Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible trojan. Goplayer.exe


  • This topic is locked This topic is locked
21 replies to this topic

#1 Neithan2208

Neithan2208

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 10 August 2013 - 07:07 PM

My computer has been running really slow, freezing up all the time. a few weeks ago, when i played a video, an add automatically downloaded goplayer.exe onto my PC. I immediately deleted it, but PC started running slow afterwards.

The download was titled either downloadsetup or goplayer.exe. 

 

Please help if you can, I originally posted this a couple weeks ago, but had surgery a few days later, and was unable to respond to my post, and it was closed. Will tip if I am helped!

 

Here are my DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.21.2
Run by John at 19:55:13 on 2013-08-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3032.879 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = :0
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxps://lms.hilton.com/courses/authorwareplayer/awswaxd.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A9D1D6D0-A687-4FED-867F-7066BEDCC00F} : DHCPNameServer = 166.102.165.11 166.102.165.13 4.2.2.3 8.8.8.8
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B}\0596471602059647 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B}\2456C6B696E6E253038324 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 68.87.73.246 68.87.71.230
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B}\2656C6B696E6E2134356 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B}\34964797F466348616D60796F6E637 : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tbyqwsgh.default-1370834506562\
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-9 55856]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-5-16 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-5-16 55296]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-6-13 9216]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-13 248248]
R2 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
R2 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-10-9 172704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-9 215552]
R3 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2010-3-11 291352]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-9 648432]
S4 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
.
=============== Created Last 30 ================
.
2013-08-10 23:48:22 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9499E3A4-4487-4E69-9640-BF5B8655740C}\mpengine.dll
2013-08-09 23:01:25 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-28 10:57:59 91544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2013-07-17 05:47:40 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-07-17 05:47:33 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AB909767-0704-4A54-B971-2F1DC2E70491}\gapaengine.dll
2013-07-14 07:01:49 -------- d-----w- C:\Windows\System32\MRT
2013-07-12 07:23:59 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-12 07:08:09 -------- d-----w- C:\Windows\PCHEALTH
.
==================== Find3M  ====================
.
2013-06-13 03:04:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-13 03:04:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 05:40:20 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 05:40:16 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-11 05:40:16 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-16 04:07:08 3920384 ----a-w- C:\Windows\System32\python33.dll
2013-05-16 04:06:12 93696 ----a-w- C:\Windows\py.exe
2013-05-16 04:06:10 94208 ----a-w- C:\Windows\pyw.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
.
============= FINISH: 20:00:10.36 ===============
 

Thanks for your time!!!!



BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 13 August 2013 - 10:29 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, Neithan2208

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 13 August 2013 - 10:29 PM

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 Neithan2208

Neithan2208
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 17 August 2013 - 01:55 AM

Sorry 4 taking so long to post back. Here are the aswMBR log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-17 01:03:15
-----------------------------
01:03:15.784    OS Version: Windows x64 6.1.7601 Service Pack 1
01:03:15.784    Number of processors: 2 586 0x170A
01:03:15.785    ComputerName: JOHNSLAPTOP  UserName: John
01:03:17.589    Initialize success
01:05:03.969    AVAST engine defs: 13081601
01:08:05.888    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:08:05.895    Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
01:08:06.139    Disk 0 MBR read successfully
01:08:06.142    Disk 0 MBR scan
01:08:06.348    Disk 0 Windows VISTA default MBR code
01:08:06.383    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      298 MB offset 63
01:08:06.424    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        19328 MB offset 612352
01:08:06.499    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       218847 MB offset 40196096
01:08:06.745    Disk 0 scanning C:\Windows\system32\drivers
01:08:33.124    Service scanning
01:09:56.474    Modules scanning
01:09:56.487    Disk 0 trace - called modules:
01:09:56.530    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
01:09:56.587    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fce790]
01:09:56.597    3 CLASSPNP.SYS[fffff880013b243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002de7050]
01:09:59.152    AVAST engine scan C:\Windows
01:10:06.286    AVAST engine scan C:\Windows\system32
01:18:33.310    AVAST engine scan C:\Windows\system32\drivers
01:19:02.143    AVAST engine scan C:\Users\John
01:45:01.570    AVAST engine scan C:\ProgramData
01:49:28.509    Scan finished successfully
01:50:43.481    Disk 0 MBR has been saved successfully to "C:\Users\John\Documents\MBR.dat"
01:50:43.599    The log file has been saved successfully to "C:\Users\John\Documents\aswMBR.txt"
 
TDS Logs
 
01:52:34.0937 3132  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:52:35.0892 3132  ============================================================
01:52:35.0892 3132  Current date / time: 2013/08/17 01:52:35.0892
01:52:35.0892 3132  SystemInfo:
01:52:35.0892 3132  
01:52:35.0892 3132  OS Version: 6.1.7601 ServicePack: 1.0
01:52:35.0892 3132  Product type: Workstation
01:52:35.0892 3132  ComputerName: JOHNSLAPTOP
01:52:35.0892 3132  UserName: John
01:52:35.0892 3132  Windows directory: C:\Windows
01:52:35.0893 3132  System windows directory: C:\Windows
01:52:35.0893 3132  Running under WOW64
01:52:35.0893 3132  Processor architecture: Intel x64
01:52:35.0893 3132  Number of processors: 2
01:52:35.0893 3132  Page size: 0x1000
01:52:35.0893 3132  Boot type: Normal boot
01:52:35.0893 3132  ============================================================
01:52:45.0468 3132  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:52:45.0548 3132  ============================================================
01:52:45.0548 3132  \Device\Harddisk0\DR0:
01:52:45.0549 3132  MBR partitions:
01:52:45.0549 3132  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x95800, BlocksNum 0x25C0000
01:52:45.0549 3132  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2655800, BlocksNum 0x1AB6F970
01:52:45.0549 3132  ============================================================
01:52:45.0619 3132  C: <-> \Device\Harddisk0\DR0\Partition2
01:52:45.0722 3132  ============================================================
01:52:45.0722 3132  Initialize success
01:52:45.0722 3132  ============================================================
01:53:09.0800 4724  ============================================================
01:53:09.0800 4724  Scan started
01:53:09.0800 4724  Mode: Manual; 
01:53:09.0800 4724  ============================================================
01:53:12.0557 4724  ================ Scan system memory ========================
01:53:12.0557 4724  System memory - ok
01:53:12.0558 4724  ================ Scan services =============================
01:53:13.0352 4724  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:53:13.0356 4724  1394ohci - ok
01:53:13.0459 4724  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:53:13.0464 4724  ACPI - ok
01:53:13.0550 4724  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:53:13.0551 4724  AcpiPmi - ok
01:53:13.0918 4724  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:53:13.0942 4724  AdobeFlashPlayerUpdateSvc - ok
01:53:14.0052 4724  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
01:53:14.0059 4724  adp94xx - ok
01:53:14.0165 4724  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
01:53:14.0186 4724  adpahci - ok
01:53:14.0214 4724  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
01:53:14.0217 4724  adpu320 - ok
01:53:14.0298 4724  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:53:14.0299 4724  AeLookupSvc - ok
01:53:14.0407 4724  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
01:53:14.0414 4724  AFD - ok
01:53:14.0726 4724  [ 7E077309910CE334C3B2B7B8665A55C4 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
01:53:14.0827 4724  AffinegyService - ok
01:53:14.0960 4724  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:53:14.0961 4724  agp440 - ok
01:53:15.0195 4724  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
01:53:15.0197 4724  ALG - ok
01:53:15.0262 4724  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:53:15.0264 4724  aliide - ok
01:53:15.0388 4724  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:53:15.0389 4724  amdide - ok
01:53:15.0502 4724  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
01:53:15.0503 4724  AmdK8 - ok
01:53:15.0540 4724  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
01:53:15.0541 4724  AmdPPM - ok
01:53:15.0627 4724  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:53:15.0630 4724  amdsata - ok
01:53:15.0689 4724  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
01:53:15.0693 4724  amdsbs - ok
01:53:15.0751 4724  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:53:15.0753 4724  amdxata - ok
01:53:15.0849 4724  [ 1412E9A88FE1F7E35CE6058A2EF03664 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
01:53:15.0853 4724  ApfiltrService - ok
01:53:15.0985 4724  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
01:53:15.0986 4724  AppID - ok
01:53:16.0045 4724  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:53:16.0047 4724  AppIDSvc - ok
01:53:16.0103 4724  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
01:53:16.0105 4724  Appinfo - ok
01:53:16.0269 4724  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:53:16.0270 4724  Apple Mobile Device - ok
01:53:16.0417 4724  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
01:53:16.0419 4724  arc - ok
01:53:16.0466 4724  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
01:53:16.0468 4724  arcsas - ok
01:53:16.0543 4724  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:53:16.0544 4724  AsyncMac - ok
01:53:16.0653 4724  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
01:53:16.0655 4724  atapi - ok
01:53:16.0827 4724  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:53:16.0835 4724  AudioEndpointBuilder - ok
01:53:16.0847 4724  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:53:16.0852 4724  AudioSrv - ok
01:53:16.0949 4724  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:53:16.0951 4724  AxInstSV - ok
01:53:17.0027 4724  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
01:53:17.0034 4724  b06bdrv - ok
01:53:17.0110 4724  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:53:17.0114 4724  b57nd60a - ok
01:53:17.0244 4724  [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
01:53:17.0245 4724  BCM42RLY - ok
01:53:18.0528 4724  [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
01:53:18.0627 4724  BCM43XX - ok
01:53:18.0689 4724  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:53:18.0691 4724  BDESVC - ok
01:53:18.0715 4724  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:53:18.0716 4724  Beep - ok
01:53:18.0957 4724  [ 299E54DB3638A18E47BD3A2D2EF499F7 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
01:53:18.0960 4724  Belkin Local Backup Service - ok
01:53:18.0983 4724  [ E62A04D615A8CAC83601E1F07C010D3C ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
01:53:18.0985 4724  Belkin Network USB Helper - ok
01:53:19.0264 4724  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
01:53:19.0273 4724  BFE - ok
01:53:19.0453 4724  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
01:53:19.0491 4724  BITS - ok
01:53:19.0525 4724  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
01:53:19.0527 4724  blbdrive - ok
01:53:19.0612 4724  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:53:19.0619 4724  Bonjour Service - ok
01:53:19.0793 4724  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:53:19.0795 4724  bowser - ok
01:53:19.0866 4724  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:53:19.0868 4724  BrFiltLo - ok
01:53:19.0907 4724  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:53:19.0908 4724  BrFiltUp - ok
01:53:20.0016 4724  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
01:53:20.0019 4724  BridgeMP - ok
01:53:20.0086 4724  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
01:53:20.0088 4724  Browser - ok
01:53:20.0173 4724  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:53:20.0178 4724  Brserid - ok
01:53:20.0304 4724  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:53:20.0306 4724  BrSerWdm - ok
01:53:20.0341 4724  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:53:20.0342 4724  BrUsbMdm - ok
01:53:20.0401 4724  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:53:20.0403 4724  BrUsbSer - ok
01:53:20.0450 4724  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
01:53:20.0451 4724  BTHMODEM - ok
01:53:20.0557 4724  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
01:53:20.0559 4724  bthserv - ok
01:53:20.0567 4724  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:53:20.0569 4724  cdfs - ok
01:53:20.0658 4724  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
01:53:20.0661 4724  cdrom - ok
01:53:20.0775 4724  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
01:53:20.0777 4724  CertPropSvc - ok
01:53:20.0854 4724  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
01:53:20.0856 4724  circlass - ok
01:53:21.0090 4724  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:53:21.0095 4724  CLFS - ok
01:53:21.0162 4724  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:53:21.0166 4724  clr_optimization_v2.0.50727_32 - ok
01:53:21.0300 4724  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:53:21.0304 4724  clr_optimization_v2.0.50727_64 - ok
01:53:21.0466 4724  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:53:22.0222 4724  clr_optimization_v4.0.30319_32 - ok
01:53:22.0379 4724  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:53:22.0382 4724  clr_optimization_v4.0.30319_64 - ok
01:53:22.0475 4724  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
01:53:22.0476 4724  CmBatt - ok
01:53:22.0584 4724  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:53:22.0585 4724  cmdide - ok
01:53:22.0930 4724  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
01:53:22.0936 4724  CNG - ok
01:53:23.0129 4724  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
01:53:23.0130 4724  Compbatt - ok
01:53:23.0193 4724  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:53:23.0195 4724  CompositeBus - ok
01:53:23.0207 4724  COMSysApp - ok
01:53:23.0237 4724  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
01:53:23.0239 4724  crcdisk - ok
01:53:23.0365 4724  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:53:23.0368 4724  CryptSvc - ok
01:53:23.0411 4724  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
01:53:23.0414 4724  CtClsFlt - ok
01:53:23.0646 4724  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:53:23.0653 4724  DcomLaunch - ok
01:53:23.0717 4724  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
01:53:23.0723 4724  defragsvc - ok
01:53:23.0789 4724  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:53:23.0791 4724  DfsC - ok
01:53:23.0937 4724  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:53:23.0942 4724  Dhcp - ok
01:53:24.0644 4724  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:53:24.0646 4724  discache - ok
01:53:24.0685 4724  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
01:53:24.0686 4724  Disk - ok
01:53:24.0811 4724  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:53:24.0815 4724  Dnscache - ok
01:53:25.0069 4724  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
01:53:25.0072 4724  DockLoginService - ok
01:53:25.0220 4724  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:53:25.0223 4724  dot3svc - ok
01:53:25.0330 4724  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
01:53:25.0332 4724  DPS - ok
01:53:26.0373 4724  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:53:26.0375 4724  drmkaud - ok
01:53:26.0489 4724  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:53:26.0502 4724  DXGKrnl - ok
01:53:26.0605 4724  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
01:53:26.0620 4724  EapHost - ok
01:53:26.0835 4724  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
01:53:26.0909 4724  ebdrv - ok
01:53:26.0990 4724  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
01:53:26.0992 4724  EFS - ok
01:53:27.0158 4724  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:53:27.0167 4724  ehRecvr - ok
01:53:27.0211 4724  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
01:53:27.0213 4724  ehSched - ok
01:53:27.0355 4724  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
01:53:27.0361 4724  elxstor - ok
01:53:27.0435 4724  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:53:27.0436 4724  ErrDev - ok
01:53:28.0041 4724  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
01:53:28.0047 4724  EventSystem - ok
01:53:28.0123 4724  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
01:53:28.0126 4724  exfat - ok
01:53:28.0160 4724  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:53:28.0163 4724  fastfat - ok
01:53:28.0348 4724  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
01:53:28.0357 4724  Fax - ok
01:53:28.0398 4724  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
01:53:28.0400 4724  fdc - ok
01:53:28.0432 4724  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:53:28.0434 4724  fdPHost - ok
01:53:28.0454 4724  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:53:28.0456 4724  FDResPub - ok
01:53:28.0490 4724  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:53:28.0492 4724  FileInfo - ok
01:53:28.0554 4724  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:53:28.0555 4724  Filetrace - ok
01:53:28.0629 4724  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
01:53:28.0717 4724  flpydisk - ok
01:53:28.0799 4724  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:53:28.0804 4724  FltMgr - ok
01:53:28.0978 4724  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
01:53:28.0993 4724  FontCache - ok
01:53:29.0076 4724  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:53:29.0086 4724  FontCache3.0.0.0 - ok
01:53:29.0375 4724  [ 46532E80E18BB25D3B568DA10A160653 ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
01:53:29.0377 4724  FreemakeVideoCapture - ok
01:53:29.0444 4724  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:53:29.0446 4724  FsDepends - ok
01:53:29.0535 4724  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:53:29.0537 4724  Fs_Rec - ok
01:53:29.0653 4724  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:53:29.0657 4724  fvevol - ok
01:53:29.0700 4724  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
01:53:29.0701 4724  gagp30kx - ok
01:53:29.0827 4724  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:53:29.0829 4724  GEARAspiWDM - ok
01:53:29.0881 4724  GoToAssist - ok
01:53:29.0931 4724  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
01:53:29.0942 4724  gpsvc - ok
01:53:30.0000 4724  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:53:30.0003 4724  gupdate - ok
01:53:30.0088 4724  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:53:30.0090 4724  gupdatem - ok
01:53:30.0130 4724  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:53:30.0132 4724  hcw85cir - ok
01:53:30.0216 4724  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
01:53:30.0219 4724  HDAudBus - ok
01:53:30.0311 4724  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
01:53:30.0313 4724  HidBatt - ok
01:53:30.0361 4724  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
01:53:30.0363 4724  HidBth - ok
01:53:30.0437 4724  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
01:53:30.0495 4724  HidIr - ok
01:53:30.0640 4724  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
01:53:30.0650 4724  hidserv - ok
01:53:31.0250 4724  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:53:31.0251 4724  HidUsb - ok
01:53:31.0321 4724  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:53:31.0324 4724  hkmsvc - ok
01:53:31.0399 4724  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:53:31.0404 4724  HomeGroupListener - ok
01:53:31.0464 4724  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:53:31.0469 4724  HomeGroupProvider - ok
01:53:31.0565 4724  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:53:31.0568 4724  HpSAMD - ok
01:53:31.0704 4724  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:53:31.0753 4724  HTTP - ok
01:53:31.0836 4724  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:53:31.0838 4724  hwpolicy - ok
01:53:31.0995 4724  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:53:31.0998 4724  i8042prt - ok
01:53:32.0135 4724  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
01:53:32.0183 4724  IAANTMON - ok
01:53:32.0307 4724  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
01:53:32.0315 4724  iaStor - ok
01:53:32.0480 4724  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:53:32.0485 4724  iaStorV - ok
01:53:33.0498 4724  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:53:33.0549 4724  idsvc - ok
01:53:35.0657 4724  [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
01:53:35.0863 4724  igfx - ok
01:53:36.0014 4724  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
01:53:36.0015 4724  iirsp - ok
01:53:36.0384 4724  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:53:36.0413 4724  IKEEXT - ok
01:53:36.0580 4724  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:53:36.0581 4724  intelide - ok
01:53:36.0836 4724  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
01:53:36.0838 4724  intelppm - ok
01:53:36.0938 4724  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:53:36.0941 4724  IPBusEnum - ok
01:53:37.0065 4724  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:53:37.0067 4724  IpFilterDriver - ok
01:53:37.0429 4724  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:53:37.0439 4724  iphlpsvc - ok
01:53:37.0550 4724  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:53:37.0552 4724  IPMIDRV - ok
01:53:37.0746 4724  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:53:37.0748 4724  IPNAT - ok
01:53:38.0209 4724  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
01:53:38.0287 4724  iPod Service - ok
01:53:38.0358 4724  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:53:38.0360 4724  IRENUM - ok
01:53:38.0401 4724  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:53:38.0402 4724  isapnp - ok
01:53:38.0529 4724  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:53:38.0549 4724  iScsiPrt - ok
01:53:38.0571 4724  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
01:53:38.0573 4724  kbdclass - ok
01:53:38.0670 4724  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
01:53:38.0672 4724  kbdhid - ok
01:53:38.0736 4724  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
01:53:38.0739 4724  KeyIso - ok
01:53:38.0817 4724  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:53:38.0819 4724  KSecDD - ok
01:53:38.0870 4724  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:53:38.0873 4724  KSecPkg - ok
01:53:38.0942 4724  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:53:38.0943 4724  ksthunk - ok
01:53:39.0080 4724  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:53:39.0087 4724  KtmRm - ok
01:53:39.0224 4724  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
01:53:39.0230 4724  LanmanServer - ok
01:53:39.0319 4724  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:53:39.0322 4724  LanmanWorkstation - ok
01:53:39.0487 4724  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:53:39.0489 4724  lltdio - ok
01:53:39.0855 4724  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:53:39.0860 4724  lltdsvc - ok
01:53:40.0551 4724  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:53:40.0578 4724  lmhosts - ok
01:53:40.0827 4724  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
01:53:40.0855 4724  LSI_FC - ok
01:53:41.0235 4724  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
01:53:41.0237 4724  LSI_SAS - ok
01:53:41.0303 4724  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:53:41.0305 4724  LSI_SAS2 - ok
01:53:41.0348 4724  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:53:41.0350 4724  LSI_SCSI - ok
01:53:41.0424 4724  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
01:53:41.0427 4724  luafv - ok
01:53:41.0496 4724  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:53:41.0499 4724  Mcx2Svc - ok
01:53:41.0535 4724  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
01:53:41.0537 4724  megasas - ok
01:53:42.0011 4724  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
01:53:42.0022 4724  MegaSR - ok
01:53:42.0789 4724  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
01:53:42.0792 4724  MMCSS - ok
01:53:42.0971 4724  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
01:53:42.0973 4724  Modem - ok
01:53:43.0026 4724  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:53:43.0028 4724  monitor - ok
01:53:43.0084 4724  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:53:43.0086 4724  mouclass - ok
01:53:43.0142 4724  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:53:43.0144 4724  mouhid - ok
01:53:43.0229 4724  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:53:43.0232 4724  mountmgr - ok
01:53:43.0294 4724  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:53:43.0297 4724  MozillaMaintenance - ok
01:53:43.0364 4724  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
01:53:43.0368 4724  MpFilter - ok
01:53:43.0410 4724  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:53:43.0413 4724  mpio - ok
01:53:43.0469 4724  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:53:43.0471 4724  mpsdrv - ok
01:53:43.0548 4724  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:53:43.0559 4724  MpsSvc - ok
01:53:43.0664 4724  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:53:43.0667 4724  MRxDAV - ok
01:53:43.0715 4724  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:53:43.0719 4724  mrxsmb - ok
01:53:43.0774 4724  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:53:43.0779 4724  mrxsmb10 - ok
01:53:43.0795 4724  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:53:43.0818 4724  mrxsmb20 - ok
01:53:44.0007 4724  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:53:44.0054 4724  msahci - ok
01:53:44.0161 4724  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:53:44.0165 4724  msdsm - ok
01:53:44.0335 4724  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
01:53:44.0339 4724  MSDTC - ok
01:53:44.0893 4724  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:53:44.0894 4724  Msfs - ok
01:53:45.0021 4724  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:53:45.0076 4724  mshidkmdf - ok
01:53:45.0190 4724  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:53:45.0192 4724  msisadrv - ok
01:53:45.0408 4724  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:53:45.0412 4724  MSiSCSI - ok
01:53:45.0418 4724  msiserver - ok
01:53:45.0548 4724  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:53:45.0550 4724  MSKSSRV - ok
01:53:46.0412 4724  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
01:53:46.0413 4724  MsMpSvc - ok
01:53:46.0528 4724  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:53:46.0530 4724  MSPCLOCK - ok
01:53:46.0556 4724  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:53:46.0557 4724  MSPQM - ok
01:53:46.0744 4724  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:53:46.0806 4724  MsRPC - ok
01:53:46.0963 4724  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:53:46.0965 4724  mssmbios - ok
01:53:47.0010 4724  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:53:47.0011 4724  MSTEE - ok
01:53:47.0131 4724  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
01:53:47.0132 4724  MTConfig - ok
01:53:47.0307 4724  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:53:47.0310 4724  Mup - ok
01:53:47.0582 4724  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:53:47.0592 4724  napagent - ok
01:53:47.0769 4724  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:53:47.0861 4724  NativeWifiP - ok
01:53:48.0258 4724  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:53:48.0437 4724  NDIS - ok
01:53:48.0671 4724  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:53:48.0673 4724  NdisCap - ok
01:53:48.0906 4724  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:53:48.0907 4724  NdisTapi - ok
01:53:49.0076 4724  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:53:49.0078 4724  Ndisuio - ok
01:53:49.0166 4724  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:53:49.0169 4724  NdisWan - ok
01:53:49.0301 4724  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:53:49.0303 4724  NDProxy - ok
01:53:49.0348 4724  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:53:49.0351 4724  NetBIOS - ok
01:53:49.0459 4724  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:53:49.0463 4724  NetBT - ok
01:53:49.0514 4724  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
01:53:49.0516 4724  Netlogon - ok
01:53:49.0623 4724  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:53:49.0629 4724  Netman - ok
01:53:49.0750 4724  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:53:49.0757 4724  netprofm - ok
01:53:49.0821 4724  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:53:49.0829 4724  NetTcpPortSharing - ok
01:53:49.0898 4724  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
01:53:49.0900 4724  nfrd960 - ok
01:53:49.0977 4724  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:53:49.0979 4724  NisDrv - ok
01:53:50.0064 4724  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
01:53:50.0069 4724  NisSrv - ok
01:53:50.0196 4724  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:53:50.0201 4724  NlaSvc - ok
01:53:50.0492 4724  [ 351533ACC2A069B94E80BBFC177E8FDF ] npf             C:\Windows\system32\drivers\npf.sys
01:53:50.0494 4724  npf - ok
01:53:50.0616 4724  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:53:50.0618 4724  Npfs - ok
01:53:51.0757 4724  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
01:53:51.0760 4724  nsi - ok
01:53:51.0801 4724  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:53:51.0802 4724  nsiproxy - ok
01:53:52.0080 4724  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:53:52.0157 4724  Ntfs - ok
01:53:52.0268 4724  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:53:52.0270 4724  Null - ok
01:53:52.0295 4724  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:53:52.0298 4724  nvraid - ok
01:53:52.0357 4724  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:53:52.0360 4724  nvstor - ok
01:53:52.0642 4724  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:53:52.0644 4724  nv_agp - ok
01:53:53.0085 4724  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:53:53.0156 4724  odserv - ok
01:53:53.0278 4724  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:53:53.0281 4724  ohci1394 - ok
01:53:53.0454 4724  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:53:53.0457 4724  ose - ok
01:53:53.0603 4724  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:53:53.0609 4724  p2pimsvc - ok
01:53:53.0793 4724  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:53:53.0799 4724  p2psvc - ok
01:53:53.0858 4724  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
01:53:53.0860 4724  Parport - ok
01:53:53.0929 4724  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:53:53.0931 4724  partmgr - ok
01:53:54.0012 4724  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:53:54.0016 4724  PcaSvc - ok
01:53:54.0120 4724  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
01:53:54.0123 4724  pci - ok
01:53:54.0313 4724  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:53:54.0314 4724  pciide - ok
01:53:54.0377 4724  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
01:53:54.0380 4724  pcmcia - ok
01:53:54.0461 4724  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:53:54.0463 4724  pcw - ok
01:53:54.0536 4724  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:53:54.0544 4724  PEAUTH - ok
01:53:54.0995 4724  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:53:54.0997 4724  PerfHost - ok
01:53:55.0214 4724  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
01:53:55.0230 4724  pla - ok
01:53:55.0483 4724  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:53:55.0490 4724  PlugPlay - ok
01:53:55.0577 4724  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:53:55.0580 4724  PNRPAutoReg - ok
01:53:55.0636 4724  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:53:55.0642 4724  PNRPsvc - ok
01:53:56.0030 4724  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:53:56.0106 4724  PolicyAgent - ok
01:53:56.0196 4724  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
01:53:56.0201 4724  Power - ok
01:53:56.0274 4724  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:53:56.0324 4724  PptpMiniport - ok
01:53:56.0411 4724  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
01:53:56.0413 4724  Processor - ok
01:53:56.0511 4724  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:53:56.0517 4724  ProfSvc - ok
01:53:56.0547 4724  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:53:56.0549 4724  ProtectedStorage - ok
01:53:56.0819 4724  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:53:56.0883 4724  Psched - ok
01:53:57.0223 4724  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
01:53:57.0269 4724  PxHlpa64 - ok
01:53:57.0514 4724  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
01:53:57.0575 4724  ql2300 - ok
01:53:57.0605 4724  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
01:53:57.0619 4724  ql40xx - ok
01:53:57.0835 4724  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
01:53:57.0863 4724  QWAVE - ok
01:53:57.0987 4724  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:53:57.0989 4724  QWAVEdrv - ok
01:53:58.0018 4724  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:53:58.0040 4724  RasAcd - ok
01:53:58.0128 4724  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:53:58.0156 4724  RasAgileVpn - ok
01:54:01.0044 4724  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
01:54:01.0078 4724  RasAuto - ok
01:54:01.0583 4724  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:54:01.0652 4724  Rasl2tp - ok
01:54:03.0811 4724  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:54:03.0817 4724  RasMan - ok
01:54:05.0618 4724  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:54:05.0621 4724  RasPppoe - ok
01:54:05.0730 4724  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:54:05.0793 4724  RasSstp - ok
01:54:08.0130 4724  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:54:08.0298 4724  rdbss - ok
01:54:09.0084 4724  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
01:54:09.0086 4724  rdpbus - ok
01:54:10.0674 4724  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:54:10.0728 4724  RDPCDD - ok
01:54:10.0826 4724  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:54:10.0828 4724  RDPENCDD - ok
01:54:10.0997 4724  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:54:11.0035 4724  RDPREFMP - ok
01:54:11.0149 4724  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:54:11.0232 4724  RDPWD - ok
01:54:11.0380 4724  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:54:11.0384 4724  rdyboost - ok
01:54:12.0571 4724  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:54:12.0575 4724  RemoteAccess - ok
01:54:12.0816 4724  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:54:12.0879 4724  RemoteRegistry - ok
01:54:13.0166 4724  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:54:13.0200 4724  RpcEptMapper - ok
01:54:13.0700 4724  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:54:13.0775 4724  RpcLocator - ok
01:54:15.0214 4724  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
01:54:15.0221 4724  RpcSs - ok
01:54:15.0534 4724  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:54:15.0617 4724  rspndr - ok
01:54:16.0017 4724  [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
01:54:16.0119 4724  RSUSBSTOR - ok
01:54:16.0247 4724  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
01:54:16.0250 4724  SamSs - ok
01:54:16.0633 4724  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:54:17.0078 4724  sbp2port - ok
01:54:17.0393 4724  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:54:17.0425 4724  SCardSvr - ok
01:54:17.0614 4724  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:54:17.0616 4724  scfilter - ok
01:54:18.0146 4724  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:54:18.0185 4724  Schedule - ok
01:54:18.0322 4724  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:54:18.0324 4724  SCPolicySvc - ok
01:54:18.0577 4724  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:54:18.0581 4724  SDRSVC - ok
01:54:19.0144 4724  [ 16A252022535B680046F6E34E136D378 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
01:54:19.0187 4724  SeaPort - ok
01:54:19.0389 4724  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:54:19.0400 4724  secdrv - ok
01:54:19.0485 4724  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:54:19.0509 4724  seclogon - ok
01:54:19.0627 4724  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
01:54:19.0673 4724  SENS - ok
01:54:19.0849 4724  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:54:19.0882 4724  SensrSvc - ok
01:54:20.0021 4724  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
01:54:20.0057 4724  Serenum - ok
01:54:20.0284 4724  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
01:54:20.0286 4724  Serial - ok
01:54:20.0383 4724  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
01:54:20.0423 4724  sermouse - ok
01:54:20.0588 4724  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:54:20.0592 4724  SessionEnv - ok
01:54:20.0697 4724  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:54:20.0699 4724  sffdisk - ok
01:54:20.0746 4724  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:54:20.0748 4724  sffp_mmc - ok
01:54:20.0807 4724  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:54:20.0808 4724  sffp_sd - ok
01:54:20.0876 4724  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
01:54:20.0910 4724  sfloppy - ok
01:54:21.0049 4724  [ 52434693713BDD905972617E21AC0CFC ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
01:54:21.0060 4724  SftService - ok
01:54:21.0120 4724  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:54:21.0126 4724  SharedAccess - ok
01:54:21.0324 4724  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:54:21.0350 4724  ShellHWDetection - ok
01:54:21.0465 4724  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:54:21.0467 4724  SiSRaid2 - ok
01:54:21.0492 4724  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
01:54:21.0495 4724  SiSRaid4 - ok
01:54:21.0554 4724  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:54:21.0557 4724  Smb - ok
01:54:21.0763 4724  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:54:21.0767 4724  SNMPTRAP - ok
01:54:21.0836 4724  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:54:21.0837 4724  spldr - ok
01:54:21.0975 4724  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
01:54:22.0006 4724  Spooler - ok
01:54:22.0406 4724  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:54:22.0544 4724  sppsvc - ok
01:54:23.0571 4724  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:54:23.0767 4724  sppuinotify - ok
01:54:26.0552 4724  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellComms C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
01:54:26.0675 4724  sprtsvc_DellComms - ok
01:54:27.0336 4724  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:54:27.0381 4724  srv - ok
01:54:27.0423 4724  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:54:27.0429 4724  srv2 - ok
01:54:27.0487 4724  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:54:27.0535 4724  srvnet - ok
01:54:27.0624 4724  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:54:27.0628 4724  SSDPSRV - ok
01:54:28.0832 4724  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:54:28.0863 4724  SstpSvc - ok
01:54:29.0138 4724  [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
01:54:29.0200 4724  STacSV - ok
01:54:29.0435 4724  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
01:54:29.0438 4724  stexstor - ok
01:54:31.0001 4724  [ 02E784FA49032F84964DB90A3ED81890 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
01:54:31.0145 4724  STHDA - ok
01:54:32.0065 4724  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:54:32.0075 4724  stisvc - ok
01:54:32.0452 4724  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:54:32.0544 4724  swenum - ok
01:54:33.0795 4724  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
01:54:33.0813 4724  swprv - ok
01:54:33.0979 4724  [ 52EB25BD8AB4E331028C48B178441B36 ] sxuptp          C:\Windows\system32\DRIVERS\sxuptp.sys
01:54:33.0984 4724  sxuptp - ok
01:54:34.0696 4724  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
01:54:34.0957 4724  SysMain - ok
01:54:35.0340 4724  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:54:35.0344 4724  TabletInputService - ok
01:54:36.0257 4724  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:54:36.0328 4724  TapiSrv - ok
01:54:36.0570 4724  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
01:54:36.0650 4724  TBS - ok
01:54:38.0006 4724  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:54:38.0159 4724  Tcpip - ok
01:54:39.0069 4724  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:54:39.0081 4724  TCPIP6 - ok
01:54:39.0349 4724  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:54:39.0351 4724  tcpipreg - ok
01:54:39.0407 4724  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:54:39.0408 4724  TDPIPE - ok
01:54:39.0538 4724  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:54:39.0539 4724  TDTCP - ok
01:54:40.0128 4724  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:54:40.0165 4724  tdx - ok
01:54:40.0348 4724  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:54:40.0424 4724  TermDD - ok
01:54:40.0581 4724  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
01:54:40.0591 4724  TermService - ok
01:54:41.0690 4724  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:54:42.0844 4724  Themes - ok
01:54:44.0145 4724  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
01:54:44.0149 4724  THREADORDER - ok
01:54:45.0188 4724  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:54:45.0197 4724  TrkWks - ok
01:54:48.0208 4724  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:54:49.0966 4724  TrustedInstaller - ok
01:54:49.0995 4724  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:54:49.0997 4724  tssecsrv - ok
01:54:51.0045 4724  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:54:52.0768 4724  TsUsbFlt - ok
01:54:56.0236 4724  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:54:56.0670 4724  tunnel - ok
01:54:58.0449 4724  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
01:54:58.0451 4724  uagp35 - ok
01:54:59.0654 4724  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:55:01.0166 4724  udfs - ok
01:55:01.0259 4724  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:55:01.0265 4724  UI0Detect - ok
01:55:03.0776 4724  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:55:03.0838 4724  uliagpkx - ok
01:55:04.0225 4724  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
01:55:04.0492 4724  umbus - ok
01:55:05.0299 4724  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
01:55:05.0301 4724  UmPass - ok
01:55:06.0189 4724  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:55:06.0566 4724  upnphost - ok
01:55:07.0219 4724  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
01:55:07.0708 4724  USBAAPL64 - ok
01:55:08.0034 4724  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:55:08.0157 4724  usbccgp - ok
01:55:08.0650 4724  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:55:08.0748 4724  usbcir - ok
01:55:09.0733 4724  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:55:09.0745 4724  usbehci - ok
01:55:10.0425 4724  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:55:10.0833 4724  usbhub - ok
01:55:11.0275 4724  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:55:11.0276 4724  usbohci - ok
01:55:11.0984 4724  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
01:55:12.0025 4724  usbprint - ok
01:55:12.0457 4724  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:55:12.0459 4724  USBSTOR - ok
01:55:12.0888 4724  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
01:55:13.0499 4724  usbuhci - ok
01:55:13.0981 4724  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
01:55:13.0984 4724  usbvideo - ok
01:55:14.0150 4724  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
01:55:14.0153 4724  UxSms - ok
01:55:14.0171 4724  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
01:55:14.0172 4724  VaultSvc - ok
01:55:14.0432 4724  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:55:14.0434 4724  vdrvroot - ok
01:55:14.0688 4724  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
01:55:14.0699 4724  vds - ok
01:55:14.0927 4724  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:55:15.0025 4724  vga - ok
01:55:15.0206 4724  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:55:15.0208 4724  VgaSave - ok
01:55:15.0612 4724  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:55:15.0663 4724  vhdmp - ok
01:55:15.0895 4724  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:55:15.0897 4724  viaide - ok
01:55:16.0059 4724  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:55:16.0062 4724  volmgr - ok
01:55:16.0432 4724  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:55:16.0530 4724  volmgrx - ok
01:55:16.0731 4724  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:55:16.0796 4724  volsnap - ok
01:55:17.0165 4724  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
01:55:17.0169 4724  vsmraid - ok
01:55:17.0400 4724  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
01:55:17.0418 4724  VSS - ok
01:55:17.0599 4724  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:55:17.0601 4724  vwifibus - ok
01:55:17.0638 4724  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:55:17.0639 4724  vwififlt - ok
01:55:17.0993 4724  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
01:55:17.0994 4724  vwifimp - ok
01:55:18.0670 4724  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
01:55:18.0676 4724  W32Time - ok
01:55:18.0811 4724  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
01:55:18.0836 4724  WacomPen - ok
01:55:19.0307 4724  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:55:19.0729 4724  WANARP - ok
01:55:20.0018 4724  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:55:20.0019 4724  Wanarpv6 - ok
01:55:20.0558 4724  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
01:55:20.0702 4724  WatAdminSvc - ok
01:55:21.0497 4724  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:55:21.0571 4724  wbengine - ok
01:55:21.0997 4724  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:55:22.0331 4724  WbioSrvc - ok
01:55:22.0607 4724  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:55:22.0616 4724  wcncsvc - ok
01:55:22.0841 4724  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:55:22.0865 4724  WcsPlugInService - ok
01:55:23.0413 4724  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
01:55:23.0415 4724  Wd - ok
01:55:23.0549 4724  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
01:55:23.0550 4724  WDC_SAM - ok
01:55:24.0831 4724  [ 7DEDECC376B29A973A0F3384D135F2DA ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
01:55:24.0850 4724  WDDMService - ok
01:55:25.0921 4724  [ 25E37B2F96F106B77B9C8868EFB14834 ] WDDriveService  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
01:55:25.0966 4724  WDDriveService - ok
01:55:26.0262 4724  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:55:26.0322 4724  Wdf01000 - ok
01:55:26.0999 4724  [ 8E798F577A684A5F1E464D954C6C7F1E ] WDFMEService    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
01:55:27.0160 4724  WDFMEService - ok
01:55:27.0315 4724  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:55:27.0368 4724  WdiServiceHost - ok
01:55:27.0374 4724  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:55:27.0377 4724  WdiSystemHost - ok
01:55:28.0064 4724  [ 65D571576E366067C22F22B3E919EF8C ] WDRulesService  C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
01:55:28.0157 4724  WDRulesService - ok
01:55:28.0862 4724  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
01:55:28.0867 4724  WebClient - ok
01:55:29.0296 4724  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:55:29.0360 4724  Wecsvc - ok
01:55:29.0901 4724  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:55:29.0921 4724  wercplsupport - ok
01:55:30.0251 4724  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:55:30.0258 4724  WerSvc - ok
01:55:30.0576 4724  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:55:30.0667 4724  WfpLwf - ok
01:55:30.0769 4724  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
01:55:30.0773 4724  WimFltr - ok
01:55:31.0540 4724  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:55:31.0542 4724  WIMMount - ok
01:55:31.0727 4724  WinDefend - ok
01:55:32.0125 4724  WinHttpAutoProxySvc - ok
01:55:32.0696 4724  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:55:32.0702 4724  Winmgmt - ok
01:55:33.0553 4724  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
01:55:33.0844 4724  WinRM - ok
01:55:34.0808 4724  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:55:34.0898 4724  WinUsb - ok
01:55:35.0346 4724  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:55:35.0512 4724  Wlansvc - ok
01:55:35.0569 4724  [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc        C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
01:55:35.0802 4724  wltrysvc - ok
01:55:36.0116 4724  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:55:36.0136 4724  WmiAcpi - ok
01:55:36.0451 4724  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:55:36.0599 4724  wmiApSrv - ok
01:55:36.0899 4724  WMPNetworkSvc - ok
01:55:36.0959 4724  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:55:36.0963 4724  WPCSvc - ok
01:55:37.0080 4724  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:55:37.0155 4724  WPDBusEnum - ok
01:55:37.0525 4724  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:55:37.0573 4724  ws2ifsl - ok
01:55:38.0616 4724  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
01:55:38.0685 4724  wscsvc - ok
01:55:38.0692 4724  WSearch - ok
01:55:40.0442 4724  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:55:40.0594 4724  wuauserv - ok
01:55:40.0777 4724  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:55:41.0311 4724  WudfPf - ok
01:55:41.0564 4724  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:55:41.0596 4724  WUDFRd - ok
01:55:41.0701 4724  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:55:41.0712 4724  wudfsvc - ok
01:55:42.0401 4724  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:55:42.0455 4724  WwanSvc - ok
01:55:43.0837 4724  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:55:43.0845 4724  YahooAUService - ok
01:55:44.0192 4724  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
01:55:44.0197 4724  yukonw7 - ok
01:55:44.0214 4724  ================ Scan global ===============================
01:55:44.0458 4724  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:55:44.0565 4724  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:55:44.0575 4724  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
01:55:44.0600 4724  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:55:44.0834 4724  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:55:44.0967 4724  [Global] - ok
01:55:44.0968 4724  ================ Scan MBR ==================================
01:55:45.0093 4724  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:55:47.0920 4724  \Device\Harddisk0\DR0 - ok
01:55:47.0920 4724  ================ Scan VBR ==================================
01:55:47.0956 4724  [ 9025F5F50A56850B1F101CD31FC80309 ] \Device\Harddisk0\DR0\Partition1
01:55:47.0958 4724  \Device\Harddisk0\DR0\Partition1 - ok
01:55:47.0976 4724  [ B8423112AD17DD9169A457BB0123942B ] \Device\Harddisk0\DR0\Partition2
01:55:47.0978 4724  \Device\Harddisk0\DR0\Partition2 - ok
01:55:48.0023 4724  ============================================================
01:55:48.0023 4724  Scan finished
01:55:48.0023 4724  ============================================================
01:55:48.0324 4012  Detected object count: 0
01:55:48.0324 4012  Actual detected object count: 0

 



#5 Neithan2208

Neithan2208
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 17 August 2013 - 01:58 AM

and the MBRdat zip file

 

Attached Files

  • Attached File  MBR.zip   567bytes   0 downloads


#6 Neithan2208

Neithan2208
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 17 August 2013 - 02:18 AM

I also ran Malware bytes before posting. It found a few things, here are the logs.
 
 
log 1
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.10.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
John :: JOHNSLAPTOP [administrator]
 
8/10/2013 7:48:57 PM
mbam-log-2013-08-10 (19-48-57).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223202
Time elapsed: 14 minute(s), 47 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 4
C:\Users\John\AppData\Local\Temp\ct3288691\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John\Local Settings\Temporary Internet Files\Content.IE5\2S31PBTT\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John\Local Settings\Temporary Internet Files\Content.IE5\2S31PBTT\ism[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\John\Local Settings\Temporary Internet Files\Content.IE5\OO6W3TK8\mism[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
 
 
 

Log 2

 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.10.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
John :: JOHNSLAPTOP [administrator]
 
8/10/2013 11:08:59 PM
mbam-log-2013-08-10 (23-08-59).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 406778
Time elapsed: 21 hour(s), 7 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Program Files\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
 
 
 
 

 log 3

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.10.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
John :: JOHNSLAPTOP [administrator]
 
8/10/2013 11:08:59 PM
MBAM-log-2013-08-11 (20-17-08).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 406778
Time elapsed: 21 hour(s), 7 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Program Files\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> No action taken.
 
(end)


#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 17 August 2013 - 03:16 AM

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 Neithan2208

Neithan2208
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 17 August 2013 - 04:12 AM

I ran combofix successfully. Although I think Computer restarted at some point. Here is the log:

 

ComboFix 13-08-16.03 - John 08/17/2013   4:36.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3032.277 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-17 to 2013-08-17  )))))))))))))))))))))))))))))))
.
.
2013-08-17 08:56 . 2013-08-17 08:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-17 08:56 . 2013-08-17 08:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-17 03:56 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A606F4C-15DC-452C-84FD-A8EC713A2C95}\mpengine.dll
2013-08-16 03:42 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-14 07:11 . 2013-07-26 05:12 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-14 07:11 . 2013-07-26 05:13 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-08-14 07:11 . 2013-07-26 03:13 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-14 07:11 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-08-14 07:11 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-08-14 06:52 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 06:52 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 06:52 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 06:52 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 06:52 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-14 06:52 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-14 06:52 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-14 06:52 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-14 06:52 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 06:52 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 07:01 . 2009-12-25 05:21 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-17 05:46 . 2013-07-17 05:47 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB909767-0704-4A54-B971-2F1DC2E70491}\gapaengine.dll
2013-07-09 04:45 . 2013-08-14 06:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-21 01:01 . 2013-07-17 05:47 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-19 09:01 . 2013-06-19 04:47 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDC938E6-151B-435D-B7F5-1920EE38F0D6}\offreg.dll
2013-06-13 03:04 . 2013-06-13 03:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-13 03:04 . 2011-07-20 01:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 03:08 . 2013-06-18 20:51 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDC938E6-151B-435D-B7F5-1920EE38F0D6}\mpengine.dll
2013-06-11 05:40 . 2013-06-11 05:40 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 05:40 . 2013-04-14 04:55 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-11 05:40 . 2010-07-24 21:18 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-05 03:34 . 2013-07-11 08:59 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 08:59 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 08:59 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-13 1688008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe [x]
R4 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [x]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe;c:\program files\Western Digital\WD SmartWare\WDFME.exe [x]
S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 21:37 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13 03:04]
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-16 19:17]
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-16 19:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]
2012-08-08 04:08 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 4244888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tbyqwsgh.default-1370834506562\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-GoToAssist - c:\program files (x86)\Citrix\GoToAssist\514\G2AUninstaller.exe
AddRemove-Winamp - c:\program files (x86)\Winamp\UninstWA.exe
AddRemove-{30D1F3D2-54CF-481D-A005-F94B0E98FEEC} - c:\program files (x86)\2K Games\Civilization 4 Complete\uninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\John\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2032132084-115232154-3712389654-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2032132084-115232154-3712389654-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\03\1f\06+%í"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2013-08-17  05:06:36 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-17 09:06
.
Pre-Run: 43,318,231,040 bytes free
Post-Run: 46,359,695,360 bytes free
.
- - End Of File - - 49EDE41DB861C69602B42C8142AD11A6
5C616939100B85E558DA92B899A0FC36


#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 17 August 2013 - 05:24 AM

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
===================================================

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
===================================================

On your next reply please post :
JRT log
AdwCleaner
How is the machine behaving now?



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 Neithan2208

Neithan2208
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 18 August 2013 - 01:07 AM

Computer seems to be running a bit faster, but I'm still unsure if it's fully disinfected. but here are the logs

 

 

JRT logs

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows 7 Home Premium x64
Ran by John on Sun 08/18/2013 at  1:47:02.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/18/2013 at  1:56:16.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Adw Cleaner Logs

 

 

 

# AdwCleaner v2.306 - Logfile created 08/18/2013 at 01:58:03
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : John - JOHNSLAPTOP
# Boot Mode : Normal
# Running from : C:\Users\John\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freemake Video Converter_is1
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tbyqwsgh.default-1370834506562\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [15712 octets] - [07/06/2013 03:23:12]
AdwCleaner[S1].txt - [14381 octets] - [07/06/2013 03:24:57]
AdwCleaner[S2].txt - [1057 octets] - [18/08/2013 01:58:03]
 
########## EOF - C:\AdwCleaner[S2].txt - [1117 octets] ##########


#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 18 August 2013 - 05:05 AM

Could you please run DDS again for review? Thanks :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 Neithan2208

Neithan2208
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 18 August 2013 - 06:58 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.21.2
Run by John at 19:56:47 on 2013-08-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3032.1467 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = :0
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxps://lms.hilton.com/courses/authorwareplayer/awswaxd.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A9D1D6D0-A687-4FED-867F-7066BEDCC00F} : DHCPNameServer = 166.102.165.11 166.102.165.13 4.2.2.3 8.8.8.8
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B}\0596471602059647 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B}\2456C6B696E6E253038324 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 68.87.73.246 68.87.71.230
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B}\2656C6B696E6E2134356 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C9B76A8F-1845-4216-ACE0-DCA392F9310B}\34964797F466348616D60796F6E637 : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\tbyqwsgh.default-1370834506562\
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-9 55856]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-5-16 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-5-16 55296]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-6-13 9216]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-13 248248]
R2 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
R2 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-10-9 172704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-9 215552]
R3 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2010-3-11 291352]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-9 648432]
S4 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
.
=============== Created Last 30 ================
.
2013-08-18 22:23:29 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{862B9D34-F6F2-41D5-88A2-D19B22F59855}\offreg.dll
2013-08-18 06:02:19 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{862B9D34-F6F2-41D5-88A2-D19B22F59855}\mpengine.dll
2013-08-17 09:10:34 9460976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-17 09:01:39 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-17 08:31:47 98816 ----a-w- C:\Windows\sed.exe
2013-08-17 08:31:47 256000 ----a-w- C:\Windows\PEV.exe
2013-08-17 08:31:47 208896 ----a-w- C:\Windows\MBR.exe
2013-08-14 07:11:58 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-14 07:11:58 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-14 06:52:41 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 06:52:40 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 06:52:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 06:52:40 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 06:52:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 06:52:40 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 06:52:40 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 06:52:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-14 06:52:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-08-14 06:52:13 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-28 10:58:02 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-07-28 10:57:59 91544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
.
==================== Find3M  ====================
.
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-13 03:04:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-13 03:04:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 05:40:20 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 05:40:16 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-11 05:40:16 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 19:57:44.95 ===============
 

 

 

And I'm going to attach the attach file



#13 Neithan2208

Neithan2208
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 18 August 2013 - 07:01 PM

The attach

Attached Files



#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 18 August 2013 - 10:22 PM

Hi,

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
  • ===================================================

    Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it.
  • ===================================================

    Re-run Malwarebytes' Anti-Malware
  • Double-click MalwareBytes' (Note to Vista users, please right-click and select Run as Administrator.)
  • Go to Update tab to update Malwarebytes' Anti-Malware
  • Then click Check for Updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


    ===================================================

    On your next reply please post :
    ESET log
    MBAM log



    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 Neithan2208

Neithan2208
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 19 August 2013 - 11:53 PM

OKay so i ran TFC successfully, but Eset online scanner took about 8 hours to run. I checked the boxes as directed as well. It did find 9 items. I ran MBAM as well, it didn't take nearly as long. Here are the logs.

 

 

ESet logs

 

 

 

 

MBAM logs

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.10.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
John :: JOHNSLAPTOP [administrator]
 
8/19/2013 9:32:53 PM
mbam-log-2013-08-19 (21-32-53).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 407794
Time elapsed: 2 hour(s), 6 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users