Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Severe lagging while typing


  • Please log in to reply
16 replies to this topic

#1 Omar Yehia

Omar Yehia

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 08 January 2013 - 01:52 PM

As per here:
http://www.bleepingcomputer.com/forums/topic480563.html/page__pid__2941608__st__15#entry2941608

I am creating a new topic as my system could be infected, here are the logs requested

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by R0M at 13:37:36 on 2013-01-08
#Option MBR scan is disabled.
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1392 [GMT -5:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\locator.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PMX Daemon] ICO.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\r0m\appdata\roaming\microsoft\windows\start menu\programs\startup\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 24.200.241.37 24.202.72.13 24.200.0.1
TCP: Interfaces\{873CAC62-B718-47D2-82ED-BE05D4BF6D88} : DHCPNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
AppInit_DLLs= c:\windows\system32\guard32.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\r0m\appdata\roaming\mozilla\firefox\profiles\3ha9f3yu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: !HIDDEN! 2010-01-14 17:28; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-12-10 16064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-11-7 19632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-11-7 494416]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-11-7 42264]
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2012-3-7 49864]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-10-8 73728]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2011-12-22 110408]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-12-19 1868432]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-21 47640]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-12-10 224960]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-10-8 27648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-12-5 92632]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2012-9-6 248248]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-10-8 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-10-8 19008]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2012-11-30 132880]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2012-12-13 93968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-13 13224]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-6 27192]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-10-15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-10-15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-10-15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-10-15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-10-15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-10-15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-10-15 117672]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-12-16 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-01-05 21:31:02 -------- d-----w- c:\program files\Speccy
2013-01-05 07:43:07 -------- d-----w- c:\program files\ESET
2013-01-04 09:48:09 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{03363f67-396e-479c-9164-2207016861f7}\mpengine.dll
2013-01-04 01:28:38 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-01-04 01:28:38 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2013-01-03 22:24:18 214360 ----a-w- c:\users\r0m\appdata\roaming\microsoft\windows\start menu\programs\startup\hpqtra08.exe
2012-12-25 10:57:13 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-21 08:01:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 08:01:05 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-17 18:19:56 -------- d-----w- C:\Picture Resize Genius
2012-12-17 18:09:07 45832 ----a-w- c:\windows\system32\certsentry.dll
2012-12-14 20:34:33 -------- d--h--w- C:\VritualRoot
2012-12-14 17:58:57 -------- d-----w- c:\program files\iPod
2012-12-14 17:58:54 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-14 17:58:54 -------- d-----w- c:\program files\iTunes
2012-12-13 21:45:52 -------- d-----w- c:\users\r0m\appdata\roaming\TotalRecorder
2012-12-13 21:45:42 93968 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2012-12-13 21:22:43 -------- d-----w- c:\program files\HighCriteria
2012-12-13 10:25:03 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-12-13 03:02:28 -------- d-----w- c:\program files\Audacity
2012-12-13 01:50:11 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 01:50:06 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 01:50:06 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 01:50:05 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 01:50:05 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 01:50:05 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 01:50:04 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 01:50:04 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 01:50:02 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 01:50:01 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 01:50:01 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 01:41:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 01:39:54 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 01:39:53 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 01:39:53 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 01:39:52 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-10 19:45:49 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-12-10 19:45:49 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2012-12-09 23:23:25 -------- d-----w- c:\programdata\CPA_VA
2012-12-09 23:19:54 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-12-09 23:14:47 -------- d-----w- c:\programdata\Comodo
2012-12-09 23:14:33 -------- d-----w- c:\users\r0m\appdata\local\Comodo
2012-12-09 23:14:22 -------- d-----w- c:\program files\Comodo
.
==================== Find3M ====================
.
2013-01-04 18:06:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-04 18:06:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-25 10:56:45 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-08 15:58:50 54464 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2012-11-30 16:07:04 132880 ----a-w- c:\windows\system32\drivers\TotRec7.sys
2012-11-19 19:32:56 31616 ----a-w- c:\windows\system32\FoolishEventLogMsgHelper.dll
2012-11-19 19:09:12 53248 ----a-w- c:\windows\system32\zlib.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 20:29:04 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-10 02:25:58 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-11-08 04:37:46 42264 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-08 04:37:44 494416 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-08 04:37:44 19632 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-08 04:37:36 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-08 04:37:36 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-05 20:32:56 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-05 20:32:56 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-05 20:32:55 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-05 20:32:55 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 13:39:26.73 ===============

The lag occurs when i scroll down, when i type, several browsers have been tried with the following issues, Chrome stops responding after a while, IE slows down to a half, Firefox just lags especially on facebook or youtube, i am lagging about 3 seconds as i type this so hopefully no typos :)

Regards,

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 09 January 2013 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 09 January 2013 - 03:38 PM

13:29:49.0123 12088 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:29:49.0488 12088 ============================================================
13:29:49.0488 12088 Current date / time: 2013/01/09 13:29:49.0488
13:29:49.0488 12088 SystemInfo:
13:29:49.0488 12088
13:29:49.0488 12088 OS Version: 6.0.6002 ServicePack: 2.0
13:29:49.0488 12088 Product type: Workstation
13:29:49.0488 12088 ComputerName: ROMSTER2
13:29:49.0488 12088 UserName: R0M
13:29:49.0488 12088 Windows directory: C:\Windows
13:29:49.0488 12088 System windows directory: C:\Windows
13:29:49.0488 12088 Processor architecture: Intel x86
13:29:49.0488 12088 Number of processors: 4
13:29:49.0488 12088 Page size: 0x1000
13:29:49.0488 12088 Boot type: Normal boot
13:29:49.0489 12088 ============================================================
13:29:50.0792 12088 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:29:50.0800 12088 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:29:50.0816 12088 Drive \Device\Harddisk6\DR6 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:29:51.0252 12088 ============================================================
13:29:51.0252 12088 \Device\Harddisk0\DR0:
13:29:51.0252 12088 MBR partitions:
13:29:51.0252 12088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
13:29:51.0252 12088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x38566000
13:29:51.0252 12088 \Device\Harddisk1\DR1:
13:29:51.0252 12088 MBR partitions:
13:29:51.0252 12088 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
13:29:51.0252 12088 \Device\Harddisk6\DR6:
13:29:51.0262 12088 MBR partitions:
13:29:51.0262 12088 \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
13:29:51.0262 12088 ============================================================
13:29:51.0292 12088 C: <-> \Device\Harddisk0\DR0\Partition2
13:29:51.0322 12088 D: <-> \Device\Harddisk0\DR0\Partition1
13:29:51.0352 12088 J: <-> \Device\Harddisk1\DR1\Partition1
13:29:51.0392 12088 F: <-> \Device\Harddisk6\DR6\Partition1
13:29:51.0392 12088 ============================================================
13:29:51.0392 12088 Initialize success
13:29:51.0392 12088 ============================================================
13:30:03.0451 11764 ============================================================
13:30:03.0451 11764 Scan started
13:30:03.0451 11764 Mode: Manual;
13:30:03.0451 11764 ============================================================
13:30:04.0227 11764 ================ Scan system memory ========================
13:30:04.0227 11764 System memory - ok
13:30:04.0228 11764 ================ Scan services =============================
13:30:04.0472 11764 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:30:04.0475 11764 ACPI - ok
13:30:04.0570 11764 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:30:04.0572 11764 AdobeARMservice - ok
13:30:04.0638 11764 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:30:04.0640 11764 AdobeFlashPlayerUpdateSvc - ok
13:30:04.0686 11764 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:30:04.0695 11764 adp94xx - ok
13:30:04.0732 11764 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:30:04.0739 11764 adpahci - ok
13:30:04.0760 11764 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:30:04.0763 11764 adpu160m - ok
13:30:04.0782 11764 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:30:04.0786 11764 adpu320 - ok
13:30:04.0822 11764 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:30:04.0823 11764 AeLookupSvc - ok
13:30:04.0872 11764 [ B6D7239E7AF6D1B64C790A28067DC6E5 ] AERTFilters C:\Windows\system32\AERTSrv.exe
13:30:04.0874 11764 AERTFilters - ok
13:30:04.0918 11764 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
13:30:04.0921 11764 AFD - ok
13:30:04.0947 11764 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:30:04.0949 11764 agp440 - ok
13:30:04.0985 11764 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:30:04.0988 11764 aic78xx - ok
13:30:05.0015 11764 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:30:05.0017 11764 ALG - ok
13:30:05.0032 11764 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
13:30:05.0034 11764 aliide - ok
13:30:05.0071 11764 [ C4232FADFA9691B85DDA0A7B636C5F6D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:30:05.0192 11764 AMD External Events Utility - ok
13:30:05.0209 11764 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:30:05.0212 11764 amdagp - ok
13:30:05.0230 11764 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
13:30:05.0232 11764 amdide - ok
13:30:05.0249 11764 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:30:05.0251 11764 AmdK7 - ok
13:30:05.0264 11764 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:30:05.0266 11764 AmdK8 - ok
13:30:05.0512 11764 [ 10D681E635E81C253FC5DD1A5048B0E9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:30:05.0792 11764 amdkmdag - ok
13:30:05.0822 11764 [ 112A7F24C6535DBD2E90AEF34ECB57A4 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:30:05.0922 11764 amdkmdap - ok
13:30:05.0982 11764 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:30:05.0982 11764 Appinfo - ok
13:30:06.0052 11764 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:30:06.0062 11764 Apple Mobile Device - ok
13:30:06.0112 11764 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
13:30:06.0112 11764 arc - ok
13:30:06.0132 11764 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:30:06.0142 11764 arcsas - ok
13:30:06.0162 11764 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:30:06.0172 11764 AsyncMac - ok
13:30:06.0192 11764 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
13:30:06.0192 11764 atapi - ok
13:30:06.0222 11764 AtiHdmiService - ok
13:30:06.0562 11764 [ 10D681E635E81C253FC5DD1A5048B0E9 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:30:06.0622 11764 atikmdag - ok
13:30:06.0672 11764 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:30:06.0682 11764 AudioEndpointBuilder - ok
13:30:06.0702 11764 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:30:06.0702 11764 Audiosrv - ok
13:30:06.0722 11764 BCM42RLY - ok
13:30:06.0772 11764 [ ABD543E555BC0453BF52664936DF4DCD ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
13:30:06.0912 11764 BCM43XX - ok
13:30:06.0962 11764 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:30:06.0972 11764 Beep - ok
13:30:06.0982 11764 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
13:30:06.0992 11764 BFE - ok
13:30:07.0052 11764 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
13:30:07.0072 11764 BITS - ok
13:30:07.0092 11764 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:30:07.0092 11764 blbdrive - ok
13:30:07.0152 11764 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:30:07.0152 11764 Bonjour Service - ok
13:30:07.0182 11764 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:30:07.0282 11764 bowser - ok
13:30:07.0322 11764 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:30:07.0322 11764 BrFiltLo - ok
13:30:07.0333 11764 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:30:07.0333 11764 BrFiltUp - ok
13:30:07.0354 11764 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:30:07.0357 11764 Browser - ok
13:30:07.0378 11764 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:30:07.0380 11764 Brserid - ok
13:30:07.0396 11764 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:30:07.0400 11764 BrSerWdm - ok
13:30:07.0417 11764 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:30:07.0418 11764 BrUsbMdm - ok
13:30:07.0435 11764 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:30:07.0437 11764 BrUsbSer - ok
13:30:07.0453 11764 BT - ok
13:30:07.0459 11764 btaudio - ok
13:30:07.0463 11764 Btcsrusb - ok
13:30:07.0467 11764 BTDriver - ok
13:30:07.0503 11764 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
13:30:07.0505 11764 BthEnum - ok
13:30:07.0509 11764 BtHidBus - ok
13:30:07.0537 11764 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:30:07.0539 11764 BTHMODEM - ok
13:30:07.0565 11764 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:30:07.0568 11764 BthPan - ok
13:30:07.0649 11764 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
13:30:07.0755 11764 BTHPORT - ok
13:30:07.0818 11764 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
13:30:07.0821 11764 BthServ - ok
13:30:07.0832 11764 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:30:07.0912 11764 BTHUSB - ok
13:30:07.0944 11764 [ D3C277A51EF9E2EC972D6221F99C0B6D ] btnetBUs C:\Windows\system32\Drivers\btnetBus.sys
13:30:07.0946 11764 btnetBUs - ok
13:30:07.0950 11764 BTWDNDIS - ok
13:30:07.0953 11764 btwhid - ok
13:30:07.0956 11764 BTWUSB - ok
13:30:08.0079 11764 catchme - ok
13:30:08.0131 11764 [ E3A2DF3BCB44B9D0F8D60C651B66B4ED ] catflt C:\Windows\system32\DRIVERS\catflt.sys
13:30:08.0230 11764 catflt - ok
13:30:08.0277 11764 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:30:08.0280 11764 cdfs - ok
13:30:08.0307 11764 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:30:08.0310 11764 cdrom - ok
13:30:08.0352 11764 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
13:30:08.0354 11764 CertPropSvc - ok
13:30:08.0367 11764 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
13:30:08.0369 11764 circlass - ok
13:30:08.0398 11764 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
13:30:08.0402 11764 CLFS - ok
13:30:08.0469 11764 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:30:08.0496 11764 clr_optimization_v2.0.50727_32 - ok
13:30:08.0551 11764 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:30:08.0555 11764 clr_optimization_v4.0.30319_32 - ok
13:30:08.0684 11764 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:30:08.0695 11764 cmdAgent - ok
13:30:08.0747 11764 [ CCF9B580E0A8D4EB9A1378B6728AFD86 ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
13:30:08.0748 11764 cmderd - ok
13:30:08.0787 11764 [ 623C7421D76860837CE0643950A117E7 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
13:30:08.0790 11764 cmdGuard - ok
13:30:08.0824 11764 [ 5A6ED5F670CD80EC338A94A8A08EC7F1 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
13:30:08.0825 11764 cmdHlp - ok
13:30:08.0856 11764 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:30:08.0857 11764 cmdide - ok
13:30:08.0868 11764 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:30:08.0870 11764 Compbatt - ok
13:30:08.0874 11764 COMSysApp - ok
13:30:08.0889 11764 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:30:08.0891 11764 crcdisk - ok
13:30:08.0904 11764 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:30:08.0907 11764 Crusoe - ok
13:30:08.0939 11764 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:30:09.0022 11764 CryptSvc - ok
13:30:09.0067 11764 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:30:09.0073 11764 DcomLaunch - ok
13:30:09.0094 11764 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:30:09.0194 11764 DfsC - ok
13:30:09.0298 11764 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
13:30:09.0338 11764 DFSR - ok
13:30:09.0387 11764 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:30:09.0389 11764 Dhcp - ok
13:30:09.0429 11764 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
13:30:09.0429 11764 disk - ok
13:30:09.0476 11764 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:30:09.0554 11764 Dnscache - ok
13:30:09.0624 11764 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:30:09.0634 11764 dot3svc - ok
13:30:09.0674 11764 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:30:09.0684 11764 Dot4 - ok
13:30:09.0704 11764 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:30:09.0714 11764 Dot4Print - ok
13:30:09.0714 11764 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:30:09.0714 11764 dot4usb - ok
13:30:09.0744 11764 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:30:09.0754 11764 DPS - ok
13:30:10.0384 11764 [ 02F0870C07872CC506C33E79883082B3 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
13:30:10.0414 11764 DragonUpdater - ok
13:30:10.0454 11764 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:30:10.0454 11764 drmkaud - ok
13:30:10.0484 11764 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:30:10.0604 11764 DXGKrnl - ok
13:30:10.0644 11764 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
13:30:10.0644 11764 e1express - ok
13:30:10.0674 11764 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:30:10.0674 11764 E1G60 - ok
13:30:10.0704 11764 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:30:10.0714 11764 EapHost - ok
13:30:10.0754 11764 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:30:10.0764 11764 Ecache - ok
13:30:10.0804 11764 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:30:10.0814 11764 ehRecvr - ok
13:30:10.0824 11764 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
13:30:10.0824 11764 ehSched - ok
13:30:10.0864 11764 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
13:30:10.0864 11764 ehstart - ok
13:30:10.0904 11764 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:30:10.0914 11764 elxstor - ok
13:30:10.0954 11764 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:30:10.0964 11764 EMDMgmt - ok
13:30:10.0994 11764 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:30:10.0994 11764 ErrDev - ok
13:30:11.0014 11764 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
13:30:11.0024 11764 EventSystem - ok
13:30:11.0054 11764 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
13:30:11.0054 11764 exfat - ok
13:30:11.0084 11764 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:30:11.0084 11764 fastfat - ok
13:30:11.0104 11764 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:30:11.0104 11764 fdc - ok
13:30:11.0124 11764 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:30:11.0124 11764 fdPHost - ok
13:30:11.0174 11764 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:30:11.0174 11764 FDResPub - ok
13:30:11.0204 11764 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:30:11.0204 11764 FileInfo - ok
13:30:11.0224 11764 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:30:11.0224 11764 Filetrace - ok
13:30:11.0244 11764 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:30:11.0244 11764 flpydisk - ok
13:30:11.0254 11764 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:30:11.0264 11764 FltMgr - ok
13:30:11.0324 11764 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
13:30:11.0467 11764 FontCache - ok
13:30:11.0557 11764 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:30:11.0559 11764 FontCache3.0.0.0 - ok
13:30:11.0582 11764 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:30:11.0678 11764 Fs_Rec - ok
13:30:11.0698 11764 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:30:11.0713 11764 gagp30kx - ok
13:30:11.0746 11764 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:30:11.0748 11764 GEARAspiWDM - ok
13:30:11.0773 11764 [ DAA2B09E589569462E16596526C920C8 ] ggc C:\Windows\system32\DRIVERS\ggc.sys
13:30:11.0855 11764 ggc - ok
13:30:11.0902 11764 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
13:30:11.0999 11764 ggflt - ok
13:30:12.0027 11764 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
13:30:12.0108 11764 ggsemc - ok
13:30:12.0112 11764 GLogin - ok
13:30:12.0218 11764 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
13:30:12.0242 11764 gpsvc - ok
13:30:12.0265 11764 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:30:12.0272 11764 HdAudAddService - ok
13:30:12.0305 11764 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:30:12.0317 11764 HDAudBus - ok
13:30:12.0336 11764 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:30:12.0338 11764 HidBth - ok
13:30:12.0364 11764 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:30:12.0365 11764 HidIr - ok
13:30:12.0381 11764 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
13:30:12.0384 11764 hidserv - ok
13:30:12.0406 11764 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:30:12.0408 11764 HidUsb - ok
13:30:12.0430 11764 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:30:12.0433 11764 hkmsvc - ok
13:30:12.0451 11764 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:30:12.0453 11764 HpCISSs - ok
13:30:12.0548 11764 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:30:12.0551 11764 hpqcxs08 - ok
13:30:12.0592 11764 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:30:12.0605 11764 hpqddsvc - ok
13:30:12.0628 11764 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:30:12.0770 11764 HTTP - ok
13:30:12.0785 11764 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:30:12.0798 11764 i2omp - ok
13:30:12.0830 11764 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:30:12.0833 11764 i8042prt - ok
13:30:12.0881 11764 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\drivers\iastor.sys
13:30:12.0888 11764 iaStor - ok
13:30:12.0910 11764 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:30:12.0916 11764 iaStorV - ok
13:30:12.0997 11764 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:30:13.0127 11764 IDriverT - ok
13:30:13.0251 11764 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:30:13.0269 11764 idsvc - ok
13:30:13.0285 11764 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:30:13.0288 11764 iirsp - ok
13:30:13.0320 11764 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
13:30:13.0330 11764 IKEEXT - ok
13:30:13.0352 11764 [ CE3034F551E06F7A290DA4D8DF29246E ] inspect C:\Windows\system32\DRIVERS\inspect.sys
13:30:13.0354 11764 inspect - ok
13:30:13.0459 11764 [ 32ABC54D0DDE1A8885C9439537DD3BAD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:30:13.0582 11764 IntcAzAudAddService - ok
13:30:13.0622 11764 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:30:13.0622 11764 intelide - ok
13:30:13.0652 11764 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:30:13.0652 11764 intelppm - ok
13:30:13.0692 11764 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:30:13.0702 11764 IPBusEnum - ok
13:30:13.0722 11764 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:30:13.0732 11764 IpFilterDriver - ok
13:30:13.0752 11764 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:30:13.0872 11764 iphlpsvc - ok
13:30:13.0882 11764 IpInIp - ok
13:30:13.0892 11764 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:30:13.0902 11764 IPMIDRV - ok
13:30:13.0912 11764 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:30:13.0922 11764 IPNAT - ok
13:30:13.0972 11764 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:30:14.0092 11764 iPod Service - ok
13:30:14.0102 11764 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:30:14.0102 11764 IRENUM - ok
13:30:14.0112 11764 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:30:14.0122 11764 isapnp - ok
13:30:14.0142 11764 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:30:14.0142 11764 iScsiPrt - ok
13:30:14.0162 11764 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:30:14.0162 11764 iteatapi - ok
13:30:14.0192 11764 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:30:14.0192 11764 iteraid - ok
13:30:14.0202 11764 IvtBtBUs - ok
13:30:14.0222 11764 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:30:14.0222 11764 kbdclass - ok
13:30:14.0252 11764 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:30:14.0252 11764 kbdhid - ok
13:30:14.0272 11764 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
13:30:14.0282 11764 KeyIso - ok
13:30:14.0322 11764 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:30:14.0322 11764 KSecDD - ok
13:30:14.0382 11764 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:30:14.0392 11764 KtmRm - ok
13:30:14.0422 11764 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
13:30:14.0562 11764 LanmanServer - ok
13:30:14.0602 11764 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:30:14.0602 11764 LanmanWorkstation - ok
13:30:14.0632 11764 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:30:14.0642 11764 lltdio - ok
13:30:14.0672 11764 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:30:14.0682 11764 lltdsvc - ok
13:30:14.0702 11764 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:30:14.0702 11764 lmhosts - ok
13:30:14.0802 11764 [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
13:30:14.0802 11764 LMIGuardianSvc - ok
13:30:14.0822 11764 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
13:30:14.0822 11764 LMIInfo - ok
13:30:14.0852 11764 [ D95F3217C9DFA24ECA582ED8E435E221 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
13:30:14.0852 11764 LMIMaint - ok
13:30:14.0892 11764 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
13:30:14.0892 11764 lmimirr - ok
13:30:14.0902 11764 LMIRfsClientNP - ok
13:30:14.0912 11764 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
13:30:14.0912 11764 LMIRfsDriver - ok
13:30:14.0932 11764 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
13:30:14.0942 11764 LogMeIn - ok
13:30:14.0962 11764 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:30:14.0962 11764 LSI_FC - ok
13:30:14.0982 11764 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:30:14.0982 11764 LSI_SAS - ok
13:30:15.0012 11764 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:30:15.0012 11764 LSI_SCSI - ok
13:30:15.0032 11764 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:30:15.0032 11764 luafv - ok
13:30:15.0062 11764 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:30:15.0072 11764 Mcx2Svc - ok
13:30:15.0102 11764 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
13:30:15.0102 11764 megasas - ok
13:30:15.0132 11764 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:30:15.0142 11764 MegaSR - ok
13:30:15.0172 11764 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:30:15.0172 11764 MMCSS - ok
13:30:15.0182 11764 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:30:15.0192 11764 Modem - ok
13:30:15.0212 11764 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:30:15.0212 11764 monitor - ok
13:30:15.0212 11764 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:30:15.0222 11764 mouclass - ok
13:30:15.0242 11764 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:30:15.0242 11764 mouhid - ok
13:30:15.0252 11764 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:30:15.0252 11764 MountMgr - ok
13:30:15.0282 11764 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:30:15.0389 11764 MozillaMaintenance - ok
13:30:15.0427 11764 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
13:30:15.0430 11764 mpio - ok
13:30:15.0472 11764 MpKsl145c1d68 - ok
13:30:15.0495 11764 MpKsl2cea89db - ok
13:30:15.0500 11764 MpKsleb09c178 - ok
13:30:15.0519 11764 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:30:15.0522 11764 mpsdrv - ok
13:30:15.0549 11764 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
13:30:15.0559 11764 MpsSvc - ok
13:30:15.0580 11764 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:30:15.0583 11764 Mraid35x - ok
13:30:15.0607 11764 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:30:15.0610 11764 MRxDAV - ok
13:30:15.0621 11764 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:30:15.0711 11764 mrxsmb - ok
13:30:15.0857 11764 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:30:15.0983 11764 mrxsmb10 - ok
13:30:15.0991 11764 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:30:16.0080 11764 mrxsmb20 - ok
13:30:16.0095 11764 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
13:30:16.0178 11764 msahci - ok
13:30:16.0196 11764 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:30:16.0199 11764 msdsm - ok
13:30:16.0216 11764 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:30:16.0221 11764 MSDTC - ok
13:30:16.0254 11764 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:30:16.0256 11764 Msfs - ok
13:30:16.0291 11764 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:30:16.0293 11764 msisadrv - ok
13:30:16.0318 11764 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:30:16.0323 11764 MSiSCSI - ok
13:30:16.0327 11764 msiserver - ok
13:30:16.0351 11764 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:30:16.0353 11764 MSKSSRV - ok
13:30:16.0369 11764 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:30:16.0371 11764 MSPCLOCK - ok
13:30:16.0375 11764 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:30:16.0377 11764 MSPQM - ok
13:30:16.0402 11764 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:30:16.0406 11764 MsRPC - ok
13:30:16.0417 11764 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:30:16.0419 11764 mssmbios - ok
13:30:16.0423 11764 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:30:16.0425 11764 MSTEE - ok
13:30:16.0440 11764 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
13:30:16.0442 11764 Mup - ok
13:30:16.0471 11764 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
13:30:16.0476 11764 napagent - ok
13:30:16.0525 11764 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:30:16.0529 11764 NativeWifiP - ok
13:30:16.0578 11764 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:30:16.0589 11764 NDIS - ok
13:30:16.0611 11764 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:30:16.0613 11764 NdisTapi - ok
13:30:16.0619 11764 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:30:16.0621 11764 Ndisuio - ok
13:30:16.0653 11764 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:30:16.0657 11764 NdisWan - ok
13:30:16.0666 11764 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:30:16.0669 11764 NDProxy - ok
13:30:16.0718 11764 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:30:16.0721 11764 Net Driver HPZ12 - ok
13:30:16.0729 11764 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:30:16.0731 11764 NetBIOS - ok
13:30:16.0745 11764 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:30:16.0750 11764 netbt - ok
13:30:16.0755 11764 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
13:30:16.0757 11764 Netlogon - ok
13:30:16.0784 11764 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:30:16.0792 11764 Netman - ok
13:30:16.0812 11764 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:30:16.0821 11764 netprofm - ok
13:30:16.0842 11764 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:30:16.0845 11764 NetTcpPortSharing - ok
13:30:16.0851 11764 networx - ok
13:30:16.0866 11764 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:30:16.0869 11764 nfrd960 - ok
13:30:16.0895 11764 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:30:16.0901 11764 NlaSvc - ok
13:30:16.0913 11764 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:30:16.0915 11764 Npfs - ok
13:30:16.0941 11764 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:30:16.0945 11764 nsi - ok
13:30:16.0953 11764 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:30:16.0955 11764 nsiproxy - ok
13:30:16.0994 11764 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:30:17.0017 11764 Ntfs - ok
13:30:17.0031 11764 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:30:17.0033 11764 ntrigdigi - ok
13:30:17.0037 11764 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:30:17.0039 11764 Null - ok
13:30:17.0055 11764 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:30:17.0058 11764 nvraid - ok
13:30:17.0075 11764 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:30:17.0077 11764 nvstor - ok
13:30:17.0092 11764 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:30:17.0095 11764 nv_agp - ok
13:30:17.0100 11764 NwlnkFlt - ok
13:30:17.0105 11764 NwlnkFwd - ok
13:30:17.0138 11764 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:30:17.0141 11764 ohci1394 - ok
13:30:17.0200 11764 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:30:17.0203 11764 ose - ok
13:30:17.0246 11764 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:30:17.0261 11764 p2pimsvc - ok
13:30:17.0273 11764 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
13:30:17.0279 11764 p2psvc - ok
13:30:17.0297 11764 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
13:30:17.0300 11764 Parport - ok
13:30:17.0326 11764 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:30:17.0328 11764 partmgr - ok
13:30:17.0341 11764 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
13:30:17.0342 11764 Parvdm - ok
13:30:17.0361 11764 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:30:17.0365 11764 PcaSvc - ok
13:30:17.0393 11764 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
13:30:17.0425 11764 pci - ok
13:30:17.0425 11764 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
13:30:17.0425 11764 pciide - ok
13:30:17.0456 11764 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:30:17.0456 11764 pcmcia - ok
13:30:17.0472 11764 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
13:30:17.0487 11764 pcouffin - ok
13:30:17.0517 11764 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:30:17.0537 11764 PEAUTH - ok
13:30:17.0627 11764 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:30:17.0657 11764 pla - ok
13:30:17.0687 11764 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:30:17.0697 11764 PlugPlay - ok
13:30:17.0737 11764 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:30:17.0737 11764 Pml Driver HPZ12 - ok
13:30:17.0767 11764 [ FAB495F1DEFEB596C44B9752A25E2A60 ] pmxmouse C:\Windows\system32\DRIVERS\pmxmouse.sys
13:30:17.0767 11764 pmxmouse - ok
13:30:17.0797 11764 [ 020EAE9DFE3CD277994CE60E4C2C71CF ] pmxusblf C:\Windows\system32\DRIVERS\pmxusblf.sys
13:30:17.0797 11764 pmxusblf - ok
13:30:17.0827 11764 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:30:17.0827 11764 PNRPAutoReg - ok
13:30:17.0837 11764 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:30:17.0847 11764 PNRPsvc - ok
13:30:17.0867 11764 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:30:17.0877 11764 PolicyAgent - ok
13:30:17.0907 11764 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:30:17.0907 11764 PptpMiniport - ok
13:30:17.0927 11764 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
13:30:17.0927 11764 Processor - ok
13:30:17.0947 11764 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
13:30:17.0947 11764 ProfSvc - ok
13:30:17.0957 11764 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:30:17.0957 11764 ProtectedStorage - ok
13:30:17.0987 11764 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:30:17.0987 11764 PSched - ok
13:30:18.0007 11764 [ A7F52A112EAAC370A0FAAD5D03CDFAA6 ] pssnap C:\Windows\system32\DRIVERS\pssnap.sys
13:30:18.0007 11764 pssnap - ok
13:30:18.0017 11764 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
13:30:18.0017 11764 PxHelp20 - ok
13:30:18.0077 11764 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:30:18.0097 11764 ql2300 - ok
13:30:18.0117 11764 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:30:18.0127 11764 ql40xx - ok
13:30:18.0157 11764 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:30:18.0157 11764 QWAVE - ok
13:30:18.0167 11764 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:30:18.0177 11764 QWAVEdrv - ok
13:30:18.0397 11764 [ 10D681E635E81C253FC5DD1A5048B0E9 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
13:30:18.0457 11764 R300 - ok
13:30:18.0497 11764 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:30:18.0497 11764 RasAcd - ok
13:30:18.0537 11764 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:30:18.0537 11764 RasAuto - ok
13:30:18.0557 11764 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:30:18.0557 11764 Rasl2tp - ok
13:30:18.0577 11764 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
13:30:18.0587 11764 RasMan - ok
13:30:18.0597 11764 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:30:18.0607 11764 RasPppoe - ok
13:30:18.0627 11764 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:30:18.0627 11764 RasSstp - ok
13:30:18.0657 11764 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:30:18.0667 11764 rdbss - ok
13:30:18.0717 11764 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:30:18.0717 11764 RDPCDD - ok
13:30:18.0757 11764 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:30:18.0767 11764 rdpdr - ok
13:30:18.0787 11764 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:30:18.0787 11764 RDPENCDD - ok
13:30:18.0827 11764 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:30:18.0917 11764 RDPWD - ok
13:30:18.0967 11764 [ EA0C884D406CA0164935D11842241F08 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
13:30:18.0977 11764 ReflectService.exe - ok
13:30:19.0017 11764 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:30:19.0017 11764 RemoteAccess - ok
13:30:19.0037 11764 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:30:19.0047 11764 RemoteRegistry - ok
13:30:19.0087 11764 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
13:30:19.0177 11764 Revoflt - ok
13:30:19.0207 11764 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:30:19.0207 11764 RFCOMM - ok
13:30:19.0237 11764 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:30:19.0237 11764 RpcLocator - ok
13:30:19.0257 11764 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
13:30:19.0257 11764 RpcSs - ok
13:30:19.0267 11764 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:30:19.0267 11764 rspndr - ok
13:30:19.0307 11764 [ 8DF962D1209D1F3D3F444C205950247F ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
13:30:19.0428 11764 RTL8169 - ok
13:30:19.0475 11764 [ 7F8D15EE000577BE703537849D4F9397 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
13:30:19.0477 11764 RtNdPt60 - ok
13:30:19.0508 11764 [ 6381D7FAC6CE956F37AA76031939F8CC ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
13:30:19.0512 11764 s0017bus - ok
13:30:19.0529 11764 [ 3A0B4FC02D9D79A4F7EE9C13E287C5EB ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
13:30:19.0531 11764 s0017mdfl - ok
13:30:19.0554 11764 [ AA689C79D62CAF565357520CAE065F17 ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
13:30:19.0558 11764 s0017mdm - ok
13:30:19.0575 11764 [ 547B1A09017A4C4CE6B535BA810523DA ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
13:30:19.0579 11764 s0017mgmt - ok
13:30:19.0608 11764 [ 6DB4820821E819CF61546E1F991A298D ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
13:30:19.0611 11764 s0017nd5 - ok
13:30:19.0634 11764 [ D623BF6F04F7603EE1C4B59C737B69A7 ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
13:30:19.0637 11764 s0017obex - ok
13:30:19.0683 11764 [ 0C970A53FC43815E948628442F8983AD ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
13:30:19.0687 11764 s0017unic - ok
13:30:19.0728 11764 [ 1F561844318914E7EB6E54673A4CC54C ] s117bus C:\Windows\system32\DRIVERS\s117bus.sys
13:30:19.0731 11764 s117bus - ok
13:30:19.0747 11764 [ BA93EEC3CDF6A63B77AE66221AA4F902 ] s117mdfl C:\Windows\system32\DRIVERS\s117mdfl.sys
13:30:19.0748 11764 s117mdfl - ok
13:30:19.0771 11764 [ CBA12FD8A8EE5B5CDFBBAE2381CD6703 ] s117mdm C:\Windows\system32\DRIVERS\s117mdm.sys
13:30:19.0775 11764 s117mdm - ok
13:30:19.0789 11764 [ BD6483E64B1DA17E812B34BCDEFD9459 ] s117mgmt C:\Windows\system32\DRIVERS\s117mgmt.sys
13:30:19.0792 11764 s117mgmt - ok
13:30:19.0816 11764 [ C7CA36C3054B4CD47A1F6611B046E2F9 ] s117nd5 C:\Windows\system32\DRIVERS\s117nd5.sys
13:30:19.0819 11764 s117nd5 - ok
13:30:19.0831 11764 [ E290B3A6B58FB72CA97DD48D64E4FC1C ] s117obex C:\Windows\system32\DRIVERS\s117obex.sys
13:30:19.0834 11764 s117obex - ok
13:30:19.0851 11764 [ 5C4D1BA23C7511AC880E8BA7BAA80DBA ] s117unic C:\Windows\system32\DRIVERS\s117unic.sys
13:30:19.0855 11764 s117unic - ok
13:30:19.0875 11764 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
13:30:19.0877 11764 SamSs - ok
13:30:19.0902 11764 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:30:19.0905 11764 sbp2port - ok
13:30:19.0934 11764 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:30:19.0939 11764 SCardSvr - ok
13:30:19.0970 11764 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
13:30:19.0976 11764 Schedule - ok
13:30:19.0995 11764 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:30:19.0996 11764 SCPolicySvc - ok
13:30:20.0050 11764 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:30:20.0055 11764 SDRSVC - ok
13:30:20.0067 11764 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:30:20.0069 11764 secdrv - ok
13:30:20.0076 11764 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:30:20.0080 11764 seclogon - ok
13:30:20.0094 11764 seehcri - ok
13:30:20.0110 11764 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
13:30:20.0114 11764 SENS - ok
13:30:20.0130 11764 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:30:20.0132 11764 Serenum - ok
13:30:20.0151 11764 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
13:30:20.0154 11764 Serial - ok
13:30:20.0170 11764 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:30:20.0172 11764 sermouse - ok
13:30:20.0200 11764 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:30:20.0205 11764 SessionEnv - ok
13:30:20.0220 11764 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:30:20.0222 11764 sffdisk - ok
13:30:20.0241 11764 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:30:20.0243 11764 sffp_mmc - ok
13:30:20.0261 11764 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:30:20.0263 11764 sffp_sd - ok
13:30:20.0283 11764 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:30:20.0285 11764 sfloppy - ok
13:30:20.0317 11764 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:30:20.0324 11764 SharedAccess - ok
13:30:20.0341 11764 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:30:20.0434 11764 ShellHWDetection - ok
13:30:20.0454 11764 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:30:20.0457 11764 sisagp - ok
13:30:20.0470 11764 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:30:20.0473 11764 SiSRaid2 - ok
13:30:20.0488 11764 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:30:20.0491 11764 SiSRaid4 - ok
13:30:20.0586 11764 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
13:30:20.0654 11764 slsvc - ok
13:30:20.0685 11764 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:30:20.0689 11764 SLUINotify - ok
13:30:20.0707 11764 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:30:20.0710 11764 Smb - ok
13:30:20.0742 11764 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:30:20.0746 11764 SNMPTRAP - ok
13:30:20.0775 11764 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:30:20.0778 11764 spldr - ok
13:30:20.0799 11764 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
13:30:20.0913 11764 Spooler - ok
13:30:20.0933 11764 sprtsvc_dellsupportcenter - ok
13:30:20.0970 11764 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:30:21.0077 11764 srv - ok
13:30:21.0104 11764 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:30:21.0230 11764 srv2 - ok
13:30:21.0248 11764 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:30:21.0339 11764 srvnet - ok
13:30:21.0365 11764 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:30:21.0371 11764 SSDPSRV - ok
13:30:21.0442 11764 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:30:21.0442 11764 SstpSvc - ok
13:30:21.0468 11764 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
13:30:21.0548 11764 stisvc - ok
13:30:21.0618 11764 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:30:21.0618 11764 swenum - ok
13:30:21.0648 11764 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
13:30:21.0658 11764 swprv - ok
13:30:21.0698 11764 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:30:21.0698 11764 Symc8xx - ok
13:30:21.0738 11764 [ C9273531EAC75EE225E3170FB6107FA3 ] symsnap C:\Windows\system32\DRIVERS\symsnap.sys
13:30:21.0738 11764 symsnap - ok
13:30:21.0758 11764 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:30:21.0758 11764 Sym_hi - ok
13:30:21.0768 11764 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:30:21.0778 11764 Sym_u3 - ok
13:30:21.0808 11764 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
13:30:21.0818 11764 SysMain - ok
13:30:21.0848 11764 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:30:21.0848 11764 TabletInputService - ok
13:30:21.0898 11764 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
13:30:21.0978 11764 taphss - ok
13:30:21.0998 11764 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:30:21.0998 11764 TapiSrv - ok
13:30:22.0018 11764 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:30:22.0018 11764 TBS - ok
13:30:22.0058 11764 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:30:22.0188 11764 Tcpip - ok
13:30:22.0208 11764 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:30:22.0208 11764 Tcpip6 - ok
13:30:22.0228 11764 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:30:22.0308 11764 tcpipreg - ok
13:30:22.0328 11764 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:30:22.0328 11764 TDPIPE - ok
13:30:22.0338 11764 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:30:22.0338 11764 TDTCP - ok
13:30:22.0378 11764 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:30:22.0378 11764 tdx - ok
13:30:22.0398 11764 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:30:22.0398 11764 TermDD - ok
13:30:22.0418 11764 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
13:30:22.0428 11764 TermService - ok
13:30:22.0448 11764 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
13:30:22.0448 11764 Themes - ok
13:30:22.0468 11764 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:30:22.0468 11764 THREADORDER - ok
13:30:22.0548 11764 [ F620772888B6E3EDEF5C3E71E3D447F0 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
13:30:22.0658 11764 TomTomHOMEService - ok
13:30:22.0708 11764 [ 23B571AA38D8E9B2E87B5FB0D38E8389 ] TotRec7 C:\Windows\system32\drivers\TotRec7.sys
13:30:22.0828 11764 TotRec7 - ok
13:30:22.0868 11764 [ B7D7219CC30C68560876B61E53052476 ] TotRec8 C:\Windows\system32\drivers\TotRec8.sys
13:30:22.0948 11764 TotRec8 - ok
13:30:23.0028 11764 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:30:23.0028 11764 TrkWks - ok
13:30:23.0058 11764 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:30:23.0058 11764 TrustedInstaller - ok
13:30:23.0078 11764 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:30:23.0088 11764 tssecsrv - ok
13:30:23.0098 11764 TuneUpUtilitiesDrv - ok
13:30:23.0118 11764 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:30:23.0118 11764 tunmp - ok
13:30:23.0138 11764 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:30:23.0218 11764 tunnel - ok
13:30:23.0248 11764 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:30:23.0258 11764 uagp35 - ok
13:30:23.0278 11764 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:30:23.0278 11764 udfs - ok
13:30:23.0298 11764 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:30:23.0308 11764 UI0Detect - ok
13:30:23.0318 11764 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:30:23.0318 11764 uliagpkx - ok
13:30:23.0338 11764 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:30:23.0348 11764 uliahci - ok
13:30:23.0349 11764 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:30:23.0353 11764 UlSata - ok
13:30:23.0373 11764 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:30:23.0377 11764 ulsata2 - ok
13:30:23.0393 11764 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:30:23.0396 11764 umbus - ok
13:30:23.0430 11764 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
13:30:23.0432 11764 UMPass - ok
13:30:23.0461 11764 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:30:23.0467 11764 upnphost - ok
13:30:23.0492 11764 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:30:23.0575 11764 USBAAPL - ok
13:30:23.0620 11764 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:30:23.0624 11764 usbaudio - ok
13:30:23.0685 11764 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:30:23.0689 11764 usbccgp - ok
13:30:23.0711 11764 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:30:23.0714 11764 usbcir - ok
13:30:23.0745 11764 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:30:23.0747 11764 usbehci - ok
13:30:23.0770 11764 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:30:23.0775 11764 usbhub - ok
13:30:23.0802 11764 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:30:23.0804 11764 usbohci - ok
13:30:23.0824 11764 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:30:23.0826 11764 usbprint - ok
13:30:23.0908 11764 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:30:23.0910 11764 usbscan - ok
13:30:23.0970 11764 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:30:23.0973 11764 USBSTOR - ok
13:30:23.0987 11764 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:30:23.0990 11764 usbuhci - ok
13:30:24.0017 11764 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
13:30:24.0022 11764 UxSms - ok
13:30:24.0059 11764 [ B4D63048D6358E7C6AB61B98B8CFF263 ] v2imount C:\Windows\system32\DRIVERS\v2imount.sys
13:30:24.0061 11764 v2imount - ok
13:30:24.0067 11764 VComm - ok
13:30:24.0073 11764 VcommMgr - ok
13:30:24.0113 11764 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
13:30:24.0125 11764 vds - ok
13:30:24.0145 11764 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:30:24.0147 11764 vga - ok
13:30:24.0166 11764 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:30:24.0168 11764 VgaSave - ok
13:30:24.0182 11764 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:30:24.0185 11764 viaagp - ok
13:30:24.0197 11764 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:30:24.0200 11764 ViaC7 - ok
13:30:24.0213 11764 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
13:30:24.0215 11764 viaide - ok
13:30:24.0232 11764 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:30:24.0234 11764 volmgr - ok
13:30:24.0269 11764 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:30:24.0275 11764 volmgrx - ok
13:30:24.0311 11764 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:30:24.0436 11764 volsnap - ok
13:30:24.0459 11764 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:30:24.0463 11764 vsmraid - ok
13:30:24.0509 11764 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
13:30:24.0533 11764 VSS - ok
13:30:24.0566 11764 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
13:30:24.0571 11764 W32Time - ok
13:30:24.0588 11764 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:30:24.0590 11764 WacomPen - ok
13:30:24.0616 11764 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:30:24.0618 11764 Wanarp - ok
13:30:24.0635 11764 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:30:24.0637 11764 Wanarpv6 - ok
13:30:24.0678 11764 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:30:24.0690 11764 wcncsvc - ok
13:30:24.0709 11764 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:30:24.0713 11764 WcsPlugInService - ok
13:30:24.0729 11764 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
13:30:24.0732 11764 Wd - ok
13:30:24.0775 11764 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
13:30:24.0777 11764 WDC_SAM - ok
13:30:24.0813 11764 [ B5B84712111414DD1B14C2346E9868BE ] WDDriveService C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
13:30:24.0915 11764 WDDriveService - ok
13:30:24.0962 11764 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:30:25.0068 11764 Wdf01000 - ok
13:30:25.0089 11764 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:30:25.0095 11764 WdiServiceHost - ok
13:30:25.0101 11764 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:30:25.0105 11764 WdiSystemHost - ok
13:30:25.0129 11764 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
13:30:25.0136 11764 WebClient - ok
13:30:25.0158 11764 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:30:25.0273 11764 Wecsvc - ok
13:30:25.0284 11764 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:30:25.0289 11764 wercplsupport - ok
13:30:25.0317 11764 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
13:30:25.0323 11764 WerSvc - ok
13:30:25.0372 11764 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:30:25.0379 11764 WinDefend - ok
13:30:25.0387 11764 WinHttpAutoProxySvc - ok
13:30:25.0454 11764 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:30:25.0454 11764 Winmgmt - ok
13:30:25.0494 11764 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
13:30:25.0624 11764 WinRM - ok
13:30:25.0664 11764 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:30:25.0704 11764 Wlansvc - ok
13:30:25.0714 11764 wltrysvc - ok
13:30:25.0734 11764 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:30:25.0744 11764 WmiAcpi - ok
13:30:25.0764 11764 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:30:25.0774 11764 wmiApSrv - ok
13:30:25.0824 11764 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:30:25.0844 11764 WMPNetworkSvc - ok
13:30:25.0864 11764 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:30:25.0874 11764 WPCSvc - ok
13:30:25.0894 11764 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:30:25.0904 11764 WPDBusEnum - ok
13:30:25.0924 11764 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:30:25.0924 11764 WpdUsb - ok
13:30:26.0014 11764 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:30:26.0034 11764 WPFFontCache_v0400 - ok
13:30:26.0044 11764 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:30:26.0044 11764 ws2ifsl - ok
13:30:26.0074 11764 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
13:30:26.0074 11764 wscsvc - ok
13:30:26.0084 11764 WSearch - ok
13:30:26.0154 11764 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:30:26.0174 11764 wuauserv - ok
13:30:26.0204 11764 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:30:26.0204 11764 WudfPf - ok
13:30:26.0234 11764 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:30:26.0364 11764 WUDFRd - ok
13:30:26.0394 11764 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:30:26.0474 11764 wudfsvc - ok
13:30:26.0534 11764 ================ Scan global ===============================
13:30:26.0554 11764 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:30:26.0584 11764 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:30:26.0724 11764 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:30:26.0754 11764 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:30:26.0764 11764 [Global] - ok
13:30:26.0764 11764 ================ Scan MBR ==================================
13:30:26.0774 11764 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:30:26.0974 11764 \Device\Harddisk0\DR0 - ok
13:30:26.0974 11764 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
13:30:26.0984 11764 \Device\Harddisk1\DR1 - ok
13:30:26.0984 11764 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6
13:30:26.0984 11764 \Device\Harddisk6\DR6 - ok
13:30:26.0994 11764 ================ Scan VBR ==================================
13:30:27.0004 11764 [ 0DF498043B82843B314C4AD3A1003FBE ] \Device\Harddisk0\DR0\Partition1
13:30:27.0004 11764 \Device\Harddisk0\DR0\Partition1 - ok
13:30:27.0014 11764 [ 77E51061EABC1CABE2BBF3EB09A94BF9 ] \Device\Harddisk0\DR0\Partition2
13:30:27.0014 11764 \Device\Harddisk0\DR0\Partition2 - ok
13:30:27.0014 11764 [ FCF3F24FE94EE950CBADAF40DFEF6605 ] \Device\Harddisk1\DR1\Partition1
13:30:27.0024 11764 \Device\Harddisk1\DR1\Partition1 - ok
13:30:27.0024 11764 [ 28FD12954942FC44714DA473A15EADF7 ] \Device\Harddisk6\DR6\Partition1
13:30:27.0024 11764 \Device\Harddisk6\DR6\Partition1 - ok
13:30:27.0024 11764 ============================================================
13:30:27.0024 11764 Scan finished
13:30:27.0024 11764 ============================================================
13:30:27.0084 11772 Detected object count: 0
13:30:27.0084 11772 Actual detected object count: 0
13:31:52.0955 9552 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-09 13:33:03
-----------------------------
13:33:03.777 OS Version: Windows 6.0.6002 Service Pack 2
13:33:03.777 Number of processors: 4 586 0xF0B
13:33:03.779 ComputerName: ROMSTER2 UserName: R0M
13:33:55.118 Initialize success
13:34:37.660 AVAST engine defs: 13010900
13:34:43.992 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:34:43.994 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
13:34:43.996 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
13:34:43.998 Disk 1 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 3
13:34:44.052 Disk 0 MBR read successfully
13:34:44.055 Disk 0 MBR scan
13:34:44.140 Disk 0 Windows VISTA default MBR code
13:34:44.167 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
13:34:44.242 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
13:34:44.314 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
13:34:44.342 Disk 0 scanning sectors +976771072
13:34:44.636 Disk 0 scanning C:\Windows\system32\drivers
13:35:14.486 Service scanning
13:35:43.576 Modules scanning
13:35:47.318 Disk 0 trace - called modules:
13:35:47.329 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:35:47.334 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8698ea78]
13:35:47.339 3 CLASSPNP.SYS[8adb28b3] -> nt!IofCallDriver -> [0x84f8b898]
13:35:47.343 5 acpi.sys[8309c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85395820]
13:35:48.544 AVAST engine scan C:\Windows
13:35:54.456 AVAST engine scan C:\Windows\system32
13:56:28.531 AVAST engine scan C:\Windows\system32\drivers
13:56:49.738 AVAST engine scan C:\Users\R0M
15:33:57.675 AVAST engine scan C:\ProgramData
15:37:16.911 Scan finished successfully
15:37:24.382 Disk 0 MBR has been saved successfully to "C:\Users\R0M\Desktop\MBR.dat"
15:37:24.403 The log file has been saved successfully to "C:\Users\R0M\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   566bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 09 January 2013 - 04:52 PM

Now that this as been cleared, please

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#5 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 09 January 2013 - 06:35 PM

ComboFix 13-01-08.01 - R0M 09/01/2013 18:10:54.28.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1512 [GMT -5:00]
Running from: c:\users\R0M\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 23:24 . 2013-01-09 23:25 -------- d-----w- c:\users\R0M\AppData\Local\temp
2013-01-09 23:24 . 2013-01-09 23:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-09 23:24 . 2013-01-09 23:24 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2013-01-09 23:24 . 2013-01-09 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-09 18:52 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 18:51 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 18:49 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-08 20:21 . 2013-01-08 20:21 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A170E9E-C8C6-4883-8A39-522475C5F9C2}\offreg.dll
2013-01-08 19:53 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A170E9E-C8C6-4883-8A39-522475C5F9C2}\mpengine.dll
2013-01-05 21:31 . 2013-01-05 21:31 -------- d-----w- c:\program files\Speccy
2013-01-05 07:43 . 2013-01-05 07:43 -------- d-----w- c:\program files\ESET
2013-01-04 01:28 . 2012-11-10 02:25 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-01-04 01:28 . 2012-11-10 02:25 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2013-01-03 22:24 . 2008-03-26 01:40 214360 ----a-w- c:\users\R0M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
2012-12-25 10:57 . 2012-12-25 10:57 -------- d-----w- c:\program files\Common Files\Java
2012-12-25 10:57 . 2012-12-25 10:56 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-21 08:01 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 08:01 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-17 18:19 . 2012-12-25 07:11 -------- d-----w- C:\Picture Resize Genius
2012-12-17 18:09 . 2012-12-22 09:04 45832 ----a-w- c:\windows\system32\certsentry.dll
2012-12-14 20:34 . 2012-12-14 20:34 -------- d-----w- C:\VritualRoot
2012-12-14 17:58 . 2012-12-14 17:58 -------- d-----w- c:\program files\iPod
2012-12-14 17:58 . 2012-12-14 18:00 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-14 17:58 . 2012-12-14 18:00 -------- d-----w- c:\program files\iTunes
2012-12-13 21:45 . 2012-12-15 10:39 -------- d-----w- c:\users\R0M\AppData\Roaming\TotalRecorder
2012-12-13 21:45 . 2012-11-30 16:07 93968 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2012-12-13 21:22 . 2012-12-13 21:22 -------- d-----w- c:\program files\HighCriteria
2012-12-13 03:02 . 2012-12-13 03:02 -------- d-----w- c:\program files\Audacity
2012-12-13 01:50 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 01:50 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 01:50 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 01:50 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 01:50 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 01:50 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 01:50 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 01:50 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 01:50 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 01:50 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 01:50 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 01:41 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 01:39 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 01:39 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 01:39 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 21:11 . 2012-04-09 15:26 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 21:11 . 2011-07-26 22:26 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-25 10:56 . 2010-04-17 21:46 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-14 21:49 . 2012-11-19 18:56 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-10 18:20 . 2012-12-10 19:45 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2012-12-10 18:20 . 2012-12-10 19:45 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-12-08 15:58 . 2012-12-08 17:32 54464 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2012-11-30 16:07 . 2012-11-30 16:07 132880 ----a-w- c:\windows\system32\drivers\TotRec7.sys
2012-11-19 19:32 . 2012-11-19 19:08 31616 ----a-w- c:\windows\system32\FoolishEventLogMsgHelper.dll
2012-11-19 19:09 . 2012-11-19 19:09 53248 ----a-w- c:\windows\system32\zlib.dll
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-10 02:25 . 2009-07-22 15:24 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-11-08 04:37 . 2012-11-08 04:37 82952 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-08 04:37 . 2012-11-08 04:37 42264 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-08 04:37 . 2012-11-08 04:37 494416 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-08 04:37 . 2012-11-08 04:37 19632 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-08 04:37 . 2012-11-08 04:37 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-08 04:37 . 2012-11-08 04:37 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-05 20:32 . 2011-10-21 21:46 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-11-05 20:32 . 2011-10-21 21:46 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-05 20:32 . 2011-10-21 21:46 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-05 20:32 . 2011-10-21 21:45 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-12-07 19:30 . 2012-06-12 18:42 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-12-05 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-11 6246400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-08 6756048]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\R0M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
BullGuard_Backup REG_MULTI_SZ BsBackup
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:11]
.
2013-01-09 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-10-08 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
FF - ProfilePath - c:\users\R0M\AppData\Roaming\Mozilla\Firefox\Profiles\3ha9f3yu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: !HIDDEN! 2010-01-14 17:28; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 18:25
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-2DKU-AV54-PWUB-MYGP-QTYF-PA88C3N"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\guard32.dll
.
Completion time: 2013-01-09 18:30:33
ComboFix-quarantined-files.txt 2013-01-09 23:30
ComboFix2.txt 2012-12-08 00:15
ComboFix3.txt 2012-11-04 21:21
ComboFix4.txt 2012-09-11 14:27
ComboFix5.txt 2013-01-09 23:06
.
Pre-Run: 24,062,668,800 bytes free
Post-Run: 24,546,820,096 bytes free
.
- - End Of File - - D33A38F88DF7BBC54DA381E9067EF05F

Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
TuneUp Utilities Language Pack (en-US)
CCleaner
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

# AdwCleaner v2.105 - Logfile created 01/09/2013 at 18:34:02
# Updated 08/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : R0M - ROMSTER2
# Boot Mode : Normal
# Running from : C:\Users\R0M\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\InstallCore

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\R0M\AppData\Roaming\Mozilla\Firefox\Profiles\3ha9f3yu.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1035 octets] - [05/01/2013 10:10:38]
AdwCleaner[R2].txt - [771 octets] - [09/01/2013 18:34:02]
AdwCleaner[S1].txt - [13371 octets] - [24/09/2012 23:18:50]
AdwCleaner[S2].txt - [1860 octets] - [11/11/2012 17:13:21]
AdwCleaner[S3].txt - [1102 octets] - [05/01/2013 10:38:56]

########## EOF - C:\AdwCleaner[R2].txt - [1011 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 10 January 2013 - 10:20 AM

Remove the DellDock.lnk from your startup folder.

c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

===

Java 7 Update 10
Java version out of Date!

You have the latest version of Java, the SecurityCheck tool needs to be updated.

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please let me know if the problem persists.

#7 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 10 January 2013 - 12:20 PM

Here is what happened:
I removed the link you requested, then proceeded to the Adobe site but it says i have the latest version, so i run your tool as requested here is the log file after i rebooted:

# AdwCleaner v2.105 - Logfile created 01/10/2013 at 12:08:22
# Updated 08/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : R0M - ROMSTER2
# Boot Mode : Normal
# Running from : C:\Users\R0M\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\R0M\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\R0M\AppData\Roaming\Mozilla\Firefox\Profiles\3ha9f3yu.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1035 octets] - [05/01/2013 10:10:38]
AdwCleaner[R2].txt - [1080 octets] - [09/01/2013 18:34:02]
AdwCleaner[S1].txt - [13371 octets] - [24/09/2012 23:18:50]
AdwCleaner[S2].txt - [1860 octets] - [11/11/2012 17:13:21]
AdwCleaner[S3].txt - [1102 octets] - [05/01/2013 10:38:56]
AdwCleaner[S4].txt - [1081 octets] - [10/01/2013 12:08:22]

########## EOF - C:\AdwCleaner[S4].txt - [1141 octets] ##########

Now my wallpaper has changed into something else, does that mean i still have a virus?

Adobe update kicked in and it's installing something even though i have the latest version, this looks like something nasty is kicking in, Adobe is doing something though i will let you know what happens after...

#8 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 10 January 2013 - 12:23 PM

Adobe just finished updating and it removed some files and added others, but what about my wallpaper?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 10 January 2013 - 01:45 PM

Adobe update kicked in and it's installing something even though i have the latest version, this looks like something nasty is kicking in, Adobe is doing something though i will let you know what happens after

Please run the DDS tool and post a fresh log. I will find out if anything else was installed.


What changed you background image is unknown to me.
Reset it to what you like.

http://windows.microsoft.com/en-CA/windows-vista/Change-your-desktop-background-wallpaper

#10 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 10 January 2013 - 02:37 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by R0M at 14:34:18 on 2013-01-10
#Option MBR scan is disabled.
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1416 [GMT -5:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\locator.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\R0M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PMX Daemon] ICO.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\r0m\appdata\roaming\microsoft\windows\start menu\programs\startup\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 24.200.241.37 24.202.72.13 24.200.0.1
TCP: Interfaces\{873CAC62-B718-47D2-82ED-BE05D4BF6D88} : DHCPNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
AppInit_DLLs= c:\windows\system32\guard32.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\r0m\appdata\roaming\mozilla\firefox\profiles\3ha9f3yu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: !HIDDEN! 2010-01-14 17:28; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-12-10 16064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-11-7 19632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-11-7 494416]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-11-7 42264]
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2012-3-7 49864]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-10-8 73728]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-4 217088]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2011-12-22 110408]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-12-19 1868432]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-21 47640]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-12-10 224960]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-10-8 27648]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-10-8 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-10-8 19008]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2012-11-30 132880]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2012-12-13 93968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-13 13224]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-6 27192]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-10-15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-10-15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-10-15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-10-15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-10-15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-10-15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-10-15 117672]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-12-16 11520]
.
=============== Created Last 30 ================
.
2013-01-09 23:30:40 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-09 23:30:36 -------- d-----w- c:\users\r0m\appdata\local\temp
2013-01-09 23:06:17 -------- d-----w- C:\ComboFix
2013-01-09 18:52:26 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 18:51:06 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 18:49:53 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-08 20:21:33 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1a170e9e-c8c6-4883-8a39-522475c5f9c2}\offreg.dll
2013-01-08 19:53:27 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1a170e9e-c8c6-4883-8a39-522475c5f9c2}\mpengine.dll
2013-01-05 21:31:02 -------- d-----w- c:\program files\Speccy
2013-01-05 07:43:07 -------- d-----w- c:\program files\ESET
2013-01-04 01:28:38 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-01-04 01:28:38 454288 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2013-01-03 22:24:18 214360 ----a-w- c:\users\r0m\appdata\roaming\microsoft\windows\start menu\programs\startup\hpqtra08.exe
2012-12-25 10:57:13 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-21 08:01:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 08:01:05 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-18 14:28:14 186584 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-12-17 18:19:56 -------- d-----w- C:\Picture Resize Genius
2012-12-17 18:09:07 45832 ----a-w- c:\windows\system32\certsentry.dll
2012-12-14 20:34:33 -------- d-----w- C:\VritualRoot
2012-12-14 17:58:57 -------- d-----w- c:\program files\iPod
2012-12-14 17:58:54 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-14 17:58:54 -------- d-----w- c:\program files\iTunes
2012-12-13 21:45:52 -------- d-----w- c:\users\r0m\appdata\roaming\TotalRecorder
2012-12-13 21:45:42 93968 ----a-w- c:\windows\system32\drivers\TotRec8.sys
2012-12-13 21:22:43 -------- d-----w- c:\program files\HighCriteria
2012-12-13 10:25:03 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-12-13 03:02:28 -------- d-----w- c:\program files\Audacity
2012-12-13 01:50:11 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 01:50:06 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 01:50:06 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 01:50:05 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 01:50:05 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 01:50:05 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 01:50:04 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 01:50:04 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 01:50:02 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 01:50:01 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 01:50:01 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 01:41:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 01:39:53 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 01:39:53 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 01:39:52 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
.
==================== Find3M ====================
.
2013-01-08 21:11:20 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 21:11:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-25 10:56:45 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-10 18:20:31 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2012-12-10 18:20:10 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-12-08 15:58:50 54464 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2012-11-30 16:07:04 132880 ----a-w- c:\windows\system32\drivers\TotRec7.sys
2012-11-19 19:32:56 31616 ----a-w- c:\windows\system32\FoolishEventLogMsgHelper.dll
2012-11-19 19:09:12 53248 ----a-w- c:\windows\system32\zlib.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 20:29:04 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-10 02:25:58 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-11-08 04:37:46 42264 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-08 04:37:44 494416 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-08 04:37:44 19632 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-08 04:37:36 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-08 04:37:36 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-05 20:32:56 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-05 20:32:56 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-05 20:32:55 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-05 20:32:55 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 14:35:49.12 ===============

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 10 January 2013 - 02:41 PM

This is new but it was installed by the Flash player
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

Any other issues?

#12 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 10 January 2013 - 05:31 PM

Interesting if i look in Task Manager i see 2 processes with that filename, one is using 4 megs of memory and the other is using 103 megs of memory, maybe that is what's causing the slowdown when i am online Flash? is there a memory leak in the plugin, i am still lagging as i type, but things are a bit better i find

Thanks,

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 11 January 2013 - 09:10 AM

Right click on the processes and disable them.
Check the performance of the computer.

You may be able to find out what programs plugin is not working correctly.

#14 Omar Yehia

Omar Yehia
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 11 January 2013 - 11:06 AM

I just did, everything is ok until i go to youtube again then they both launch automatically the first one is always minimum 50 megs of memory and the second is 4.5 megs, why 2 plugins i don't get it

Thanks,

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:14 PM

Posted 11 January 2013 - 01:12 PM

Remove them both using the Add/Remove Programs applet.

Reinstall it.

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users