-28 02:46 13013504 ----a-w- c:\windows\system32\amdocl.dll
2012-03-28 06:04 . 2012-03-28 06:04 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2012-03-28 06:47 . 2012-03-28 06:47 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2012-03-28 06:06 . 2012-03-28 06:06 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2012-03-28 06:05 . 2012-03-28 06:05 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2012-03-28 06:05 . 2012-03-28 06:05 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2012-03-28 06:03 . 2012-03-28 06:03 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2012-03-28 06:05 . 2012-03-28 06:05 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2012-03-28 06:05 . 2012-03-28 06:05 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2012-03-19 13:21 . 2012-03-19 13:21 903096 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2012-03-28 06:06 . 2012-03-28 06:06 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-10-11 01:06 . 2012-10-15 21:08 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1109072]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 1629280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-7-13 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2012-09-10 20:58 59280 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comcast_McciTrayApp]
2012-06-12 00:01 1966592 ----a-w- c:\program files\Comcast\pcTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2012-03-28 06:27 309184 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2012-08-29 18:00 59280 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-23 00:49 6591800 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-02-24 21:00 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [x]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [x]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 MpKslf3339255;MpKslf3339255;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F909B3DD-96C2-4C46-BBC8-3E52E6C76067}\MpKslf3339255.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnwlh.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 27887059
*NewlyCreated* - ASWMBR
*NewlyCreated* - CTXUSBM
*NewlyCreated* - MPKSLF3339255
*Deregistered* - 27887059
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:23]
.
2012-10-15 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-06-14 20:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: alpineaccess.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
FF - ProfilePath - c:\users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\t3uck8t6.default\
FF - ExtSQL: 2012-10-15 15:16; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-10-15 15:17; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-10-15 15:17; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-16 17:32:19
ComboFix-quarantined-files.txt 2012-10-16 21:32
ComboFix2.txt 2012-10-16 00:19
.
Pre-Run: 129,527,144,448 bytes free
Post-Run: 129,709,592,576 bytes free
.
- - End Of File - - 80DD489CEEA2DF6FD9768A3493766BD6


No redirects yet. Had a few hiccups with my work associated programs, but nothing I couldn't fix.

I have noticed that when my homepage loads I get a security box about leaving a secure connection and others might see what I send online. I've not seen that before. Otherwise things seem to be much better.

Also there are several items in MSE that are in *quarantine* since installing it last evening. I haven't removed them. There are 7 items listed.

Trojan:Win64/Alureon.gen!F
Trojan:Win64/Alureon.gen!L
Trojan:DOS/Alureon.J
Trojan:Win32/Alureon.gen!AD
VirTool:Win32/Obfuscator.OW
Exploit:Java/CVE-2012-4681.ADY
Trojan:DOS/Alureon.J

Edited by mumkelly, 16 October 2012 - 04:43 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:10 AM

Posted 16 October 2012 - 05:20 PM

Hello Mumkelly

I have noticed that when my homepage loads I get a security box about leaving a secure connection and others might see what I send online. I've not seen that before. Otherwise things seem to be much better. - this was reset by one of our programs - there should be a checkbox to not show me this again

Also there are several items in MSE that are in *quarantine* since installing it last evening. I haven't removed them. There are 7 items listed. those can be removed



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users