Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zeroaccess rootkit - Download problems


  • This topic is locked This topic is locked
13 replies to this topic

#1 DoyleLarry

DoyleLarry

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 12 July 2013 - 12:50 PM

I am in need of some assistance with a zeroaccess rootkit.  Usually, I just follow step-by-step directions given to other people's post to solve my computer's needs.  I apologize if doing this has made things more difficult this time.  I actually had no clue anything was wrong with my computer until I tried to download some files from my email.  The .part file would show up in my downloads until complete and then the file would mysteriously disappear.  I tried to run combofix but could not generate a log.  Instead, I was stuck in a loop of restarting my computer over and over again because combofix kept running into a zeroaccess rootkit problem.  Please help.

Attached Files

  • Attached File  DDS.txt   11.35KB   3 downloads


BC AdBot (Login to Remove)

 


#2 DoyleLarry

DoyleLarry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 12 July 2013 - 02:03 PM

Just in case I was supposed to copy and paste.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088  BrowserJavaVersion: 10.9.2
Run by FamilyResolutions at 11:18:18 on 2013-07-12
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2012.827 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\ico.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\sdclt.exe
D:\New Folder\Adroit Photo Recovery.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081211
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{15DB94CE-B7ED-42B0-A5AE-908CCE258677} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\familyresolutions\appdata\roaming\mozilla\firefox\profiles\tr5je3zm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\users\familyresolutions\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2008/12/26 17:33:27];c:\program files\cyberlink\powerdvd dx\000.fcl [2008-12-26 87536]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-12-11 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2010-8-27 315392]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-12-11 27648]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-11 112128]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-12-11 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-12-11 19008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c984a9da732b10;Google Update Service (gupdate1c984a9da732b10);c:\program files\google\update\GoogleUpdate.exe [2009-2-1 133104]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
SUnknown NisSrv;NisSrv; [x]
.
=============== Created Last 30 ================
.
2013-07-12 15:24:32    --------    d-----w-    C:\$RECYCLE.BIN
2013-07-12 05:50:21    --------    d-----w-    c:\users\familyresolutions\appdata\local\temp
2013-07-12 05:26:34    --------    d-----w-    c:\windows\system32\catroot2
2013-07-12 05:25:50    --------    d-----w-    C:\ComboFix
2013-07-12 03:53:49    --------    d-----w-    c:\program files\Tweaking.com
2013-07-12 03:48:11    --------    d-----w-    c:\windows\pss
2013-07-12 03:00:55    --------    d-----w-    c:\users\familyresolutions\appdata\roaming\Malwarebytes
2013-07-12 03:00:48    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-12 03:00:47    22856    ------w-    c:\windows\system32\drivers\mbam.sys
2013-07-12 02:38:40    --------    d-----w-    c:\windows\ERUNT
2013-07-12 00:13:17    98816    ----a-w-    c:\windows\sed.exe
2013-07-12 00:13:17    256000    ----a-w-    c:\windows\PEV.exe
2013-07-12 00:13:17    208896    ----a-w-    c:\windows\MBR.exe
2013-07-06 21:06:11    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-07-06 21:01:58    --------    d-----w-    c:\program files\Microsoft Security Client
.
==================== Find3M  ====================
.
2013-06-15 21:58:13    71048    ------w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-15 21:58:13    692104    ------w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 11:18:42.56 ===============
 



#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 13 July 2013 - 01:02 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 DoyleLarry

DoyleLarry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 13 July 2013 - 10:44 AM

(ignore)


Edited by DoyleLarry, 13 July 2013 - 10:48 AM.


#5 DoyleLarry

DoyleLarry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 13 July 2013 - 10:47 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-07-2013 01
Ran by FamilyResolutions (administrator) on 13-07-2013 10:40:27
Running from C:\Users\FamilyResolutions\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Windows\system32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CHENGDU YIWO Tech Development Co., Ltd) D:\New Folder\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) D:\New Folder\Todo Backup\bin\GuardAgent.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciServiceHost.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Primax Electronics Ltd.) C:\Windows\System32\Pmxmiced.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PMX Daemon] - ICO.EXE [x]
HKLM\...\Run: [dellsupportcenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [Everything] - "C:\Program Files\Everything\Everything.exe" -startup [602624 2009-03-12] ()
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [ATT-SST_McciTrayApp] - "C:\Program Files\ATT-SST\McciTrayApp.exe" [1573888 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Guest\...\Run: [SightSpeed] - "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode [ 2008-08-15] (Dell Inc. and SightSpeed Inc.)
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2010-04-14] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\FamilyResolutions\AppData\Roaming\Mozilla\Firefox\Profiles\tr5je3zm.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @sony.com/eBookLibrary - C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\FamilyResolutions\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\iYogi.xml
FF Extension: No Name - C:\Users\FamilyResolutions\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
FF Extension: No Name - C:\Users\FamilyResolutions\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: MixiDJ V8  - C:\Users\FamilyResolutions\AppData\Roaming\Mozilla\Firefox\Profiles\tr5je3zm.default\Extensions\{e4c3a8b6-7724-45d1-a629-17b69118ebcd}
FF Extension: youtube2mp3 - C:\Users\FamilyResolutions\AppData\Roaming\Mozilla\Firefox\Profiles\tr5je3zm.default\Extensions\youtube2mp3@mondayx.de.xpi
FF Extension: No Name - C:\Users\FamilyResolutions\AppData\Roaming\Mozilla\Firefox\Profiles\tr5je3zm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\FamilyResolutions\AppData\Roaming\Mozilla\Firefox\Profiles\tr5je3zm.default\Extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
FF Extension: No Name - C:\Users\FamilyResolutions\AppData\Roaming\Mozilla\Firefox\Profiles\tr5je3zm.default\Extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] C:\Users\FamilyResolutions\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\FamilyResolutions\AppData\Roaming\Move Networks
FF HKCU\...\Firefox\Extensions: [{CD794B1B-A633-4809-9D4D-BD37D87A21ED}] C:\Users\FamilyResolutions\AppData\Local\{CD794B1B-A633-4809-9D4D-BD37D87A21ED}
FF Extension: XULRunner - C:\Users\FamilyResolutions\AppData\Local\{CD794B1B-A633-4809-9D4D-BD37D87A21ED}
FF HKCU\...\Firefox\Extensions: [{57F78F1D-3A4A-4652-873C-107442E61E0C}] \{57F78F1D-3A4A-4652-873C-107442E61E0C}\
FF HKCU\...\Firefox\Extensions: [mozillaextension@somud.com] C:\Program Files\SoMud\scripts\mozilla
FF HKCU\...\Thunderbird\Extensions: [mozillaextension@somud.com] C:\Program Files\SoMud\scripts\mozilla

Chrome:
=======
CHR Extension: (AP Suggestor) - C:\Users\FAMILY~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheijbecgbfgpbnmjaibpfpmipjjppml\1.0.6_0

========================== Services (Whitelisted) =================

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-07-18] (Andrea Electronics Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
R2 EaseUS Agent; D:\New Folder\Todo Backup\bin\Agent.exe [68168 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Guard Agent; D:\New Folder\Todo Backup\bin\GuardAgent.exe [23624 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
S2 gupdate1c984a9da732b10; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-01] (Google Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2008-07-10] (Microsoft Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [x]
S3 wbengine; "%systemroot%\system32\wbengine.exe" [x]

==================== Drivers (Whitelisted) ====================

R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [51272 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [41544 2013-05-10] ()
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [15944 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [186952 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA))
S4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-07-21] (Windows ® Codename Longhorn DDK provider)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files\CyberLink\PowerDVD DX\000.fcl [87536 2008-11-19] (CyberLink Corp.)
R3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]
U3 mbr; \??\C:\Users\FAMILY~1\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 10:40 - 2013-07-13 10:40 - 00000000 ____D C:\FRST
2013-07-13 10:39 - 2013-07-13 10:39 - 01218190 _____ (Farbar) C:\Users\FamilyResolutions\Desktop\FRST.exe
2013-07-13 10:38 - 2013-07-13 10:38 - 01777829 _____ (Farbar) C:\Users\FamilyResolutions\Desktop\FRST64.exe
2013-07-13 10:18 - 2013-07-13 10:18 - 00001894 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-13 10:18 - 2013-07-13 10:18 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-13 01:28 - 2013-07-13 01:28 - 00013605 _____ C:\ComboFix.txt
2013-07-13 01:02 - 2013-07-13 01:02 - 00008180 _____ C:\Users\FamilyResolutions\Desktop\Rkill.txt
2013-07-13 00:51 - 2013-07-13 00:51 - 00004480 _____ C:\AdwCleaner[S4].txt
2013-07-13 00:51 - 2013-07-13 00:51 - 00001373 _____ C:\AdwCleaner[R4].txt
2013-07-13 00:51 - 2013-05-08 01:10 - 00770384 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-07-13 00:51 - 2013-05-08 01:10 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-07-13 00:50 - 2013-07-13 00:50 - 00001404 _____ C:\Users\FamilyResolutions\Desktop\JRT.txt
2013-07-13 00:40 - 2013-07-13 00:40 - 03267488 _____ C:\Users\FamilyResolutions\Downloads\PandoraRecovery2.1.1Setup.exe
2013-07-13 00:40 - 2013-07-13 00:40 - 00892040 _____ (CNET Download.com) C:\Users\FamilyResolutions\Downloads\cbsidlm-cbsi118-Pandora_Recovery-ORG-10694796.exe
2013-07-13 00:35 - 2013-07-13 00:35 - 07549704 _____ C:\Users\FamilyResolutions\Downloads\InternationalPrimoPDF.exe
2013-07-13 00:33 - 2013-07-13 00:33 - 21331096 _____ (Mooii) C:\Users\FamilyResolutions\Downloads\PhotoScape_V3.6.5.exe
2013-07-13 00:17 - 2013-07-13 00:17 - 00004897 _____ C:\AdwCleaner[S3].txt
2013-07-13 00:17 - 2013-07-13 00:17 - 00004713 _____ C:\AdwCleaner[R3].txt
2013-07-13 00:17 - 2013-07-13 00:17 - 00000098 _____ C:\Windows\DeleteOnReboot.bat
2013-07-13 00:16 - 2013-07-13 00:16 - 00004594 _____ C:\AdwCleaner[R2].txt
2013-07-13 00:16 - 2013-07-13 00:16 - 00000369 _____ C:\AdwCleaner[S2].txt
2013-07-13 00:11 - 2013-07-13 00:10 - 00234966 _____ C:\Users\FamilyResolutions\Downloads\REST2514.exe
2013-07-12 23:33 - 2013-05-10 12:24 - 00186952 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2013-07-12 23:33 - 2013-05-10 12:21 - 00041544 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2013-07-12 23:33 - 2013-05-10 12:15 - 00015944 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2013-07-12 23:33 - 2013-05-10 12:12 - 00051272 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2013-07-12 23:32 - 2013-05-10 12:34 - 00019528 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2013-07-12 11:18 - 2013-07-12 11:18 - 00011619 _____ C:\Users\FamilyResolutions\Desktop\dds.txt
2013-07-12 11:18 - 2013-07-12 11:18 - 00010856 _____ C:\Users\FamilyResolutions\Desktop\attach.txt
2013-07-12 11:18 - 2012-11-19 19:43 - 00688992 ____R (Swearware) C:\Users\FamilyResolutions\Desktop\dds.com
2013-07-12 11:17 - 2013-07-12 10:57 - 00004096 ____H C:\Users\FamilyResolutions\Desktop\._dds.com
2013-07-11 23:20 - 2013-07-11 23:20 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FAMILYRESOLU-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-07-11 23:00 - 2013-07-11 23:35 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-07-11 22:53 - 2013-07-11 22:53 - 00000000 ____D C:\Program Files\Tweaking.com
2013-07-11 22:48 - 2013-07-11 22:48 - 00000000 ____D C:\Windows\pss
2013-07-11 22:00 - 2013-07-11 22:00 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-11 22:00 - 2013-07-11 22:00 - 00000000 ____D C:\Users\FamilyResolutions\AppData\Roaming\Malwarebytes
2013-07-11 22:00 - 2013-07-11 22:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 22:00 - 2013-04-04 14:50 - 00022856 ____N (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-11 21:59 - 2013-07-11 14:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\FamilyResolutions\Desktop\HijackThis.exe
2013-07-11 21:40 - 2013-07-11 21:44 - 00000000 ____D C:\Users\FamilyResolutions\Desktop\RK_Quarantine
2013-07-11 21:38 - 2013-07-11 21:38 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 21:34 - 2013-07-11 21:35 - 00022521 _____ C:\AdwCleaner[S1].txt
2013-07-11 21:32 - 2013-07-11 21:32 - 00022128 _____ C:\AdwCleaner[R1].txt
2013-07-11 21:26 - 2013-07-12 12:14 - 00000000 ____D C:\Users\FamilyResolutions\Desktop\New Folder
2013-07-11 20:42 - 2011-04-21 08:16 - 00273408 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\afd.svs
2013-07-11 19:13 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-11 19:13 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-11 19:13 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-11 19:13 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-11 19:13 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-11 19:13 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-11 19:13 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-11 19:13 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-11 18:47 - 2013-07-13 01:28 - 00000000 ____D C:\Qoobox
2013-07-11 18:47 - 2013-07-13 01:27 - 00000000 ____D C:\Windows\erdnt
2013-07-11 18:22 - 2013-07-13 01:04 - 05088739 ____R (Swearware) C:\Users\FamilyResolutions\Desktop\ComboFix.exe
2013-07-06 16:06 - 2013-05-02 10:28 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-07-02 17:41 - 2013-07-13 00:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-25 19:54 - 2013-06-25 19:54 - 00000431 _____ C:\Users\FamilyResolutions\Documents\Pictures - Shortcut (3).lnk
2013-06-22 20:32 - 2013-06-23 05:23 - 449627560 _____ C:\Users\FamilyResolutions\Downloads\Before Sunset x264 720p L4.1 AC3 5.1-BoK.mkv

==================== One Month Modified Files and Folders =======

2013-07-13 10:40 - 2013-07-13 10:40 - 00000000 ____D C:\FRST
2013-07-13 10:40 - 2008-12-26 12:14 - 00000000 ___RD C:\Users\FamilyResolutions\Desktop
2013-07-13 10:39 - 2013-07-13 10:39 - 01218190 _____ (Farbar) C:\Users\FamilyResolutions\Desktop\FRST.exe
2013-07-13 10:38 - 2013-07-13 10:38 - 01777829 _____ (Farbar) C:\Users\FamilyResolutions\Desktop\FRST64.exe
2013-07-13 10:37 - 2009-06-30 18:56 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 10:25 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 10:25 - 2006-11-02 07:47 - 00003616 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 10:24 - 2011-04-07 17:48 - 00000000 ____D C:\Users\FAMILY~1\AppData\Local\Adobe
2013-07-13 10:24 - 2008-12-26 12:20 - 00000000 ____D C:\Users\FamilyResolutions\AppData\Roaming\Adobe
2013-07-13 10:18 - 2013-07-13 10:18 - 00001894 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-07-13 10:18 - 2013-07-13 10:18 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-13 10:18 - 2008-12-11 13:23 - 00000000 ____D C:\ProgramData\Adobe
2013-07-13 10:18 - 2008-12-11 13:23 - 00000000 ____D C:\Program Files\Adobe
2013-07-13 10:18 - 2006-11-02 06:18 - 00000000 ___RD C:\Users\Public\Desktop
2013-07-13 09:58 - 2012-11-26 17:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 09:55 - 2008-12-11 07:09 - 01480607 _____ C:\Windows\WindowsUpdate.log
2013-07-13 01:29 - 2006-11-02 05:33 - 00795224 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-13 01:28 - 2013-07-13 01:28 - 00013605 _____ C:\ComboFix.txt
2013-07-13 01:28 - 2013-07-11 18:47 - 00000000 ____D C:\Qoobox
2013-07-13 01:28 - 2006-11-02 06:18 - 00000000 __RHD C:\Users\Default
2013-07-13 01:28 - 2006-11-02 06:18 - 00000000 ___RD C:\Users\Public
2013-07-13 01:27 - 2013-07-11 18:47 - 00000000 ____D C:\Windows\erdnt
2013-07-13 01:23 - 2009-06-30 18:56 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 01:23 - 2008-12-11 13:21 - 00000276 _____ C:\Windows\Tasks\RtlNICDiagVistaStart.job
2013-07-13 01:23 - 2008-01-20 21:47 - 00100800 _____ C:\Windows\PFRO.log
2013-07-13 01:23 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 01:23 - 2006-11-02 05:23 - 00000215 _____ C:\Windows\system.ini
2013-07-13 01:22 - 2006-11-02 08:01 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 01:04 - 2013-07-11 18:22 - 05088739 ____R (Swearware) C:\Users\FamilyResolutions\Desktop\ComboFix.exe
2013-07-13 01:02 - 2013-07-13 01:02 - 00008180 _____ C:\Users\FamilyResolutions\Desktop\Rkill.txt
2013-07-13 00:51 - 2013-07-13 00:51 - 00004480 _____ C:\AdwCleaner[S4].txt
2013-07-13 00:51 - 2013-07-13 00:51 - 00001373 _____ C:\AdwCleaner[R4].txt
2013-07-13 00:50 - 2013-07-13 00:50 - 00001404 _____ C:\Users\FamilyResolutions\Desktop\JRT.txt
2013-07-13 00:50 - 2009-07-10 15:38 - 00000000 ____D C:\Program Files\Everything
2013-07-13 00:40 - 2013-07-13 00:40 - 03267488 _____ C:\Users\FamilyResolutions\Downloads\PandoraRecovery2.1.1Setup.exe
2013-07-13 00:40 - 2013-07-13 00:40 - 00892040 _____ (CNET Download.com) C:\Users\FamilyResolutions\Downloads\cbsidlm-cbsi118-Pandora_Recovery-ORG-10694796.exe
2013-07-13 00:35 - 2013-07-13 00:35 - 07549704 _____ C:\Users\FamilyResolutions\Downloads\InternationalPrimoPDF.exe
2013-07-13 00:33 - 2013-07-13 00:33 - 21331096 _____ (Mooii) C:\Users\FamilyResolutions\Downloads\PhotoScape_V3.6.5.exe
2013-07-13 00:21 - 2009-01-28 10:53 - 00006648 _____ C:\Users\FAMILY~1\AppData\Local\d3d9caps.dat
2013-07-13 00:17 - 2013-07-13 00:17 - 00004897 _____ C:\AdwCleaner[S3].txt
2013-07-13 00:17 - 2013-07-13 00:17 - 00004713 _____ C:\AdwCleaner[R3].txt
2013-07-13 00:17 - 2013-07-13 00:17 - 00000098 _____ C:\Windows\DeleteOnReboot.bat
2013-07-13 00:16 - 2013-07-13 00:16 - 00004594 _____ C:\AdwCleaner[R2].txt
2013-07-13 00:16 - 2013-07-13 00:16 - 00000369 _____ C:\AdwCleaner[S2].txt
2013-07-13 00:12 - 2013-07-02 17:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-13 00:10 - 2013-07-13 00:11 - 00234966 _____ C:\Users\FamilyResolutions\Downloads\REST2514.exe
2013-07-12 16:32 - 2009-05-19 11:08 - 00000000 ____D C:\Users\FamilyResolutions\AppData\Local\Apps\2.0
2013-07-12 15:45 - 2011-03-07 19:26 - 00000000 ____D C:\Users\FamilyResolutions\Documents\My Scans
2013-07-12 14:38 - 2009-02-01 15:14 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2013-07-12 13:34 - 2008-12-26 12:15 - 00076232 _____ C:\Users\FAMILY~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-12 12:14 - 2013-07-11 21:26 - 00000000 ____D C:\Users\FamilyResolutions\Desktop\New Folder
2013-07-12 11:18 - 2013-07-12 11:18 - 00011619 _____ C:\Users\FamilyResolutions\Desktop\dds.txt
2013-07-12 11:18 - 2013-07-12 11:18 - 00010856 _____ C:\Users\FamilyResolutions\Desktop\attach.txt
2013-07-12 10:57 - 2013-07-12 11:17 - 00004096 ____H C:\Users\FamilyResolutions\Desktop\._dds.com
2013-07-12 00:49 - 2008-12-26 12:14 - 00000000 ___RD C:\Users\FamilyResolutions
2013-07-11 23:46 - 2008-12-11 13:33 - 00000000 ____D C:\Program Files\Roxio
2013-07-11 23:46 - 2008-12-11 13:33 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2013-07-11 23:45 - 2008-12-11 13:36 - 00000000 ____D C:\ProgramData\Roxio
2013-07-11 23:36 - 2006-11-02 07:47 - 00309864 ____N C:\Windows\system32\FNTCACHE.DAT
2013-07-11 23:35 - 2013-07-11 23:00 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-07-11 23:20 - 2013-07-11 23:20 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FAMILYRESOLU-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-07-11 22:53 - 2013-07-11 22:53 - 00000000 ____D C:\Program Files\Tweaking.com
2013-07-11 22:48 - 2013-07-11 22:48 - 00000000 ____D C:\Windows\pss
2013-07-11 22:00 - 2013-07-11 22:00 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-11 22:00 - 2013-07-11 22:00 - 00000000 ____D C:\Users\FamilyResolutions\AppData\Roaming\Malwarebytes
2013-07-11 22:00 - 2013-07-11 22:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 22:00 - 2011-04-09 10:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-11 21:44 - 2013-07-11 21:40 - 00000000 ____D C:\Users\FamilyResolutions\Desktop\RK_Quarantine
2013-07-11 21:38 - 2013-07-11 21:38 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 21:35 - 2013-07-11 21:34 - 00022521 _____ C:\AdwCleaner[S1].txt
2013-07-11 21:32 - 2013-07-11 21:32 - 00022128 _____ C:\AdwCleaner[R1].txt
2013-07-11 21:27 - 2011-09-12 19:37 - 00000000 ____D C:\Users\FamilyResolutions\Desktop\Josette's Phone
2013-07-11 21:18 - 2013-01-08 18:59 - 00000000 ____D C:\Users\FamilyResolutions\AppData\Roaming\uTorrent
2013-07-11 20:42 - 2006-11-02 06:18 - 00000000 _SHDC C:\Windows\$NtUninstallKB16504$
2013-07-11 18:16 - 2012-03-04 22:49 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-11 14:40 - 2013-07-11 21:59 - 00388608 _____ (Trend Micro Inc.) C:\Users\FamilyResolutions\Desktop\HijackThis.exe
2013-07-11 13:18 - 2012-06-01 19:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-11 12:10 - 2011-06-21 15:22 - 00000000 ____D C:\Users\FamilyResolutions\AppData\Roaming\vlc
2013-07-11 02:43 - 2012-05-12 15:55 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-06 16:03 - 2011-03-28 19:04 - 00001945 _____ C:\Windows\epplauncher.mif
2013-07-03 00:19 - 2010-09-05 23:50 - 00086528 _____ C:\Users\FAMILY~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-25 19:54 - 2013-06-25 19:54 - 00000431 _____ C:\Users\FamilyResolutions\Documents\Pictures - Shortcut (3).lnk
2013-06-23 05:23 - 2013-06-22 20:32 - 449627560 _____ C:\Users\FamilyResolutions\Downloads\Before Sunset x264 720p L4.1 AC3 5.1-BoK.mkv
2013-06-15 16:58 - 2012-06-06 15:09 - 00692104 ____N (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-06-15 16:58 - 2011-09-19 05:24 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-06-15 15:34 - 2006-11-02 07:52 - 00143228 _____ C:\Windows\setupact.log
2013-06-15 15:31 - 2009-03-19 20:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 01:29

==================== End Of Log ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-07-2013 01
Ran by FamilyResolutions at 2013-07-13 10:40:51
Running from C:\Users\FamilyResolutions\Desktop
Boot Mode: Normal
==========================================================

 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 7.1.8)
5600 (Version: 82.0.242.000)
5600_Help (Version: 82.0.242.000)
5600Trb (Version: 82.0.242.000)
AAC Decoder (Version: 7.1.0)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Adroit Photo Recovery 2012 (Version: 3.2.006)
AIO_CDB_ProductContext (Version: 82.0.242.000)
AIO_CDB_Software (Version: 82.0.242.000)
AIO_Scan (Version: 82.0.173.000)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AT&T Service & Support Tool
AT&T U-verse Setup
att.net Internet Mail
AutoUpdate (Version: 1.1)
Bing Maps 3D (Version: 4.0.903.16005)
Bonjour (Version: 3.0.0.10)
Browser Address Error Redirector (Version: 1.00.0000)
BufferChm (Version: 82.0.173.000)
CDisplayEx 1.8
Conexant D850 PCI V.92 Modem (Version: 7.74.00)
Copy (Version: 82.0.188.000)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Dock (Version: 1.0.0)
Dell Driver Download Manager (HKCU Version: 2.1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.08335)
Dell Video Chat (remove only) (Version: 6.0 (6551))
Dell-eBay (Version: 1.00.0000)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Line Detect (Version: 1.21)
DirectXInstallService (Version: 9.0.2)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.1.0.2)
DivX Web Player (Version: 1.5.0)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
DriverBoost (Version: 8.0.1)
EaseUS Todo Backup Free 6.0 (Version: 6.0)
EDocs
eSupportQFolder (Version: 1.00.0000)
Everything 1.2.1.371
Fax (Version: 82.0.188.000)
Google Chrome (Version: 28.0.1500.71)
Google Earth (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.153)
Google Updater (Version: 2.4.2432.1652)
H.264 Decoder (Version: 1.1.0)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)

 

 

 

 



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 13 July 2013 - 02:33 PM

Please do this next:

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

Please include the following in your next post:
  • MBAR log(s)


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 DoyleLarry

DoyleLarry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 14 July 2013 - 01:47 PM

This scan took a long time.  I hope this is the correct report I was supposed to copy and paste.

 

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.13.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
FamilyResolutions :: FAMILYRESOLU-PC [administrator]

7/13/2013 5:25:03 PM
mbar-log-2013-07-13 (17-25-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 290875
Time elapsed: 38 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\Windows\$NtUninstallKB16504$\2886724727\L (Backdoor.0Access) -> Delete on reboot.
c:\Windows\$NtUninstallKB16504$\2886724727\U (Backdoor.0Access) -> Delete on reboot.
c:\Windows\$NtUninstallKB16504$\2886724727 (Backdoor.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 14 July 2013 - 06:33 PM

Please do this now:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 DoyleLarry

DoyleLarry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 15 July 2013 - 09:35 AM

Combofix warned me that it found rootkit zeroaccess and needed to reboot the computer.  After creating a restore point, It rebooted a second time before generating the report.

 

 

ComboFix 13-07-14.01 - FamilyResolutions 07/15/2013   9:08.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2012.937 [GMT -5:00]
Running from: c:\users\FamilyResolutions\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))
.
.
2013-07-15 14:17 . 2013-07-15 14:19    --------    d-----w-    c:\users\FamilyResolutions\AppData\Local\temp
2013-07-15 14:17 . 2013-07-15 14:17    --------    d-----w-    c:\users\Mcx1\AppData\Local\temp
2013-07-15 14:17 . 2013-07-15 14:17    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-07-15 14:17 . 2013-07-15 14:17    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-13 22:24 . 2013-07-14 07:25    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-13 22:24 . 2013-07-13 22:24    31560    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-07-13 15:40 . 2013-07-13 15:40    --------    d-----w-    C:\FRST
2013-07-13 15:18 . 2013-07-13 15:18    --------    d-----w-    c:\program files\Common Files\Adobe
2013-07-13 05:51 . 2013-05-08 06:10    421200    ----a-w-    c:\windows\system32\msvcp100.dll
2013-07-13 05:51 . 2013-05-08 06:10    770384    ----a-w-    c:\windows\system32\msvcr100.dll
2013-07-13 05:17 . 2013-07-13 05:17    98    ----a-w-    c:\windows\DeleteOnReboot.bat
2013-07-13 04:33 . 2013-05-10 17:24    186952    ----a-w-    c:\windows\system32\drivers\EuFdDisk.sys
2013-07-13 04:33 . 2013-05-10 17:15    15944    ----a-w-    c:\windows\system32\drivers\eudskacs.sys
2013-07-13 04:33 . 2013-05-10 17:12    51272    ----a-w-    c:\windows\system32\drivers\eubakup.sys
2013-07-13 04:33 . 2013-05-10 17:21    41544    ----a-w-    c:\windows\system32\drivers\EUBKMON.sys
2013-07-13 04:32 . 2013-05-10 17:34    19528    ----a-w-    c:\windows\system32\fbnative.exe
2013-07-12 05:26 . 2013-07-15 14:06    --------    d-----w-    c:\windows\system32\catroot2
2013-07-12 04:00 . 2013-07-12 04:35    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2013-07-12 03:53 . 2013-07-12 03:53    --------    d-----w-    c:\program files\Tweaking.com
2013-07-12 03:00 . 2013-07-12 03:00    --------    d-----w-    c:\users\FamilyResolutions\AppData\Roaming\Malwarebytes
2013-07-12 03:00 . 2013-07-12 03:00    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-12 03:00 . 2013-04-04 19:50    22856    ------w-    c:\windows\system32\drivers\mbam.sys
2013-07-12 02:38 . 2013-07-12 02:38    --------    d-----w-    c:\windows\ERUNT
2013-07-06 21:06 . 2013-05-02 15:28    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-15 21:58 . 2012-06-06 20:09    692104    ------w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-15 21:58 . 2011-09-19 10:24    71048    ------w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2009-05-13 21:55 . 2009-05-13 21:55    1044480    ----a-w-    c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55    200704    ----a-w-    c:\program files\opera\program\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 145944]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-11 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^FamilyResolutions^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\FamilyResolutions\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-08 22:31    47904    ----a-w-    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28    59240    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2013-05-10 17:35    1372232    ----a-w-    d:\new folder\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2013-05-10 17:35    70728    ----a-w-    d:\new folder\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09    421736    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-11-20 01:35    128296    ------w-    c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-13 06:34    906648    ----a-w-    c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-11 18:28    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2009-03-10 18:57    1553920    ----a-w-    c:\program files\verizon\McciTrayApp.exe
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 19:37    1173456    ----a-w-    c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 21:58]
.
2013-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-11 19:05]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-01 20:15]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-01 20:15]
.
2013-07-15 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-12-11 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\FamilyResolutions\AppData\Roaming\Mozilla\Firefox\Profiles\tr5je3zm.default\
FF - ExtSQL: 2013-07-13 00:51; {e4c3a8b6-7724-45d1-a629-17b69118ebcd}; c:\users\FamilyResolutions\AppData\Roaming\Mozilla\Firefox\Profiles\tr5je3zm.default\extensions\{e4c3a8b6-7724-45d1-a629-17b69118ebcd}
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,71,57,7b,60,50,5f,4d,80,27,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,71,57,7b,60,50,5f,4d,80,27,94,\
.
[HKEY_USERS\S-1-5-21-2189648252-3633348014-3147185336-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. 0 2 -
! \OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2189648252-3633348014-3147185336-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. 0 4 -
! \OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2189648252-3633348014-3147185336-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. 0 6 -
! \OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(988)
c:\windows\System32\pmxscrll.dll
c:\windows\System32\PMXCOMM.dll
c:\windows\System32\PMXHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\new folder\Todo Backup\bin\Agent.exe
d:\new folder\Todo Backup\bin\GuardAgent.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Motive\McciServiceHost.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\vds.exe
c:\windows\System32\ico.exe
c:\windows\System32\Pmxmiced.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-07-15  09:22:49 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-15 14:22
ComboFix2.txt  2013-07-13 06:28
.
Pre-Run: 254,716,059,648 bytes free
Post-Run: 254,568,128,512 bytes free
.
- - End Of File - - 49B969D9CE1112197E5F17DB144D3866
5C616939100B85E558DA92B899A0FC36
 

 



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 15 July 2013 - 10:11 PM

Please do this now:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • TDSSKiller log
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 DoyleLarry

DoyleLarry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 16 July 2013 - 09:54 AM

Something popped up as having a medium risk, or what not, but there was no option to cure.  I clicked 'skip' instead of copy to quarantine option.  Hope that was correct.

 

 

09:47:57.0157 22548  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:47:57.0772 22548  ============================================================
09:47:57.0772 22548  Current date / time: 2013/07/16 09:47:57.0772
09:47:57.0772 22548  SystemInfo:
09:47:57.0772 22548 
09:47:57.0772 22548  OS Version: 6.0.6001 ServicePack: 1.0
09:47:57.0772 22548  Product type: Workstation
09:47:57.0772 22548  ComputerName: FAMILYRESOLU-PC
09:47:57.0772 22548  UserName: FamilyResolutions
09:47:57.0772 22548  Windows directory: C:\Windows
09:47:57.0772 22548  System windows directory: C:\Windows
09:47:57.0772 22548  Processor architecture: Intel x86
09:47:57.0772 22548  Number of processors: 2
09:47:57.0772 22548  Page size: 0x1000
09:47:57.0772 22548  Boot type: Normal boot
09:47:57.0772 22548  ============================================================
09:47:59.0272 22548  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:47:59.0307 22548  ============================================================
09:47:59.0307 22548  \Device\Harddisk0\DR0:
09:47:59.0307 22548  MBR partitions:
09:47:59.0307 22548  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
09:47:59.0308 22548  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x48A3C000
09:47:59.0308 22548  ============================================================
09:47:59.0346 22548  C: <-> \Device\Harddisk0\DR0\Partition2
09:47:59.0377 22548  D: <-> \Device\Harddisk0\DR0\Partition1
09:47:59.0377 22548  ============================================================
09:47:59.0377 22548  Initialize success
09:47:59.0377 22548  ============================================================
09:48:37.0320 23268  ============================================================
09:48:37.0321 23268  Scan started
09:48:37.0321 23268  Mode: Manual; TDLFS;
09:48:37.0321 23268  ============================================================
09:48:38.0905 23268  ================ Scan system memory ========================
09:48:38.0905 23268  System memory - ok
09:48:38.0906 23268  ================ Scan services =============================
09:48:39.0034 23268  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:48:39.0038 23268  ACPI - ok
09:48:39.0155 23268  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:48:39.0156 23268  AdobeARMservice - ok
09:48:39.0221 23268  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:48:39.0224 23268  AdobeFlashPlayerUpdateSvc - ok
09:48:39.0257 23268  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:48:39.0262 23268  adp94xx - ok
09:48:39.0280 23268  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:48:39.0284 23268  adpahci - ok
09:48:39.0318 23268  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:48:39.0320 23268  adpu160m - ok
09:48:39.0339 23268  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:48:39.0342 23268  adpu320 - ok
09:48:39.0371 23268  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:48:39.0371 23268  AeLookupSvc - ok
09:48:39.0398 23268  [ B6D7239E7AF6D1B64C790A28067DC6E5 ] AERTFilters     C:\Windows\system32\AERTSrv.exe
09:48:39.0399 23268  AERTFilters - ok
09:48:39.0429 23268  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
09:48:39.0433 23268  AFD - ok
09:48:39.0472 23268  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:48:39.0474 23268  agp440 - ok
09:48:39.0508 23268  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
09:48:39.0509 23268  aic78xx - ok
09:48:39.0543 23268  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
09:48:39.0544 23268  ALG - ok
09:48:39.0556 23268  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:48:39.0557 23268  aliide - ok
09:48:39.0574 23268  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:48:39.0575 23268  amdagp - ok
09:48:39.0590 23268  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:48:39.0591 23268  amdide - ok
09:48:39.0605 23268  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
09:48:39.0606 23268  AmdK7 - ok
09:48:39.0618 23268  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:48:39.0620 23268  AmdK8 - ok
09:48:39.0631 23268  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
09:48:39.0632 23268  Appinfo - ok
09:48:39.0679 23268  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:48:39.0680 23268  Apple Mobile Device - ok
09:48:39.0706 23268  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
09:48:39.0708 23268  arc - ok
09:48:39.0734 23268  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:48:39.0736 23268  arcsas - ok
09:48:39.0762 23268  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:48:39.0764 23268  AsyncMac - ok
09:48:39.0776 23268  [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi           C:\Windows\system32\drivers\atapi.sys
09:48:39.0776 23268  atapi - ok
09:48:39.0795 23268  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:48:39.0799 23268  AudioEndpointBuilder - ok
09:48:39.0812 23268  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:48:39.0814 23268  Audiosrv - ok
09:48:39.0833 23268  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:48:39.0834 23268  Beep - ok
09:48:39.0878 23268  [ D3E6D78285529962349A7F1617035938 ] BFE             C:\Windows\System32\bfe.dll
09:48:39.0882 23268  BFE - ok
09:48:39.0925 23268  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\system32\qmgr.dll
09:48:39.0942 23268  BITS - ok
09:48:39.0985 23268  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:48:39.0987 23268  blbdrive - ok
09:48:40.0018 23268  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:48:40.0023 23268  Bonjour Service - ok
09:48:40.0052 23268  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:48:40.0054 23268  bowser - ok
09:48:40.0067 23268  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:48:40.0068 23268  BrFiltLo - ok
09:48:40.0083 23268  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:48:40.0084 23268  BrFiltUp - ok
09:48:40.0101 23268  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
09:48:40.0103 23268  Browser - ok
09:48:40.0131 23268  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
09:48:40.0132 23268  Brserid - ok
09:48:40.0147 23268  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:48:40.0149 23268  BrSerWdm - ok
09:48:40.0170 23268  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:48:40.0171 23268  BrUsbMdm - ok
09:48:40.0176 23268  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
09:48:40.0177 23268  BrUsbSer - ok
09:48:40.0194 23268  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:48:40.0196 23268  BTHMODEM - ok
09:48:40.0210 23268  catchme - ok
09:48:40.0235 23268  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:48:40.0236 23268  cdfs - ok
09:48:40.0247 23268  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:48:40.0248 23268  cdrom - ok
09:48:40.0268 23268  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
09:48:40.0269 23268  CertPropSvc - ok
09:48:40.0288 23268  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
09:48:40.0289 23268  circlass - ok
09:48:40.0313 23268  [ 0703B9DEE7EEC6D6370EDEBD43D0F5C2 ] CLFS            C:\Windows\system32\CLFS.sys
09:48:40.0317 23268  CLFS - ok
09:48:40.0430 23268  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:48:40.0433 23268  clr_optimization_v2.0.50727_32 - ok
09:48:40.0480 23268  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:48:40.0482 23268  clr_optimization_v4.0.30319_32 - ok
09:48:40.0492 23268  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:48:40.0493 23268  cmdide - ok
09:48:40.0503 23268  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:48:40.0504 23268  Compbatt - ok
09:48:40.0508 23268  COMSysApp - ok
09:48:40.0560 23268  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:48:40.0561 23268  crcdisk - ok
09:48:40.0574 23268  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
09:48:40.0575 23268  Crusoe - ok
09:48:40.0635 23268  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:48:40.0637 23268  CryptSvc - ok
09:48:40.0671 23268  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:48:40.0688 23268  DcomLaunch - ok
09:48:40.0750 23268  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:48:40.0751 23268  DfsC - ok
09:48:40.0803 23268  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
09:48:40.0836 23268  DFSR - ok
09:48:40.0855 23268  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:48:40.0858 23268  Dhcp - ok
09:48:40.0864 23268  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
09:48:40.0865 23268  disk - ok
09:48:40.0890 23268  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:48:40.0892 23268  Dnscache - ok
09:48:40.0947 23268  [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
09:48:40.0950 23268  DockLoginService - ok
09:48:40.0974 23268  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:48:40.0977 23268  dot3svc - ok
09:48:41.0008 23268  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
09:48:41.0011 23268  Dot4 - ok
09:48:41.0034 23268  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:48:41.0035 23268  Dot4Print - ok
09:48:41.0062 23268  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
09:48:41.0063 23268  dot4usb - ok
09:48:41.0085 23268  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
09:48:41.0087 23268  DPS - ok
09:48:41.0127 23268  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:48:41.0128 23268  drmkaud - ok
09:48:41.0156 23268  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:48:41.0173 23268  DXGKrnl - ok
09:48:41.0214 23268  [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
09:48:41.0217 23268  e1express - ok
09:48:41.0257 23268  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
09:48:41.0259 23268  E1G60 - ok
09:48:41.0274 23268  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
09:48:41.0276 23268  EapHost - ok
09:48:41.0425 23268  [ D6B0013E03F3AEFBD272622FDECF01D1 ] EaseUS Agent    D:\New Folder\Todo Backup\bin\Agent.exe
09:48:41.0427 23268  EaseUS Agent - ok
09:48:41.0459 23268  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:48:41.0461 23268  Ecache - ok
09:48:41.0501 23268  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:48:41.0505 23268  ehRecvr - ok
09:48:41.0512 23268  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
09:48:41.0514 23268  ehSched - ok
09:48:41.0526 23268  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
09:48:41.0527 23268  ehstart - ok
09:48:41.0559 23268  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:48:41.0563 23268  elxstor - ok
09:48:41.0605 23268  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
09:48:41.0622 23268  EMDMgmt - ok
09:48:41.0646 23268  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:48:41.0647 23268  ErrDev - ok
09:48:41.0690 23268  [ 7878FB4EE52B52A258F56B90D12BDB93 ] EUBAKUP         C:\Windows\system32\drivers\eubakup.sys
09:48:41.0692 23268  EUBAKUP - ok
09:48:41.0721 23268  [ C84B2475D266F565073898D923F96D94 ] EUBKMON         C:\Windows\system32\drivers\EUBKMON.sys
09:48:41.0722 23268  EUBKMON - ok
09:48:41.0732 23268  [ CBAE3B36E312CE3785B62EC354B7CB39 ] EUDSKACS        C:\Windows\system32\drivers\eudskacs.sys
09:48:41.0733 23268  EUDSKACS - ok
09:48:41.0751 23268  [ CEA2D6E9489CDFFFD52026CFC3D3E2B4 ] EUFDDISK        C:\Windows\system32\drivers\EuFdDisk.sys
09:48:41.0754 23268  EUFDDISK - ok
09:48:41.0776 23268  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
09:48:41.0780 23268  EventSystem - ok
09:48:41.0807 23268  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
09:48:41.0809 23268  exfat - ok
09:48:41.0828 23268  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:48:41.0830 23268  fastfat - ok
09:48:41.0847 23268  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:48:41.0848 23268  fdc - ok
09:48:41.0866 23268  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:48:41.0867 23268  fdPHost - ok
09:48:41.0873 23268  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:48:41.0874 23268  FDResPub - ok
09:48:41.0888 23268  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:48:41.0889 23268  FileInfo - ok
09:48:41.0900 23268  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:48:41.0901 23268  Filetrace - ok
09:48:41.0912 23268  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:48:41.0913 23268  flpydisk - ok
09:48:41.0919 23268  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:48:41.0921 23268  FltMgr - ok
09:48:42.0015 23268  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:48:42.0016 23268  FontCache3.0.0.0 - ok
09:48:42.0024 23268  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:48:42.0025 23268  Fs_Rec - ok
09:48:42.0045 23268  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:48:42.0047 23268  gagp30kx - ok
09:48:42.0064 23268  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:48:42.0065 23268  GEARAspiWDM - ok
09:48:42.0085 23268  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
09:48:42.0102 23268  gpsvc - ok
09:48:42.0138 23268  [ 694D18AD32B4EEE53D2BCA1D1EE7DFBC ] Guard Agent     D:\New Folder\Todo Backup\bin\GuardAgent.exe
09:48:42.0190 23268  Guard Agent - ok
09:48:42.0270 23268  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c984a9da732b10 C:\Program Files\Google\Update\GoogleUpdate.exe
09:48:42.0272 23268  gupdate1c984a9da732b10 - ok
09:48:42.0323 23268  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:48:42.0324 23268  gupdatem - ok
09:48:42.0378 23268  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:48:42.0381 23268  gusvc - ok
09:48:42.0413 23268  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:48:42.0416 23268  HdAudAddService - ok
09:48:42.0438 23268  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:48:42.0440 23268  HDAudBus - ok
09:48:42.0456 23268  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:48:42.0457 23268  HidBth - ok
09:48:42.0472 23268  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:48:42.0473 23268  HidIr - ok
09:48:42.0500 23268  [ 53D5A2F9CE6AE47D7507727DF1DA79F8 ] hidserv         C:\Windows\System32\hidserv.dll
09:48:42.0501 23268  hidserv - ok
09:48:42.0508 23268  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:48:42.0509 23268  HidUsb - ok
09:48:42.0532 23268  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:48:42.0534 23268  hkmsvc - ok
09:48:42.0551 23268  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
09:48:42.0552 23268  HpCISSs - ok
09:48:42.0626 23268  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:48:42.0629 23268  hpqcxs08 - ok
09:48:42.0640 23268  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:48:42.0642 23268  hpqddsvc - ok
09:48:42.0688 23268  [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:48:42.0704 23268  HSF_DPV - ok
09:48:42.0759 23268  [ FE440536BD98AF772130DC3A6FE1915F ] HSXHWBS2        C:\Windows\system32\DRIVERS\HSXHWBS2.sys
09:48:42.0762 23268  HSXHWBS2 - ok
09:48:42.0788 23268  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:48:42.0793 23268  HTTP - ok
09:48:42.0811 23268  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
09:48:42.0813 23268  i2omp - ok
09:48:42.0850 23268  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:48:42.0851 23268  i8042prt - ok
09:48:42.0911 23268  [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor          C:\Windows\system32\drivers\iastor.sys
09:48:42.0915 23268  iaStor - ok
09:48:42.0951 23268  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
09:48:42.0955 23268  iaStorV - ok
09:48:43.0000 23268  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:48:43.0017 23268  idsvc - ok
09:48:43.0094 23268  [ 0627FC0C422CD6E0F23E1B0D1D9F0899 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
09:48:43.0135 23268  igfx - ok
09:48:43.0180 23268  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:48:43.0181 23268  iirsp - ok
09:48:43.0244 23268  [ 68E8C415E102E5D79FD7E4A765B8CBA4 ] IKEEXT          C:\Windows\System32\ikeext.dll
09:48:43.0250 23268  IKEEXT - ok
09:48:43.0255 23268  IntcAzAudAddService - ok
09:48:43.0286 23268  [ C7E7E43CBD34D3B0A0156B51B917DFCC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
09:48:43.0288 23268  IntcHdmiAddService - ok
09:48:43.0305 23268  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
09:48:43.0306 23268  intelide - ok
09:48:43.0320 23268  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:48:43.0322 23268  intelppm - ok
09:48:43.0347 23268  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:48:43.0349 23268  IPBusEnum - ok
09:48:43.0383 23268  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:48:43.0384 23268  IpFilterDriver - ok
09:48:43.0431 23268  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:48:43.0434 23268  iphlpsvc - ok
09:48:43.0438 23268  IpInIp - ok
09:48:43.0475 23268  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
09:48:43.0476 23268  IPMIDRV - ok
09:48:43.0491 23268  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
09:48:43.0493 23268  IPNAT - ok
09:48:43.0546 23268  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:48:43.0563 23268  iPod Service - ok
09:48:43.0618 23268  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:48:43.0619 23268  IRENUM - ok
09:48:43.0636 23268  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:48:43.0638 23268  isapnp - ok
09:48:43.0655 23268  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:48:43.0671 23268  iScsiPrt - ok
09:48:43.0694 23268  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:48:43.0696 23268  iteatapi - ok
09:48:43.0710 23268  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
09:48:43.0711 23268  iteraid - ok
09:48:43.0746 23268  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:48:43.0747 23268  kbdclass - ok
09:48:43.0758 23268  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:48:43.0759 23268  kbdhid - ok
09:48:43.0779 23268  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
09:48:43.0781 23268  KeyIso - ok
09:48:43.0805 23268  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:48:43.0811 23268  KSecDD - ok
09:48:43.0827 23268  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:48:43.0833 23268  KtmRm - ok
09:48:43.0858 23268  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:48:43.0862 23268  LanmanServer - ok
09:48:43.0887 23268  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:48:43.0891 23268  LanmanWorkstation - ok
09:48:43.0900 23268  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:48:43.0902 23268  lltdio - ok
09:48:43.0929 23268  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:48:43.0932 23268  lltdsvc - ok
09:48:43.0965 23268  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:48:43.0967 23268  lmhosts - ok
09:48:43.0985 23268  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:48:43.0986 23268  LSI_FC - ok
09:48:44.0002 23268  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:48:44.0003 23268  LSI_SAS - ok
09:48:44.0021 23268  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:48:44.0023 23268  LSI_SCSI - ok
09:48:44.0036 23268  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
09:48:44.0037 23268  luafv - ok
09:48:44.0077 23268  [ D6767D36902E4B9F9EBB2DDD3BBF1A35 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
09:48:44.0079 23268  mbamchameleon - ok
09:48:44.0125 23268  [ E6CB119EF2E148EAA1A247343550756E ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
09:48:44.0129 23268  McciCMService - ok
09:48:44.0162 23268  [ EEE1EA23C4777ADB268A36196A631200 ] McciServiceHost C:\Program Files\Common Files\Motive\McciServiceHost.exe
09:48:44.0166 23268  McciServiceHost - ok
09:48:44.0190 23268  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:48:44.0192 23268  Mcx2Svc - ok
09:48:44.0217 23268  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:48:44.0218 23268  mdmxsdk - ok
09:48:44.0228 23268  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:48:44.0230 23268  megasas - ok
09:48:44.0267 23268  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
09:48:44.0272 23268  MegaSR - ok
09:48:44.0293 23268  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
09:48:44.0295 23268  MMCSS - ok
09:48:44.0301 23268  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
09:48:44.0302 23268  Modem - ok
09:48:44.0316 23268  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:48:44.0317 23268  monitor - ok
09:48:44.0327 23268  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:48:44.0329 23268  mouclass - ok
09:48:44.0340 23268  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:48:44.0341 23268  mouhid - ok
09:48:44.0355 23268  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:48:44.0357 23268  MountMgr - ok
09:48:44.0391 23268  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:48:44.0393 23268  MozillaMaintenance - ok
09:48:44.0426 23268  [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:48:44.0428 23268  MpFilter - ok
09:48:44.0458 23268  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:48:44.0460 23268  mpio - ok
09:48:44.0481 23268  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:48:44.0483 23268  mpsdrv - ok
09:48:44.0516 23268  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:48:44.0521 23268  MpsSvc - ok
09:48:44.0545 23268  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:48:44.0546 23268  Mraid35x - ok
09:48:44.0580 23268  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
09:48:44.0581 23268  MREMP50 - ok
09:48:44.0584 23268  MREMP50a64 - ok
09:48:44.0588 23268  MREMPR5 - ok
09:48:44.0592 23268  MRENDIS5 - ok
09:48:44.0627 23268  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
09:48:44.0628 23268  MRESP50 - ok
09:48:44.0631 23268  MRESP50a64 - ok
09:48:44.0646 23268  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:48:44.0648 23268  MRxDAV - ok
09:48:44.0676 23268  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:48:44.0678 23268  mrxsmb - ok
09:48:44.0684 23268  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:48:44.0687 23268  mrxsmb10 - ok
09:48:44.0700 23268  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:48:44.0702 23268  mrxsmb20 - ok
09:48:44.0713 23268  [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:48:44.0714 23268  msahci - ok
09:48:44.0733 23268  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:48:44.0735 23268  msdsm - ok
09:48:44.0760 23268  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
09:48:44.0763 23268  MSDTC - ok
09:48:44.0781 23268  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:48:44.0782 23268  Msfs - ok
09:48:44.0808 23268  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:48:44.0809 23268  msisadrv - ok
09:48:44.0824 23268  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:48:44.0827 23268  MSiSCSI - ok
09:48:44.0833 23268  msiserver - ok
09:48:44.0850 23268  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:48:44.0851 23268  MSKSSRV - ok
09:48:44.0871 23268  MsMpSvc - ok
09:48:44.0895 23268  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:48:44.0896 23268  MSPCLOCK - ok
09:48:44.0909 23268  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:48:44.0910 23268  MSPQM - ok
09:48:44.0930 23268  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:48:44.0932 23268  MsRPC - ok
09:48:44.0943 23268  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:48:44.0945 23268  mssmbios - ok
09:48:44.0996 23268  MSSQL$SQLEXPRESS - ok
09:48:45.0031 23268  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
09:48:45.0032 23268  MSSQLServerADHelper100 - ok
09:48:45.0048 23268  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:48:45.0049 23268  MSTEE - ok
09:48:45.0052 23268  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
09:48:45.0053 23268  Mup - ok
09:48:45.0075 23268  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
09:48:45.0080 23268  napagent - ok
09:48:45.0131 23268  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:48:45.0134 23268  NativeWifiP - ok
09:48:45.0224 23268  [ C8560010A542B5DCA94C62468DC20784 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:48:45.0241 23268  NDIS - ok
09:48:45.0250 23268  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:48:45.0251 23268  NdisTapi - ok
09:48:45.0277 23268  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:48:45.0278 23268  Ndisuio - ok
09:48:45.0290 23268  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:48:45.0293 23268  NdisWan - ok
09:48:45.0308 23268  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:48:45.0309 23268  NDProxy - ok
09:48:45.0332 23268  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:48:45.0334 23268  Net Driver HPZ12 - ok
09:48:45.0338 23268  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:48:45.0339 23268  NetBIOS - ok
09:48:45.0347 23268  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
09:48:45.0350 23268  netbt - ok
09:48:45.0363 23268  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
09:48:45.0364 23268  Netlogon - ok
09:48:45.0378 23268  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
09:48:45.0383 23268  Netman - ok
09:48:45.0394 23268  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
09:48:45.0399 23268  netprofm - ok
09:48:45.0424 23268  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:48:45.0427 23268  NetTcpPortSharing - ok
09:48:45.0442 23268  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:48:45.0444 23268  nfrd960 - ok
09:48:45.0479 23268  [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:48:45.0481 23268  NisDrv - ok
09:48:45.0484 23268  NisSrv - ok
09:48:45.0509 23268  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:48:45.0513 23268  NlaSvc - ok
09:48:45.0516 23268  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:48:45.0518 23268  Npfs - ok
09:48:45.0528 23268  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
09:48:45.0530 23268  nsi - ok
09:48:45.0541 23268  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:48:45.0542 23268  nsiproxy - ok
09:48:45.0622 23268  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:48:45.0636 23268  Ntfs - ok
09:48:45.0648 23268  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
09:48:45.0649 23268  ntrigdigi - ok
09:48:45.0665 23268  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
09:48:45.0666 23268  Null - ok
09:48:45.0691 23268  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:48:45.0693 23268  nvraid - ok
09:48:45.0714 23268  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:48:45.0715 23268  nvstor - ok
09:48:45.0735 23268  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:48:45.0737 23268  nv_agp - ok
09:48:45.0741 23268  NwlnkFlt - ok
09:48:45.0746 23268  NwlnkFwd - ok
09:48:45.0809 23268  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:48:45.0815 23268  odserv - ok
09:48:45.0847 23268  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
09:48:45.0848 23268  ohci1394 - ok
09:48:45.0889 23268  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:48:45.0891 23268  ose - ok
09:48:45.0908 23268  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:48:45.0925 23268  p2pimsvc - ok
09:48:45.0935 23268  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:48:45.0939 23268  p2psvc - ok
09:48:45.0967 23268  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
09:48:45.0969 23268  Parport - ok
09:48:45.0990 23268  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:48:45.0991 23268  partmgr - ok
09:48:46.0007 23268  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
09:48:46.0008 23268  Parvdm - ok
09:48:46.0014 23268  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:48:46.0017 23268  PcaSvc - ok
09:48:46.0033 23268  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
09:48:46.0035 23268  pci - ok
09:48:46.0060 23268  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
09:48:46.0061 23268  pciide - ok
09:48:46.0081 23268  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:48:46.0084 23268  pcmcia - ok
09:48:46.0117 23268  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:48:46.0134 23268  PEAUTH - ok
09:48:46.0174 23268  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
09:48:46.0199 23268  pla - ok
09:48:46.0222 23268  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:48:46.0226 23268  PlugPlay - ok
09:48:46.0260 23268  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:48:46.0262 23268  Pml Driver HPZ12 - ok
09:48:46.0302 23268  [ FAB495F1DEFEB596C44B9752A25E2A60 ] pmxmouse        C:\Windows\system32\DRIVERS\pmxmouse.sys
09:48:46.0303 23268  pmxmouse - ok
09:48:46.0313 23268  [ 020EAE9DFE3CD277994CE60E4C2C71CF ] pmxusblf        C:\Windows\system32\DRIVERS\pmxusblf.sys
09:48:46.0314 23268  pmxusblf - ok
09:48:46.0333 23268  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
09:48:46.0338 23268  PNRPAutoReg - ok
09:48:46.0349 23268  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
09:48:46.0354 23268  PNRPsvc - ok
09:48:46.0375 23268  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:48:46.0381 23268  PolicyAgent - ok
09:48:46.0395 23268  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:48:46.0396 23268  PptpMiniport - ok
09:48:46.0407 23268  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
09:48:46.0408 23268  Processor - ok
09:48:46.0431 23268  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:48:46.0434 23268  ProfSvc - ok
09:48:46.0446 23268  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:48:46.0447 23268  ProtectedStorage - ok
09:48:46.0466 23268  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:48:46.0468 23268  PSched - ok
09:48:46.0496 23268  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
09:48:46.0497 23268  PxHelp20 - ok
09:48:46.0534 23268  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:48:46.0559 23268  ql2300 - ok
09:48:46.0607 23268  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:48:46.0609 23268  ql40xx - ok
09:48:46.0642 23268  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
09:48:46.0646 23268  QWAVE - ok
09:48:46.0655 23268  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:48:46.0656 23268  QWAVEdrv - ok
09:48:46.0779 23268  [ E642B131FB74CAF4BB8A014F31113142 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
09:48:46.0812 23268  R300 - ok
09:48:46.0835 23268  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:48:46.0836 23268  RasAcd - ok
09:48:46.0851 23268  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
09:48:46.0854 23268  RasAuto - ok
09:48:46.0867 23268  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:48:46.0869 23268  Rasl2tp - ok
09:48:46.0898 23268  [ AFB474438762F0418060653F7294D92C ] RasMan          C:\Windows\System32\rasmans.dll
09:48:46.0902 23268  RasMan - ok
09:48:46.0915 23268  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:48:46.0916 23268  RasPppoe - ok
09:48:46.0923 23268  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:48:46.0924 23268  RasSstp - ok
09:48:46.0941 23268  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:48:46.0944 23268  rdbss - ok
09:48:46.0958 23268  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:48:46.0959 23268  RDPCDD - ok
09:48:46.0989 23268  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
09:48:46.0992 23268  rdpdr - ok
09:48:46.0996 23268  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:48:46.0998 23268  RDPENCDD - ok
09:48:47.0036 23268  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:48:47.0039 23268  RDPWD - ok
09:48:47.0066 23268  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:48:47.0068 23268  RemoteAccess - ok
09:48:47.0080 23268  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:48:47.0083 23268  RemoteRegistry - ok
09:48:47.0140 23268  RoxLiveShare10 - ok
09:48:47.0164 23268  [ C75FDA9AB3314E555123673E08F9D86D ] RoxWatch10      C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
09:48:47.0167 23268  RoxWatch10 - ok
09:48:47.0188 23268  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
09:48:47.0190 23268  RpcLocator - ok
09:48:47.0204 23268  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\System32\rpcss.dll
09:48:47.0209 23268  RpcSs - ok
09:48:47.0250 23268  [ FEDD2710B75BE3ECF078ADACE790C423 ] RsFx0102        C:\Windows\system32\DRIVERS\RsFx0102.sys
09:48:47.0254 23268  RsFx0102 - ok
09:48:47.0273 23268  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:48:47.0275 23268  rspndr - ok
09:48:47.0289 23268  [ 125C504A34D0A2E152517E342E7E432C ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
09:48:47.0291 23268  RTL8169 - ok
09:48:47.0314 23268  [ 7F8D15EE000577BE703537849D4F9397 ] RtNdPt60        C:\Windows\system32\DRIVERS\RtNdPt60.sys
09:48:47.0317 23268  RtNdPt60 - ok
09:48:47.0326 23268  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
09:48:47.0327 23268  SamSs - ok
09:48:47.0366 23268  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:48:47.0368 23268  sbp2port - ok
09:48:47.0413 23268  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:48:47.0418 23268  SCardSvr - ok
09:48:47.0453 23268  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
09:48:47.0470 23268  Schedule - ok
09:48:47.0484 23268  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:48:47.0485 23268  SCPolicySvc - ok
09:48:47.0505 23268  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:48:47.0516 23268  SDRSVC - ok
09:48:47.0531 23268  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:48:47.0535 23268  secdrv - ok
09:48:47.0545 23268  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
09:48:47.0551 23268  seclogon - ok
09:48:47.0607 23268  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
09:48:47.0614 23268  SENS - ok
09:48:47.0631 23268  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:48:47.0632 23268  Serenum - ok
09:48:47.0663 23268  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
09:48:47.0666 23268  Serial - ok
09:48:47.0708 23268  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:48:47.0710 23268  sermouse - ok
09:48:47.0735 23268  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:48:47.0738 23268  SessionEnv - ok
09:48:47.0765 23268  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:48:47.0766 23268  sffdisk - ok
09:48:47.0785 23268  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:48:47.0787 23268  sffp_mmc - ok
09:48:47.0802 23268  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:48:47.0803 23268  sffp_sd - ok
09:48:47.0819 23268  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:48:47.0877 23268  sfloppy - ok
09:48:47.0909 23268  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:48:47.0981 23268  SharedAccess - ok
09:48:48.0043 23268  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:48:48.0075 23268  ShellHWDetection - ok
09:48:48.0116 23268  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:48:48.0118 23268  sisagp - ok
09:48:48.0141 23268  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:48:48.0142 23268  SiSRaid2 - ok
09:48:48.0156 23268  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:48:48.0158 23268  SiSRaid4 - ok
09:48:48.0211 23268  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
09:48:48.0302 23268  slsvc - ok
09:48:48.0310 23268  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:48:48.0312 23268  SLUINotify - ok
09:48:48.0321 23268  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:48:48.0323 23268  Smb - ok
09:48:48.0385 23268  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:48:48.0387 23268  SNMPTRAP - ok
09:48:48.0439 23268  [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
09:48:48.0440 23268  Sony SCSI Helper Service - ok
09:48:48.0453 23268  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
09:48:48.0454 23268  spldr - ok
09:48:48.0485 23268  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
09:48:48.0488 23268  Spooler - ok
09:48:48.0540 23268  [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
09:48:48.0543 23268  sprtsvc_DellSupportCenter - ok
09:48:48.0584 23268  [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
09:48:48.0609 23268  SQLAgent$SQLEXPRESS - ok
09:48:48.0645 23268  [ 99DE6ACFA5CA83FAD6A765C81C6F129F ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:48:48.0648 23268  SQLBrowser - ok
09:48:48.0658 23268  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:48:48.0660 23268  SQLWriter - ok
09:48:48.0689 23268  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:48:48.0705 23268  srv - ok
09:48:48.0776 23268  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:48:48.0779 23268  srv2 - ok
09:48:48.0807 23268  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:48:48.0809 23268  srvnet - ok
09:48:48.0826 23268  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:48:48.0830 23268  SSDPSRV - ok
09:48:48.0858 23268  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:48:48.0862 23268  SstpSvc - ok
09:48:48.0901 23268  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
09:48:48.0918 23268  stisvc - ok
09:48:49.0004 23268  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:48:49.0005 23268  swenum - ok
09:48:49.0032 23268  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
09:48:49.0037 23268  swprv - ok
09:48:49.0065 23268  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
09:48:49.0066 23268  Symc8xx - ok
09:48:49.0096 23268  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:48:49.0097 23268  Sym_hi - ok
09:48:49.0111 23268  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:48:49.0113 23268  Sym_u3 - ok
09:48:49.0134 23268  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
09:48:49.0151 23268  SysMain - ok
09:48:49.0159 23268  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:48:49.0162 23268  TabletInputService - ok
09:48:49.0177 23268  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:48:49.0210 23268  TapiSrv - ok
09:48:49.0234 23268  [ 27A2C318CD28CFB3EB2200FD96AF1E58 ] tapvpn          C:\Windows\system32\DRIVERS\tapvpn.sys
09:48:49.0235 23268  tapvpn - ok
09:48:49.0245 23268  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
09:48:49.0248 23268  TBS - ok
09:48:49.0293 23268  [ 6216A954ED7045B62880A92D6C9B9FC7 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:48:49.0309 23268  Tcpip - ok
09:48:49.0323 23268  [ 6216A954ED7045B62880A92D6C9B9FC7 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:48:49.0328 23268  Tcpip6 - ok
09:48:49.0381 23268  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:48:49.0382 23268  tcpipreg - ok
09:48:49.0466 23268  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:48:49.0467 23268  TDPIPE - ok
09:48:49.0483 23268  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:48:49.0484 23268  TDTCP - ok
09:48:49.0501 23268  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:48:49.0503 23268  tdx - ok
09:48:49.0528 23268  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:48:49.0530 23268  TermDD - ok
09:48:49.0549 23268  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
09:48:49.0567 23268  TermService - ok
09:48:49.0610 23268  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
09:48:49.0614 23268  Themes - ok
09:48:49.0626 23268  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
09:48:49.0628 23268  THREADORDER - ok
09:48:49.0648 23268  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
09:48:49.0652 23268  TrkWks - ok
09:48:49.0671 23268  TrueSight - ok
09:48:49.0719 23268  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:48:49.0720 23268  TrustedInstaller - ok
09:48:49.0742 23268  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:48:49.0744 23268  tssecsrv - ok
09:48:49.0761 23268  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
09:48:49.0762 23268  tunmp - ok
09:48:49.0796 23268  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:48:49.0798 23268  tunnel - ok
09:48:49.0826 23268  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:48:49.0828 23268  uagp35 - ok
09:48:49.0859 23268  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:48:49.0862 23268  udfs - ok
09:48:49.0934 23268  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:48:49.0937 23268  UI0Detect - ok
09:48:49.0963 23268  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:48:49.0966 23268  uliagpkx - ok
09:48:49.0991 23268  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
09:48:49.0994 23268  uliahci - ok
09:48:50.0012 23268  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:48:50.0013 23268  UlSata - ok
09:48:50.0030 23268  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
09:48:50.0032 23268  ulsata2 - ok
09:48:50.0060 23268  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:48:50.0061 23268  umbus - ok
09:48:50.0080 23268  [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
09:48:50.0081 23268  UMPass - ok
09:48:50.0097 23268  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
09:48:50.0102 23268  upnphost - ok
09:48:50.0128 23268  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
09:48:50.0130 23268  USBAAPL - ok
09:48:50.0149 23268  [ 79A58D49E042E80F1909D8ED0A3C47A8 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:48:50.0151 23268  usbccgp - ok
09:48:50.0165 23268  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:48:50.0166 23268  usbcir - ok
09:48:50.0187 23268  [ 8BD8E10A930235A67A10346D5F5029E2 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:48:50.0188 23268  usbehci - ok
09:48:50.0201 23268  [ 5146760CA7EA58E4DD5E2E1D418D7011 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:48:50.0204 23268  usbhub - ok
09:48:50.0217 23268  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:48:50.0218 23268  usbohci - ok
09:48:50.0234 23268  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:48:50.0235 23268  usbprint - ok
09:48:50.0243 23268  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
09:48:50.0245 23268  usbscan - ok
09:48:50.0276 23268  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:48:50.0277 23268  USBSTOR - ok
09:48:50.0308 23268  [ 0D815D51FD8EA5F9CB6B85C122CDDBF6 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:48:50.0309 23268  usbuhci - ok
09:48:50.0318 23268  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
09:48:50.0320 23268  UxSms - ok
09:48:50.0349 23268  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
09:48:50.0357 23268  vds - ok
09:48:50.0373 23268  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:48:50.0375 23268  vga - ok
09:48:50.0380 23268  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:48:50.0381 23268  VgaSave - ok
09:48:50.0403 23268  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:48:50.0404 23268  viaagp - ok
09:48:50.0433 23268  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
09:48:50.0435 23268  ViaC7 - ok
09:48:50.0451 23268  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
09:48:50.0452 23268  viaide - ok
09:48:50.0457 23268  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:48:50.0459 23268  volmgr - ok
09:48:50.0474 23268  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:48:50.0479 23268  volmgrx - ok
09:48:50.0491 23268  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:48:50.0494 23268  volsnap - ok
09:48:50.0518 23268  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:48:50.0521 23268  vsmraid - ok
09:48:50.0560 23268  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
09:48:50.0577 23268  VSS - ok
09:48:50.0624 23268  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
09:48:50.0629 23268  W32Time - ok
09:48:50.0646 23268  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:48:50.0647 23268  WacomPen - ok
09:48:50.0663 23268  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:48:50.0665 23268  Wanarp - ok
09:48:50.0668 23268  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:48:50.0669 23268  Wanarpv6 - ok
09:48:50.0684 23268  wbengine - ok
09:48:50.0692 23268  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:48:50.0699 23268  wcncsvc - ok
09:48:50.0710 23268  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:48:50.0713 23268  WcsPlugInService - ok
09:48:50.0727 23268  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
09:48:50.0728 23268  Wd - ok
09:48:50.0750 23268  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:48:50.0755 23268  Wdf01000 - ok
09:48:50.0763 23268  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:48:50.0766 23268  WdiServiceHost - ok
09:48:50.0769 23268  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:48:50.0772 23268  WdiSystemHost - ok
09:48:50.0787 23268  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
09:48:50.0791 23268  WebClient - ok
09:48:50.0821 23268  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:48:50.0825 23268  Wecsvc - ok
09:48:50.0833 23268  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:48:50.0836 23268  wercplsupport - ok
09:48:50.0866 23268  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:48:50.0870 23268  WerSvc - ok
09:48:50.0943 23268  [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:48:50.0960 23268  winachsf - ok
09:48:51.0000 23268  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:48:51.0004 23268  WinDefend - ok
09:48:51.0010 23268  WinHttpAutoProxySvc - ok
09:48:51.0046 23268  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:48:51.0048 23268  Winmgmt - ok
09:48:51.0092 23268  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:48:51.0150 23268  WinRM - ok
09:48:51.0191 23268  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:48:51.0208 23268  Wlansvc - ok
09:48:51.0223 23268  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:48:51.0224 23268  WmiAcpi - ok
09:48:51.0245 23268  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:48:51.0247 23268  wmiApSrv - ok
09:48:51.0275 23268  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:48:51.0292 23268  WMPNetworkSvc - ok
09:48:51.0304 23268  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:48:51.0308 23268  WPCSvc - ok
09:48:51.0323 23268  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:48:51.0326 23268  WPDBusEnum - ok
09:48:51.0356 23268  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:48:51.0357 23268  WpdUsb - ok
09:48:51.0396 23268  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:48:51.0406 23268  WPFFontCache_v0400 - ok
09:48:51.0430 23268  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:48:51.0432 23268  ws2ifsl - ok
09:48:51.0442 23268  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\system32\wscsvc.dll
09:48:51.0445 23268  wscsvc - ok
09:48:51.0449 23268  WSearch - ok
09:48:51.0506 23268  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:48:51.0539 23268  wuauserv - ok
09:48:51.0558 23268  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:48:51.0560 23268  WUDFRd - ok
09:48:51.0566 23268  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:48:51.0569 23268  wudfsvc - ok
09:48:51.0618 23268  [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
09:48:51.0619 23268  XAudio - ok
09:48:51.0634 23268  [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
09:48:51.0639 23268  XAudioService - ok
09:48:51.0667 23268  [ 556B5CFE8D21B256ADD7F87D7F4B4123 ] {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} C:\Program Files\CyberLink\PowerDVD DX\000.fcl
09:48:51.0669 23268  {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
09:48:51.0671 23268  ================ Scan global ===============================
09:48:51.0690 23268  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:48:51.0720 23268  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
09:48:51.0734 23268  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
09:48:51.0763 23268  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
09:48:51.0768 23268  [Global] - ok
09:48:51.0769 23268  ================ Scan MBR ==================================
09:48:51.0777 23268  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:48:52.0000 23268  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:48:52.0000 23268  \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:48:52.0000 23268  ================ Scan VBR ==================================
09:48:52.0025 23268  [ C2B4EC0331073598D55833D2396BB92A ] \Device\Harddisk0\DR0\Partition1
09:48:52.0026 23268  \Device\Harddisk0\DR0\Partition1 - ok
09:48:52.0029 23268  [ 1C9928517C6966DA0AD63292EF062CB7 ] \Device\Harddisk0\DR0\Partition2
09:48:52.0030 23268  \Device\Harddisk0\DR0\Partition2 - ok
09:48:52.0031 23268  ============================================================
09:48:52.0031 23268  Scan finished
09:48:52.0031 23268  ============================================================
09:48:52.0040 24096  Detected object count: 1
09:48:52.0040 24096  Actual detected object count: 1
09:50:59.0997 24096  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:50:59.0997 24096  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
 



#12 DoyleLarry

DoyleLarry
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 16 July 2013 - 01:27 PM

C:\Documents and Settings\FamilyResolutions\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HHFU37XV\lebiracogifts_net[1].htm    JS/TrojanDownloader.FraudLoad.NBF trojan
C:\Documents and Settings\FamilyResolutions\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\30736742-13b26689    probably a variant of Win32/Agent.FQWXKXL trojan
C:\Documents and Settings\FamilyResolutions\Desktop\New Folder\cbsidlm-cbsi118-Pandora_Recovery-ORG-10694796.exe    probably a variant of Win32/CNETInstaller.A application
C:\Documents and Settings\FamilyResolutions\Desktop\New Folder\InternationalPrimoPDF.exe    Win32/OpenCandy application
C:\Documents and Settings\FamilyResolutions\Desktop\New Folder\PhotoScape_V3.6.5.exe    Win32/OpenCandy application
C:\Documents and Settings\FamilyResolutions\Desktop\New Folder\tb_free.exe    a variant of Win32/TFTPD32.A application
C:\Documents and Settings\Guest\AppData\Local\Mozilla\Firefox\Profiles\h7vqhc1a.default\Cache\62E52DC0d01    Win32/Toolbar.Inbox.A application
C:\Program Files\Mozilla Firefox\browser\nsprotector.js    Win32/Conduit.SearchProtect.A application
C:\Users\FamilyResolutions\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HHFU37XV\lebiracogifts_net[1].htm    JS/TrojanDownloader.FraudLoad.NBF trojan
C:\Users\FamilyResolutions\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\30736742-13b26689    probably a variant of Win32/Agent.FQWXKXL trojan
C:\Users\FamilyResolutions\Desktop\New Folder\cbsidlm-cbsi118-Pandora_Recovery-ORG-10694796.exe    probably a variant of Win32/CNETInstaller.A application
C:\Users\FamilyResolutions\Desktop\New Folder\InternationalPrimoPDF.exe    Win32/OpenCandy application
C:\Users\FamilyResolutions\Desktop\New Folder\PhotoScape_V3.6.5.exe    Win32/OpenCandy application
C:\Users\FamilyResolutions\Desktop\New Folder\tb_free.exe    a variant of Win32/TFTPD32.A application
C:\Users\Guest\AppData\Local\Mozilla\Firefox\Profiles\h7vqhc1a.default\Cache\62E52DC0d01    Win32/Toolbar.Inbox.A application
D:\New Folder\Todo Backup\bin\PxeServer.dll    a variant of Win32/TFTPD32.A application
 

 



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 16 July 2013 - 04:45 PM

Yes that was the correct thing to do.  Now I'd like you to run TDSSKiller again, this time let it quarantine that detection when it comes up.

 

Once you've done that, please do this to take care of most of those ESET detections.  The others are freeware apps (Pandora_Recovery, InternationalPrimoPDF, PhotoScape) that are being flagged because they contain ads or come with toolbars.  I'll leave those up to you - uninstall them if you no longer want them.

 

icon11.gif  Download TFC to your desktop

  • Close any open windows.

  • Double click the TFC icon to run the program

  • TFC will close all open programs itself in order to run,

  • Click the Start button to begin the process.

  • Allow TFC to run uninterrupted.

  • The program should not take long to finish it's job

  • Once its finished it should automatically reboot your machine,

  • if it doesn't,  manually reboot to ensure a complete clean

Next, please let me know how your computer is running now.  Are there any unresolved issues?


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 27 July 2013 - 11:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users