Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to mend Zero Access Rootkit please and 'xyz' Service key does not exist


  • This topic is locked This topic is locked
22 replies to this topic

#1 andromeda9

andromeda9

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 04 September 2013 - 05:56 AM

Hi,

 

re: http://www.bleepingcomputer.com/forums/t/506441/trying-to-help-panicked-friend/#entry3147521

 

Broni advised me to post the results here of the DDS scan, following earlier scans which seem to indicate a Zero Access Rootkit and also where FSS showed multiple instances of [Unable to open 'XYZ' registry key. The service key does not exist ] .

 

Please let me know in due course how to remove the Rootkit,  because Malwarebytes AntiRootkit just kept crashing Windows, needing the PC to be rebooted.

 

Thank you for your help, its appreciated.

 

 

 

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Judy at 11:05:59 on 2013-09-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4061.2027 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [HP Officejet 7500 E910 (NET)] "C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe" -deviceID "MY148110WJ05JB:NW" -scfn "HP Officejet 7500 E910 (NET)" -AutoStart 1
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Judy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Judy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://magnetplanner.2020.net/virtualplanner/Core/Player/2020PlayerAX_WEB_Win32.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AE2105A3-FEBE-48DE-9E23-C5628658D1CC} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
x64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
x64-Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\v144d4or.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-9 55280]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-3-2 236688]
R1 RapportCerberus_53984;RapportCerberus_53984;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [2013-6-23 588048]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-6-18 229040]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-6-18 357712]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-26 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-1-25 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-29 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-2-1 72216]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-6-18 1124632]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-7-9 27136]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-31 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-31 1369624]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-9 1692480]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-7-9 138752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-31 168384]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-4 1432400]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-8-31 92376]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-1 19456]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-7-9 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-7-9 24064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-7-9 43008]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-1 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-17 1255736]
S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-09-01 10:42:32    --------    d-----w-    C:\Program Files\ViceVersa Pro
2013-08-31 22:29:14    --------    d-----w-    C:\ProgramData\McAfee Security Scan
2013-08-31 22:29:13    --------    d-----w-    C:\Program Files (x86)\McAfee Security Scan
2013-08-31 22:19:03    92376    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys.dump
2013-08-31 22:19:03    --------    d-----w-    C:\Windows\snack
2013-08-31 17:41:47    --------    d-----w-    C:\Windows\ERUNT
2013-08-31 17:27:15    92376    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-08-31 12:39:34    --------    d-----w-    C:\Program Files (x86)\ESET
2013-08-31 12:16:50    --------    d-----w-    C:\AdwCleaner
2013-08-14 02:01:31    --------    d-----w-    C:\Windows\System32\MRT
2013-08-14 01:04:49    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-14 01:04:49    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-14 01:04:49    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-08-14 01:04:49    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-08-14 01:04:47    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-08-14 01:04:47    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 01:04:47    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-08-14 01:04:47    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-08-14 01:04:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-08-14 01:04:10    2048    ----a-w-    C:\Windows\System32\tzres.dll
.
==================== Find3M  ====================
.
2013-09-02 11:06:28    72    ----a-w-    C:\Windows\SysWow64\ssprs.dll
2013-09-02 11:06:28    204    ----a-w-    C:\Windows\SysWow64\le3lmq7.dll
2013-09-02 11:06:28    100    ----a-w-    C:\Windows\SysWow64\prsgrc.dll
2013-08-31 22:33:48    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-31 22:33:48    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-05 21:52:32    236688    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-09 06:03:30    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-08 06:32:55    35656    ----a-w-    C:\Windows\System32\LMIport.dll
2013-06-08 06:32:55    107368    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll
2013-06-08 06:32:55    100680    ----a-w-    C:\Windows\System32\LMIinit.dll
.
============= FINISH: 11:07:04.39 ===============
 


Edited by andromeda9, 04 September 2013 - 06:03 AM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:05 AM

Posted 08 September 2013 - 01:12 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
You said that you ran FSS already??  Could you post the results of that log here as well?  
---------
 
81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 andromeda9

andromeda9
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 08 September 2013 - 06:55 PM

Thank you Jeff.

 

I ran the following as you explained..:

1. Adwcleaner

2. TDSSKiller

3. FSS scan

 

Please let me know what do do next.

 

Thanks

 

 

 

 

1. Adwcleaner

# AdwCleaner v3.003 - Report

created 09/09/2013 at 00:31:44
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7

Home Premium Service Pack 1

(64 bits)
# Username : Judy - JUDY -

PC
# Running from : C:\Users

\Judy\Desktop\AdwCleaner

(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ]

*****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer

v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1

(en-GB)

[ File : C:\Users\Judy

\AppData\Roaming\Mozilla

\Firefox\Profiles

\v144d4or.default\prefs.js ]


[ File : C:\Users\Setup

Computer\AppData\Roaming

\Mozilla\Firefox\Profiles

\qo4gpdq3.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Judy

\AppData\Local\Google\Chrome

\User Data\Default\preferences

]


*************************

AdwCleaner[R0].txt - [11847

octets] - [31/08/2013

13:17:15]
AdwCleaner[R1].txt - [923

octets] - [09/09/2013

00:31:44]
AdwCleaner[S0].txt - [10388

octets] - [31/08/2013

13:18:51]

########## EOF - C:

\AdwCleaner\AdwCleaner[R1].txt

- [1043 octets] ##########
 

 

 

2. TDSSKiller

00:36:56.0395 0x10f0  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
00:36:56.0675 0x10f0  ============================================================
00:36:56.0676 0x10f0  Current date / time: 2013/09/09 00:36:56.0675
00:36:56.0676 0x10f0  SystemInfo:
00:36:56.0676 0x10f0  
00:36:56.0676 0x10f0  OS Version: 6.1.7601 ServicePack: 1.0
00:36:56.0676 0x10f0  Product type: Workstation
00:36:56.0676 0x10f0  ComputerName: JUDY-PC
00:36:56.0676 0x10f0  UserName: Judy
00:36:56.0676 0x10f0  Windows directory: C:\Windows
00:36:56.0677 0x10f0  System windows directory: C:\Windows
00:36:56.0677 0x10f0  Running under WOW64
00:36:56.0677 0x10f0  Processor architecture: Intel x64
00:36:56.0677 0x10f0  Number of processors: 2
00:36:56.0677 0x10f0  Page size: 0x1000
00:36:56.0677 0x10f0  Boot type: Normal boot
00:36:56.0677 0x10f0  ============================================================
00:36:57.0069 0x10f0  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:36:57.0077 0x10f0  Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:36:57.0557 0x10f0  ============================================================
00:36:57.0558 0x10f0  \Device\Harddisk0\DR0:
00:36:57.0558 0x10f0  MBR partitions:
00:36:57.0558 0x10f0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x16E3000
00:36:57.0558 0x10f0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1706800, BlocksNum 0x55E3F000
00:36:57.0558 0x10f0  \Device\Harddisk1\DR1:
00:36:57.0559 0x10f0  MBR partitions:
00:36:57.0559 0x10f0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
00:36:57.0559 0x10f0  ============================================================
00:36:57.0582 0x10f0  C: <-> \Device\Harddisk0\DR0\Partition2
00:36:57.0774 0x10f0  I: <-> \Device\Harddisk1\DR1\Partition1
00:36:57.0775 0x10f0  ============================================================
00:36:57.0775 0x10f0  Initialize success
00:36:57.0775 0x10f0  ============================================================
00:37:13.0215 0x0fec  ============================================================
00:37:13.0215 0x0fec  Scan started
00:37:13.0215 0x0fec  Mode: Manual;
00:37:13.0215 0x0fec  ============================================================
00:37:13.0409 0x0fec  ================ Scan system memory ========================
00:37:13.0409 0x0fec  System memory - ok
00:37:13.0410 0x0fec  ================ Scan services =============================
00:37:13.0537 0x0fec  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:37:13.0540 0x0fec  1394ohci - ok
00:37:13.0561 0x0fec  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:37:13.0566 0x0fec  ACPI - ok
00:37:13.0583 0x0fec  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:37:13.0585 0x0fec  AcpiPmi - ok
00:37:13.0644 0x0fec  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:37:13.0646 0x0fec  AdobeARMservice - ok
00:37:13.0741 0x0fec  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:37:13.0744 0x0fec  AdobeFlashPlayerUpdateSvc - ok
00:37:13.0831 0x0fec  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:37:13.0837 0x0fec  adp94xx - ok
00:37:13.0856 0x0fec  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:37:13.0860 0x0fec  adpahci - ok
00:37:13.0874 0x0fec  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:37:13.0876 0x0fec  adpu320 - ok
00:37:13.0902 0x0fec  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:37:13.0903 0x0fec  AeLookupSvc - ok
00:37:13.0926 0x0fec  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
00:37:13.0929 0x0fec  AFD - ok
00:37:13.0941 0x0fec  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:37:13.0943 0x0fec  agp440 - ok
00:37:13.0958 0x0fec  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:37:13.0959 0x0fec  ALG - ok
00:37:13.0977 0x0fec  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:37:13.0978 0x0fec  aliide - ok
00:37:13.0992 0x0fec  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:37:13.0993 0x0fec  amdide - ok
00:37:14.0009 0x0fec  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:37:14.0011 0x0fec  AmdK8 - ok
00:37:14.0026 0x0fec  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:37:14.0028 0x0fec  AmdPPM - ok
00:37:14.0044 0x0fec  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:37:14.0047 0x0fec  amdsata - ok
00:37:14.0061 0x0fec  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:37:14.0064 0x0fec  amdsbs - ok
00:37:14.0082 0x0fec  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:37:14.0084 0x0fec  amdxata - ok
00:37:14.0115 0x0fec  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
00:37:14.0117 0x0fec  androidusb - ok
00:37:14.0134 0x0fec  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
00:37:14.0136 0x0fec  AppID - ok
00:37:14.0152 0x0fec  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:37:14.0153 0x0fec  AppIDSvc - ok
00:37:14.0171 0x0fec  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
00:37:14.0172 0x0fec  Appinfo - ok
00:37:14.0254 0x0fec  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:37:14.0255 0x0fec  Apple Mobile Device - ok
00:37:14.0270 0x0fec  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:37:14.0273 0x0fec  arc - ok
00:37:14.0288 0x0fec  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:37:14.0291 0x0fec  arcsas - ok
00:37:14.0392 0x0fec  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:37:14.0394 0x0fec  aspnet_state - ok
00:37:14.0409 0x0fec  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:37:14.0411 0x0fec  AsyncMac - ok
00:37:14.0425 0x0fec  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
00:37:14.0427 0x0fec  atapi - ok
00:37:14.0453 0x0fec  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:37:14.0456 0x0fec  AudioEndpointBuilder - ok
00:37:14.0467 0x0fec  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:37:14.0470 0x0fec  AudioSrv - ok
00:37:14.0534 0x0fec  [ F431DC5D94F4B2FDBC927655D8A9B10E ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
00:37:14.0536 0x0fec  Autodesk Content Service - ok
00:37:14.0590 0x0fec  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:37:14.0591 0x0fec  AxInstSV - ok
00:37:14.0614 0x0fec  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
00:37:14.0620 0x0fec  b06bdrv - ok
00:37:14.0638 0x0fec  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:37:14.0642 0x0fec  b57nd60a - ok
00:37:14.0741 0x0fec  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
00:37:14.0743 0x0fec  BBSvc - ok
00:37:14.0762 0x0fec  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
00:37:14.0764 0x0fec  BBUpdate - ok
00:37:14.0782 0x0fec  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:37:14.0784 0x0fec  BDESVC - ok
00:37:14.0800 0x0fec  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:37:14.0802 0x0fec  Beep - ok
00:37:14.0838 0x0fec  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
00:37:14.0842 0x0fec  BITS - ok
00:37:14.0856 0x0fec  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:37:14.0858 0x0fec  blbdrive - ok
00:37:14.0923 0x0fec  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:37:14.0927 0x0fec  Bonjour Service - ok
00:37:14.0944 0x0fec  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:37:14.0947 0x0fec  bowser - ok
00:37:14.0959 0x0fec  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:37:14.0961 0x0fec  BrFiltLo - ok
00:37:14.0974 0x0fec  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:37:14.0976 0x0fec  BrFiltUp - ok
00:37:14.0995 0x0fec  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
00:37:14.0996 0x0fec  Browser - ok
00:37:15.0013 0x0fec  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:37:15.0017 0x0fec  Brserid - ok
00:37:15.0032 0x0fec  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:37:15.0034 0x0fec  BrSerWdm - ok
00:37:15.0045 0x0fec  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:37:15.0047 0x0fec  BrUsbMdm - ok
00:37:15.0057 0x0fec  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:37:15.0059 0x0fec  BrUsbSer - ok
00:37:15.0077 0x0fec  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:37:15.0079 0x0fec  BTHMODEM - ok
00:37:15.0095 0x0fec  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:37:15.0095 0x0fec  bthserv - ok
00:37:15.0109 0x0fec  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:37:15.0111 0x0fec  cdfs - ok
00:37:15.0124 0x0fec  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:37:15.0126 0x0fec  cdrom - ok
00:37:15.0159 0x0fec  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:37:15.0161 0x0fec  CertPropSvc - ok
00:37:15.0171 0x0fec  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:37:15.0173 0x0fec  circlass - ok
00:37:15.0189 0x0fec  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:37:15.0192 0x0fec  CLFS - ok
00:37:15.0258 0x0fec  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:37:15.0259 0x0fec  clr_optimization_v2.0.50727_32 - ok
00:37:15.0302 0x0fec  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:37:15.0303 0x0fec  clr_optimization_v2.0.50727_64 - ok
00:37:15.0344 0x0fec  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:37:15.0347 0x0fec  clr_optimization_v4.0.30319_32 - ok
00:37:15.0374 0x0fec  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:37:15.0377 0x0fec  clr_optimization_v4.0.30319_64 - ok
00:37:15.0394 0x0fec  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:37:15.0396 0x0fec  CmBatt - ok
00:37:15.0405 0x0fec  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:37:15.0407 0x0fec  cmdide - ok
00:37:15.0430 0x0fec  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
00:37:15.0434 0x0fec  CNG - ok
00:37:15.0451 0x0fec  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:37:15.0453 0x0fec  Compbatt - ok
00:37:15.0464 0x0fec  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
00:37:15.0466 0x0fec  CompositeBus - ok
00:37:15.0470 0x0fec  COMSysApp - ok
00:37:15.0552 0x0fec  cpuz132 - ok
00:37:15.0568 0x0fec  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:37:15.0571 0x0fec  crcdisk - ok
00:37:15.0609 0x0fec  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:37:15.0611 0x0fec  CryptSvc - ok
00:37:15.0655 0x0fec  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:37:15.0660 0x0fec  DcomLaunch - ok
00:37:15.0676 0x0fec  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:37:15.0679 0x0fec  defragsvc - ok
00:37:15.0695 0x0fec  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:37:15.0697 0x0fec  DfsC - ok
00:37:15.0720 0x0fec  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:37:15.0722 0x0fec  Dhcp - ok
00:37:15.0738 0x0fec  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:37:15.0739 0x0fec  discache - ok
00:37:15.0756 0x0fec  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:37:15.0758 0x0fec  Disk - ok
00:37:15.0776 0x0fec  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:37:15.0777 0x0fec  Dnscache - ok
00:37:15.0846 0x0fec  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
00:37:15.0848 0x0fec  DockLoginService - ok
00:37:15.0868 0x0fec  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:37:15.0871 0x0fec  dot3svc - ok
00:37:15.0881 0x0fec  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
00:37:15.0883 0x0fec  DPS - ok
00:37:15.0895 0x0fec  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:37:15.0896 0x0fec  drmkaud - ok
00:37:15.0932 0x0fec  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:37:15.0943 0x0fec  DXGKrnl - ok
00:37:15.0983 0x0fec  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:37:15.0984 0x0fec  EapHost - ok
00:37:16.0065 0x0fec  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
00:37:16.0110 0x0fec  ebdrv - ok
00:37:16.0138 0x0fec  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
00:37:16.0139 0x0fec  EFS - ok
00:37:16.0193 0x0fec  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:37:16.0199 0x0fec  ehRecvr - ok
00:37:16.0214 0x0fec  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:37:16.0215 0x0fec  ehSched - ok
00:37:16.0247 0x0fec  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:37:16.0252 0x0fec  elxstor - ok
00:37:16.0266 0x0fec  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:37:16.0268 0x0fec  ErrDev - ok
00:37:16.0308 0x0fec  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:37:16.0311 0x0fec  EventSystem - ok
00:37:16.0326 0x0fec  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:37:16.0329 0x0fec  exfat - ok
00:37:16.0343 0x0fec  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:37:16.0345 0x0fec  fastfat - ok
00:37:16.0370 0x0fec  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
00:37:16.0373 0x0fec  Fax - ok
00:37:16.0387 0x0fec  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:37:16.0389 0x0fec  fdc - ok
00:37:16.0399 0x0fec  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:37:16.0400 0x0fec  fdPHost - ok
00:37:16.0414 0x0fec  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:37:16.0415 0x0fec  FDResPub - ok
00:37:16.0427 0x0fec  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:37:16.0428 0x0fec  FileInfo - ok
00:37:16.0439 0x0fec  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:37:16.0440 0x0fec  Filetrace - ok
00:37:16.0535 0x0fec  [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
00:37:16.0546 0x0fec  FLEXnet Licensing Service 64 - ok
00:37:16.0569 0x0fec  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:37:16.0571 0x0fec  flpydisk - ok
00:37:16.0590 0x0fec  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:37:16.0592 0x0fec  FltMgr - ok
00:37:16.0621 0x0fec  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
00:37:16.0628 0x0fec  FontCache - ok
00:37:16.0688 0x0fec  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:37:16.0689 0x0fec  FontCache3.0.0.0 - ok
00:37:16.0705 0x0fec  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:37:16.0706 0x0fec  FsDepends - ok
00:37:16.0730 0x0fec  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:37:16.0732 0x0fec  Fs_Rec - ok
00:37:16.0748 0x0fec  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:37:16.0749 0x0fec  fvevol - ok
00:37:16.0767 0x0fec  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:37:16.0770 0x0fec  gagp30kx - ok
00:37:16.0860 0x0fec  [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
00:37:16.0863 0x0fec  GameConsoleService - ok
00:37:16.0878 0x0fec  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:37:16.0881 0x0fec  GEARAspiWDM - ok
00:37:16.0899 0x0fec  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
00:37:16.0906 0x0fec  gpsvc - ok
00:37:16.0956 0x0fec  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:37:16.0958 0x0fec  gupdate - ok
00:37:16.0965 0x0fec  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:37:16.0967 0x0fec  gupdatem - ok
00:37:17.0006 0x0fec  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:37:17.0008 0x0fec  gusvc - ok
00:37:17.0027 0x0fec  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:37:17.0030 0x0fec  hcw85cir - ok
00:37:17.0050 0x0fec  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
00:37:17.0052 0x0fec  HDAudBus - ok
00:37:17.0067 0x0fec  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:37:17.0069 0x0fec  HidBatt - ok
00:37:17.0089 0x0fec  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:37:17.0091 0x0fec  HidBth - ok
00:37:17.0107 0x0fec  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:37:17.0109 0x0fec  HidIr - ok
00:37:17.0126 0x0fec  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
00:37:17.0128 0x0fec  hidserv - ok
00:37:17.0139 0x0fec  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:37:17.0140 0x0fec  HidUsb - ok
00:37:17.0156 0x0fec  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:37:17.0158 0x0fec  hkmsvc - ok
00:37:17.0188 0x0fec  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:37:17.0191 0x0fec  HomeGroupListener - ok
00:37:17.0221 0x0fec  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:37:17.0225 0x0fec  HomeGroupProvider - ok
00:37:17.0240 0x0fec  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:37:17.0242 0x0fec  HpSAMD - ok
00:37:17.0271 0x0fec  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
00:37:17.0273 0x0fec  HTCAND64 - ok
00:37:17.0279 0x0fec  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
00:37:17.0281 0x0fec  htcnprot - ok
00:37:17.0303 0x0fec  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:37:17.0307 0x0fec  HTTP - ok
00:37:17.0318 0x0fec  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:37:17.0319 0x0fec  hwpolicy - ok
00:37:17.0337 0x0fec  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:37:17.0340 0x0fec  i8042prt - ok
00:37:17.0360 0x0fec  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
00:37:17.0363 0x0fec  iaStor - ok
00:37:17.0431 0x0fec  [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:37:17.0432 0x0fec  IAStorDataMgrSvc - ok
00:37:17.0453 0x0fec  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:37:17.0458 0x0fec  iaStorV - ok
00:37:17.0503 0x0fec  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:37:17.0508 0x0fec  idsvc - ok
00:37:17.0663 0x0fec  [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
00:37:17.0810 0x0fec  igfx - ok
00:37:17.0839 0x0fec  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:37:17.0840 0x0fec  iirsp - ok
00:37:17.0875 0x0fec  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
00:37:17.0882 0x0fec  IKEEXT - ok
00:37:17.0933 0x0fec  [ 492CD3A94913D753B4591CD9E29EC843 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:37:17.0959 0x0fec  IntcAzAudAddService - ok
00:37:17.0974 0x0fec  [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
00:37:17.0976 0x0fec  IntcHdmiAddService - ok
00:37:17.0990 0x0fec  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
00:37:17.0995 0x0fec  intelide - ok
00:37:18.0020 0x0fec  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:37:18.0021 0x0fec  intelppm - ok
00:37:18.0032 0x0fec  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:37:18.0034 0x0fec  IPBusEnum - ok
00:37:18.0069 0x0fec  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:37:18.0071 0x0fec  IpFilterDriver - ok
00:37:18.0085 0x0fec  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:37:18.0088 0x0fec  IPMIDRV - ok
00:37:18.0099 0x0fec  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:37:18.0102 0x0fec  IPNAT - ok
00:37:18.0150 0x0fec  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:37:18.0156 0x0fec  iPod Service - ok
00:37:18.0168 0x0fec  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:37:18.0170 0x0fec  IRENUM - ok
00:37:18.0184 0x0fec  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:37:18.0185 0x0fec  isapnp - ok
00:37:18.0201 0x0fec  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:37:18.0205 0x0fec  iScsiPrt - ok
00:37:18.0226 0x0fec  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:37:18.0231 0x0fec  kbdclass - ok
00:37:18.0241 0x0fec  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:37:18.0242 0x0fec  kbdhid - ok
00:37:18.0252 0x0fec  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
00:37:18.0254 0x0fec  KeyIso - ok
00:37:18.0262 0x0fec  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:37:18.0264 0x0fec  KSecDD - ok
00:37:18.0271 0x0fec  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:37:18.0273 0x0fec  KSecPkg - ok
00:37:18.0284 0x0fec  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:37:18.0286 0x0fec  ksthunk - ok
00:37:18.0316 0x0fec  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:37:18.0319 0x0fec  KtmRm - ok
00:37:18.0349 0x0fec  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:37:18.0352 0x0fec  LanmanServer - ok
00:37:18.0385 0x0fec  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:37:18.0389 0x0fec  LanmanWorkstation - ok
00:37:18.0470 0x0fec  [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
00:37:18.0472 0x0fec  LBTServ - ok
00:37:18.0496 0x0fec  [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:37:18.0498 0x0fec  LHidFilt - ok
00:37:18.0514 0x0fec  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:37:18.0516 0x0fec  lltdio - ok
00:37:18.0544 0x0fec  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:37:18.0548 0x0fec  lltdsvc - ok
00:37:18.0559 0x0fec  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:37:18.0561 0x0fec  lmhosts - ok
00:37:18.0619 0x0fec  [ 8F2CFF01F12955477450DA5E572D4001 ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
00:37:18.0622 0x0fec  LMIGuardianSvc - ok
00:37:18.0654 0x0fec  [ 0F28935ECF1FBDEC22BAF720A5A94564 ] LMIInfo         C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
00:37:18.0655 0x0fec  LMIInfo - ok
00:37:18.0677 0x0fec  [ CA86C7042E406070B905AE6CA45D22EA ] LMIMaint        C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
00:37:18.0679 0x0fec  LMIMaint - ok
00:37:18.0695 0x0fec  [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
00:37:18.0697 0x0fec  lmimirr - ok
00:37:18.0702 0x0fec  LMIRfsClientNP - ok
00:37:18.0712 0x0fec  [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
00:37:18.0714 0x0fec  LMIRfsDriver - ok
00:37:18.0731 0x0fec  [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:37:18.0733 0x0fec  LMouFilt - ok
00:37:18.0769 0x0fec  [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn         C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
00:37:18.0771 0x0fec  LogMeIn - ok
00:37:18.0788 0x0fec  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:37:18.0790 0x0fec  LSI_FC - ok
00:37:18.0806 0x0fec  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:37:18.0808 0x0fec  LSI_SAS - ok
00:37:18.0827 0x0fec  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:37:18.0829 0x0fec  LSI_SAS2 - ok
00:37:18.0839 0x0fec  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:37:18.0841 0x0fec  LSI_SCSI - ok
00:37:18.0859 0x0fec  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:37:18.0860 0x0fec  luafv - ok
00:37:18.0871 0x0fec  [ 9D9714E78EAC9E5368208649489C920E ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
00:37:18.0873 0x0fec  LUsbFilt - ok
00:37:18.0899 0x0fec  [ 78584587FCD462BD27CC63C7A7765191 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
00:37:18.0900 0x0fec  Suspicious file (Forged): C:\Windows\system32\drivers\mbamchameleon.sys. Real md5: 78584587FCD462BD27CC63C7A7765191, Fake md5: 66A53AFACEE669B7026D2C459DBA8787
00:37:18.0901 0x0fec  mbamchameleon ( ForgedFile.Multi.Generic ) - warning
00:37:18.0901 0x0fec  mbamchameleon - detected ForgedFile.Multi.Generic (1)
00:37:18.0925 0x0fec  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
00:37:18.0928 0x0fec  McComponentHostService - ok
00:37:18.0965 0x0fec  McMPFSvc - ok
00:37:18.0994 0x0fec  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:37:18.0996 0x0fec  Mcx2Svc - ok
00:37:19.0015 0x0fec  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:37:19.0017 0x0fec  megasas - ok
00:37:19.0037 0x0fec  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:37:19.0042 0x0fec  MegaSR - ok
00:37:19.0076 0x0fec  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:37:19.0078 0x0fec  MMCSS - ok
00:37:19.0093 0x0fec  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:37:19.0095 0x0fec  Modem - ok
00:37:19.0109 0x0fec  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:37:19.0110 0x0fec  monitor - ok
00:37:19.0123 0x0fec  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:37:19.0125 0x0fec  mouclass - ok
00:37:19.0133 0x0fec  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:37:19.0134 0x0fec  mouhid - ok
00:37:19.0156 0x0fec  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:37:19.0157 0x0fec  mountmgr - ok
00:37:19.0217 0x0fec  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:37:19.0219 0x0fec  MozillaMaintenance - ok
00:37:19.0247 0x0fec  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:37:19.0251 0x0fec  mpio - ok
00:37:19.0267 0x0fec  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:37:19.0268 0x0fec  mpsdrv - ok
00:37:19.0282 0x0fec  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:37:19.0285 0x0fec  MRxDAV - ok
00:37:19.0299 0x0fec  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:37:19.0301 0x0fec  mrxsmb - ok
00:37:19.0317 0x0fec  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:37:19.0320 0x0fec  mrxsmb10 - ok
00:37:19.0330 0x0fec  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:37:19.0332 0x0fec  mrxsmb20 - ok
00:37:19.0353 0x0fec  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:37:19.0355 0x0fec  msahci - ok
00:37:19.0376 0x0fec  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:37:19.0379 0x0fec  msdsm - ok
00:37:19.0396 0x0fec  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:37:19.0399 0x0fec  MSDTC - ok
00:37:19.0419 0x0fec  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:37:19.0421 0x0fec  Msfs - ok
00:37:19.0426 0x0fec  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:37:19.0427 0x0fec  mshidkmdf - ok
00:37:19.0435 0x0fec  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:37:19.0436 0x0fec  msisadrv - ok
00:37:19.0481 0x0fec  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:37:19.0483 0x0fec  MSiSCSI - ok
00:37:19.0488 0x0fec  msiserver - ok
00:37:19.0504 0x0fec  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:37:19.0505 0x0fec  MSKSSRV - ok
00:37:19.0517 0x0fec  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:37:19.0519 0x0fec  MSPCLOCK - ok
00:37:19.0529 0x0fec  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:37:19.0531 0x0fec  MSPQM - ok
00:37:19.0551 0x0fec  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:37:19.0555 0x0fec  MsRPC - ok
00:37:19.0569 0x0fec  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
00:37:19.0569 0x0fec  mssmbios - ok
00:37:19.0591 0x0fec  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:37:19.0593 0x0fec  MSTEE - ok
00:37:19.0609 0x0fec  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:37:19.0610 0x0fec  MTConfig - ok
00:37:19.0627 0x0fec  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:37:19.0628 0x0fec  Mup - ok
00:37:19.0678 0x0fec  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
00:37:19.0683 0x0fec  napagent - ok
00:37:19.0705 0x0fec  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:37:19.0708 0x0fec  NativeWifiP - ok
00:37:19.0734 0x0fec  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:37:19.0740 0x0fec  NDIS - ok
00:37:19.0753 0x0fec  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:37:19.0755 0x0fec  NdisCap - ok
00:37:19.0767 0x0fec  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:37:19.0769 0x0fec  NdisTapi - ok
00:37:19.0784 0x0fec  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:37:19.0786 0x0fec  Ndisuio - ok
00:37:19.0801 0x0fec  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:37:19.0803 0x0fec  NdisWan - ok
00:37:19.0814 0x0fec  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:37:19.0816 0x0fec  NDProxy - ok
00:37:19.0827 0x0fec  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:37:19.0829 0x0fec  NetBIOS - ok
00:37:19.0846 0x0fec  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:37:19.0848 0x0fec  NetBT - ok
00:37:19.0859 0x0fec  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
00:37:19.0860 0x0fec  Netlogon - ok
00:37:19.0898 0x0fec  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:37:19.0900 0x0fec  Netman - ok
00:37:19.0974 0x0fec  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:37:19.0976 0x0fec  NetMsmqActivator - ok
00:37:19.0985 0x0fec  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:37:19.0988 0x0fec  NetPipeActivator - ok
00:37:20.0014 0x0fec  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:37:20.0019 0x0fec  netprofm - ok
00:37:20.0025 0x0fec  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:37:20.0026 0x0fec  NetTcpActivator - ok
00:37:20.0032 0x0fec  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:37:20.0033 0x0fec  NetTcpPortSharing - ok
00:37:20.0049 0x0fec  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:37:20.0051 0x0fec  nfrd960 - ok
00:37:20.0067 0x0fec  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:37:20.0070 0x0fec  NlaSvc - ok
00:37:20.0086 0x0fec  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:37:20.0088 0x0fec  Npfs - ok
00:37:20.0097 0x0fec  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:37:20.0098 0x0fec  nsi - ok
00:37:20.0112 0x0fec  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:37:20.0113 0x0fec  nsiproxy - ok
00:37:20.0158 0x0fec  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:37:20.0187 0x0fec  Ntfs - ok
00:37:20.0205 0x0fec  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:37:20.0207 0x0fec  Null - ok
00:37:20.0224 0x0fec  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:37:20.0226 0x0fec  nvraid - ok
00:37:20.0240 0x0fec  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:37:20.0243 0x0fec  nvstor - ok
00:37:20.0265 0x0fec  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:37:20.0268 0x0fec  nv_agp - ok
00:37:20.0282 0x0fec  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:37:20.0284 0x0fec  ohci1394 - ok
00:37:20.0327 0x0fec  [ B22793F305D9A8F1D88969D6843FF6B0 ] OneTouch 4.0 Monitor C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
00:37:20.0328 0x0fec  OneTouch 4.0 Monitor - ok
00:37:20.0374 0x0fec  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:37:20.0377 0x0fec  ose - ok
00:37:20.0519 0x0fec  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:37:20.0541 0x0fec  osppsvc - ok
00:37:20.0591 0x0fec  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:37:20.0593 0x0fec  p2pimsvc - ok
00:37:20.0618 0x0fec  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:37:20.0621 0x0fec  p2psvc - ok
00:37:20.0637 0x0fec  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:37:20.0639 0x0fec  Parport - ok
00:37:20.0652 0x0fec  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:37:20.0653 0x0fec  partmgr - ok
00:37:20.0694 0x0fec  [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
00:37:20.0695 0x0fec  PassThru Service - ok
00:37:20.0715 0x0fec  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
00:37:20.0717 0x0fec  pccsmcfd - ok
00:37:20.0739 0x0fec  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
00:37:20.0743 0x0fec  pci - ok
00:37:20.0761 0x0fec  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
00:37:20.0763 0x0fec  pciide - ok
00:37:20.0780 0x0fec  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:37:20.0783 0x0fec  pcmcia - ok
00:37:20.0801 0x0fec  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:37:20.0803 0x0fec  pcw - ok
00:37:20.0826 0x0fec  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:37:20.0832 0x0fec  PEAUTH - ok
00:37:20.0891 0x0fec  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:37:20.0893 0x0fec  PerfHost - ok
00:37:20.0994 0x0fec  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
00:37:21.0020 0x0fec  pla - ok
00:37:21.0056 0x0fec  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:37:21.0061 0x0fec  PlugPlay - ok
00:37:21.0078 0x0fec  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:37:21.0080 0x0fec  PNRPAutoReg - ok
00:37:21.0116 0x0fec  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:37:21.0120 0x0fec  PNRPsvc - ok
00:37:21.0148 0x0fec  [ 6F5DDC52A9103CC8E1ED5892C1D15613 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
00:37:21.0150 0x0fec  Point64 - ok
00:37:21.0169 0x0fec  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
00:37:21.0171 0x0fec  Power - ok
00:37:21.0189 0x0fec  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:37:21.0191 0x0fec  PptpMiniport - ok
00:37:21.0203 0x0fec  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:37:21.0205 0x0fec  Processor - ok
00:37:21.0225 0x0fec  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:37:21.0227 0x0fec  ProfSvc - ok
00:37:21.0257 0x0fec  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:37:21.0259 0x0fec  ProtectedStorage - ok
00:37:21.0278 0x0fec  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:37:21.0281 0x0fec  Psched - ok
00:37:21.0288 0x0fec  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
00:37:21.0290 0x0fec  PxHlpa64 - ok
00:37:21.0326 0x0fec  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:37:21.0352 0x0fec  ql2300 - ok
00:37:21.0368 0x0fec  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:37:21.0370 0x0fec  ql40xx - ok
00:37:21.0392 0x0fec  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:37:21.0396 0x0fec  QWAVE - ok
00:37:21.0407 0x0fec  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:37:21.0408 0x0fec  QWAVEdrv - ok
00:37:21.0528 0x0fec  [ AC919BD6B80CB2C8F8EAF5DF241BBB8F ] RapportCerberus_53984 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys
00:37:21.0535 0x0fec  RapportCerberus_53984 - ok
00:37:21.0611 0x0fec  [ 5F6C6680518FF7422454D6D4FD72B81F ] RapportEI64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
00:37:21.0614 0x0fec  RapportEI64 - ok
00:37:21.0630 0x0fec  [ 5A21C1E10559792A356BA75C5D955B3F ] RapportKE64     C:\Windows\system32\Drivers\RapportKE64.sys
00:37:21.0634 0x0fec  RapportKE64 - ok
00:37:21.0661 0x0fec  [ 71FE1AAF8CEEE80D64EA6ED2AFBB103D ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
00:37:21.0667 0x0fec  RapportMgmtService - ok
00:37:21.0682 0x0fec  [ E9BB97F7CB49CB4B25D416556B065086 ] RapportPG64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
00:37:21.0686 0x0fec  RapportPG64 - ok
00:37:21.0705 0x0fec  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:37:21.0707 0x0fec  RasAcd - ok
00:37:21.0740 0x0fec  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:37:21.0742 0x0fec  RasAgileVpn - ok
00:37:21.0757 0x0fec  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:37:21.0760 0x0fec  RasAuto - ok
00:37:21.0772 0x0fec  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:37:21.0775 0x0fec  Rasl2tp - ok
00:37:21.0807 0x0fec  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
00:37:21.0810 0x0fec  RasMan - ok
00:37:21.0825 0x0fec  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:37:21.0827 0x0fec  RasPppoe - ok
00:37:21.0851 0x0fec  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:37:21.0853 0x0fec  RasSstp - ok
00:37:21.0870 0x0fec  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:37:21.0874 0x0fec  rdbss - ok
00:37:21.0889 0x0fec  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:37:21.0891 0x0fec  rdpbus - ok
00:37:21.0901 0x0fec  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:37:21.0901 0x0fec  RDPCDD - ok
00:37:21.0919 0x0fec  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:37:21.0920 0x0fec  RDPENCDD - ok
00:37:21.0940 0x0fec  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:37:21.0941 0x0fec  RDPREFMP - ok
00:37:21.0957 0x0fec  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:37:21.0959 0x0fec  RdpVideoMiniport - ok
00:37:21.0980 0x0fec  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:37:21.0983 0x0fec  RDPWD - ok
00:37:22.0003 0x0fec  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:37:22.0006 0x0fec  rdyboost - ok
00:37:22.0020 0x0fec  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:37:22.0022 0x0fec  RemoteRegistry - ok
00:37:22.0039 0x0fec  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:37:22.0041 0x0fec  RpcEptMapper - ok
00:37:22.0072 0x0fec  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:37:22.0073 0x0fec  RpcLocator - ok
00:37:22.0097 0x0fec  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
00:37:22.0103 0x0fec  RpcSs - ok
00:37:22.0124 0x0fec  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:37:22.0126 0x0fec  rspndr - ok
00:37:22.0154 0x0fec  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:37:22.0159 0x0fec  RTL8167 - ok
00:37:22.0176 0x0fec  [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60        C:\Windows\system32\DRIVERS\RtNdPt60.sys
00:37:22.0178 0x0fec  RtNdPt60 - ok
00:37:22.0195 0x0fec  [ BC85BDC1C30066C78B8C67AF1241D0B7 ] RTTEAMPT        C:\Windows\system32\DRIVERS\RtTeam60.sys
00:37:22.0197 0x0fec  RTTEAMPT - ok
00:37:22.0208 0x0fec  [ 8B6B42D782202363A562F82B0E13B1C0 ] RTVLANPT        C:\Windows\system32\DRIVERS\RtVlan60.sys
00:37:22.0210 0x0fec  RTVLANPT - ok
00:37:22.0223 0x0fec  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
00:37:22.0224 0x0fec  SamSs - ok
00:37:22.0244 0x0fec  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:37:22.0247 0x0fec  sbp2port - ok
00:37:22.0264 0x0fec  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:37:22.0268 0x0fec  SCardSvr - ok
00:37:22.0286 0x0fec  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:37:22.0288 0x0fec  scfilter - ok
00:37:22.0337 0x0fec  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
00:37:22.0343 0x0fec  Schedule - ok
00:37:22.0376 0x0fec  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:37:22.0377 0x0fec  SCPolicySvc - ok
00:37:22.0389 0x0fec  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:37:22.0391 0x0fec  SDRSVC - ok
00:37:22.0467 0x0fec  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
00:37:22.0476 0x0fec  SDScannerService - ok
00:37:22.0542 0x0fec  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
00:37:22.0553 0x0fec  SDUpdateService - ok
00:37:22.0585 0x0fec  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
00:37:22.0587 0x0fec  SDWSCService - ok
00:37:22.0603 0x0fec  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:37:22.0605 0x0fec  secdrv - ok
00:37:22.0624 0x0fec  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
00:37:22.0626 0x0fec  seclogon - ok
00:37:22.0639 0x0fec  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
00:37:22.0641 0x0fec  SENS - ok
00:37:22.0652 0x0fec  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:37:22.0654 0x0fec  SensrSvc - ok
00:37:22.0669 0x0fec  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:37:22.0671 0x0fec  Serenum - ok
00:37:22.0682 0x0fec  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:37:22.0684 0x0fec  Serial - ok
00:37:22.0700 0x0fec  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:37:22.0702 0x0fec  sermouse - ok
00:37:22.0750 0x0fec  [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
00:37:22.0756 0x0fec  ServiceLayer - ok
00:37:22.0807 0x0fec  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:37:22.0811 0x0fec  SessionEnv - ok
00:37:22.0831 0x0fec  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:37:22.0833 0x0fec  sffdisk - ok
00:37:22.0847 0x0fec  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:37:22.0848 0x0fec  sffp_mmc - ok
00:37:22.0864 0x0fec  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:37:22.0865 0x0fec  sffp_sd - ok
00:37:22.0880 0x0fec  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:37:22.0881 0x0fec  sfloppy - ok
00:37:22.0940 0x0fec  [ 74EC60E20516AAA573BE74F31175270F ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
00:37:22.0974 0x0fec  SftService - ok
00:37:23.0021 0x0fec  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:37:23.0025 0x0fec  ShellHWDetection - ok
00:37:23.0042 0x0fec  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:37:23.0043 0x0fec  SiSRaid2 - ok
00:37:23.0053 0x0fec  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:37:23.0055 0x0fec  SiSRaid4 - ok
00:37:23.0117 0x0fec  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:37:23.0119 0x0fec  SkypeUpdate - ok
00:37:23.0144 0x0fec  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:37:23.0146 0x0fec  Smb - ok
00:37:23.0197 0x0fec  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:37:23.0199 0x0fec  SNMPTRAP - ok
00:37:23.0221 0x0fec  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:37:23.0223 0x0fec  spldr - ok
00:37:23.0246 0x0fec  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
00:37:23.0250 0x0fec  Spooler - ok
00:37:23.0335 0x0fec  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
00:37:23.0353 0x0fec  sppsvc - ok
00:37:23.0392 0x0fec  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:37:23.0393 0x0fec  sppuinotify - ok
00:37:23.0434 0x0fec  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
00:37:23.0437 0x0fec  sprtsvc_DellSupportCenter - ok
00:37:23.0465 0x0fec  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:37:23.0470 0x0fec  srv - ok
00:37:23.0492 0x0fec  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:37:23.0497 0x0fec  srv2 - ok
00:37:23.0512 0x0fec  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:37:23.0514 0x0fec  srvnet - ok
00:37:23.0528 0x0fec  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
00:37:23.0531 0x0fec  ssadbus - ok
00:37:23.0546 0x0fec  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
00:37:23.0547 0x0fec  ssadmdfl - ok
00:37:23.0558 0x0fec  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
00:37:23.0561 0x0fec  ssadmdm - ok
00:37:23.0575 0x0fec  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
00:37:23.0577 0x0fec  ssadserd - ok
00:37:23.0599 0x0fec  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:37:23.0602 0x0fec  SSDPSRV - ok
00:37:23.0618 0x0fec  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:37:23.0620 0x0fec  SstpSvc - ok
00:37:23.0635 0x0fec  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:37:23.0636 0x0fec  stexstor - ok
00:37:23.0651 0x0fec  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
00:37:23.0652 0x0fec  StillCam - ok
00:37:23.0674 0x0fec  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
00:37:23.0678 0x0fec  stisvc - ok
00:37:23.0699 0x0fec  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
00:37:23.0700 0x0fec  swenum - ok
00:37:23.0720 0x0fec  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:37:23.0726 0x0fec  swprv - ok
00:37:23.0759 0x0fec  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
00:37:23.0768 0x0fec  SysMain - ok
00:37:23.0777 0x0fec  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:37:23.0779 0x0fec  TabletInputService - ok
00:37:23.0797 0x0fec  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:37:23.0801 0x0fec  TapiSrv - ok
00:37:23.0836 0x0fec  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:37:23.0838 0x0fec  TBS - ok
00:37:23.0902 0x0fec  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:37:23.0916 0x0fec  Tcpip - ok
00:37:23.0955 0x0fec  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:37:23.0964 0x0fec  TCPIP6 - ok
00:37:23.0985 0x0fec  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:37:23.0986 0x0fec  tcpipreg - ok
00:37:24.0030 0x0fec  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:37:24.0032 0x0fec  TDPIPE - ok
00:37:24.0050 0x0fec  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:37:24.0053 0x0fec  TDTCP - ok
00:37:24.0068 0x0fec  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:37:24.0069 0x0fec  tdx - ok
00:37:24.0084 0x0fec  [ BC85BDC1C30066C78B8C67AF1241D0B7 ] TEAM            C:\Windows\system32\DRIVERS\RtTeam60.sys
00:37:24.0085 0x0fec  TEAM - ok
00:37:24.0098 0x0fec  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
00:37:24.0100 0x0fec  TermDD - ok
00:37:24.0119 0x0fec  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
00:37:24.0126 0x0fec  TermService - ok
00:37:24.0143 0x0fec  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:37:24.0145 0x0fec  Themes - ok
00:37:24.0179 0x0fec  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:37:24.0181 0x0fec  THREADORDER - ok
00:37:24.0204 0x0fec  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:37:24.0206 0x0fec  TrkWks - ok
00:37:24.0254 0x0fec  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:37:24.0255 0x0fec  TrustedInstaller - ok
00:37:24.0285 0x0fec  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:37:24.0286 0x0fec  tssecsrv - ok
00:37:24.0300 0x0fec  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:37:24.0301 0x0fec  TsUsbFlt - ok
00:37:24.0320 0x0fec  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:37:24.0322 0x0fec  tunnel - ok
00:37:24.0341 0x0fec  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:37:24.0344 0x0fec  uagp35 - ok
00:37:24.0386 0x0fec  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:37:24.0389 0x0fec  udfs - ok
00:37:24.0415 0x0fec  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:37:24.0417 0x0fec  UI0Detect - ok
00:37:24.0435 0x0fec  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:37:24.0437 0x0fec  uliagpkx - ok
00:37:24.0445 0x0fec  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:37:24.0447 0x0fec  umbus - ok
00:37:24.0460 0x0fec  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:37:24.0461 0x0fec  UmPass - ok
00:37:24.0483 0x0fec  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:37:24.0487 0x0fec  upnphost - ok
00:37:24.0506 0x0fec  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
00:37:24.0508 0x0fec  USBAAPL64 - ok
00:37:24.0521 0x0fec  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:37:24.0523 0x0fec  usbccgp - ok
00:37:24.0532 0x0fec  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:37:24.0534 0x0fec  usbcir - ok
00:37:24.0553 0x0fec  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:37:24.0555 0x0fec  usbehci - ok
00:37:24.0574 0x0fec  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:37:24.0577 0x0fec  usbhub - ok
00:37:24.0595 0x0fec  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:37:24.0596 0x0fec  usbohci - ok
00:37:24.0609 0x0fec  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:37:24.0611 0x0fec  usbprint - ok
00:37:24.0623 0x0fec  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:37:24.0625 0x0fec  usbscan - ok
00:37:24.0636 0x0fec  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\Windows\system32\drivers\usbser.sys
00:37:24.0638 0x0fec  usbser - ok
00:37:24.0655 0x0fec  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:37:24.0657 0x0fec  USBSTOR - ok
00:37:24.0674 0x0fec  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:37:24.0676 0x0fec  usbuhci - ok
00:37:24.0689 0x0fec  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
00:37:24.0691 0x0fec  usb_rndisx - ok
00:37:24.0709 0x0fec  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:37:24.0711 0x0fec  UxSms - ok
00:37:24.0720 0x0fec  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
00:37:24.0722 0x0fec  VaultSvc - ok
00:37:24.0733 0x0fec  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:37:24.0734 0x0fec  vdrvroot - ok
00:37:24.0753 0x0fec  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
00:37:24.0757 0x0fec  vds - ok
00:37:24.0775 0x0fec  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:37:24.0777 0x0fec  vga - ok
00:37:24.0795 0x0fec  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:37:24.0796 0x0fec  VgaSave - ok
00:37:24.0817 0x0fec  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:37:24.0820 0x0fec  vhdmp - ok
00:37:24.0840 0x0fec  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:37:24.0842 0x0fec  viaide - ok
00:37:24.0857 0x0fec  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:37:24.0860 0x0fec  volmgr - ok
00:37:24.0907 0x0fec  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:37:24.0909 0x0fec  volmgrx - ok
00:37:24.0927 0x0fec  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:37:24.0931 0x0fec  volsnap - ok
00:37:24.0946 0x0fec  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:37:24.0949 0x0fec  vsmraid - ok
00:37:24.0995 0x0fec  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
00:37:25.0009 0x0fec  VSS - ok
00:37:25.0050 0x0fec  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:37:25.0052 0x0fec  vwifibus - ok
00:37:25.0073 0x0fec  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:37:25.0077 0x0fec  W32Time - ok
00:37:25.0100 0x0fec  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:37:25.0101 0x0fec  WacomPen - ok
00:37:25.0115 0x0fec  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:37:25.0117 0x0fec  WANARP - ok
00:37:25.0124 0x0fec  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:37:25.0125 0x0fec  Wanarpv6 - ok
00:37:25.0178 0x0fec  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:37:25.0187 0x0fec  WatAdminSvc - ok
00:37:25.0227 0x0fec  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
00:37:25.0236 0x0fec  wbengine - ok
00:37:25.0256 0x0fec  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:37:25.0258 0x0fec  WbioSrvc - ok
00:37:25.0276 0x0fec  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:37:25.0280 0x0fec  wcncsvc - ok
00:37:25.0293 0x0fec  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:37:25.0295 0x0fec  WcsPlugInService - ok
00:37:25.0312 0x0fec  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:37:25.0314 0x0fec  Wd - ok
00:37:25.0346 0x0fec  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
00:37:25.0347 0x0fec  WDC_SAM - ok
00:37:25.0373 0x0fec  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:37:25.0378 0x0fec  Wdf01000 - ok
00:37:25.0397 0x0fec  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:37:25.0401 0x0fec  WdiServiceHost - ok
00:37:25.0408 0x0fec  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:37:25.0410 0x0fec  WdiSystemHost - ok
00:37:25.0432 0x0fec  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
00:37:25.0435 0x0fec  WebClient - ok
00:37:25.0457 0x0fec  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:37:25.0460 0x0fec  Wecsvc - ok
00:37:25.0479 0x0fec  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:37:25.0481 0x0fec  wercplsupport - ok
00:37:25.0517 0x0fec  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:37:25.0519 0x0fec  WerSvc - ok
00:37:25.0531 0x0fec  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:37:25.0533 0x0fec  WfpLwf - ok
00:37:25.0558 0x0fec  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
00:37:25.0561 0x0fec  WimFltr - ok
00:37:25.0578 0x0fec  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:37:25.0580 0x0fec  WIMMount - ok
00:37:25.0601 0x0fec  WinHttpAutoProxySvc - ok
00:37:25.0642 0x0fec  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:37:25.0644 0x0fec  Winmgmt - ok
00:37:25.0702 0x0fec  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
00:37:25.0739 0x0fec  WinRM - ok
00:37:25.0781 0x0fec  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:37:25.0783 0x0fec  WinUsb - ok
00:37:25.0810 0x0fec  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:37:25.0819 0x0fec  Wlansvc - ok
00:37:25.0926 0x0fec  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:37:25.0937 0x0fec  wlidsvc - ok
00:37:25.0953 0x0fec  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:37:25.0955 0x0fec  WmiAcpi - ok
00:37:25.0992 0x0fec  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:37:25.0993 0x0fec  wmiApSrv - ok
00:37:26.0019 0x0fec  WMPNetworkSvc - ok
00:37:26.0037 0x0fec  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:37:26.0039 0x0fec  WPCSvc - ok
00:37:26.0055 0x0fec  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:37:26.0057 0x0fec  WPDBusEnum - ok
00:37:26.0073 0x0fec  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:37:26.0074 0x0fec  ws2ifsl - ok
00:37:26.0094 0x0fec  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
00:37:26.0095 0x0fec  WSDPrintDevice - ok
00:37:26.0103 0x0fec  WSearch - ok
00:37:26.0155 0x0fec  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:37:26.0168 0x0fec  wuauserv - ok
00:37:26.0191 0x0fec  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:37:26.0192 0x0fec  WudfPf - ok
00:37:26.0206 0x0fec  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:37:26.0208 0x0fec  WUDFRd - ok
00:37:26.0226 0x0fec  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:37:26.0228 0x0fec  wudfsvc - ok
00:37:26.0255 0x0fec  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:37:26.0259 0x0fec  WwanSvc - ok
00:37:26.0275 0x0fec  ================ Scan global ===============================
00:37:26.0315 0x0fec  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:37:26.0332 0x0fec  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:37:26.0344 0x0fec  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:37:26.0381 0x0fec  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:37:26.0418 0x0fec  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:37:26.0422 0x0fec  [Global] - ok
00:37:26.0423 0x0fec  ================ Scan MBR ==================================
00:37:26.0437 0x0fec  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:37:26.0592 0x0fec  \Device\Harddisk0\DR0 - ok
00:37:26.0598 0x0fec  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
00:37:26.0606 0x0fec  \Device\Harddisk1\DR1 - ok
00:37:26.0607 0x0fec  ================ Scan VBR ==================================
00:37:26.0612 0x0fec  [ 55F956951ADA22B0741A2B8646217ECC ] \Device\Harddisk0\DR0\Partition1
00:37:26.0613 0x0fec  \Device\Harddisk0\DR0\Partition1 - ok
00:37:26.0633 0x0fec  [ D0213131D95A27AF7D23D81AE419282E ] \Device\Harddisk0\DR0\Partition2
00:37:26.0635 0x0fec  \Device\Harddisk0\DR0\Partition2 - ok
00:37:26.0639 0x0fec  [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk1\DR1\Partition1
00:37:26.0641 0x0fec  \Device\Harddisk1\DR1\Partition1 - ok
00:37:26.0641 0x0fec  ============================================================
00:37:26.0641 0x0fec  Scan finished
00:37:26.0641 0x0fec  ============================================================
00:37:26.0653 0x1b64  Detected object count: 1
00:37:26.0653 0x1b64  Actual detected object count: 1
00:38:10.0228 0x1b64  mbamchameleon ( ForgedFile.Multi.Generic ) - skipped by user
00:38:10.0228 0x1b64  mbamchameleon ( ForgedFile.Multi.Generic ) - User select action: Skip
 

3. FSS scan

Farbar Service Scanner Version: 05-09-2013
Ran by  Judy (administrator) on 09-09-2013 at 00:29:38
Running from "C:\Users\Judy\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:05 AM

Posted 08 September 2013 - 07:02 PM

Ok....looks like we have some work to do.  :)

 

This may take several passes before we can get things back to running more normally so I appreciate your patience.  

 

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.  
  • Please post the C:\ComboFix.txt for further review.

  • WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #5 andromeda9

    andromeda9
    • Topic Starter

    • Members
    • 29 posts
    • OFFLINE
    •  
    • Local time:11:05 AM

    Posted 09 September 2013 - 07:52 AM

    Thank you Jeff,

     

    I ran the Combofix program after disabling McAfee Security Plus and Spybot 2.

     

    However Combofix reported that those two programs were still running, but Combofix did not seem to have an 'exit' button.

    So, not being able to stop those Anti Malware programs running, I went to Control Panel /Programs.. and removed the programs normally - whilst Combofix was waiting for me to continue.

    I then proceeded with the last step of Combofix, and after the computer had restarted I saved the log as Combofix 1.txt.

     

    In other words, whilst combofix was waiting for me to procede, I uninstalled those two programs.

    I realised that was not an ideal run, sorry, so to try and help provide a clean Combofix log, I then ran Combofix again a second time, and saved the results as Combofix 2.txt - hoping it might be more helpful for you. 

     

    The results are underneath.  I really hope that was ok, and I didn't mess up,.

     

    Look forward to hearing back from you.

    .

     

    1. Combofix 1

     

    ComboFix 13-09-08.02 - Judy 09/09/2013  10:51:50.1.2 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4061.2438 [GMT 1:00]
    Running from: c:\users\Judy\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\Google\Desktop\Install
    c:\program files (x86)\Google\Desktop\Install\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\9519~1\A535~1\E628~1\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\@
    c:\program files (x86)\Google\Desktop\Install\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\9519~1\A535~1\E628~1\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\U\00000001.@
    c:\program files (x86)\Google\Desktop\Install\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\9519~1\A535~1\E628~1\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\U\00000002.@
    c:\program files (x86)\Google\Desktop\Install\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\9519~1\A535~1\E628~1\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\U\80000000.@
    c:\program files (x86)\Google\Desktop\Install\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\9519~1\A535~1\E628~1\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\U\80000001.@
    c:\program files (x86)\Google\Desktop\Install\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\9519~1\A535~1\E628~1\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\U\800000cb.@
    c:\users\Judy\001.jpg
    c:\users\Judy\AppData\Roaming\skype.ini
    c:\users\Judy\GoToAssistDownloadHelper.exe
    c:\windows\SysWow64\le3lmq7.dll
    c:\windows\SysWow64\prsgrc.dll
    c:\windows\SysWow64\ssprs.dll
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-08-09 to 2013-09-09  )))))))))))))))))))))))))))))))
    .
    .
    2013-09-06 19:00 . 2013-09-06 19:00    177680    ----a-w-    c:\windows\system32\mfevtps.exe.60d8.deleteme
    2013-09-06 18:59 . 2013-09-07 07:30    --------    d-----w-    c:\program files\stinger
    2013-09-01 10:42 . 2013-09-01 10:42    --------    d-----w-    c:\program files\ViceVersa Pro
    2013-08-31 22:19 . 2013-08-31 22:19    --------    d-----w-    c:\windows\snack
    2013-08-31 17:41 . 2013-08-31 17:41    --------    d-----w-    c:\windows\ERUNT
    2013-08-31 17:27 . 2013-08-31 17:27    92376    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2013-08-31 12:39 . 2013-08-31 12:39    --------    d-----w-    c:\program files (x86)\ESET
    2013-08-31 12:16 . 2013-09-08 23:32    --------    d-----w-    C:\AdwCleaner
    2013-08-14 02:01 . 2013-08-14 02:08    --------    d-----w-    c:\windows\system32\MRT
    2013-08-14 01:04 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
    2013-08-14 01:04 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
    2013-08-14 01:04 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
    2013-08-14 01:04 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
    2013-08-14 01:04 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
    2013-08-14 01:04 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
    2013-08-14 01:04 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
    2013-08-14 01:04 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
    2013-08-14 01:04 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
    2013-08-14 01:04 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-08-31 22:33 . 2012-05-17 11:02    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-31 22:33 . 2012-05-17 11:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2013-08-14 02:01 . 2010-10-11 06:59    78161360    ----a-w-    c:\windows\system32\MRT.exe
    2013-08-05 21:52 . 2011-03-02 21:06    236688    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
    2013-07-09 04:45 . 2013-08-14 01:03    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-22 39408]
    "HP Officejet 7500 E910 (NET)"="c:\program files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
    "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616]
    .
    c:\users\Setup Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
    .
    c:\users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
    Monitor Ink Alerts - HP Officejet 7500 E910 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 7500 E910\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=MY148110WJ05JB;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-4 1207312]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-16 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
    R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
    S1 RapportCerberus_53984;RapportCerberus_53984;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [x]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RAPPORTIASO
    *NewlyCreated* - WS2IFSL
    *Deregistered* - RapportIaso
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 22:33]
    .
    2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 08:26]
    .
    2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 08:26]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-07-25 418280]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://magnetplanner.2020.net/virtualplanner/Core/Player/2020PlayerAX_WEB_Win32.cab
    FF - ProfilePath - c:\users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\v144d4or.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-34337551.sys
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
    HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
    HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Visioneer\OneTouch 4.0\OtService.exe
    c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2013-09-09  12:54:28 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-09-09 11:54
    .
    Pre-Run: 559,557,013,504 bytes free
    Post-Run: 559,236,550,656 bytes free
    .
    - - End Of File - - 0DB2BDF02768F2E75D2145960D70A33A
     

     

    -------------------------------------------------------------------------------------------------------------------------------------------

     

     

    2. Combofix 2

     

    ComboFix 13-09-08.02 - Judy 09/09/2013  13:04:17.2.2 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4061.2617 [GMT 1:00]
    Running from: c:\users\Judy\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-08-09 to 2013-09-09  )))))))))))))))))))))))))))))))
    .
    .
    2013-09-09 12:18 . 2013-09-09 12:18    --------    d-----w-    c:\users\Setup Computer\AppData\Local\temp
    2013-09-09 12:18 . 2013-09-09 12:18    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2013-09-06 19:00 . 2013-09-06 19:00    177680    ----a-w-    c:\windows\system32\mfevtps.exe.60d8.deleteme
    2013-09-06 18:59 . 2013-09-07 07:30    --------    d-----w-    c:\program files\stinger
    2013-09-01 10:42 . 2013-09-01 10:42    --------    d-----w-    c:\program files\ViceVersa Pro
    2013-08-31 22:19 . 2013-08-31 22:19    --------    d-----w-    c:\windows\snack
    2013-08-31 17:41 . 2013-08-31 17:41    --------    d-----w-    c:\windows\ERUNT
    2013-08-31 17:27 . 2013-08-31 17:27    92376    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2013-08-31 12:39 . 2013-08-31 12:39    --------    d-----w-    c:\program files (x86)\ESET
    2013-08-31 12:16 . 2013-09-08 23:32    --------    d-----w-    C:\AdwCleaner
    2013-08-14 02:01 . 2013-08-14 02:08    --------    d-----w-    c:\windows\system32\MRT
    2013-08-14 01:04 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
    2013-08-14 01:04 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
    2013-08-14 01:04 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
    2013-08-14 01:04 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
    2013-08-14 01:04 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
    2013-08-14 01:04 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
    2013-08-14 01:04 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
    2013-08-14 01:04 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
    2013-08-14 01:04 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
    2013-08-14 01:04 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-08-31 22:33 . 2012-05-17 11:02    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-31 22:33 . 2012-05-17 11:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2013-08-14 02:01 . 2010-10-11 06:59    78161360    ----a-w-    c:\windows\system32\MRT.exe
    2013-08-05 21:52 . 2011-03-02 21:06    236688    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
    2013-07-09 04:45 . 2013-08-14 01:03    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-22 39408]
    "HP Officejet 7500 E910 (NET)"="c:\program files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
    "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616]
    .
    c:\users\Setup Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
    .
    c:\users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
    Monitor Ink Alerts - HP Officejet 7500 E910 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 7500 E910\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=MY148110WJ05JB;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-4 1207312]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-16 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
    R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
    S1 RapportCerberus_53984;RapportCerberus_53984;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [x]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
    S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RAPPORTIASO
    *NewlyCreated* - WS2IFSL
    *Deregistered* - RapportIaso
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 22:33]
    .
    2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 08:26]
    .
    2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 08:26]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "IgfxTray"="DOWS\SYSTEM32\IGFXTRAY.EXE" [BU]
    "HotKeysCmds"="DOWS\SYSTEM32\HKCMD.EXE" [BU]
    "Persistence"="DOWS\SYSTEM32\IGFXPERS.EXE" [BU]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-07-25 418280]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://magnetplanner.2020.net/virtualplanner/Core/Player/2020PlayerAX_WEB_Win32.cab
    FF - ProfilePath - c:\users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\v144d4or.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-09-09  13:23:43
    ComboFix-quarantined-files.txt  2013-09-09 12:23
    ComboFix2.txt  2013-09-09 11:54
    .
    Pre-Run: 559,315,988,480 bytes free
    Post-Run: 559,235,477,504 bytes free
    .
    - - End Of File - - 3C18F01AC195F7CFFD0171B2F8FD0687
     

     

     

    --------------------------------------------------   end -------------------------------------------


    Edited by andromeda9, 09 September 2013 - 08:03 AM.


    #6 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:05:05 AM

    Posted 09 September 2013 - 02:34 PM

    Hi,

     

    No problem.....  :)

     

    Could you run a fresh scan with FSS as well and post that too please?  


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #7 andromeda9

    andromeda9
    • Topic Starter

    • Members
    • 29 posts
    • OFFLINE
    •  
    • Local time:11:05 AM

    Posted 09 September 2013 - 03:34 PM

    Here we are:

    FSS

     

    Farbar Service Scanner Version: 05-09-2013
    Ran by Jaudy (administrator) on 09-09-2013 at 21:31:14
    Running from "C:\Users\Judy\Desktop"
    Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============
    Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****



    #8 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:05:05 AM

    Posted 09 September 2013 - 07:41 PM

    OJQgrbU.pngTweaking.com Registry Backup

    • Download the tool found here to your Desktop so it is easy to find.
    • Double click on the file you just downloaded to install it to your system.
    • Once the tool is installed, double-click on the Tweaking.com Registry Backup icon 
      **Note** The tool should automatically open to the Backup Registry tab.
       
      TRfuT3t.jpg
    • Press Backup Now
    • When the back up is complete, the tool will tell you that Successful */* Files Backed Up
    • You have now successfully backed up your Registry.

    ---------------------
     
     
    Next I would like you to take the following steps:

    • Download the .zip file I attached to this reply directly to your Desktop
    • Right-click on the .zip folder and select Extract All and then extract all the contents to your Desktop
    • Now find RemoteAccess.reg from the files that were extracted and right-click on that...select Merge
    • Accept any prompts and let the process complete
    • Reboot your system and then run a new scan with FSS and post the new log

    ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #9 andromeda9

    andromeda9
    • Topic Starter

    • Members
    • 29 posts
    • OFFLINE
    •  
    • Local time:11:05 AM

    Posted 10 September 2013 - 06:31 AM

    Hi Jeff

     

    Registry Editor backup done.

    FSS done and posted below.

     

    May I ask what RemoteAccess.reg does?

     

    Thanks again

     

    Note:

    I have had to go away for a few days and I have arranged to login to her computer by using a secure Logmein program so I can carry out your procedures ... and basically keep the kettle boiling.....

    Logmein has been used by me in the past and has not  caused me any problems.

    It will be running during the procedures you are getting me to do. I mention this just in case it is relevent.

     

    --------------------------------------------

     

     

    Farbar Service Scanner Version: 05-09-2013
    Ran by Judy (administrator) on 10-09-2013 at 12:22:43
    Running from "C:\Users\Judy\Desktop"
    Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****


    Edited by andromeda9, 10 September 2013 - 06:49 AM.


    #10 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:05:05 AM

    Posted 10 September 2013 - 06:50 AM

    Hi,

     

    May I ask what RemoteAccess.reg does?

    This allows for certain programs that may need to access portions of your registry to be able to do so with the greatest of ease.  

     

     

    I have had to go away for a few days and I have arranged to login to her computer by using a secure Logmein program.

    This will be running during the procedures you are getting me to do. I mention this just in case it is important or relevent.

     

    There is no hurry on my end.  If you need, we can just leave this until you return and then pick up where we left off.  It's really no problem if you would like to do that.  This will also allow you to worry about what you need to on your trip instead of checking in here.  

     

    How is your system running now?


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #11 andromeda9

    andromeda9
    • Topic Starter

    • Members
    • 29 posts
    • OFFLINE
    •  
    • Local time:11:05 AM

    Posted 10 September 2013 - 08:47 AM

    Thanks Jeff

     

    The computer 'seems' to be running smoother/faster...   I hope I'm not being deluded by a placebo spell you've cast <grin>   :)

     

    Let's carry on.  I am particularly keen to ensure any Rootkit has been dealt with effectively.

     

    Also, I don't want to hold you up and add to your work, but is there a link you can give me to help me understand about the steps we've taken (and why) including that Remoteaccess.reg you did?  I wasnt sure whether you had created it new for me.  I'd like to understand.  But it can be done later.

     

    Let me know what to do next please. I'm itching to get to that stage of being able to put a reasonable antivirus/malware program on!

     

     

    Thanks



    #12 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:05:05 AM

    Posted 10 September 2013 - 09:42 AM

    Glad to hear that your system is running better.

     

    Well....to put it in simplest terms, you had a nasty infection on your system that had done some damage to some of the services on your system.  Some of them were fixed by our tools and the other, that I had you download, I just got you the correct copy and added it to your system.  This is in simplest terms though.  :)

     

    Ok...when you ran DDS was there a log made named Attach.txt?  If so, please post that....if not, please run DDS and then be sure to post Attach.txt.  


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #13 andromeda9

    andromeda9
    • Topic Starter

    • Members
    • 29 posts
    • OFFLINE
    •  
    • Local time:11:05 AM

    Posted 10 September 2013 - 02:18 PM

    Thanks for the explanation.

     

    I have just run DSS and as requested  I now post a new ATTATCH.TXT

     

    Thanks

     

     

     

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 15/07/2010 10:55:36
    System Uptime: 10/09/2013 19:47:53 (1 hours ago)
    .
    Motherboard: Dell Inc. |  | 018D1Y
    Processor: Intel® Core™2 Duo CPU     E7500  @ 2.93GHz | CPU 1 | 2936/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 687 GiB total, 524.421 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is FIXED (NTFS) - 931 GiB total, 822.962 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Unknown Device
    Device ID: USB\VID_0000&PID_0000\6&4F27F0&0&2
    Manufacturer: (Standard USB Host Controller)
    Name: Unknown Device
    PNP Device ID: USB\VID_0000&PID_0000\6&4F27F0&0&2
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.65
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.03)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoCAD 2013 - English
    AutoCAD 2013 - English SP2
    AutoCAD 2013 Language Pack - English
    Autodesk Content Service
    Autodesk Content Service Language Pack
    Autodesk Design Review 2013
    Autodesk DWF Viewer 7
    Autodesk Inventor Fusion 2013
    Autodesk Inventor Fusion plug-in for AutoCAD 2013
    Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
    Autodesk Material Library 2013
    Autodesk Material Library Base Resolution Image Library 2013
    Autodesk Sync
    Basic PAYE Tools
    Basic PAYE Tools - Real Time Information
    Basic PAYE Tools 2012
    Bing Bar
    Bonjour
    CCleaner
    CDDRV_Installer
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Defraggler
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Diagnostic Utility
    DraftSight
    DWG TrueView 2011
    erLT
    ESET Online Scanner v3
    FARO LS 1.1.406.58
    Garmin Lifetime Updater
    Google Earth Plug-in
    Google SketchUp 8
    Google Toolbar for Internet Explorer
    Google Update Helper
    HMRC Employer CD-ROM 2010 - Updated Edition 2.1.2
    HP Officejet 7500 E910 Basic Device Software
    HP Officejet 7500 E910 Help
    HP Officejet 7500 E910 Product Improvement Study
    HP Update
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    I.R.I.S. OCR
    Intel® Control Center
    Intel® Graphics Media Accelerator Driver
    Intel® Rapid Storage Technology
    iTunes
    Junk Mail filter update
    KhalInstallWrapper
    Logitech SetPoint
    LogMeIn
    M-Color 9.7.520.0
    Malwarebytes Anti-Malware version 1.75.0.1300
    Marketsplash Shortcuts
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Visio Professional 2003
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Mozilla Firefox 23.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSVC80_x64_v2
    MSVC80_x86_v2
    MSVC90_x64
    MSVC90_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    MyPublisher
    Nokia Connectivity Cable Driver
    Nokia Ovi Suite
    Nokia Ovi Suite Software Updater
    OneTouch 4.0
    Orca
    Ovi Desktop Sync Engine
    OviMPlatform
    Payslips for PAYE Tools
    PC Connectivity Solution
    PDF to DWG Converter
    QuickTime
    Rapport
    Realtek High Definition Audio Driver
    Roxio Burn
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
    Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Shared C Run-time for x64
    Skype Toolbars
    Skype™ 5.10
    Tweaking.com - Registry Backup
    TweetDeck
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VBA (2627.01)
    ViceVersa Pro 2.5 64-bit (Build 2512)
    WildTangent Games
    Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/09/2013 19:50:56, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    10/09/2013 19:25:00, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    10/09/2013 18:15:01, Error: volmgr [46]  - Crash dump initialization failed!
    10/09/2013 07:49:38, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ServiceLayer service to connect.
    10/09/2013 07:49:38, Error: Service Control Manager [7000]  - The ServiceLayer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    10/09/2013 07:49:03, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
    09/09/2013 19:38:43, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  A device attached to the system is not functioning.
    09/09/2013 13:18:57, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
    09/09/2013 11:06:39, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    09/09/2013 10:34:45, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
    09/09/2013 10:31:44, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:  An instance of the service is already running.
    09/09/2013 10:30:44, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error:  An instance of the service is already running.
    09/09/2013 10:29:45, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09/09/2013 10:29:44, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09/09/2013 09:57:41, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891
    09/09/2013 09:57:41, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891
    09/09/2013 09:55:32, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
    09/09/2013 09:55:31, Error: Service Control Manager [7003]  - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.
    09/09/2013 09:55:29, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    06/09/2013 23:47:17, Error: Service Control Manager [7034]  - The Office Software Protection Platform service terminated unexpectedly.  It has done this 2 time(s).
    06/09/2013 23:47:17, Error: Service Control Manager [7034]  - The LMIGuardianSvc service terminated unexpectedly.  It has done this 2 time(s).
    06/09/2013 23:47:17, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
    06/09/2013 23:47:17, Error: Service Control Manager [7031]  - The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    06/09/2013 23:47:17, Error: Service Control Manager [7031]  - The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
    06/09/2013 19:59:28, Error: Service Control Manager [7034]  - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly.  It has done this 1 time(s).
    06/09/2013 19:59:28, Error: Service Control Manager [7034]  - The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
    06/09/2013 19:59:28, Error: Service Control Manager [7031]  - The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
    06/09/2013 19:59:27, Error: Service Control Manager [7034]  - The LMIGuardianSvc service terminated unexpectedly.  It has done this 1 time(s).
    06/09/2013 19:59:27, Error: Service Control Manager [7034]  - The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
    06/09/2013 19:59:27, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
    06/09/2013 19:59:27, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
    04/09/2013 15:34:22, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
    03/09/2013 11:16:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8800628dbc3, 0xfffff88002fdfd28, 0xfffff88002fdf580). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 090313-23290-01.
    .
    ==== End Of File ===========================
     

    Attached Files



    #14 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:05:05 AM

    Posted 10 September 2013 - 02:22 PM

    GUZVCQN.jpgMalwarebytes
     
    Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
    ----------
     
    ESET Online Scanner
     
    Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan, and let me know how things are now.

    ----------


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #15 andromeda9

    andromeda9
    • Topic Starter

    • Members
    • 29 posts
    • OFFLINE
    •  
    • Local time:11:05 AM

    Posted 11 September 2013 - 01:59 AM

    Hi Jeff

     

    1. MalwareBytes scan results

    2. Eset Online Scanner results

     

    Done.

     

     

     

    1. MalwareBytes log

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660
    Run by Judy at 19:59:21 on 2013-09-10
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4061.2478 [GMT 1:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicatorCom.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
    C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
    C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [HP Officejet 7500 E910 (NET)] "C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe" -deviceID "MY148110WJ05JB:NW" -scfn "HP Officejet 7500 E910 (NET)" -AutoStart 1
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    StartupFolder: C:\Users\Judy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\Judy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
    DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://magnetplanner.2020.net/virtualplanner/Core/Player/2020PlayerAX_WEB_Win32.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{AE2105A3-FEBE-48DE-9E23-C5628658D1CC} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    x64-Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
    x64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
    x64-Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\v144d4or.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-9 55280]
    R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-3-2 236688]
    R1 RapportCerberus_53984;RapportCerberus_53984;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys [2013-6-23 588048]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-6-18 229040]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-6-18 357712]
    R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
    R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-26 13336]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-1-25 376144]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-29 16056]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-2-1 72216]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-6-18 1124632]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-7-9 27136]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-9 1692480]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-7-9 138752]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-4 1432400]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
    S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-8-31 92376]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-1 19456]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-7-9 43008]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2010-7-9 24064]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
    S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2010-7-9 43008]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-1 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-17 1255736]
    S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
    .
    =============== Created Last 30 ================
    .
    2013-09-10 11:04:40    --------    d-----w-    C:\RegBackup
    2013-09-10 11:03:50    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
    2013-09-09 12:23:49    --------    d-sh--w-    C:\$RECYCLE.BIN
    2013-09-09 09:30:51    98816    ----a-w-    C:\Windows\sed.exe
    2013-09-09 09:30:51    256000    ----a-w-    C:\Windows\PEV.exe
    2013-09-09 09:30:51    208896    ----a-w-    C:\Windows\MBR.exe
    2013-09-06 19:00:04    177680    ----a-w-    C:\Windows\System32\mfevtps.exe.60d8.deleteme
    2013-09-06 18:59:12    --------    d-----w-    C:\Program Files\stinger
    2013-09-05 10:15:06    --------    d-----w-    C:\Users\Judy\AppData\Local\{28C13163-91C7-457F-BD26-66BB4C5DE8B1}
    2013-09-01 10:42:32    --------    d-----w-    C:\Program Files\ViceVersa Pro
    2013-08-31 22:19:03    92376    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys.dump
    2013-08-31 22:19:03    --------    d-----w-    C:\Windows\snack
    2013-08-31 17:41:47    --------    d-----w-    C:\Windows\ERUNT
    2013-08-31 17:27:15    92376    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
    2013-08-31 12:39:34    --------    d-----w-    C:\Program Files (x86)\ESET
    2013-08-31 12:16:50    --------    d-----w-    C:\AdwCleaner
    2013-08-14 02:01:31    --------    d-----w-    C:\Windows\System32\MRT
    2013-08-14 01:04:49    224256    ----a-w-    C:\Windows\System32\wintrust.dll
    2013-08-14 01:04:49    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
    2013-08-14 01:04:49    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
    2013-08-14 01:04:49    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
    2013-08-14 01:04:47    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
    2013-08-14 01:04:47    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
    2013-08-14 01:04:47    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
    2013-08-14 01:04:47    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
    2013-08-14 01:04:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
    2013-08-14 01:04:10    2048    ----a-w-    C:\Windows\System32\tzres.dll
    .
    ==================== Find3M  ====================
    .
    2013-08-31 22:33:48    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-31 22:33:48    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-08-05 21:52:32    236688    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
    2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
    2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
    2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
    2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
    2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
    2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
    2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
    2013-07-09 06:03:30    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
    2013-07-09 05:53:12    243712    ----a-w-    C:\Windows\System32\wow64.dll
    2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
    2013-07-09 05:03:34    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
    2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
    2013-07-09 02:49:42    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
    2013-07-09 02:49:41    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
    2013-07-09 02:49:39    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38    2048    ----a-w-    C:\Windows\SysWow64\user.exe
    2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
    2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
    .
    ============= FINISH: 20:00:16.66 ===============
     

     

     

     

    2. Eset Online Scanner

     

    C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\9519~1\A535~1\E628~1\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\U\80000000.@.vir    a variant of Win64/Sirefef.AW trojan
    C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\9519~1\A535~1\E628~1\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\U\80000001.@.vir    a variant of Win64/Sirefef.BC trojan
    C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\9519~1\A535~1\E628~1\{032d5b80-d53e-e33f-9585-fdc1003bdb7b}\U\800000cb.@.vir    a variant of Win64/Sirefef.AV trojan

     

     

     

     






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users