Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 Stevehudson

Stevehudson

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 December 2012 - 03:20 AM

Slow system, multiple svchost entries, odd ports open.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Rick at 0:07:06 on 2012-12-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2063 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\msdtc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW64\REGEDIT.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com
uSearch Bar = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uSearch Page = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uProxyOverride = <local>
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe -update plugin
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml"
mRunOnce: [Z1] C:\Users\Rick\Desktop\Steve\mbar\mbar.exe /cleanup /s
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - C:\PROGRA~2\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{201669A5-297D-4038-89F8-8F40EBB9EDB0} : NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5984E8CB-2783-4337-8409-30FDA29121FE} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{89CBA12C-F914-486A-B01C-5C1BFA261E43} : NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{89CBA12C-F914-486A-B01C-5C1BFA261E43} : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{89CBA12C-F914-486A-B01C-5C1BFA261E43}\2456C6B696E6F574F575962756C6563737F5931403533324 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{89CBA12C-F914-486A-B01C-5C1BFA261E43}\34C4541425023507F647D2635353 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8B76EBB2-D5D7-45E1-B6A3-4320D565B033} : NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{8B76EBB2-D5D7-45E1-B6A3-4320D565B033} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{C58319B8-3BA3-49A1-8799-5EF08806E95B} : NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{C58319B8-3BA3-49A1-8799-5EF08806E95B} : DHCPNameServer = 8.8.8.8 8.8.4.4
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.searchamong.com/searchview.php?cat=webs&bar=true&query=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-03 12:23; {E6C1199F-E687-42da-8C24-E7770CC3AE66}; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF - ExtSQL: 2012-12-07 17:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-07 17:08; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-12-07 17:08; browserprotect@browserprotect.com; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\browserprotect@browserprotect.com.xpi
FF - ExtSQL: 2012-12-07 17:08; adblockpopups@jessehakanen.net; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2012-12-22 20:23; {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
FF - ExtSQL: 2012-12-22 20:30; {6614d11d-d21d-b211-ae23-815234e1ebb5}; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 KINONI_Wave;Kinoni Audio Source;C:\Windows\System32\drivers\kinonivad.sys [2012-9-12 23040]
S3 kinonivd;Kinoni Video Source;C:\Windows\System32\drivers\kinonivd.sys [2012-9-12 2782848]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-24 1255736]
.
=============== Created Last 30 ================
.
2012-12-27 20:58:13 -------- d-----w- C:\Users\Rick\AppData\Roaming\SuperPlaylists
2012-12-27 20:55:38 -------- d-----w- C:\Program Files (x86)\Super Playlists
2012-12-27 20:51:12 -------- d-----w- C:\Program Files\Digital Living Solutions
2012-12-26 08:21:31 -------- d-----w- C:\Users\Rick\AppData\Roaming\redsn0w
2012-12-25 21:58:02 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75A1E7AE-C879-46FA-9526-416EB7CA33E1}\mpengine.dll
2012-12-25 07:45:10 119808 ----a-r- C:\Users\Rick\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-12-24 22:48:07 -------- d-----w- C:\Users\Rick\AppData\Roaming\Malwarebytes
2012-12-24 10:04:21 -------- d-----w- C:\Program Files\iTunes
2012-12-24 10:04:21 -------- d-----w- C:\Program Files\iPod
2012-12-24 10:04:21 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-24 10:02:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-24 08:24:41 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-23 08:44:57 -------- d-----w- C:\Users\Rick\AppData\Local\ElevatedDiagnostics
2012-12-23 05:58:45 -------- d-----r- C:\Users\Rick\AppData\Roaming\Brother
2012-12-22 07:08:47 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E1F4FB63-E605-4F7D-8E28-A58AFF95F8BF}\gapaengine.dll
2012-12-22 06:50:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-12-22 06:50:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-12-21 11:00:12 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 11:00:12 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 11:00:12 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 11:00:11 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-17 07:55:18 -------- d-----w- C:\Users\Rick\AppData\Roaming\SharePod
2012-12-17 02:47:21 -------- d-----w- C:\Users\Rick\.shsh
2012-12-17 01:01:07 -------- d-----w- C:\Users\Rick\AppData\Local\iH8sn0w
2012-12-12 05:43:58 177152 ------w- C:\Windows\System32\BrfxDA5a.dll
2012-12-12 05:24:00 -------- d-----w- C:\ProgramData\Brother
2012-12-11 22:14:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-11 22:14:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-11 22:14:05 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-05 02:46:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-04 23:30:43 -------- d-----w- C:\_Queue
2012-12-04 23:30:40 -------- d-----w- C:\Users\Rick\AppData\Roaming\Hobbyist Software
2012-12-04 23:24:44 -------- d-----w- C:\Users\Rick\AppData\Local\Programs
2012-12-04 21:01:42 -------- d-----w- C:\Users\Rick\AppData\Roaming\CheckPoint
2012-12-04 20:14:44 -------- d-----w- C:\ProgramData\CheckPoint
2012-12-04 20:03:42 16200 ----a-w- C:\Windows\stinger.sys
2012-12-04 20:02:43 -------- d-----w- C:\Program Files (x86)\stinger
2012-12-04 02:34:33 108336 ----a-w- C:\Windows\SysWow64\MSWINSCK.OCX
2012-12-04 01:40:01 -------- d-----w- C:\Users\Rick\AppData\Roaming\Individual Software
2012-12-04 01:36:28 -------- d-----w- C:\ProgramData\Individual Software
2012-12-04 01:33:48 -------- d-----w- C:\Program Files (x86)\ResumeMaker Ultimate
2012-12-03 22:09:35 -------- d-----w- C:\Users\Rick\AppData\Local\Sophos
2012-12-03 22:03:32 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-12-03 22:00:48 -------- d-----w- C:\ProgramData\Sophos
2012-12-03 21:15:49 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-12-03 20:29:49 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-03 19:53:31 -------- d-----w- C:\Program Files\Dell Support Center
2012-12-03 17:20:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-29 00:06:31 -------- d-----w- C:\Users\Rick\AppData\Local\Rogue Amoeba
.
==================== Find3M ====================
.
2012-12-03 20:29:49 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-16 20:35:10 71233752 ----a-w- C:\Users\Rick\R206848.exe
2012-10-16 20:30:45 1732960 ----a-w- C:\Users\Rick\DELL_SUPPORT-CENTER-3-0_A01_R289543.exe
2012-10-16 20:30:22 4704904 ----a-w- C:\Users\Rick\CREATIVE-LABS_SOUND-BLASTER-_A00_R213242.exe
2012-10-16 20:29:45 34090512 ----a-w- C:\Users\Rick\R312650.exe
2012-10-16 20:27:10 33342872 ----a-w- C:\Users\Rick\R264250.exe
2012-10-16 20:24:58 10433216 ----a-w- C:\Users\Rick\R270497.exe
2012-10-16 20:24:16 4707672 ----a-w- C:\Users\Rick\R198114.EXE
2012-10-16 20:23:39 2669496 ----a-w- C:\Users\Rick\R304507.exe
2012-10-16 20:23:15 4669872 ----a-w- C:\Users\Rick\R250352.exe
2012-10-16 20:22:48 21927944 ----a-w- C:\Users\Rick\R197868.exe
2012-10-16 20:20:59 562988 ----a-w- C:\Users\Rick\R197861.exe
2012-10-16 20:08:01 1162486 ----a-w- C:\Users\Rick\1545_A14.EXE
2012-10-16 19:57:48 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-16 19:57:43 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-10-16 19:57:43 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-10-16 19:39:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 19:39:30 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-16 19:39:30 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-12 23:35:26 75928 ----a-w- C:\Windows\System32\drivers\dc3d.sys
2012-10-12 23:35:26 50856 ----a-w- C:\Windows\System32\drivers\point64.sys
2012-10-12 23:35:26 23960 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys
2012-10-10 03:31:14 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-08-26 11:09:03 4024320 ----a-w- C:\Program Files (x86)\GUT7F5B.tmp
.
============= FINISH: 0:07:43.41 ===============


DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/22/2012 8:44:32 PM
System Uptime: 12/27/2012 12:00:24 PM (12 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 1188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 61.332 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 15 GiB total, 8.093 GiB free.
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
BitTorrent
Brother MFL-Pro Suite
Dell System Detect
Google Drive
Google Update Helper
Intel® Rapid Storage Technology
iTunes
Java 7 Update 9
Java 7 Update 9 (64-bit)
Java Auto Updater
Java™ 6 Update 35
Logitech Unifying Software 2.10
madeformediacenter.com Media Center add-in
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft PhotoDraw 2000 V2
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.1
ResumeMaker Ultimate
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Super Playlists
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.4
Windows 7 USB/DVD Download Tool
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/27/2012 12:14:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.2664.0).
12/27/2012 12:14:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2567.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070643 Error description: Fatal error during installation.
12/27/2012 12:02:56 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
12/27/2012 12:00:19 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "70F1A135148D" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
12/27/2012 12:00:08 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "A4BADBB149B9" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
12/27/2012 11:23:45 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\2vfk5oz6.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/27/2012 11:22:04 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\wyq15ptt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/26/2012 7:23:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2567.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/22/2012 11:50:26 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2424.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/21/2012 3:16:29 AM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================




Attached File  attach.txt   9.66KB   0 downloads

Attached File  dds.txt   19.69KB   0 downloads

Edited by Stevehudson, 28 December 2012 - 03:28 AM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 28 December 2012 - 10:53 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Stevehudson

Stevehudson
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 December 2012 - 12:05 PM

Thanks-

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-28 09:03:06
-----------------------------
09:03:06.992 OS Version: Windows x64 6.1.7601 Service Pack 1
09:03:06.992 Number of processors: 2 586 0x170A
09:03:06.992 ComputerName: FAERIE UserName: Rick
09:03:08.506 Initialize success
09:03:24.404 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:03:24.419 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:03:24.435 Disk 0 MBR read successfully
09:03:24.435 Disk 0 MBR scan
09:03:24.435 Disk 0 Windows 7 default MBR code
09:03:24.450 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
09:03:24.450 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
09:03:24.466 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
09:03:24.497 Disk 0 scanning C:\Windows\system32\drivers
09:03:32.656 Service scanning
09:03:50.175 Modules scanning
09:03:50.175 Disk 0 trace - called modules:
09:03:50.206 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:03:50.222 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044676f0]
09:03:50.222 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040fd050]
09:03:50.237 Scan finished successfully
09:04:28.145 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
09:04:28.223 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 28 December 2012 - 03:03 PM

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 Stevehudson

Stevehudson
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 28 December 2012 - 03:52 PM

12:26:32.0375 3924 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:26:33.0171 3924 ============================================================
12:26:33.0171 3924 Current date / time: 2012/12/28 12:26:33.0171
12:26:33.0171 3924 SystemInfo:
12:26:33.0171 3924
12:26:33.0171 3924 OS Version: 6.1.7601 ServicePack: 1.0
12:26:33.0171 3924 Product type: Workstation
12:26:33.0171 3924 ComputerName: FAERIE
12:26:33.0186 3924 UserName: Rick
12:26:33.0186 3924 Windows directory: C:\Windows
12:26:33.0186 3924 System windows directory: C:\Windows
12:26:33.0186 3924 Running under WOW64
12:26:33.0186 3924 Processor architecture: Intel x64
12:26:33.0186 3924 Number of processors: 2
12:26:33.0186 3924 Page size: 0x1000
12:26:33.0186 3924 Boot type: Normal boot
12:26:33.0186 3924 ============================================================
12:26:34.0263 3924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:26:34.0278 3924 ============================================================
12:26:34.0278 3924 \Device\Harddisk0\DR0:
12:26:34.0278 3924 MBR partitions:
12:26:34.0278 3924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
12:26:34.0278 3924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
12:26:34.0278 3924 ============================================================
12:26:34.0310 3924 C: <-> \Device\Harddisk0\DR0\Partition2
12:26:34.0372 3924 E: <-> \Device\Harddisk0\DR0\Partition1
12:26:34.0372 3924 ============================================================
12:26:34.0372 3924 Initialize success
12:26:34.0372 3924 ============================================================
12:26:43.0841 4036 ============================================================
12:26:43.0841 4036 Scan started
12:26:43.0841 4036 Mode: Manual; TDLFS;
12:26:43.0841 4036 ============================================================
12:26:44.0060 4036 ================ Scan system memory ========================
12:26:44.0060 4036 System memory - ok
12:26:44.0060 4036 ================ Scan services =============================
12:26:44.0309 4036 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:26:44.0309 4036 1394ohci - ok
12:26:44.0372 4036 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:26:44.0372 4036 ACPI - ok
12:26:44.0434 4036 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:26:44.0434 4036 AcpiPmi - ok
12:26:44.0543 4036 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:26:44.0543 4036 AdobeARMservice - ok
12:26:44.0621 4036 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:26:44.0637 4036 adp94xx - ok
12:26:44.0684 4036 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:26:44.0684 4036 adpahci - ok
12:26:44.0715 4036 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:26:44.0715 4036 adpu320 - ok
12:26:44.0746 4036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:26:44.0746 4036 AeLookupSvc - ok
12:26:44.0824 4036 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:26:44.0824 4036 AFD - ok
12:26:44.0871 4036 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:26:44.0871 4036 agp440 - ok
12:26:44.0886 4036 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:26:44.0886 4036 ALG - ok
12:26:44.0918 4036 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:26:44.0918 4036 aliide - ok
12:26:44.0933 4036 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:26:44.0933 4036 amdide - ok
12:26:44.0996 4036 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:26:44.0996 4036 AmdK8 - ok
12:26:45.0011 4036 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:26:45.0011 4036 AmdPPM - ok
12:26:45.0074 4036 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:26:45.0074 4036 amdsata - ok
12:26:45.0105 4036 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:26:45.0105 4036 amdsbs - ok
12:26:45.0120 4036 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:26:45.0136 4036 amdxata - ok
12:26:45.0136 4036 ApfiltrService - ok
12:26:45.0198 4036 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:26:45.0198 4036 AppID - ok
12:26:45.0245 4036 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:26:45.0245 4036 AppIDSvc - ok
12:26:45.0308 4036 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:26:45.0308 4036 Appinfo - ok
12:26:45.0386 4036 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:26:45.0386 4036 Apple Mobile Device - ok
12:26:45.0432 4036 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:26:45.0448 4036 arc - ok
12:26:45.0448 4036 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:26:45.0448 4036 arcsas - ok
12:26:45.0604 4036 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:26:45.0604 4036 aspnet_state - ok
12:26:45.0635 4036 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:26:45.0635 4036 AsyncMac - ok
12:26:45.0682 4036 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:26:45.0682 4036 atapi - ok
12:26:45.0744 4036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:26:45.0760 4036 AudioEndpointBuilder - ok
12:26:45.0776 4036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:26:45.0776 4036 AudioSrv - ok
12:26:45.0838 4036 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:26:45.0854 4036 AxInstSV - ok
12:26:45.0900 4036 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:26:45.0916 4036 b06bdrv - ok
12:26:45.0994 4036 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:26:45.0994 4036 b57nd60a - ok
12:26:46.0119 4036 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
12:26:46.0212 4036 BCM43XX - ok
12:26:46.0259 4036 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:26:46.0259 4036 BDESVC - ok
12:26:46.0353 4036 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:26:46.0353 4036 Beep - ok
12:26:46.0415 4036 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:26:46.0431 4036 BFE - ok
12:26:46.0493 4036 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:26:46.0524 4036 BITS - ok
12:26:46.0556 4036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:26:46.0556 4036 blbdrive - ok
12:26:46.0602 4036 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:26:46.0602 4036 bowser - ok
12:26:46.0665 4036 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:26:46.0665 4036 BrFiltLo - ok
12:26:46.0665 4036 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:26:46.0665 4036 BrFiltUp - ok
12:26:46.0774 4036 [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\SysWOW64\brsvc01a.exe
12:26:46.0883 4036 Brother XP spl Service - ok
12:26:46.0930 4036 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:26:46.0930 4036 Browser - ok
12:26:46.0977 4036 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
12:26:46.0992 4036 Brserid - ok
12:26:47.0008 4036 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:26:47.0008 4036 BrSerWdm - ok
12:26:47.0039 4036 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:26:47.0039 4036 BrUsbMdm - ok
12:26:47.0055 4036 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
12:26:47.0055 4036 BrUsbSer - ok
12:26:47.0102 4036 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
12:26:47.0102 4036 BthEnum - ok
12:26:47.0133 4036 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:26:47.0133 4036 BTHMODEM - ok
12:26:47.0164 4036 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:26:47.0164 4036 BthPan - ok
12:26:47.0226 4036 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
12:26:47.0226 4036 BTHPORT - ok
12:26:47.0273 4036 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:26:47.0273 4036 bthserv - ok
12:26:47.0289 4036 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
12:26:47.0289 4036 BTHUSB - ok
12:26:47.0320 4036 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:26:47.0320 4036 cdfs - ok
12:26:47.0382 4036 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:26:47.0398 4036 cdrom - ok
12:26:47.0445 4036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:26:47.0445 4036 CertPropSvc - ok
12:26:47.0492 4036 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:26:47.0492 4036 circlass - ok
12:26:47.0538 4036 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:26:47.0538 4036 CLFS - ok
12:26:47.0632 4036 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:26:47.0648 4036 clr_optimization_v2.0.50727_32 - ok
12:26:47.0710 4036 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:26:47.0710 4036 clr_optimization_v2.0.50727_64 - ok
12:26:47.0788 4036 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:26:47.0804 4036 clr_optimization_v4.0.30319_32 - ok
12:26:47.0819 4036 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:26:47.0819 4036 clr_optimization_v4.0.30319_64 - ok
12:26:47.0866 4036 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:26:47.0866 4036 CmBatt - ok
12:26:47.0897 4036 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:26:47.0897 4036 cmdide - ok
12:26:47.0944 4036 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
12:26:47.0944 4036 CNG - ok
12:26:47.0975 4036 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:26:47.0975 4036 Compbatt - ok
12:26:48.0022 4036 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:26:48.0022 4036 CompositeBus - ok
12:26:48.0038 4036 COMSysApp - ok
12:26:48.0069 4036 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:26:48.0069 4036 crcdisk - ok
12:26:48.0116 4036 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:26:48.0116 4036 CryptSvc - ok
12:26:48.0162 4036 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
12:26:48.0178 4036 dc3d - ok
12:26:48.0209 4036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:26:48.0225 4036 DcomLaunch - ok
12:26:48.0272 4036 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:26:48.0272 4036 defragsvc - ok
12:26:48.0334 4036 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:26:48.0334 4036 DfsC - ok
12:26:48.0381 4036 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:26:48.0381 4036 Dhcp - ok
12:26:48.0428 4036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:26:48.0428 4036 discache - ok
12:26:48.0443 4036 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:26:48.0443 4036 Disk - ok
12:26:48.0490 4036 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:26:48.0490 4036 Dnscache - ok
12:26:48.0568 4036 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:26:48.0568 4036 dot3svc - ok
12:26:48.0615 4036 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:26:48.0615 4036 DPS - ok
12:26:48.0662 4036 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:26:48.0662 4036 drmkaud - ok
12:26:48.0724 4036 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:26:48.0740 4036 DXGKrnl - ok
12:26:48.0786 4036 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:26:48.0786 4036 EapHost - ok
12:26:48.0911 4036 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:26:48.0989 4036 ebdrv - ok
12:26:49.0036 4036 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:26:49.0036 4036 EFS - ok
12:26:49.0098 4036 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:26:49.0114 4036 ehRecvr - ok
12:26:49.0161 4036 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:26:49.0161 4036 ehSched - ok
12:26:49.0223 4036 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:26:49.0239 4036 elxstor - ok
12:26:49.0270 4036 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:26:49.0270 4036 ErrDev - ok
12:26:49.0332 4036 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:26:49.0348 4036 EventSystem - ok
12:26:49.0379 4036 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:26:49.0379 4036 exfat - ok
12:26:49.0410 4036 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:26:49.0410 4036 fastfat - ok
12:26:49.0473 4036 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:26:49.0488 4036 Fax - ok
12:26:49.0504 4036 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:26:49.0504 4036 fdc - ok
12:26:49.0535 4036 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:26:49.0535 4036 fdPHost - ok
12:26:49.0566 4036 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:26:49.0566 4036 FDResPub - ok
12:26:49.0582 4036 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:26:49.0582 4036 FileInfo - ok
12:26:49.0582 4036 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:26:49.0598 4036 Filetrace - ok
12:26:49.0613 4036 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:26:49.0613 4036 flpydisk - ok
12:26:49.0660 4036 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:26:49.0660 4036 FltMgr - ok
12:26:49.0722 4036 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:26:49.0769 4036 FontCache - ok
12:26:49.0832 4036 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:26:49.0832 4036 FontCache3.0.0.0 - ok
12:26:49.0878 4036 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:26:49.0878 4036 FsDepends - ok
12:26:49.0925 4036 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:26:49.0925 4036 Fs_Rec - ok
12:26:49.0972 4036 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:26:49.0988 4036 fvevol - ok
12:26:50.0003 4036 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:26:50.0019 4036 gagp30kx - ok
12:26:50.0050 4036 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:26:50.0050 4036 GEARAspiWDM - ok
12:26:50.0097 4036 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:26:50.0112 4036 gpsvc - ok
12:26:50.0190 4036 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:26:50.0190 4036 gupdate - ok
12:26:50.0206 4036 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:26:50.0206 4036 gupdatem - ok
12:26:50.0253 4036 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:26:50.0253 4036 hcw85cir - ok
12:26:50.0300 4036 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:26:50.0300 4036 HdAudAddService - ok
12:26:50.0331 4036 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:26:50.0331 4036 HDAudBus - ok
12:26:50.0346 4036 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:26:50.0346 4036 HidBatt - ok
12:26:50.0378 4036 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:26:50.0378 4036 HidBth - ok
12:26:50.0424 4036 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:26:50.0424 4036 HidIr - ok
12:26:50.0471 4036 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:26:50.0471 4036 hidserv - ok
12:26:50.0518 4036 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:26:50.0518 4036 HidUsb - ok
12:26:50.0565 4036 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:26:50.0565 4036 hkmsvc - ok
12:26:50.0596 4036 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:26:50.0596 4036 HomeGroupListener - ok
12:26:50.0643 4036 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:26:50.0643 4036 HomeGroupProvider - ok
12:26:50.0674 4036 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:26:50.0674 4036 HpSAMD - ok
12:26:50.0736 4036 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:26:50.0736 4036 HTTP - ok
12:26:50.0783 4036 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:26:50.0783 4036 hwpolicy - ok
12:26:50.0861 4036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:26:50.0861 4036 i8042prt - ok
12:26:50.0908 4036 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:26:50.0908 4036 iaStor - ok
12:26:50.0955 4036 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:26:50.0955 4036 iaStorV - ok
12:26:51.0033 4036 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:26:51.0048 4036 idsvc - ok
12:26:51.0314 4036 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:26:51.0594 4036 igfx - ok
12:26:51.0641 4036 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:26:51.0641 4036 iirsp - ok
12:26:51.0688 4036 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:26:51.0719 4036 IKEEXT - ok
12:26:51.0750 4036 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:26:51.0766 4036 intelide - ok
12:26:51.0813 4036 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:26:51.0813 4036 intelppm - ok
12:26:51.0844 4036 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:26:51.0844 4036 IPBusEnum - ok
12:26:51.0875 4036 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:26:51.0875 4036 IpFilterDriver - ok
12:26:51.0922 4036 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:26:51.0922 4036 iphlpsvc - ok
12:26:51.0969 4036 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:26:51.0969 4036 IPMIDRV - ok
12:26:52.0000 4036 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:26:52.0000 4036 IPNAT - ok
12:26:52.0125 4036 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:26:52.0140 4036 iPod Service - ok
12:26:52.0156 4036 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:26:52.0156 4036 IRENUM - ok
12:26:52.0203 4036 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:26:52.0203 4036 isapnp - ok
12:26:52.0234 4036 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:26:52.0250 4036 iScsiPrt - ok
12:26:52.0281 4036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:26:52.0281 4036 kbdclass - ok
12:26:52.0312 4036 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:26:52.0312 4036 kbdhid - ok
12:26:52.0328 4036 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:26:52.0328 4036 KeyIso - ok
12:26:52.0437 4036 [ 85103196D89B1C12F1C1F420F03A7ED0 ] kinonivd C:\Windows\system32\DRIVERS\kinonivd.sys
12:26:52.0515 4036 kinonivd - ok
12:26:52.0562 4036 [ 78A59237AF7729733D828E51A76236A9 ] KINONI_Wave C:\Windows\system32\drivers\kinonivad.sys
12:26:52.0562 4036 KINONI_Wave - ok
12:26:52.0608 4036 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:26:52.0608 4036 KSecDD - ok
12:26:52.0655 4036 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:26:52.0655 4036 KSecPkg - ok
12:26:52.0702 4036 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:26:52.0702 4036 ksthunk - ok
12:26:52.0749 4036 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:26:52.0764 4036 KtmRm - ok
12:26:52.0811 4036 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:26:52.0827 4036 LanmanServer - ok
12:26:52.0874 4036 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:26:52.0874 4036 LanmanWorkstation - ok
12:26:52.0936 4036 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:26:52.0936 4036 lltdio - ok
12:26:52.0983 4036 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:26:52.0983 4036 lltdsvc - ok
12:26:52.0998 4036 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:26:53.0014 4036 lmhosts - ok
12:26:53.0045 4036 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:26:53.0061 4036 LSI_FC - ok
12:26:53.0076 4036 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:26:53.0076 4036 LSI_SAS - ok
12:26:53.0092 4036 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:26:53.0092 4036 LSI_SAS2 - ok
12:26:53.0108 4036 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:26:53.0108 4036 LSI_SCSI - ok
12:26:53.0139 4036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:26:53.0139 4036 luafv - ok
12:26:53.0170 4036 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:26:53.0186 4036 Mcx2Svc - ok
12:26:53.0201 4036 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:26:53.0201 4036 megasas - ok
12:26:53.0217 4036 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:26:53.0217 4036 MegaSR - ok
12:26:53.0264 4036 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:26:53.0264 4036 MMCSS - ok
12:26:53.0279 4036 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:26:53.0279 4036 Modem - ok
12:26:53.0310 4036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:26:53.0310 4036 monitor - ok
12:26:53.0342 4036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:26:53.0342 4036 mouclass - ok
12:26:53.0373 4036 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:26:53.0373 4036 mouhid - ok
12:26:53.0404 4036 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:26:53.0420 4036 mountmgr - ok
12:26:53.0482 4036 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:26:53.0482 4036 MozillaMaintenance - ok
12:26:53.0544 4036 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:26:53.0544 4036 MpFilter - ok
12:26:53.0576 4036 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:26:53.0576 4036 mpio - ok
12:26:53.0622 4036 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:26:53.0622 4036 mpsdrv - ok
12:26:53.0669 4036 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:26:53.0685 4036 MpsSvc - ok
12:26:53.0732 4036 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:26:53.0732 4036 MRxDAV - ok
12:26:53.0778 4036 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:26:53.0778 4036 mrxsmb - ok
12:26:53.0810 4036 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:26:53.0810 4036 mrxsmb10 - ok
12:26:53.0872 4036 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:26:53.0872 4036 mrxsmb20 - ok
12:26:53.0919 4036 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:26:53.0919 4036 msahci - ok
12:26:53.0966 4036 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
12:26:53.0966 4036 MSCamSvc - ok
12:26:54.0012 4036 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:26:54.0012 4036 msdsm - ok
12:26:54.0044 4036 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:26:54.0059 4036 MSDTC - ok
12:26:54.0090 4036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:26:54.0090 4036 Msfs - ok
12:26:54.0122 4036 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:26:54.0122 4036 mshidkmdf - ok
12:26:54.0168 4036 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
12:26:54.0168 4036 MSHUSBVideo - ok
12:26:54.0215 4036 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:26:54.0215 4036 msisadrv - ok
12:26:54.0246 4036 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:26:54.0262 4036 MSiSCSI - ok
12:26:54.0262 4036 msiserver - ok
12:26:54.0293 4036 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:26:54.0293 4036 MSKSSRV - ok
12:26:54.0387 4036 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:26:54.0402 4036 MsMpSvc - ok
12:26:54.0418 4036 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:26:54.0418 4036 MSPCLOCK - ok
12:26:54.0449 4036 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:26:54.0449 4036 MSPQM - ok
12:26:54.0480 4036 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:26:54.0480 4036 MsRPC - ok
12:26:54.0527 4036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:26:54.0527 4036 mssmbios - ok
12:26:54.0543 4036 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:26:54.0558 4036 MSTEE - ok
12:26:54.0558 4036 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:26:54.0574 4036 MTConfig - ok
12:26:54.0605 4036 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:26:54.0621 4036 Mup - ok
12:26:54.0668 4036 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:26:54.0668 4036 napagent - ok
12:26:54.0730 4036 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:26:54.0730 4036 NativeWifiP - ok
12:26:54.0792 4036 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:26:54.0808 4036 NDIS - ok
12:26:54.0839 4036 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:26:54.0839 4036 NdisCap - ok
12:26:54.0886 4036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:26:54.0886 4036 NdisTapi - ok
12:26:54.0933 4036 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:26:54.0933 4036 Ndisuio - ok
12:26:54.0980 4036 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:26:54.0980 4036 NdisWan - ok
12:26:55.0011 4036 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:26:55.0011 4036 NDProxy - ok
12:26:55.0026 4036 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:26:55.0026 4036 NetBIOS - ok
12:26:55.0058 4036 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:26:55.0073 4036 NetBT - ok
12:26:55.0089 4036 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:26:55.0089 4036 Netlogon - ok
12:26:55.0136 4036 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:26:55.0151 4036 Netman - ok
12:26:55.0182 4036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:26:55.0182 4036 NetMsmqActivator - ok
12:26:55.0182 4036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:26:55.0198 4036 NetPipeActivator - ok
12:26:55.0214 4036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:26:55.0229 4036 netprofm - ok
12:26:55.0229 4036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:26:55.0229 4036 NetTcpActivator - ok
12:26:55.0245 4036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:26:55.0245 4036 NetTcpPortSharing - ok
12:26:55.0292 4036 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:26:55.0292 4036 nfrd960 - ok
12:26:55.0323 4036 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:26:55.0338 4036 NisDrv - ok
12:26:55.0370 4036 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:26:55.0370 4036 NisSrv - ok
12:26:55.0416 4036 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:26:55.0432 4036 NlaSvc - ok
12:26:55.0479 4036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:26:55.0479 4036 Npfs - ok
12:26:55.0526 4036 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:26:55.0526 4036 nsi - ok
12:26:55.0557 4036 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:26:55.0557 4036 nsiproxy - ok
12:26:55.0619 4036 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:26:55.0666 4036 Ntfs - ok
12:26:55.0728 4036 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
12:26:55.0728 4036 NuidFltr - ok
12:26:55.0775 4036 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:26:55.0775 4036 Null - ok
12:26:55.0838 4036 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:26:55.0838 4036 nvraid - ok
12:26:55.0869 4036 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:26:55.0869 4036 nvstor - ok
12:26:55.0900 4036 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:26:55.0900 4036 nv_agp - ok
12:26:56.0025 4036 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:26:56.0040 4036 odserv - ok
12:26:56.0072 4036 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:26:56.0072 4036 ohci1394 - ok
12:26:56.0150 4036 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:26:56.0150 4036 ose - ok
12:26:56.0196 4036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:26:56.0212 4036 p2pimsvc - ok
12:26:56.0259 4036 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:26:56.0259 4036 p2psvc - ok
12:26:56.0306 4036 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:26:56.0306 4036 Parport - ok
12:26:56.0352 4036 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:26:56.0352 4036 partmgr - ok
12:26:56.0384 4036 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:26:56.0384 4036 PcaSvc - ok
12:26:56.0430 4036 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:26:56.0430 4036 pci - ok
12:26:56.0462 4036 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:26:56.0462 4036 pciide - ok
12:26:56.0508 4036 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:26:56.0508 4036 pcmcia - ok
12:26:56.0540 4036 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:26:56.0540 4036 pcw - ok
12:26:56.0571 4036 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:26:56.0586 4036 PEAUTH - ok
12:26:56.0727 4036 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:26:56.0727 4036 PerfHost - ok
12:26:56.0820 4036 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:26:56.0867 4036 pla - ok
12:26:56.0930 4036 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:26:56.0945 4036 PlugPlay - ok
12:26:56.0992 4036 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:26:56.0992 4036 PNRPAutoReg - ok
12:26:57.0008 4036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:26:57.0023 4036 PNRPsvc - ok
12:26:57.0070 4036 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
12:26:57.0070 4036 Point64 - ok
12:26:57.0101 4036 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:26:57.0117 4036 PolicyAgent - ok
12:26:57.0148 4036 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:26:57.0148 4036 Power - ok
12:26:57.0195 4036 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:26:57.0195 4036 PptpMiniport - ok
12:26:57.0242 4036 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:26:57.0242 4036 Processor - ok
12:26:57.0273 4036 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:26:57.0273 4036 ProfSvc - ok
12:26:57.0288 4036 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:26:57.0288 4036 ProtectedStorage - ok
12:26:57.0351 4036 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:26:57.0351 4036 Psched - ok
12:26:57.0398 4036 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:26:57.0429 4036 ql2300 - ok
12:26:57.0476 4036 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:26:57.0476 4036 ql40xx - ok
12:26:57.0522 4036 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:26:57.0538 4036 QWAVE - ok
12:26:57.0554 4036 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:26:57.0554 4036 QWAVEdrv - ok
12:26:57.0585 4036 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:26:57.0585 4036 RasAcd - ok
12:26:57.0632 4036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:26:57.0632 4036 RasAgileVpn - ok
12:26:57.0694 4036 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:26:57.0694 4036 RasAuto - ok
12:26:57.0725 4036 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:26:57.0725 4036 Rasl2tp - ok
12:26:57.0788 4036 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:26:57.0788 4036 RasMan - ok
12:26:57.0850 4036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:26:57.0850 4036 RasPppoe - ok
12:26:57.0881 4036 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:26:57.0881 4036 RasSstp - ok
12:26:57.0928 4036 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:26:57.0944 4036 rdbss - ok
12:26:57.0959 4036 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:26:57.0959 4036 rdpbus - ok
12:26:57.0990 4036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:26:57.0990 4036 RDPCDD - ok
12:26:58.0022 4036 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:26:58.0022 4036 RDPENCDD - ok
12:26:58.0037 4036 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:26:58.0037 4036 RDPREFMP - ok
12:26:58.0100 4036 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:26:58.0100 4036 RdpVideoMiniport - ok
12:26:58.0146 4036 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:26:58.0146 4036 RDPWD - ok
12:26:58.0193 4036 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:26:58.0209 4036 rdyboost - ok
12:26:58.0240 4036 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:26:58.0240 4036 RemoteAccess - ok
12:26:58.0287 4036 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:26:58.0287 4036 RemoteRegistry - ok
12:26:58.0334 4036 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:26:58.0334 4036 RFCOMM - ok
12:26:58.0349 4036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:26:58.0349 4036 RpcEptMapper - ok
12:26:58.0396 4036 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:26:58.0396 4036 RpcLocator - ok
12:26:58.0443 4036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:26:58.0443 4036 RpcSs - ok
12:26:58.0490 4036 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:26:58.0505 4036 rspndr - ok
12:26:58.0568 4036 [ A332DB1DAC07E95667A57AAEEC236C37 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
12:26:58.0568 4036 RTL8192su - ok
12:26:58.0614 4036 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:26:58.0614 4036 SamSs - ok
12:26:58.0646 4036 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:26:58.0661 4036 sbp2port - ok
12:26:58.0692 4036 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:26:58.0692 4036 SCardSvr - ok
12:26:58.0739 4036 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:26:58.0739 4036 scfilter - ok
12:26:58.0802 4036 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:26:58.0848 4036 Schedule - ok
12:26:58.0911 4036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:26:58.0911 4036 SCPolicySvc - ok
12:26:58.0942 4036 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:26:58.0958 4036 SDRSVC - ok
12:26:58.0989 4036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:26:58.0989 4036 secdrv - ok
12:26:59.0036 4036 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:26:59.0036 4036 seclogon - ok
12:26:59.0082 4036 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:26:59.0082 4036 SENS - ok
12:26:59.0098 4036 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:26:59.0098 4036 SensrSvc - ok
12:26:59.0129 4036 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:26:59.0129 4036 Serenum - ok
12:26:59.0160 4036 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:26:59.0160 4036 Serial - ok
12:26:59.0192 4036 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:26:59.0192 4036 sermouse - ok
12:26:59.0238 4036 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:26:59.0238 4036 SessionEnv - ok
12:26:59.0285 4036 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:26:59.0285 4036 sffdisk - ok
12:26:59.0301 4036 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:26:59.0301 4036 sffp_mmc - ok
12:26:59.0301 4036 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:26:59.0301 4036 sffp_sd - ok
12:26:59.0379 4036 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:26:59.0379 4036 sfloppy - ok
12:26:59.0426 4036 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:26:59.0441 4036 SharedAccess - ok
12:26:59.0504 4036 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:26:59.0519 4036 ShellHWDetection - ok
12:26:59.0597 4036 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:26:59.0597 4036 SiSRaid2 - ok
12:26:59.0613 4036 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:26:59.0613 4036 SiSRaid4 - ok
12:26:59.0644 4036 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:26:59.0644 4036 Smb - ok
12:26:59.0706 4036 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:26:59.0706 4036 SNMPTRAP - ok
12:26:59.0722 4036 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:26:59.0722 4036 spldr - ok
12:26:59.0769 4036 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:26:59.0784 4036 Spooler - ok
12:26:59.0878 4036 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:26:59.0972 4036 sppsvc - ok
12:27:00.0003 4036 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:27:00.0018 4036 sppuinotify - ok
12:27:00.0081 4036 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:27:00.0081 4036 srv - ok
12:27:00.0128 4036 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:27:00.0128 4036 srv2 - ok
12:27:00.0174 4036 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:27:00.0174 4036 srvnet - ok
12:27:00.0206 4036 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:27:00.0221 4036 SSDPSRV - ok
12:27:00.0237 4036 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:27:00.0237 4036 SstpSvc - ok
12:27:00.0284 4036 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:27:00.0284 4036 stexstor - ok
12:27:00.0315 4036 STHDA - ok
12:27:00.0362 4036 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:27:00.0377 4036 stisvc - ok
12:27:00.0424 4036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:27:00.0424 4036 swenum - ok
12:27:00.0471 4036 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:27:00.0486 4036 swprv - ok
12:27:00.0611 4036 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:27:00.0674 4036 SysMain - ok
12:27:00.0752 4036 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:27:00.0752 4036 TabletInputService - ok
12:27:00.0830 4036 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:27:00.0845 4036 TapiSrv - ok
12:27:00.0892 4036 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:27:00.0892 4036 TBS - ok
12:27:00.0970 4036 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:27:01.0032 4036 Tcpip - ok
12:27:01.0095 4036 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:27:01.0110 4036 TCPIP6 - ok
12:27:01.0157 4036 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:27:01.0157 4036 tcpipreg - ok
12:27:01.0188 4036 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:27:01.0188 4036 TDPIPE - ok
12:27:01.0235 4036 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:27:01.0235 4036 TDTCP - ok
12:27:01.0266 4036 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:27:01.0282 4036 tdx - ok
12:27:01.0329 4036 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:27:01.0329 4036 TermDD - ok
12:27:01.0376 4036 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:27:01.0376 4036 TermService - ok
12:27:01.0407 4036 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:27:01.0407 4036 Themes - ok
12:27:01.0438 4036 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:27:01.0438 4036 THREADORDER - ok
12:27:01.0500 4036 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:27:01.0500 4036 TrkWks - ok
12:27:01.0563 4036 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:27:01.0578 4036 TrustedInstaller - ok
12:27:01.0610 4036 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:27:01.0610 4036 tssecsrv - ok
12:27:01.0672 4036 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:27:01.0688 4036 TsUsbFlt - ok
12:27:01.0766 4036 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:27:01.0766 4036 tunnel - ok
12:27:01.0828 4036 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:27:01.0844 4036 uagp35 - ok
12:27:01.0875 4036 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:27:01.0875 4036 udfs - ok
12:27:01.0937 4036 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:27:01.0953 4036 UI0Detect - ok
12:27:01.0968 4036 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:27:01.0968 4036 uliagpkx - ok
12:27:02.0015 4036 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:27:02.0015 4036 umbus - ok
12:27:02.0046 4036 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:27:02.0046 4036 UmPass - ok
12:27:02.0093 4036 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:27:02.0093 4036 upnphost - ok
12:27:02.0156 4036 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:27:02.0156 4036 USBAAPL64 - ok
12:27:02.0234 4036 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:27:02.0234 4036 usbaudio - ok
12:27:02.0280 4036 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:27:02.0280 4036 usbccgp - ok
12:27:02.0343 4036 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
12:27:02.0343 4036 usbcir - ok
12:27:02.0390 4036 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:27:02.0390 4036 usbehci - ok
12:27:02.0436 4036 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:27:02.0436 4036 usbhub - ok
12:27:02.0468 4036 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:27:02.0468 4036 usbohci - ok
12:27:02.0514 4036 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:27:02.0514 4036 usbprint - ok
12:27:02.0546 4036 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:27:02.0546 4036 usbscan - ok
12:27:02.0577 4036 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:27:02.0577 4036 USBSTOR - ok
12:27:02.0608 4036 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:27:02.0608 4036 usbuhci - ok
12:27:02.0655 4036 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:27:02.0670 4036 usbvideo - ok
12:27:02.0702 4036 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:27:02.0702 4036 UxSms - ok
12:27:02.0717 4036 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:27:02.0717 4036 VaultSvc - ok
12:27:02.0748 4036 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:27:02.0748 4036 vdrvroot - ok
12:27:02.0811 4036 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:27:02.0826 4036 vds - ok
12:27:02.0889 4036 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:27:02.0889 4036 vga - ok
12:27:02.0920 4036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:27:02.0920 4036 VgaSave - ok
12:27:02.0951 4036 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:27:02.0967 4036 vhdmp - ok
12:27:03.0029 4036 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:27:03.0029 4036 viaide - ok
12:27:03.0060 4036 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:27:03.0076 4036 volmgr - ok
12:27:03.0138 4036 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:27:03.0138 4036 volmgrx - ok
12:27:03.0201 4036 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:27:03.0216 4036 volsnap - ok
12:27:03.0294 4036 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:27:03.0294 4036 vsmraid - ok
12:27:03.0388 4036 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:27:03.0435 4036 VSS - ok
12:27:03.0482 4036 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:27:03.0482 4036 vwifibus - ok
12:27:03.0513 4036 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:27:03.0513 4036 vwififlt - ok
12:27:03.0544 4036 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:27:03.0544 4036 vwifimp - ok
12:27:03.0591 4036 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:27:03.0591 4036 W32Time - ok
12:27:03.0684 4036 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:27:03.0684 4036 WacomPen - ok
12:27:03.0747 4036 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:27:03.0747 4036 WANARP - ok
12:27:03.0762 4036 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:27:03.0762 4036 Wanarpv6 - ok
12:27:03.0872 4036 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:27:03.0934 4036 WatAdminSvc - ok
12:27:03.0996 4036 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:27:04.0028 4036 wbengine - ok
12:27:04.0059 4036 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:27:04.0074 4036 WbioSrvc - ok
12:27:04.0106 4036 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:27:04.0121 4036 wcncsvc - ok
12:27:04.0137 4036 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:27:04.0137 4036 WcsPlugInService - ok
12:27:04.0168 4036 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:27:04.0168 4036 Wd - ok
12:27:04.0230 4036 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
12:27:04.0230 4036 WDC_SAM - ok
12:27:04.0277 4036 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:27:04.0293 4036 Wdf01000 - ok
12:27:04.0308 4036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:27:04.0308 4036 WdiServiceHost - ok
12:27:04.0324 4036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:27:04.0324 4036 WdiSystemHost - ok
12:27:04.0371 4036 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:27:04.0371 4036 WebClient - ok
12:27:04.0402 4036 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:27:04.0402 4036 Wecsvc - ok
12:27:04.0418 4036 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:27:04.0418 4036 wercplsupport - ok
12:27:04.0449 4036 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:27:04.0449 4036 WerSvc - ok
12:27:04.0511 4036 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:27:04.0511 4036 WfpLwf - ok
12:27:04.0527 4036 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:27:04.0527 4036 WIMMount - ok
12:27:04.0558 4036 WinDefend - ok
12:27:04.0589 4036 WinHttpAutoProxySvc - ok
12:27:04.0652 4036 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:27:04.0667 4036 Winmgmt - ok
12:27:04.0745 4036 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:27:04.0808 4036 WinRM - ok
12:27:04.0886 4036 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:27:04.0886 4036 WinUsb - ok
12:27:04.0948 4036 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:27:04.0979 4036 Wlansvc - ok
12:27:05.0026 4036 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:27:05.0026 4036 WmiAcpi - ok
12:27:05.0057 4036 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:27:05.0073 4036 wmiApSrv - ok
12:27:05.0104 4036 WMPNetworkSvc - ok
12:27:05.0135 4036 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:27:05.0151 4036 WPCSvc - ok
12:27:05.0182 4036 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:27:05.0198 4036 WPDBusEnum - ok
12:27:05.0229 4036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:27:05.0229 4036 ws2ifsl - ok
12:27:05.0244 4036 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:27:05.0244 4036 wscsvc - ok
12:27:05.0260 4036 WSearch - ok
12:27:05.0369 4036 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:27:05.0463 4036 wuauserv - ok
12:27:05.0525 4036 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:27:05.0525 4036 WudfPf - ok
12:27:05.0556 4036 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:27:05.0556 4036 WUDFRd - ok
12:27:05.0588 4036 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:27:05.0588 4036 wudfsvc - ok
12:27:05.0634 4036 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:27:05.0634 4036 WwanSvc - ok
12:27:05.0697 4036 [ 6533F30045B0A234783BD8B4069F0433 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
12:27:05.0697 4036 XUIF - ok
12:27:05.0759 4036 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
12:27:05.0759 4036 yukonw7 - ok
12:27:05.0806 4036 ================ Scan global ===============================
12:27:05.0837 4036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:27:05.0868 4036 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:27:05.0884 4036 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:27:05.0931 4036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:27:05.0962 4036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:27:05.0962 4036 [Global] - ok
12:27:05.0962 4036 ================ Scan MBR ==================================
12:27:05.0993 4036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:27:06.0383 4036 \Device\Harddisk0\DR0 - ok
12:27:06.0383 4036 ================ Scan VBR ==================================
12:27:06.0399 4036 [ D72576F7A2295D96CDF8F08F2E22A37D ] \Device\Harddisk0\DR0\Partition1
12:27:06.0399 4036 \Device\Harddisk0\DR0\Partition1 - ok
12:27:06.0430 4036 [ 51505BF53393D52B2C90CB7E68219BE1 ] \Device\Harddisk0\DR0\Partition2
12:27:06.0430 4036 \Device\Harddisk0\DR0\Partition2 - ok
12:27:06.0430 4036 ============================================================
12:27:06.0430 4036 Scan finished
12:27:06.0430 4036 ============================================================
12:27:06.0461 1856 Detected object count: 0
12:27:06.0461 1856 Actual detected object count: 0
12:28:05.0898 1436 Deinitialize success


ComboFix 12-12-28.02 - Rick 12/28/2012 12:35:43.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2481 [GMT -8:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BasicScan
c:\programdata\395df26f01bc04218741fe066bcfe79e_c
c:\programdata\PCDr\6032\AddOnDownloaded\468d25c7-baa8-4db4-a17f-ceac895a9bc8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4f1c58d6-ca02-4906-b156-709481baca61.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ba58cab8-833c-4868-95e2-cff538a852a7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d220b53c-6a3c-4b5d-8797-965d39e82fff.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ff24953d-0c6e-4af9-a727-84ce58c99035.dll
c:\users\Rick\1545_A14.EXE
c:\users\Rick\R197861.exe
c:\users\Rick\R197868.exe
c:\windows\security\Database\tmp.edb
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 20:41 . 2012-12-28 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 12:18 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C70006DC-3EFE-4666-B749-62B4459D03F4}\mpengine.dll
2012-12-27 20:58 . 2012-12-27 20:58 -------- d-----w- c:\users\Rick\AppData\Roaming\SuperPlaylists
2012-12-27 20:55 . 2012-12-27 20:55 -------- d-----w- c:\program files (x86)\Super Playlists
2012-12-27 20:51 . 2012-12-27 20:51 -------- d-----w- c:\program files\Digital Living Solutions
2012-12-26 08:21 . 2012-12-26 08:26 -------- d-----w- c:\users\Rick\AppData\Roaming\redsn0w
2012-12-25 21:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-25 07:45 . 2012-12-25 07:45 119808 ----a-r- c:\users\Rick\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-12-24 22:48 . 2012-12-24 22:48 -------- d-----w- c:\users\Rick\AppData\Roaming\Malwarebytes
2012-12-24 10:04 . 2012-12-24 10:04 -------- d-----w- c:\program files\iTunes
2012-12-24 10:04 . 2012-12-24 10:04 -------- d-----w- c:\program files\iPod
2012-12-24 10:04 . 2012-12-24 10:04 -------- d-----w- c:\program files (x86)\iTunes
2012-12-24 10:02 . 2012-12-24 10:04 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-23 08:44 . 2012-12-23 08:44 -------- d-----w- c:\users\Rick\AppData\Local\ElevatedDiagnostics
2012-12-23 05:58 . 2012-12-23 05:58 -------- d-----r- c:\users\Rick\AppData\Roaming\Brother
2012-12-22 07:08 . 2012-12-22 07:08 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1F4FB63-E605-4F7D-8E28-A58AFF95F8BF}\gapaengine.dll
2012-12-22 06:50 . 2012-12-22 06:50 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-12-22 06:50 . 2012-12-22 06:50 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-21 11:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 11:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 11:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 11:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-17 07:55 . 2012-12-17 07:55 -------- d-----w- c:\users\Rick\AppData\Roaming\SharePod
2012-12-17 02:47 . 2012-12-17 02:47 -------- d-----w- c:\users\Rick\.shsh
2012-12-17 01:01 . 2012-12-17 01:01 -------- d-----w- c:\users\Rick\AppData\Local\iH8sn0w
2012-12-12 05:43 . 2006-01-17 09:03 177152 ------w- c:\windows\system32\BrfxDA5a.dll
2012-12-12 05:39 . 2012-12-12 05:39 -------- d-----w- c:\users\Rick\AppData\Roaming\InstallShield
2012-12-12 05:24 . 2012-12-12 05:24 -------- d-----w- c:\programdata\Brother
2012-12-11 22:14 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 22:14 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-11 22:14 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-05 04:21 . 2012-12-05 04:21 -------- d-----w- c:\users\Rick\AppData\Roaming\ImgBurn
2012-12-04 23:30 . 2012-12-04 23:30 -------- d-----w- C:\_Queue
2012-12-04 23:30 . 2012-12-04 23:30 -------- d-----w- c:\users\Rick\AppData\Roaming\Hobbyist Software
2012-12-04 23:24 . 2012-12-04 23:24 -------- d-----w- c:\users\Rick\AppData\Local\Programs
2012-12-04 21:01 . 2012-12-04 21:01 -------- d-----w- c:\users\Rick\AppData\Roaming\CheckPoint
2012-12-04 20:14 . 2012-12-04 20:14 -------- d-----w- c:\programdata\CheckPoint
2012-12-04 20:03 . 2012-12-04 23:14 16200 ----a-w- c:\windows\stinger.sys
2012-12-04 20:02 . 2012-12-04 23:30 -------- d-----w- c:\program files (x86)\stinger
2012-12-04 02:34 . 2012-12-04 02:34 108336 ----a-w- c:\windows\SysWow64\MSWINSCK.OCX
2012-12-04 01:40 . 2012-12-04 02:16 -------- d-----w- c:\users\Rick\AppData\Roaming\Individual Software
2012-12-04 01:36 . 2012-12-04 01:36 -------- d-----w- c:\programdata\Individual Software
2012-12-04 01:33 . 2012-12-04 01:36 -------- d-----w- c:\program files (x86)\ResumeMaker Ultimate
2012-12-03 22:09 . 2012-12-03 22:26 -------- d-----w- c:\users\Rick\AppData\Local\Sophos
2012-12-03 22:03 . 2012-12-03 22:03 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-12-03 22:00 . 2012-12-23 07:51 -------- d-----w- c:\programdata\Sophos
2012-12-03 21:15 . 2012-12-03 21:16 -------- d-----w- c:\windows\SysWow64\Adobe
2012-12-03 20:29 . 2012-12-03 20:29 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-03 19:53 . 2012-12-03 19:53 -------- d-----w- c:\program files\Dell Support Center
2012-12-03 17:20 . 2012-12-03 17:20 -------- d-----w- c:\programdata\Malwarebytes
2012-11-29 00:06 . 2012-11-29 00:06 -------- d-----w- c:\users\Rick\AppData\Local\Rogue Amoeba
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 11:04 . 2012-08-25 22:08 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-03 20:29 . 2012-11-25 19:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 20:35 . 2012-10-16 20:30 71233752 ----a-w- c:\users\Rick\R206848.exe
2012-10-16 20:30 . 2012-10-16 20:30 1732960 ----a-w- c:\users\Rick\DELL_SUPPORT-CENTER-3-0_A01_R289543.exe
2012-10-16 20:30 . 2012-10-16 20:29 4704904 ----a-w- c:\users\Rick\CREATIVE-LABS_SOUND-BLASTER-_A00_R213242.exe
2012-10-16 20:29 . 2012-10-16 20:27 34090512 ----a-w- c:\users\Rick\R312650.exe
2012-10-16 20:27 . 2012-10-16 20:24 33342872 ----a-w- c:\users\Rick\R264250.exe
2012-10-16 20:24 . 2012-10-16 20:24 10433216 ----a-w- c:\users\Rick\R270497.exe
2012-10-16 20:24 . 2012-10-16 20:23 4707672 ----a-w- c:\users\Rick\R198114.EXE
2012-10-16 20:23 . 2012-10-16 20:23 2669496 ----a-w- c:\users\Rick\R304507.exe
2012-10-16 20:23 . 2012-10-16 20:22 4669872 ----a-w- c:\users\Rick\R250352.exe
2012-10-16 19:57 . 2012-10-16 19:58 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-16 19:57 . 2012-10-16 19:58 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-16 19:57 . 2012-10-16 19:58 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-16 19:57 . 2012-10-16 19:58 188904 ----a-w- c:\windows\system32\java.exe
2012-10-16 19:57 . 2012-10-16 19:58 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-16 19:57 . 2012-10-16 19:58 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-16 19:39 . 2012-10-16 19:39 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 19:39 . 2012-08-23 07:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 19:39 . 2012-08-23 07:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-16 08:38 . 2012-11-28 03:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 03:08 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 03:08 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-12 23:35 . 2012-10-12 23:35 75928 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-10-12 23:35 . 2012-10-12 23:35 50856 ----a-w- c:\windows\system32\drivers\point64.sys
2012-10-12 23:35 . 2012-10-12 23:35 23960 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-10-10 03:31 . 2012-10-10 03:31 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-09 18:17 . 2012-11-16 04:14 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 04:14 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 04:14 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 04:14 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-08 04:48 . 2012-09-06 07:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-10-08 04:47 . 2012-08-29 03:14 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-08 04:44 . 2012-08-29 03:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-08 04:44 . 2012-08-29 03:13 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-04 16:40 . 2012-12-11 22:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-04 07:27 . 2012-08-29 03:14 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-10-04 07:20 . 2012-08-31 23:16 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-10-04 07:12 . 2012-08-31 23:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-10-04 07:12 . 2012-09-06 07:47 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-10-03 17:56 . 2012-11-16 04:13 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-16 04:13 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-16 04:13 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-16 04:13 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-16 04:13 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-16 04:13 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-16 04:13 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-16 04:13 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 04:13 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-16 04:13 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-16 04:13 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-08-26 11:09 . 2012-08-26 10:58 4024320 ----a-w- c:\program files (x86)\GUT7F5B.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-23 04:24 220608 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-23 04:24 220608 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-23 04:24 220608 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-10-11 1398680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Rick\Desktop\Steve\mbar\mbar.exe" [2012-12-24 1342312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys [2012-09-12 23040]
R3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys [2012-09-12 2782848]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-10-12 50856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1255736]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-10-12 75928]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 27710416
*NewlyCreated* - 75608821
*NewlyCreated* - ASWMBR
*Deregistered* - 27710416
*Deregistered* - 75608821
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26 10:58]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26 10:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-23 04:24 244672 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-23 04:24 244672 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-23 04:24 244672 ----a-w- c:\users\Rick\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-09 00:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-09 00:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-09 00:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-09 00:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~2\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{201669A5-297D-4038-89F8-8F40EBB9EDB0}: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5984E8CB-2783-4337-8409-30FDA29121FE}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{89CBA12C-F914-486A-B01C-5C1BFA261E43}: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{8B76EBB2-D5D7-45E1-B6A3-4320D565B033}: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{C58319B8-3BA3-49A1-8799-5EF08806E95B}: NameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.searchamong.com/searchview.php?cat=webs&bar=true&query=
FF - ExtSQL: 2012-12-03 12:23; {E6C1199F-E687-42da-8C24-E7770CC3AE66}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF - ExtSQL: 2012-12-07 17:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-07 17:08; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-12-07 17:08; browserprotect@browserprotect.com; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\browserprotect@browserprotect.com.xpi
FF - ExtSQL: 2012-12-07 17:08; adblockpopups@jessehakanen.net; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2012-12-22 20:23; {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
FF - ExtSQL: 2012-12-22 20:30; {6614d11d-d21d-b211-ae23-815234e1ebb5}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\gbmjimbz.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{5ABD6C72-FFD7-B634-A92B-D77D5960E009} - (no file)
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Rick\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-28 12:44:42
ComboFix-quarantined-files.txt 2012-12-28 20:44
.
Pre-Run: 58,693,562,368 bytes free
Post-Run: 58,670,931,968 bytes free
.
- - End Of File - - CA6962A71DC5F23E245FE383A0632EFC

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 28 December 2012 - 06:42 PM

Please do this next:

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • JRT log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 Stevehudson

Stevehudson
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 29 December 2012 - 03:39 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.9 (12.28.2012:1)
OS: Windows 7 Home Premium x64
Ran by Rick on Fri 12/28/2012 at 16:24:29.04
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\freecauseurlsearchhook.fctoolbarurlsearchhook
Successfully deleted: [Registry Key] hkey_classes_root\freecauseurlsearchhook.fctoolbarurlsearchhook.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\defaulttab
Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100569.FCTB000100569Pos
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100569.FCTB000100569Pos.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100569.IEToolbar
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100569.IEToolbar.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100569.JSOptionsImpl
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\FCTB000100569.JSOptionsImpl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5abd6c72-ffd7-b634-a92b-d77d5960e009}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\Rick\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"



~~~ FireFox

Successfully deleted: [File] C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\gbmjimbz.default\user.js
Successfully deleted: [File] C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\gbmjimbz.default\extensions\browserprotect@browserprotect.com.xpi
Successfully deleted: [File] C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\gbmjimbz.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\gbmjimbz.default\searchplugins\search-here.xml
Successfully deleted: [File] C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\gbmjimbz.default\searchplugins\searchamong.xml
Successfully deleted the following from C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\gbmjimbz.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.browserprotect.urlBarExceptions", "http://www.google.com;http://search.yahoo.com;http://search.live.com;http://en.wikipedia.org");
user_pref("extensions.toolbar.mindspark._4sMembers_.homepage", "http://home.mywebsearch.com/index.jhtml?ptb=B4FB7199-7465-4EA9-8401-DAC46D4417AF&n=77ee5f17&ptnrS=F0xdm002YYus&
user_pref("extensions.toolbar.mindspark._4sMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4sMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4sMembers_.installation.installDate", "2012110615");
user_pref("extensions.toolbar.mindspark._4sMembers_.installation.partnerId", "F0xdm002YYus");
user_pref("extensions.toolbar.mindspark._4sMembers_.installation.partnerSubId", "CKuiyYq9u7MCFQmCQgodMXEAqA");
user_pref("extensions.toolbar.mindspark._4sMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4sMembers_.installation.toolbarId", "B4FB7199-7465-4EA9-8401-DAC46D4417AF");
user_pref("extensions.toolbar.mindspark._4sMembers_.lastActivePing", "1353551026550");
user_pref("extensions.toolbar.mindspark._4sMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._4sMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._4sMembers_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._4sMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._4sMembers_.weather.location", "98004");
user_pref("extensions.toolbar.mindspark.lastInstalled", "gamingassassin@mindspark.com");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/28/2012 at 16:31:39.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


alwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.28.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rick :: FAERIE [administrator]

Protection: Enabled

12/28/2012 4:39:12 PM
mbam-log-2012-12-28 (16-39-12).txt

Scan type: Full scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 348758
Time elapsed: 51 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 30 December 2012 - 10:09 AM

How is the computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE, J2SE, Java™ 6 or Java™ 7) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the installer you just downloaded
Posted Image Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.


Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.
Please include the following in your next post:
  • How is the computer running now
  • AdwCleaner log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:29 PM

Posted 06 January 2013 - 11:18 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users