Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing Redirect / opening random IE windows Virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 Basics

Basics

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 30 December 2012 - 08:47 AM

Ive tried all the methods i know of to remove this virus (Whenever I run malware bytes the virus goes inactive even i install it under a different name and .exe then default.). This virus has been on this computer for a long time. It used to belong to my sister and it was on it when i got a few months ago. It only recently started opening the IE windows (last few days)






DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639
Run by cpu at 8:36:54 on 2012-12-30
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1434 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\cpu\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Users\cpu\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Malware\Malware\mbamservice.exe
C:\Malware\Malware\mbamgui.exe
C:\Malware\Malware\mbamscheduler.exe
C:\Windows\system32\wuauclt.exe
C:\Malware\Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Adobe] RUNDLL32.EXE c:\users\cpu\appdata\local\adobe\auvhjpvy.dll,??1CIcdSpiAuto@@QAE@XZ
uRun: [Spotify] "c:\users\cpu\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
uRun: [Spotify Web Helper] "c:\users\cpu\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\malware\malware\mbamgui.exe /install /silent
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{68097F4C-0535-4A97-AEF2-6D3FC3CA9D37} : DHCPNameServer = 192.168.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cpu\appdata\roaming\mozilla\firefox\profiles\tswwb3h1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/
FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-11-30 16:54; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\cpu\appdata\roaming\mozilla\firefox\profiles\tswwb3h1.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF - ExtSQL: 2012-12-13 22:32; redditopener@johannes-bauer.com; c:\users\cpu\appdata\roaming\mozilla\firefox\profiles\tswwb3h1.default\extensions\redditopener@johannes-bauer.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMScheduler;MBAMScheduler;c:\malware\malware\mbamscheduler.exe [2012-12-17 398184]
R2 MBAMService;MBAMService;c:\malware\malware\mbamservice.exe [2012-12-17 682344]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2012-9-4 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-1-11 32000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-17 21104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-12-30 40776]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-2-22 22400]
.
=============== Created Last 30 ================
.
2012-12-30 13:26:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-29 14:18:06 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5521980e-4779-4d63-a544-c68c62d08277}\mpengine.dll
2012-12-19 00:21:27 2213976 ----a-w- c:\users\cpu\tdsskiller1.exe
2012-12-17 22:43:02 -------- d-----w- c:\program files\CCleaner
2012-12-17 22:41:17 -------- d-----w- c:\programdata\HitmanPro
2012-12-17 20:48:36 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-17 20:48:36 -------- d-----w- C:\Malware
2012-12-17 17:09:16 -------- d-----w- c:\program files\Speccy
2012-12-12 22:40:22 -------- d-----w- c:\users\cpu\appdata\local\Google
.
==================== Find3M ====================
.
2012-12-11 20:18:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 20:18:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 8:37:06.27 ===============

Attached Files


Edited by Basics, 30 December 2012 - 08:50 AM.


BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 30 December 2012 - 10:22 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, Basics

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 30 December 2012 - 10:23 AM

I'd require further diagnosis.

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 Basics

Basics
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 30 December 2012 - 09:10 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-30 20:53:57
-----------------------------
20:53:57.822 OS Version: Windows 6.0.6001 Service Pack 1
20:53:57.822 Number of processors: 2 586 0x301
20:53:57.824 ComputerName: CPU-PC UserName: cpu
20:53:59.314 Initialize success
21:01:18.888 AVAST engine defs: 12123001
21:01:53.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
21:01:53.719 Disk 0 Vendor: TOSHIBA_MK1652GSX LV011C Size: 152627MB BusType: 3
21:01:53.733 Disk 0 MBR read successfully
21:01:53.737 Disk 0 MBR scan
21:01:53.744 Disk 0 unknown MBR code
21:01:53.749 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142533 MB offset 63
21:01:53.780 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10090 MB offset 291909632
21:01:53.790 Disk 0 scanning sectors +312573952
21:01:53.859 Disk 0 scanning C:\Windows\system32\drivers
21:02:02.960 Service scanning
21:02:30.321 Modules scanning
21:02:44.386 Disk 0 trace - called modules:
21:02:44.417 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys nvlddmkm.sys
21:02:44.426 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86008208]
21:02:44.434 3 CLASSPNP.SYS[807a1745] -> nt!IofCallDriver -> [0x85585918]
21:02:44.441 5 acpi.sys[8060f6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0x847c6898]
21:02:45.251 AVAST engine scan C:\Windows
21:02:47.307 AVAST engine scan C:\Windows\system32
21:05:16.228 AVAST engine scan C:\Windows\system32\drivers
21:05:28.663 AVAST engine scan C:\Users\cpu
21:05:28.950 File: C:\Users\cpu\AppData\Local\Adobe\auvhjpvy.dll.old **INFECTED** Win32:Tracur-IK [Trj]
21:05:41.411 Disk 0 MBR has been saved successfully to "C:\Users\cpu\Desktop\MBR.dat"
21:05:41.425 The log file has been saved successfully to "C:\Users\cpu\Desktop\aswMBR.txt"














21:06:03.0804 5044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:06:04.0108 5044 ============================================================
21:06:04.0108 5044 Current date / time: 2012/12/30 21:06:04.0108
21:06:04.0108 5044 SystemInfo:
21:06:04.0108 5044
21:06:04.0108 5044 OS Version: 6.0.6001 ServicePack: 1.0
21:06:04.0108 5044 Product type: Workstation
21:06:04.0108 5044 ComputerName: CPU-PC
21:06:04.0108 5044 UserName: cpu
21:06:04.0108 5044 Windows directory: C:\Windows
21:06:04.0108 5044 System windows directory: C:\Windows
21:06:04.0108 5044 Processor architecture: Intel x86
21:06:04.0108 5044 Number of processors: 2
21:06:04.0108 5044 Page size: 0x1000
21:06:04.0108 5044 Boot type: Normal boot
21:06:04.0108 5044 ============================================================
21:06:05.0589 5044 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:06:05.0595 5044 ============================================================
21:06:05.0595 5044 \Device\Harddisk0\DR0:
21:06:05.0595 5044 MBR partitions:
21:06:05.0595 5044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11662FC1
21:06:05.0595 5044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11663000, BlocksNum 0x13B5000
21:06:05.0595 5044 ============================================================
21:06:05.0629 5044 C: <-> \Device\Harddisk0\DR0\Partition1
21:06:05.0788 5044 D: <-> \Device\Harddisk0\DR0\Partition2
21:06:05.0788 5044 ============================================================
21:06:05.0788 5044 Initialize success
21:06:05.0788 5044 ============================================================
21:06:09.0919 4860 ============================================================
21:06:09.0919 4860 Scan started
21:06:09.0919 4860 Mode: Manual;
21:06:09.0919 4860 ============================================================
21:06:10.0779 4860 ================ Scan system memory ========================
21:06:10.0779 4860 System memory - ok
21:06:10.0780 4860 ================ Scan services =============================
21:06:11.0262 4860 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
21:06:11.0305 4860 ACPI - ok
21:06:11.0456 4860 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:06:11.0494 4860 AdobeFlashPlayerUpdateSvc - ok
21:06:11.0568 4860 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:06:11.0592 4860 adp94xx - ok
21:06:11.0617 4860 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:06:11.0623 4860 adpahci - ok
21:06:11.0633 4860 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:06:11.0634 4860 adpu160m - ok
21:06:11.0647 4860 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:06:11.0649 4860 adpu320 - ok
21:06:11.0706 4860 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:06:11.0707 4860 AeLookupSvc - ok
21:06:11.0818 4860 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
21:06:11.0823 4860 AFD - ok
21:06:11.0901 4860 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:06:11.0902 4860 agp440 - ok
21:06:11.0926 4860 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:06:11.0928 4860 aic78xx - ok
21:06:11.0963 4860 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:06:11.0964 4860 ALG - ok
21:06:11.0977 4860 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:06:11.0978 4860 aliide - ok
21:06:11.0999 4860 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:06:12.0000 4860 amdagp - ok
21:06:12.0034 4860 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:06:12.0035 4860 amdide - ok
21:06:12.0055 4860 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:06:12.0057 4860 AmdK7 - ok
21:06:12.0094 4860 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:06:12.0096 4860 AmdK8 - ok
21:06:12.0164 4860 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:06:12.0165 4860 Appinfo - ok
21:06:12.0326 4860 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:06:12.0329 4860 Apple Mobile Device - ok
21:06:12.0362 4860 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:06:12.0364 4860 arc - ok
21:06:12.0413 4860 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:06:12.0414 4860 arcsas - ok
21:06:12.0460 4860 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:06:12.0460 4860 AsyncMac - ok
21:06:12.0479 4860 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
21:06:12.0480 4860 atapi - ok
21:06:12.0595 4860 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
21:06:12.0603 4860 athr - ok
21:06:12.0707 4860 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:06:12.0711 4860 AudioEndpointBuilder - ok
21:06:12.0724 4860 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:06:12.0728 4860 Audiosrv - ok
21:06:12.0830 4860 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
21:06:12.0837 4860 BCM43XV - ok
21:06:12.0919 4860 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:06:12.0921 4860 Beep - ok
21:06:12.0993 4860 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
21:06:12.0997 4860 BFE - ok
21:06:13.0296 4860 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
21:06:13.0305 4860 BITS - ok
21:06:13.0335 4860 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:06:13.0337 4860 blbdrive - ok
21:06:13.0489 4860 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:06:13.0497 4860 Bonjour Service - ok
21:06:13.0549 4860 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:06:13.0550 4860 bowser - ok
21:06:13.0637 4860 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:06:13.0638 4860 BrFiltLo - ok
21:06:13.0671 4860 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:06:13.0672 4860 BrFiltUp - ok
21:06:13.0704 4860 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:06:13.0705 4860 Browser - ok
21:06:13.0757 4860 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:06:13.0758 4860 Brserid - ok
21:06:13.0772 4860 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:06:13.0773 4860 BrSerWdm - ok
21:06:13.0794 4860 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:06:13.0810 4860 BrUsbMdm - ok
21:06:13.0824 4860 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:06:13.0825 4860 BrUsbSer - ok
21:06:13.0842 4860 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:06:13.0843 4860 BTHMODEM - ok
21:06:13.0861 4860 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:06:13.0862 4860 cdfs - ok
21:06:13.0921 4860 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:06:13.0922 4860 cdrom - ok
21:06:13.0991 4860 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
21:06:13.0992 4860 CertPropSvc - ok
21:06:14.0018 4860 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:06:14.0019 4860 circlass - ok
21:06:14.0095 4860 [ 0703B9DEE7EEC6D6370EDEBD43D0F5C2 ] CLFS C:\Windows\system32\CLFS.sys
21:06:14.0098 4860 CLFS - ok
21:06:14.0193 4860 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:06:14.0196 4860 clr_optimization_v2.0.50727_32 - ok
21:06:14.0262 4860 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:06:14.0262 4860 CmBatt - ok
21:06:14.0291 4860 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:06:14.0292 4860 cmdide - ok
21:06:14.0362 4860 [ 1ADF6F4852E7D7E2E8AC481BDB970586 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:06:14.0365 4860 CnxtHdAudService - ok
21:06:14.0523 4860 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:06:14.0525 4860 Com4QLBEx - ok
21:06:14.0581 4860 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:06:14.0581 4860 Compbatt - ok
21:06:14.0589 4860 COMSysApp - ok
21:06:14.0609 4860 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:06:14.0610 4860 crcdisk - ok
21:06:14.0640 4860 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:06:14.0650 4860 Crusoe - ok
21:06:14.0716 4860 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:06:14.0718 4860 CryptSvc - ok
21:06:14.0812 4860 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:06:14.0824 4860 DcomLaunch - ok
21:06:14.0863 4860 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:06:14.0864 4860 DfsC - ok
21:06:14.0963 4860 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
21:06:15.0006 4860 DFSR - ok
21:06:15.0089 4860 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:06:15.0092 4860 Dhcp - ok
21:06:15.0154 4860 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
21:06:15.0155 4860 disk - ok
21:06:15.0183 4860 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:06:15.0185 4860 Dnscache - ok
21:06:15.0203 4860 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
21:06:15.0206 4860 dot3svc - ok
21:06:15.0254 4860 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:06:15.0256 4860 DPS - ok
21:06:15.0336 4860 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:06:15.0338 4860 drmkaud - ok
21:06:15.0377 4860 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:06:15.0382 4860 DXGKrnl - ok
21:06:15.0445 4860 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:06:15.0446 4860 E1G60 - ok
21:06:15.0507 4860 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:06:15.0509 4860 EapHost - ok
21:06:15.0560 4860 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:06:15.0562 4860 Ecache - ok
21:06:15.0678 4860 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:06:15.0696 4860 ehRecvr - ok
21:06:15.0715 4860 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:06:15.0717 4860 ehSched - ok
21:06:15.0734 4860 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:06:15.0735 4860 ehstart - ok
21:06:15.0841 4860 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:06:15.0857 4860 elxstor - ok
21:06:15.0901 4860 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:06:15.0906 4860 EMDMgmt - ok
21:06:15.0956 4860 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:06:15.0957 4860 ErrDev - ok
21:06:16.0009 4860 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
21:06:16.0017 4860 EventSystem - ok
21:06:16.0072 4860 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
21:06:16.0075 4860 exfat - ok
21:06:16.0099 4860 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:06:16.0103 4860 fastfat - ok
21:06:16.0142 4860 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:06:16.0143 4860 fdc - ok
21:06:16.0175 4860 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:06:16.0177 4860 fdPHost - ok
21:06:16.0191 4860 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:06:16.0193 4860 FDResPub - ok
21:06:16.0207 4860 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:06:16.0208 4860 FileInfo - ok
21:06:16.0226 4860 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:06:16.0227 4860 Filetrace - ok
21:06:16.0241 4860 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:06:16.0258 4860 flpydisk - ok
21:06:16.0284 4860 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:06:16.0286 4860 FltMgr - ok
21:06:16.0374 4860 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:06:16.0375 4860 FontCache3.0.0.0 - ok
21:06:16.0390 4860 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:06:16.0391 4860 Fs_Rec - ok
21:06:16.0408 4860 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:06:16.0409 4860 gagp30kx - ok
21:06:16.0534 4860 [ 6139AE70E943B2A57AD04B70A316C0A0 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
21:06:16.0547 4860 GameConsoleService - ok
21:06:16.0602 4860 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:06:16.0603 4860 GEARAspiWDM - ok
21:06:16.0643 4860 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
21:06:16.0648 4860 gpsvc - ok
21:06:16.0713 4860 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:06:16.0716 4860 gupdate - ok
21:06:16.0724 4860 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:06:16.0726 4860 gupdatem - ok
21:06:16.0763 4860 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:06:16.0775 4860 HdAudAddService - ok
21:06:16.0782 4860 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:06:16.0783 4860 HDAudBus - ok
21:06:16.0808 4860 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:06:16.0809 4860 HidBth - ok
21:06:16.0827 4860 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:06:16.0828 4860 HidIr - ok
21:06:16.0849 4860 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
21:06:16.0851 4860 hidserv - ok
21:06:16.0874 4860 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:06:16.0874 4860 HidUsb - ok
21:06:16.0913 4860 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:06:16.0916 4860 hkmsvc - ok
21:06:17.0007 4860 [ D13E6BFD7E9189D26A42E94CB2447044 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:06:17.0009 4860 HP Health Check Service - ok
21:06:17.0026 4860 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:06:17.0027 4860 HpCISSs - ok
21:06:17.0080 4860 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:06:17.0081 4860 HpqKbFiltr - ok
21:06:17.0137 4860 [ D50FDAD1E57AA60F1973CFC77D905F0E ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
21:06:17.0140 4860 hpqwmiex - ok
21:06:17.0215 4860 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:06:17.0219 4860 HSFHWAZL - ok
21:06:17.0342 4860 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:06:17.0350 4860 HSF_DPV - ok
21:06:17.0401 4860 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:06:17.0403 4860 HSXHWAZL - ok
21:06:17.0440 4860 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:06:17.0444 4860 HTTP - ok
21:06:17.0467 4860 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:06:17.0468 4860 i2omp - ok
21:06:17.0528 4860 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:06:17.0529 4860 i8042prt - ok
21:06:17.0553 4860 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:06:17.0557 4860 iaStorV - ok
21:06:17.0624 4860 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:06:17.0638 4860 IDriverT - ok
21:06:17.0694 4860 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:06:17.0712 4860 idsvc - ok
21:06:17.0740 4860 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:06:17.0741 4860 iirsp - ok
21:06:17.0779 4860 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
21:06:17.0784 4860 IKEEXT - ok
21:06:17.0802 4860 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:06:17.0803 4860 intelide - ok
21:06:17.0827 4860 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:06:17.0835 4860 intelppm - ok
21:06:17.0851 4860 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:06:17.0853 4860 IPBusEnum - ok
21:06:17.0870 4860 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:06:17.0871 4860 IpFilterDriver - ok
21:06:17.0926 4860 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:06:17.0929 4860 iphlpsvc - ok
21:06:17.0936 4860 IpInIp - ok
21:06:17.0959 4860 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:06:17.0961 4860 IPMIDRV - ok
21:06:17.0998 4860 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:06:18.0000 4860 IPNAT - ok
21:06:18.0084 4860 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:06:18.0100 4860 iPod Service - ok
21:06:18.0116 4860 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:06:18.0117 4860 IRENUM - ok
21:06:18.0130 4860 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:06:18.0131 4860 isapnp - ok
21:06:18.0184 4860 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:06:18.0187 4860 iScsiPrt - ok
21:06:18.0204 4860 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:06:18.0205 4860 iteatapi - ok
21:06:18.0216 4860 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:06:18.0217 4860 iteraid - ok
21:06:18.0240 4860 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:06:18.0241 4860 kbdclass - ok
21:06:18.0254 4860 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:06:18.0255 4860 kbdhid - ok
21:06:18.0281 4860 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
21:06:18.0283 4860 KeyIso - ok
21:06:18.0340 4860 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:06:18.0345 4860 KSecDD - ok
21:06:18.0407 4860 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:06:18.0411 4860 KtmRm - ok
21:06:18.0435 4860 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:06:18.0439 4860 LanmanServer - ok
21:06:18.0520 4860 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:06:18.0524 4860 LanmanWorkstation - ok
21:06:18.0561 4860 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:06:18.0562 4860 lltdio - ok
21:06:18.0615 4860 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:06:18.0618 4860 lltdsvc - ok
21:06:18.0640 4860 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:06:18.0642 4860 lmhosts - ok
21:06:18.0678 4860 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:06:18.0680 4860 LSI_FC - ok
21:06:18.0692 4860 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:06:18.0693 4860 LSI_SAS - ok
21:06:18.0758 4860 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:06:18.0760 4860 LSI_SCSI - ok
21:06:18.0768 4860 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:06:18.0769 4860 luafv - ok
21:06:18.0815 4860 [ 8E17D513D8011B0EE03C355EAAB0E0CC ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys
21:06:18.0816 4860 ManyCam - ok
21:06:18.0898 4860 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:06:18.0913 4860 MBAMProtector - ok
21:06:18.0967 4860 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Malware\Malware\mbamscheduler.exe
21:06:18.0985 4860 MBAMScheduler - ok
21:06:19.0028 4860 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Malware\Malware\mbamservice.exe
21:06:19.0041 4860 MBAMService - ok
21:06:19.0092 4860 [ 562D95E00E14A944DEBE655DECBD3F5B ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv.sys
21:06:19.0093 4860 mcaudrv_simple - ok
21:06:19.0123 4860 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:06:19.0125 4860 Mcx2Svc - ok
21:06:19.0149 4860 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:06:19.0150 4860 mdmxsdk - ok
21:06:19.0184 4860 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:06:19.0185 4860 megasas - ok
21:06:19.0236 4860 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:06:19.0253 4860 MegaSR - ok
21:06:19.0272 4860 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:06:19.0276 4860 MMCSS - ok
21:06:19.0287 4860 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:06:19.0289 4860 Modem - ok
21:06:19.0338 4860 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:06:19.0339 4860 monitor - ok
21:06:19.0355 4860 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:06:19.0356 4860 mouclass - ok
21:06:19.0390 4860 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\drivers\mouhid.sys
21:06:19.0391 4860 mouhid - ok
21:06:19.0413 4860 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:06:19.0414 4860 MountMgr - ok
21:06:19.0458 4860 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:06:19.0459 4860 MozillaMaintenance - ok
21:06:19.0517 4860 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:06:19.0519 4860 mpio - ok
21:06:19.0541 4860 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:06:19.0542 4860 mpsdrv - ok
21:06:19.0588 4860 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
21:06:19.0594 4860 MpsSvc - ok
21:06:19.0608 4860 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:06:19.0609 4860 Mraid35x - ok
21:06:19.0629 4860 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:06:19.0631 4860 MRxDAV - ok
21:06:19.0672 4860 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:06:19.0674 4860 mrxsmb - ok
21:06:19.0721 4860 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:06:19.0723 4860 mrxsmb10 - ok
21:06:19.0754 4860 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:06:19.0756 4860 mrxsmb20 - ok
21:06:19.0799 4860 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
21:06:19.0800 4860 msahci - ok
21:06:19.0814 4860 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:06:19.0816 4860 msdsm - ok
21:06:19.0845 4860 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:06:19.0848 4860 MSDTC - ok
21:06:19.0878 4860 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:06:19.0879 4860 Msfs - ok
21:06:19.0939 4860 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:06:19.0940 4860 msisadrv - ok
21:06:19.0984 4860 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:06:19.0986 4860 MSiSCSI - ok
21:06:19.0993 4860 msiserver - ok
21:06:20.0043 4860 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:06:20.0044 4860 MSKSSRV - ok
21:06:20.0091 4860 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:06:20.0092 4860 MSPCLOCK - ok
21:06:20.0115 4860 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:06:20.0115 4860 MSPQM - ok
21:06:20.0138 4860 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:06:20.0141 4860 MsRPC - ok
21:06:20.0162 4860 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:06:20.0163 4860 mssmbios - ok
21:06:20.0180 4860 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:06:20.0181 4860 MSTEE - ok
21:06:20.0198 4860 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
21:06:20.0199 4860 Mup - ok
21:06:20.0245 4860 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
21:06:20.0253 4860 napagent - ok
21:06:20.0310 4860 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:06:20.0312 4860 NativeWifiP - ok
21:06:20.0401 4860 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:06:20.0410 4860 NDIS - ok
21:06:20.0427 4860 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:06:20.0428 4860 NdisTapi - ok
21:06:20.0442 4860 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:06:20.0443 4860 Ndisuio - ok
21:06:20.0463 4860 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:06:20.0465 4860 NdisWan - ok
21:06:20.0477 4860 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:06:20.0479 4860 NDProxy - ok
21:06:20.0494 4860 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:06:20.0495 4860 NetBIOS - ok
21:06:20.0511 4860 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:06:20.0514 4860 netbt - ok
21:06:20.0526 4860 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
21:06:20.0528 4860 Netlogon - ok
21:06:20.0561 4860 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:06:20.0567 4860 Netman - ok
21:06:20.0597 4860 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:06:20.0603 4860 netprofm - ok
21:06:20.0639 4860 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:06:20.0641 4860 NetTcpPortSharing - ok
21:06:20.0672 4860 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:06:20.0673 4860 nfrd960 - ok
21:06:20.0693 4860 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:06:20.0697 4860 NlaSvc - ok
21:06:20.0705 4860 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:06:20.0706 4860 Npfs - ok
21:06:20.0722 4860 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:06:20.0724 4860 nsi - ok
21:06:20.0736 4860 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:06:20.0737 4860 nsiproxy - ok
21:06:20.0786 4860 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:06:20.0803 4860 Ntfs - ok
21:06:20.0824 4860 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:06:20.0825 4860 ntrigdigi - ok
21:06:20.0841 4860 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:06:20.0841 4860 Null - ok
21:06:20.0961 4860 [ AE78A7285DF03A277415FC62F8CE8F24 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:06:20.0969 4860 NVENETFD - ok
21:06:21.0000 4860 [ B0DD52428BF564F5FC5EE331060BE2A6 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:06:21.0001 4860 NVHDA - ok
21:06:21.0851 4860 [ 9DAC05D828E56801FD6CE5FDFCED64AF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:06:22.0067 4860 nvlddmkm - ok
21:06:22.0091 4860 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:06:22.0093 4860 nvraid - ok
21:06:22.0119 4860 [ 0FB6BF3AB170FC5BD403D25E134EAFDE ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
21:06:22.0120 4860 nvsmu - ok
21:06:22.0130 4860 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:06:22.0131 4860 nvstor - ok
21:06:22.0199 4860 [ 51E7F2C26B6ECE61C5241F1F731EAB2B ] nvsvc C:\Windows\system32\nvvsvc.exe
21:06:22.0203 4860 nvsvc - ok
21:06:22.0227 4860 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:06:22.0231 4860 nv_agp - ok
21:06:22.0237 4860 NwlnkFlt - ok
21:06:22.0247 4860 NwlnkFwd - ok
21:06:22.0322 4860 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:06:22.0331 4860 odserv - ok
21:06:22.0366 4860 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:06:22.0368 4860 ohci1394 - ok
21:06:22.0427 4860 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:06:22.0431 4860 ose - ok
21:06:22.0484 4860 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:06:22.0491 4860 p2pimsvc - ok
21:06:22.0508 4860 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
21:06:22.0515 4860 p2psvc - ok
21:06:22.0534 4860 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:06:22.0535 4860 Parport - ok
21:06:22.0551 4860 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:06:22.0552 4860 partmgr - ok
21:06:22.0572 4860 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:06:22.0573 4860 Parvdm - ok
21:06:22.0594 4860 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:06:22.0597 4860 PcaSvc - ok
21:06:22.0606 4860 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
21:06:22.0608 4860 pci - ok
21:06:22.0656 4860 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:06:22.0657 4860 pciide - ok
21:06:22.0676 4860 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:06:22.0678 4860 pcmcia - ok
21:06:22.0717 4860 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:06:22.0724 4860 PEAUTH - ok
21:06:22.0813 4860 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:06:22.0828 4860 pla - ok
21:06:22.0863 4860 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:06:22.0868 4860 PlugPlay - ok
21:06:22.0906 4860 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:06:22.0914 4860 PNRPAutoReg - ok
21:06:22.0935 4860 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:06:22.0944 4860 PNRPsvc - ok
21:06:22.0983 4860 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:06:22.0988 4860 PolicyAgent - ok
21:06:23.0023 4860 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:06:23.0024 4860 PptpMiniport - ok
21:06:23.0035 4860 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:06:23.0037 4860 Processor - ok
21:06:23.0079 4860 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
21:06:23.0083 4860 ProfSvc - ok
21:06:23.0093 4860 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:06:23.0095 4860 ProtectedStorage - ok
21:06:23.0130 4860 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:06:23.0131 4860 PSched - ok
21:06:23.0211 4860 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:06:23.0229 4860 ql2300 - ok
21:06:23.0238 4860 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:06:23.0239 4860 ql40xx - ok
21:06:23.0263 4860 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:06:23.0267 4860 QWAVE - ok
21:06:23.0297 4860 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:06:23.0298 4860 QWAVEdrv - ok
21:06:23.0314 4860 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:06:23.0314 4860 RasAcd - ok
21:06:23.0351 4860 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:06:23.0354 4860 RasAuto - ok
21:06:23.0368 4860 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:06:23.0369 4860 Rasl2tp - ok
21:06:23.0398 4860 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
21:06:23.0403 4860 RasMan - ok
21:06:23.0419 4860 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:06:23.0420 4860 RasPppoe - ok
21:06:23.0441 4860 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:06:23.0442 4860 RasSstp - ok
21:06:23.0469 4860 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:06:23.0471 4860 rdbss - ok
21:06:23.0498 4860 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:06:23.0499 4860 RDPCDD - ok
21:06:23.0526 4860 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:06:23.0529 4860 rdpdr - ok
21:06:23.0536 4860 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:06:23.0537 4860 RDPENCDD - ok
21:06:23.0575 4860 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:06:23.0578 4860 RDPWD - ok
21:06:23.0673 4860 [ 431723F23D0E065BEF502389E8FFDC10 ] Recovery Service for Windows C:\Windows\SMINST\BLService.exe
21:06:23.0681 4860 Recovery Service for Windows - ok
21:06:23.0745 4860 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:06:23.0748 4860 RemoteAccess - ok
21:06:23.0771 4860 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:06:23.0774 4860 RemoteRegistry - ok
21:06:23.0839 4860 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:06:23.0844 4860 RichVideo - ok
21:06:23.0872 4860 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:06:23.0874 4860 RpcLocator - ok
21:06:23.0902 4860 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
21:06:23.0909 4860 RpcSs - ok
21:06:23.0936 4860 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:06:23.0938 4860 rspndr - ok
21:06:23.0958 4860 [ B0538DEA03E088B80482CA939F4E8740 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
21:06:23.0960 4860 RTSTOR - ok
21:06:23.0971 4860 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
21:06:23.0973 4860 SamSs - ok
21:06:23.0995 4860 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:06:23.0997 4860 sbp2port - ok
21:06:24.0032 4860 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:06:24.0035 4860 SCardSvr - ok
21:06:24.0063 4860 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
21:06:24.0076 4860 Schedule - ok
21:06:24.0093 4860 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
21:06:24.0094 4860 SCPolicySvc - ok
21:06:24.0110 4860 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:06:24.0114 4860 SDRSVC - ok
21:06:24.0140 4860 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:06:24.0141 4860 secdrv - ok
21:06:24.0158 4860 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:06:24.0161 4860 seclogon - ok
21:06:24.0183 4860 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:06:24.0186 4860 SENS - ok
21:06:24.0209 4860 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:06:24.0211 4860 Serenum - ok
21:06:24.0225 4860 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:06:24.0227 4860 Serial - ok
21:06:24.0242 4860 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:06:24.0243 4860 sermouse - ok
21:06:24.0284 4860 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:06:24.0288 4860 SessionEnv - ok
21:06:24.0302 4860 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:06:24.0303 4860 sffdisk - ok
21:06:24.0328 4860 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:06:24.0329 4860 sffp_mmc - ok
21:06:24.0364 4860 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:06:24.0366 4860 sffp_sd - ok
21:06:24.0386 4860 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:06:24.0388 4860 sfloppy - ok
21:06:24.0431 4860 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:06:24.0436 4860 SharedAccess - ok
21:06:24.0473 4860 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:06:24.0478 4860 ShellHWDetection - ok
21:06:24.0492 4860 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:06:24.0493 4860 sisagp - ok
21:06:24.0518 4860 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:06:24.0519 4860 SiSRaid2 - ok
21:06:24.0529 4860 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:06:24.0531 4860 SiSRaid4 - ok
21:06:24.0623 4860 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
21:06:24.0645 4860 slsvc - ok
21:06:24.0664 4860 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:06:24.0668 4860 SLUINotify - ok
21:06:24.0683 4860 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:06:24.0685 4860 Smb - ok
21:06:24.0723 4860 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:06:24.0726 4860 SNMPTRAP - ok
21:06:24.0748 4860 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:06:24.0749 4860 spldr - ok
21:06:24.0784 4860 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
21:06:24.0788 4860 Spooler - ok
21:06:24.0821 4860 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:06:24.0825 4860 srv - ok
21:06:24.0840 4860 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:06:24.0842 4860 srv2 - ok
21:06:24.0862 4860 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:06:24.0863 4860 srvnet - ok
21:06:24.0883 4860 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:06:24.0886 4860 SSDPSRV - ok
21:06:24.0939 4860 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:06:24.0942 4860 SstpSvc - ok
21:06:25.0015 4860 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
21:06:25.0026 4860 stisvc - ok
21:06:25.0055 4860 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:06:25.0056 4860 swenum - ok
21:06:25.0096 4860 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
21:06:25.0101 4860 swprv - ok
21:06:25.0115 4860 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:06:25.0116 4860 Symc8xx - ok
21:06:25.0123 4860 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:06:25.0124 4860 Sym_hi - ok
21:06:25.0133 4860 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:06:25.0134 4860 Sym_u3 - ok
21:06:25.0206 4860 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:06:25.0208 4860 SynTP - ok
21:06:25.0239 4860 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
21:06:25.0251 4860 SysMain - ok
21:06:25.0264 4860 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:06:25.0267 4860 TabletInputService - ok
21:06:25.0308 4860 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:06:25.0313 4860 TapiSrv - ok
21:06:25.0328 4860 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:06:25.0331 4860 TBS - ok
21:06:25.0380 4860 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:06:25.0402 4860 Tcpip - ok
21:06:25.0425 4860 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:06:25.0433 4860 Tcpip6 - ok
21:06:25.0462 4860 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:06:25.0464 4860 tcpipreg - ok
21:06:25.0476 4860 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:06:25.0476 4860 TDPIPE - ok
21:06:25.0496 4860 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:06:25.0497 4860 TDTCP - ok
21:06:25.0517 4860 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:06:25.0518 4860 tdx - ok
21:06:25.0535 4860 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:06:25.0536 4860 TermDD - ok
21:06:25.0579 4860 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
21:06:25.0585 4860 TermService - ok
21:06:25.0607 4860 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
21:06:25.0611 4860 Themes - ok
21:06:25.0629 4860 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:06:25.0631 4860 THREADORDER - ok
21:06:25.0646 4860 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:06:25.0649 4860 TrkWks - ok
21:06:25.0703 4860 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:06:25.0704 4860 TrustedInstaller - ok
21:06:25.0741 4860 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:06:25.0742 4860 tssecsrv - ok
21:06:25.0790 4860 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:06:25.0790 4860 tunmp - ok
21:06:25.0815 4860 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:06:25.0816 4860 tunnel - ok
21:06:25.0834 4860 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:06:25.0836 4860 uagp35 - ok
21:06:25.0854 4860 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:06:25.0856 4860 udfs - ok
21:06:25.0889 4860 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:06:25.0892 4860 UI0Detect - ok
21:06:25.0918 4860 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:06:25.0920 4860 uliagpkx - ok
21:06:25.0959 4860 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:06:25.0963 4860 uliahci - ok
21:06:25.0988 4860 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:06:25.0989 4860 UlSata - ok
21:06:25.0999 4860 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:06:26.0000 4860 ulsata2 - ok
21:06:26.0013 4860 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:06:26.0014 4860 umbus - ok
21:06:26.0035 4860 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:06:26.0039 4860 upnphost - ok
21:06:26.0078 4860 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:06:26.0080 4860 USBAAPL - ok
21:06:26.0116 4860 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:06:26.0118 4860 usbccgp - ok
21:06:26.0133 4860 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:06:26.0135 4860 usbcir - ok
21:06:26.0192 4860 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:06:26.0193 4860 usbehci - ok
21:06:26.0223 4860 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:06:26.0225 4860 usbhub - ok
21:06:26.0237 4860 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:06:26.0238 4860 usbohci - ok
21:06:26.0259 4860 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:06:26.0260 4860 usbprint - ok
21:06:26.0275 4860 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:06:26.0276 4860 USBSTOR - ok
21:06:26.0290 4860 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:06:26.0291 4860 usbuhci - ok
21:06:26.0345 4860 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:06:26.0347 4860 usbvideo - ok
21:06:26.0373 4860 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
21:06:26.0376 4860 UxSms - ok
21:06:26.0399 4860 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
21:06:26.0406 4860 vds - ok
21:06:26.0463 4860 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:06:26.0465 4860 vga - ok
21:06:26.0483 4860 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:06:26.0484 4860 VgaSave - ok
21:06:26.0506 4860 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:06:26.0508 4860 viaagp - ok
21:06:26.0522 4860 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:06:26.0523 4860 ViaC7 - ok
21:06:26.0539 4860 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:06:26.0540 4860 viaide - ok
21:06:26.0603 4860 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
21:06:26.0604 4860 Viewpoint Manager Service - ok
21:06:26.0630 4860 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:06:26.0631 4860 volmgr - ok
21:06:26.0643 4860 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:06:26.0646 4860 volmgrx - ok
21:06:26.0668 4860 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:06:26.0672 4860 volsnap - ok
21:06:26.0697 4860 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:06:26.0700 4860 vsmraid - ok
21:06:26.0755 4860 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
21:06:26.0774 4860 VSS - ok
21:06:26.0785 4860 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
21:06:26.0790 4860 W32Time - ok
21:06:26.0808 4860 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:06:26.0809 4860 WacomPen - ok
21:06:26.0830 4860 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:06:26.0832 4860 Wanarp - ok
21:06:26.0839 4860 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:06:26.0840 4860 Wanarpv6 - ok
21:06:26.0872 4860 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:06:26.0881 4860 wcncsvc - ok
21:06:26.0902 4860 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:06:26.0905 4860 WcsPlugInService - ok
21:06:26.0931 4860 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:06:26.0932 4860 Wd - ok
21:06:26.0969 4860 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:06:26.0979 4860 Wdf01000 - ok
21:06:27.0000 4860 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:06:27.0004 4860 WdiServiceHost - ok
21:06:27.0014 4860 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:06:27.0018 4860 WdiSystemHost - ok
21:06:27.0056 4860 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
21:06:27.0060 4860 WebClient - ok
21:06:27.0081 4860 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:06:27.0085 4860 Wecsvc - ok
21:06:27.0104 4860 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:06:27.0107 4860 wercplsupport - ok
21:06:27.0116 4860 [ 4081288554294F144E5A7D4EE20E3CE6 ] WerSvc C:\Windows\System32\WerSvc.dll
21:06:27.0121 4860 WerSvc - ok
21:06:27.0157 4860 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:06:27.0169 4860 winachsf - ok
21:06:27.0236 4860 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:06:27.0239 4860 WinDefend - ok
21:06:27.0248 4860 WinHttpAutoProxySvc - ok
21:06:27.0324 4860 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:06:27.0326 4860 Winmgmt - ok
21:06:27.0369 4860 [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM C:\Windows\system32\WsmSvc.dll
21:06:27.0378 4860 WinRM - ok
21:06:27.0420 4860 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:06:27.0433 4860 Wlansvc - ok
21:06:27.0471 4860 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:06:27.0472 4860 WmiAcpi - ok
21:06:27.0492 4860 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:06:27.0494 4860 wmiApSrv - ok
21:06:27.0572 4860 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:06:27.0585 4860 WMPNetworkSvc - ok
21:06:27.0624 4860 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:06:27.0628 4860 WPCSvc - ok
21:06:27.0639 4860 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:06:27.0642 4860 WPDBusEnum - ok
21:06:27.0715 4860 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:06:27.0716 4860 WpdUsb - ok
21:06:27.0741 4860 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:06:27.0742 4860 ws2ifsl - ok
21:06:27.0755 4860 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
21:06:27.0759 4860 wscsvc - ok
21:06:27.0768 4860 WSearch - ok
21:06:27.0834 4860 [ D79538B67FA641E986855DEF651E78FE ] wuauserv C:\Windows\system32\wuaueng.dll
21:06:27.0850 4860 wuauserv - ok
21:06:27.0893 4860 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:06:27.0895 4860 WUDFRd - ok
21:06:27.0926 4860 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:06:27.0930 4860 wudfsvc - ok
21:06:27.0946 4860 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:06:27.0947 4860 XAudio - ok
21:06:27.0982 4860 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:06:27.0986 4860 XAudioService - ok
21:06:27.0999 4860 ================ Scan global ===============================
21:06:28.0025 4860 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:06:28.0066 4860 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:06:28.0080 4860 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:06:28.0114 4860 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
21:06:28.0118 4860 [Global] - ok
21:06:28.0119 4860 ================ Scan MBR ==================================
21:06:28.0137 4860 [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0
21:06:28.0606 4860 \Device\Harddisk0\DR0 - ok
21:06:28.0607 4860 ================ Scan VBR ==================================
21:06:28.0611 4860 [ 4E476B72466ED621D74FE4844493B1B4 ] \Device\Harddisk0\DR0\Partition1
21:06:28.0615 4860 \Device\Harddisk0\DR0\Partition1 - ok
21:06:28.0621 4860 [ 9E7C5773D528D16557B6C790E02E880E ] \Device\Harddisk0\DR0\Partition2
21:06:28.0622 4860 \Device\Harddisk0\DR0\Partition2 - ok
21:06:28.0624 4860 ============================================================
21:06:28.0624 4860 Scan finished
21:06:28.0624 4860 ============================================================
21:06:28.0647 4864 Detected object count: 0
21:06:28.0647 4864 Actual detected object count: 0
21:06:59.0141 5380 Deinitialize success

Attached Files

  • Attached File  MBR.zip   547bytes   0 downloads


#5 Basics

Basics
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 30 December 2012 - 09:12 PM

Also doing those steps made the virus go idle once again. It normally restarts when i restart my browser or sometimes not until my computer is shut off.

#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 30 December 2012 - 10:31 PM

Sounds like it is happening intermittently.

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 Basics

Basics
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 31 December 2012 - 09:50 AM

ComboFix 12-12-30.01 - cpu 12/31/2012 0:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1695 [GMT -5:00]
Running from: c:\users\cpu\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9913.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9934.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9965.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9986.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM99A7.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM99B9.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM99DA.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM99FB.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9A3C.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9A5D.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9A7E.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9A90.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9AC1.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9AF1.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9B13.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9B24.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9B74.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9BA5.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9D6B.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9D9C.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9E4A.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9EE8.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEM9FE3.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA056.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA0C5.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA46F.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA55B.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA637.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA678.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA725.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA785.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA804.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA892.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA940.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMA9DE.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMAEFE.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMB18F.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMB375.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMB4AF.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMB6A4.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMB8A9.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMB956.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMBA82.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMBAA3.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMBAC4.tmp
c:\users\cpu\AppData\Local\Temp\XTMP1MC3VE\DEMBAE5.tmp
c:\users\cpu\AppData\Local\Temp\YTMP7MC8AA\TAAA006.tmp
c:\users\cpu\tdsskiller.exe
c:\users\cpu\tdsskiller1.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))))
.
.
2012-12-31 05:41 . 2012-12-31 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-29 14:18 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5521980E-4779-4D63-A544-C68C62D08277}\mpengine.dll
2012-12-17 22:43 . 2012-12-17 22:43 -------- d-----w- c:\program files\CCleaner
2012-12-17 22:41 . 2012-12-17 22:41 -------- d-----w- c:\programdata\HitmanPro
2012-12-17 20:48 . 2012-12-17 20:48 -------- d-----w- C:\Malware
2012-12-17 20:48 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-17 17:09 . 2012-12-17 17:09 -------- d-----w- c:\program files\Speccy
2012-12-12 22:40 . 2012-12-12 22:41 -------- d-----w- c:\program files\Google
2012-12-12 22:40 . 2012-12-12 22:41 -------- d-----w- c:\users\cpu\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 20:18 . 2012-09-04 21:38 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 20:18 . 2012-09-04 21:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-06 23:49 . 2012-12-06 23:49 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Spotify"="c:\users\cpu\AppData\Roaming\Spotify\Spotify.exe" [2012-10-27 7880664]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2012-06-28 2160024]
"Spotify Web Helper"="c:\users\cpu\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-27 1199576]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 20:18]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-12 22:40]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-12 22:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\tswwb3h1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/
FF - ExtSQL: 2012-11-30 16:54; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\tswwb3h1.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF - ExtSQL: 2012-12-13 22:32; redditopener@johannes-bauer.com; c:\users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\tswwb3h1.default\extensions\redditopener@johannes-bauer.com.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-31 00:44
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\malware\Malware\mbamscheduler.exe
c:\malware\Malware\mbamservice.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\malware\Malware\mbamgui.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-12-31 00:53:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-31 05:53
.
Pre-Run: 93,248,630,784 bytes free
Post-Run: 93,370,355,712 bytes free
.
- - End Of File - - DEE11CB1BD145CB9835B8AE8FE9A09D1

#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 31 December 2012 - 10:41 AM

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
===================================================

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
===================================================

On your next reply please post :
AdwCleaner log
JRT log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 Basics

Basics
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 01 January 2013 - 12:50 AM

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 00:40:16
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : cpu - CPU-PC
# Boot Mode : Normal
# Running from : C:\Users\cpu\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18639

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\cpu\AppData\Roaming\Mozilla\Firefox\Profiles\tswwb3h1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\cpu\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://www.google.com", "hxxp://search.conduit.com/?ctid=C[...]
Deleted [l.2239] : urls_to_restore_on_startup = [ "hxxp://www.google.com", "hxxp://search.conduit.com/?ctid=CT32[...]

*************************

AdwCleaner[S1].txt - [3136 octets] - [01/01/2013 00:40:16]

########## EOF - C:\AdwCleaner[S1].txt - [3196 octets] ##########









~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.3.2 (12.29.2012:3)
OS: Windows Vista ™ Home Premium x86
Ran by cpu on Tue 01/01/2013 at 0:44:18.68
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1112770693-4149911623-596431074-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\cpu\AppData\Roaming\mozilla\firefox\profiles\tswwb3h1.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/01/2013 at 0:49:45.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 01 January 2013 - 03:36 AM

How is it running so far?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 Basics

Basics
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 01 January 2013 - 09:33 AM

How is it running so far?

The virus has yet to show itself if its still on here. Thank you for your help.

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 01 January 2013 - 10:17 PM

Ok, please stay with me. We are closing to the end.


Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
===================================================

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Make sure you saved the log somewhere else. Select Uninstall application on close check box and push Posted Image
===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

On your next reply please post :
ESET log
MBAM log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:39 AM

Posted 06 January 2013 - 10:56 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users