Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

noknojon directed me here to get help with malware


  • This topic is locked This topic is locked
25 replies to this topic

#1 charliehorse

charliehorse

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 05 November 2013 - 08:18 PM

so far we've tried:

 

super antispyware paid version

malwarebytes paid version

Rkill

AdwCleaner

Speccy (won't run)

eset

MiniToolbox

TDSSKILLER

 

 

nothing's working to fix the following issues:

 

I cannot return to a former restore point.
 
All my passwords saved in Mozilla have disappeared.
 
I cannot use the 'Back' button in Mozilla.
 
I cannot use my Scanner/Camera Wizard.
 
McAfee is disabled.

 

I cannot change my passwords

 

I cannot set google as my homepage... i can't set anything except the existing firefox page

 

I uninstalled and reinstalled firefox, but that didn't work

 

 

 

 

Thanks, in advance for your help!

 

Bobby



BC AdBot (Login to Remove)

 


#2 charliehorse

charliehorse
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 05 November 2013 - 08:31 PM

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.40.2
Run by Bobby at 18:26:53 on 2013-11-05
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2391 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: IBM Forms Viewer Helper: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - c:\program files\ibm\forms viewer\8.0\PEhelper.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -
TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: <No Name>:  - LocalServer32 - <no file>
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [cdloader] "c:\documents and settings\bobby\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [MtdAcqu] "c:\program files\creative\mediasource5\MtdAcqu.exe" /s
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,RunDLLEntry
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 964\memcard.exe"
mRun: [AllShareAgent] c:\program files\samsung\allshare\AllShareAgent.exe
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\bobby\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Digital Line Detect.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\LaunchU3.exe.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Photo Loader supervisory.lnk.disabled
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194485148031
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1346054863734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 66.112.177.4 8.8.8.8
TCP: Interfaces\{0DF70B61-9B8A-4C63-9531-EA4BA7153006} : DHCPNameServer = 66.112.177.4 8.8.8.8
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bobby\application data\mozilla\firefox\profiles\ae5afxlh.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0&hl=en
FF - plugin: c:\documents and settings\bobby\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\bobby\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\bobby\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmfv.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-08-22 14:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-6-10 66296]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 571608]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-6-10 91736]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 281560]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-1-4 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-10 172416]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-9 60920]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-9 365256]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2013-8-12 85064]
S0 nsrta;nsrta;c:\windows\system32\drivers\fdrxcd.sys --> c:\windows\system32\drivers\fdrxcd.sys [?]
S1 458cbce0;458cbce0;c:\windows\system32\drivers\458cbce0.sys --> c:\windows\system32\drivers\458cbce0.sys [?]
S1 81437124;81437124;c:\windows\system32\drivers\81437124.sys --> c:\windows\system32\drivers\81437124.sys [?]
S1 87a27cae;87a27cae;c:\windows\system32\drivers\87a27cae.sys --> c:\windows\system32\drivers\87a27cae.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-11 701512]
S2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-1-4 145088]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 281560]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 281560]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-1-4 638976]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-26 147912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-11 22856]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\af.tmp --> c:\windows\system32\AF.tmp [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-11-9 235488]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-11-9 65928]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2012-11-2 301248]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2012-11-2 80656]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2013-8-12 85064]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-15 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-15 40552]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2012-1-22 30576]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-8-21 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-8-21 10200]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 756392]
S4 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-4 281560]
.
=============== Created Last 30 ================
.
2013-11-05 07:01:57    7796464    ----a-w-    c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{f17e6534-1778-4e6c-9458-ad45dfa263e8}\mpengine.dll
2013-11-03 19:09:50    --------    d-----w-    c:\documents and settings\bobby\local settings\application data\Macroplant_LLC
2013-11-03 19:09:19    --------    d-----w-    c:\program files\iExplorer
2013-11-01 22:33:49    --------    d-----w-    c:\program files\Speccy
2013-10-31 14:11:28    --------    d-----w-    C:\AdwCleaner
2013-10-28 23:10:26    --------    d-----w-    c:\documents and settings\bobby\local settings\application data\Sun
.
==================== Find3M  ====================
.
2013-10-09 10:25:29    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 10:25:29    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-02 03:58:34    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-02 03:58:32    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-10-02 03:58:31    868264    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-10-02 03:58:31    790440    ----a-w-    c:\windows\system32\deployJava1.dll
2013-09-25 02:53:24    60920    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2013-09-25 02:49:04    172416    ----a-w-    c:\windows\system32\mfevtps.exe
2013-09-25 02:48:34    91736    ----a-w-    c:\windows\system32\drivers\mfetdi2k.sys
2013-09-25 02:45:46    571608    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2013-09-25 02:44:46    85064    ----a-w-    c:\windows\system32\drivers\mfendisk.sys
2013-09-25 02:44:30    365256    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2013-09-25 02:44:00    65928    ----a-w-    c:\windows\system32\drivers\mfebopk.sys
2013-09-25 02:43:30    235488    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2013-09-25 02:42:44    133928    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2013-09-23 19:48:38    147912    ----a-w-    c:\windows\system32\drivers\HipShieldK.sys
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ----a-w-    c:\windows\system32\html.iec
2013-09-20 15:37:40    10152    ----a-w-    c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 15:37:24    80656    ----a-w-    c:\windows\system32\drivers\mfencrk.sys
2013-09-20 15:37:10    301248    ----a-w-    c:\windows\system32\drivers\mfencbdc.sys
2013-09-09 17:11:52    66296    ----a-w-    c:\windows\system32\drivers\McPvDrv.sys
2013-09-03 20:35:12    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55:08    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2010-07-02 23:39:21    322352    ----a-w-    c:\program files\utorrent.exe
2010-06-13 16:34:18    38874608    ----a-w-    c:\program files\GoogleSketchUpWEN.exe
2010-02-05 14:57:24    1924200    ----a-w-    c:\program files\install_flash_player 10 0 42.exe
2010-01-28 06:30:39    1606064    ----a-w-    c:\program files\googletalk-setup.exe
2010-01-23 22:53:26    31603056    ----a-w-    c:\program files\LifeCam3.0.exe
2009-10-14 01:37:26    1296288    ----a-w-    c:\program files\DMSetup.exe
2009-10-02 03:09:13    18527244    ----a-w-    c:\program files\vlc-1.0.2-win32.exe
2009-09-27 20:40:01    2020136    ----a-w-    c:\program files\SkypeSetup.exe
2009-09-27 14:19:17    204496    ----a-w-    c:\program files\StartUpLite.exe
2009-09-25 03:36:59    16918824    ----a-w-    c:\program files\install_icq65.exe
2009-09-22 05:09:09    26739584    ----a-w-    c:\program files\AdbeRdr910_en_US.exe
2009-09-20 17:33:29    514560    ----a-w-    c:\program files\OTL.exe
2009-09-10 22:05:08    1925024    ----a-w-    c:\program files\install_flash_player.exe
2009-08-23 19:57:42    5955448    ----a-w-    c:\program files\saSetup64.exe
2009-08-15 20:52:14    11968896    ----a-w-    c:\program files\mpas-fe.exe
2009-05-20 05:25:55    11876776    ----a-w-    c:\program files\mpas-fe2.exe
2009-04-16 14:05:26    5289984    ----a-w-    c:\program files\msxml4.msi
2009-04-16 14:04:40    1070592    ----a-w-    c:\program files\msxml3.msi
2009-04-16 00:40:42    2262632    ----a-w-    c:\program files\mat_1.0.25.3.exe
2009-04-16 00:12:45    306864    ----a-w-    c:\program files\mvtapp.exe
2009-03-16 06:27:47    812344    ----a-w-    c:\program files\HJTInstall.exe
2009-03-16 05:30:18    16409960    ----a-w-    c:\program files\setup-spybotsd162.exe
2009-01-14 08:40:22    3782822    ----a-w-    c:\program files\ConvertHelperSetup.exe
2008-12-25 20:19:57    15083520    ----a-w-    c:\program files\spybotsd160.exe
2008-12-25 20:15:36    2539400    ----a-w-    c:\program files\mbam-setup.exe
2008-12-25 18:59:37    983696    ----a-w-    c:\program files\GoToAssist.exe
2008-11-16 16:22:07    359656    ----a-w-    c:\program files\msicuu2.exe
2008-10-23 02:10:46    14566424    ----a-w-    c:\program files\vlc-0.9.4-win32.exe
2008-07-27 01:55:27    16527960    ----a-w-    c:\program files\XDivXInstaller.exe
2008-06-14 13:37:22    5154304    ----a-w-    c:\program files\WindowsDefender.msi
2008-06-14 13:36:02    1478696    ----a-w-    c:\program files\GenuineCheck.exe
.
============= FINISH: 18:28:25.82 ===============
 



#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 07 November 2013 - 06:04 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Scan with aswMBR

    Please download aswMBR ( 4.5MB ) to your desktop.
    • Double click the aswMBR.exe icon, and click Run.
    • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
    • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
    • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
    • Click the Scan button to start the scan once the update has finished downloading
    • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
    Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).



    Scan with TDSS-Killer

    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
    • Execute TDSSKiller.exe by doubleclicking on it.
    • Press Start Scan
    • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
    • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
    Please post the contents of that log in your next reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 charliehorse

charliehorse
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 08 November 2013 - 12:12 AM

Marius , here is my aswMBR log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-07 17:21:00
-----------------------------
17:21:00.375    OS Version: Windows 5.1.2600 Service Pack 3
17:21:00.375    Number of processors: 2 586 0xF06
17:21:00.375    ComputerName: DGQ98YB1  UserName: Bobby
17:21:01.843    Initialize success
17:32:00.656    AVAST engine defs: 13110601
17:32:38.359    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
17:32:38.375    Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 3
17:32:38.546    Disk 0 MBR read successfully
17:32:38.562    Disk 0 MBR scan
17:32:38.593    Disk 0 unknown MBR code
17:32:38.609    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       54 MB offset 63
17:32:38.640    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       234401 MB offset 112455
17:32:38.671    Disk 0 Partition 3 00     DB  CP/M / CTOS Dell 8.0     3953 MB offset 480166785
17:32:38.703    Disk 0 scanning sectors +488263545
17:32:38.953    Disk 0 scanning C:\WINDOWS\system32\drivers
17:32:53.375    Service scanning
17:33:25.453    Modules scanning
17:33:32.250    Disk 0 trace - called modules:
17:33:32.546    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
17:33:32.828    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adff7f0]
17:33:33.109    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8a87c030]
17:33:33.828    AVAST engine scan C:\
21:34:21.437    Scan finished successfully
22:17:51.234    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bobby\Desktop\bleeping reports\MBR.dat"
22:17:51.250    The log file has been saved successfully to "C:\Documents and Settings\Bobby\Desktop\bleeping reports\aswMBR.txt"

 



#5 charliehorse

charliehorse
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 08 November 2013 - 12:25 AM

Marius, here's the TDSSkiller log:

 

22:29:03.0812 0x0b4c TDSS rootkit removing tool 3.0.0.16 Nov 1 2013 15:53:38

22:29:08.0734 0x0b4c ============================================================

22:29:08.0734 0x0b4c Current date / time: 2013/11/07 22:29:08.0734

22:29:08.0734 0x0b4c SystemInfo:

22:29:08.0734 0x0b4c

22:29:08.0750 0x0b4c OS Version: 5.1.2600 ServicePack: 3.0

22:29:08.0750 0x0b4c Product type: Workstation

22:29:08.0750 0x0b4c ComputerName: DGQ98YB1

22:29:08.0750 0x0b4c UserName: Bobby

22:29:08.0750 0x0b4c Windows directory: C:\WINDOWS

22:29:08.0750 0x0b4c System windows directory: C:\WINDOWS

22:29:08.0750 0x0b4c Processor architecture: Intel x86

22:29:08.0750 0x0b4c Number of processors: 2

22:29:08.0750 0x0b4c Page size: 0x1000

22:29:08.0750 0x0b4c Boot type: Safe boot with network

22:29:08.0750 0x0b4c ============================================================

22:29:10.0515 0x0b4c System UUID: {57A81AF9-275C-71D1-9DCE-59506A2FA46E}

22:29:11.0109 0x0b4c Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:29:11.0171 0x0b4c ============================================================

22:29:11.0171 0x0b4c \Device\Harddisk0\DR0:

22:29:11.0171 0x0b4c MBR partitions:

22:29:11.0171 0x0b4c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1C9D0C3A

22:29:11.0171 0x0b4c ============================================================

22:29:11.0234 0x0b4c C: <-> \Device\Harddisk0\DR0\Partition1

22:29:11.0234 0x0b4c ============================================================

22:29:11.0234 0x0b4c Initialize success

22:29:11.0234 0x0b4c ============================================================

22:29:15.0531 0x0cc8 ============================================================

22:29:15.0531 0x0cc8 Scan started

22:29:15.0531 0x0cc8 Mode: Manual;

22:29:15.0531 0x0cc8 ============================================================

22:29:15.0531 0x0cc8 KSN ping started

22:29:18.0406 0x0cc8 KSN ping finished: true

22:29:19.0750 0x0cc8 ================ Scan system memory ========================

22:29:19.0750 0x0cc8 System memory - ok

22:29:19.0750 0x0cc8 ================ Scan services =============================

22:29:19.0890 0x0cc8 [ 01E81C84AD1D0ACC61CF3CFD06632210, 1140756BA2F28CA8DFCFF8FD223654E6A78BA1B770A169CC557ECE0E01381B17 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

22:29:19.0890 0x0cc8 !SASCORE - ok

22:29:20.0234 0x0cc8 458cbce0 - ok

22:29:20.0250 0x0cc8 81437124 - ok

22:29:20.0265 0x0cc8 87a27cae - ok

22:29:20.0281 0x0cc8 Abiosdsk - ok

22:29:20.0359 0x0cc8 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

22:29:20.0359 0x0cc8 abp480n5 - ok

22:29:20.0421 0x0cc8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:29:20.0421 0x0cc8 ACPI - ok

22:29:20.0484 0x0cc8 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

22:29:20.0484 0x0cc8 ACPIEC - ok

22:29:20.0546 0x0cc8 [ C1EB9968EC89FBA5F3A264E2E57923AB, DEB0FC346C84FBF1192CC21D177BD1A8D86D552D5056BF95AE86B93C94124049 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

22:29:20.0546 0x0cc8 Adobe LM Service - ok

22:29:20.0671 0x0cc8 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

22:29:20.0687 0x0cc8 AdobeFlashPlayerUpdateSvc - ok

22:29:20.0750 0x0cc8 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys

22:29:20.0750 0x0cc8 adpu160m - ok

22:29:20.0781 0x0cc8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys

22:29:20.0781 0x0cc8 aec - ok

22:29:20.0859 0x0cc8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys

22:29:20.0859 0x0cc8 AFD - ok

22:29:20.0906 0x0cc8 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

22:29:20.0906 0x0cc8 agp440 - ok

22:29:20.0937 0x0cc8 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

22:29:20.0937 0x0cc8 agpCPQ - ok

22:29:20.0984 0x0cc8 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys

22:29:20.0984 0x0cc8 Aha154x - ok

22:29:21.0046 0x0cc8 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys

22:29:21.0046 0x0cc8 aic78u2 - ok

22:29:21.0062 0x0cc8 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys

22:29:21.0062 0x0cc8 aic78xx - ok

22:29:21.0109 0x0cc8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

22:29:21.0109 0x0cc8 Alerter - ok

22:29:21.0140 0x0cc8 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe

22:29:21.0156 0x0cc8 ALG - ok

22:29:21.0171 0x0cc8 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

22:29:21.0171 0x0cc8 AliIde - ok

22:29:21.0218 0x0cc8 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys

22:29:21.0218 0x0cc8 alim1541 - ok

22:29:21.0234 0x0cc8 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys

22:29:21.0234 0x0cc8 amdagp - ok

22:29:21.0265 0x0cc8 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys

22:29:21.0265 0x0cc8 amsint - ok

22:29:21.0375 0x0cc8 [ 3DEBBECF665DCDDE3A95D9B902010817, F56F4A7A36FAF5FC2306E108A24E75E13EE1F2D1002D9CB71E3327A55F8694CE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:29:21.0375 0x0cc8 Apple Mobile Device - ok

22:29:21.0453 0x0cc8 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

22:29:21.0453 0x0cc8 AppMgmt - ok

22:29:21.0500 0x0cc8 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys

22:29:21.0500 0x0cc8 asc - ok

22:29:21.0562 0x0cc8 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys

22:29:21.0562 0x0cc8 asc3350p - ok

22:29:21.0593 0x0cc8 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys

22:29:21.0593 0x0cc8 asc3550 - ok

22:29:21.0765 0x0cc8 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

22:29:21.0765 0x0cc8 aspnet_state - ok

22:29:21.0812 0x0cc8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:29:21.0812 0x0cc8 AsyncMac - ok

22:29:21.0859 0x0cc8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

22:29:21.0859 0x0cc8 atapi - ok

22:29:21.0859 0x0cc8 Atdisk - ok

22:29:21.0906 0x0cc8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:29:21.0906 0x0cc8 Atmarpc - ok

22:29:21.0968 0x0cc8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

22:29:21.0968 0x0cc8 AudioSrv - ok

22:29:22.0015 0x0cc8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

22:29:22.0015 0x0cc8 audstub - ok

22:29:22.0046 0x0cc8 Beep - ok

22:29:22.0125 0x0cc8 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll

22:29:22.0140 0x0cc8 BITS - ok

22:29:22.0234 0x0cc8 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

22:29:22.0234 0x0cc8 Bonjour Service - ok

22:29:22.0296 0x0cc8 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll

22:29:22.0296 0x0cc8 Browser - ok

22:29:22.0312 0x0cc8 bvrp_pci - ok

22:29:22.0515 0x0cc8 catchme - ok

22:29:22.0578 0x0cc8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

22:29:22.0578 0x0cc8 cbidf - ok

22:29:22.0593 0x0cc8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

22:29:22.0593 0x0cc8 cbidf2k - ok

22:29:22.0656 0x0cc8 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

22:29:22.0656 0x0cc8 CCDECODE - ok

22:29:22.0703 0x0cc8 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

22:29:22.0703 0x0cc8 cd20xrnt - ok

22:29:22.0765 0x0cc8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

22:29:22.0765 0x0cc8 Cdaudio - ok

22:29:22.0828 0x0cc8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

22:29:22.0828 0x0cc8 Cdfs - ok

22:29:22.0843 0x0cc8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:29:22.0843 0x0cc8 Cdrom - ok

22:29:22.0890 0x0cc8 [ 5AFB043BE4B2E7E1376FC50D5153454A, 2C947C6E9459D4F6509B62005CE414C055D4199EA25687C3A7F7B60C7396ABB4 ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys

22:29:22.0906 0x0cc8 cfwids - ok

22:29:22.0906 0x0cc8 Changer - ok

22:29:22.0984 0x0cc8 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe

22:29:22.0984 0x0cc8 CiSvc - ok

22:29:23.0000 0x0cc8 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

22:29:23.0000 0x0cc8 ClipSrv - ok

22:29:23.0093 0x0cc8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:29:23.0093 0x0cc8 clr_optimization_v2.0.50727_32 - ok

22:29:23.0156 0x0cc8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:29:23.0156 0x0cc8 clr_optimization_v4.0.30319_32 - ok

22:29:23.0218 0x0cc8 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys

22:29:23.0218 0x0cc8 CmdIde - ok

22:29:23.0234 0x0cc8 COMSysApp - ok

22:29:23.0312 0x0cc8 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys

22:29:23.0312 0x0cc8 Cpqarray - ok

22:29:23.0375 0x0cc8 [ 7DB5E3F44D797BD38B8E336CCC2E49D5, C04F2EA8147FAA1646B15886D911D6656DA961F0F9C3515C62BDF8E63666F794 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

22:29:23.0375 0x0cc8 Creative Labs Licensing Service - ok

22:29:23.0437 0x0cc8 [ 3C8B6609712F4FF78E521F6DCFC4032B, DFCFD5F2D35DDA25DD91B4D732BDF84D1526AB11084E22523D51ABB2A8608402 ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe

22:29:23.0437 0x0cc8 Creative Service for CDROM Access - ok

22:29:23.0484 0x0cc8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

22:29:23.0484 0x0cc8 CryptSvc - ok

22:29:23.0546 0x0cc8 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76, 02154E064651269EEF51BA6D68285A05E1552D3FFDCA97ED810EAEB26EAF4573 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

22:29:23.0562 0x0cc8 ctsfm2k - ok

22:29:23.0609 0x0cc8 [ 4EE8822ADB764EDD28CE44E808097995, 0BCAFE9DD6B8ED9600C3C8D35AF01524B31B3061E8BE4513854CED2CED006A41 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys

22:29:23.0625 0x0cc8 CTUSFSYN - ok

22:29:23.0687 0x0cc8 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

22:29:23.0703 0x0cc8 dac2w2k - ok

22:29:23.0843 0x0cc8 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys

22:29:23.0843 0x0cc8 dac960nt - ok

22:29:23.0906 0x0cc8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

22:29:23.0921 0x0cc8 DcomLaunch - ok

22:29:23.0984 0x0cc8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

22:29:23.0984 0x0cc8 Dhcp - ok

22:29:24.0000 0x0cc8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

22:29:24.0000 0x0cc8 Disk - ok

22:29:24.0109 0x0cc8 [ E2D0DE31442390C35E3163C87CB6A9EB, 399B4678C18DB92AC186128CE8AC2784FFCD76FDE9DBD4615D47586E3493914E ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS

22:29:24.0109 0x0cc8 DLABOIOM - ok

22:29:24.0125 0x0cc8 [ D979BEBCF7EDCC9C9EE1857D1A68C67B, 936450704E4F2ADA6FB87F827C042FEC67F67C83D361F858F5F41AA6E8B7256D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

22:29:24.0125 0x0cc8 DLACDBHM - ok

22:29:24.0156 0x0cc8 [ 83545593E297F50A8E2524B4C071A153, 25B18FEF62395ABB1EB4C17D81D9EB31759F6C5DBAA5CDB192949055D69E3071 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS

22:29:24.0156 0x0cc8 DLADResN - ok

22:29:24.0171 0x0cc8 [ 96E01D901CDC98C7817155CC057001BF, 77F78754230D9235255F6F4907ACB03D9750E12B9D92B8250DD1DFF605DD2E5B ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

22:29:24.0187 0x0cc8 DLAIFS_M - ok

22:29:24.0203 0x0cc8 [ 0A60A39CC5E767980A31CA5D7238DFA9, 09826251C384F2E62ABFAA2097007D75B51DB29EAEF13D46174FBE5A3FE3E433 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

22:29:24.0203 0x0cc8 DLAOPIOM - ok

22:29:24.0265 0x0cc8 [ 9FE2B72558FC808357F427FD83314375, 37CCBC46ADCFD3B165A383589786C715006767EEFC8D6559C621745B72F9E59F ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS

22:29:24.0265 0x0cc8 DLAPoolM - ok

22:29:24.0281 0x0cc8 [ 7EE0852AE8907689DF25049DCD2342E8, A5F08D78200F5CB02539C87EA574EB34F0C330C290D7BE5D21ED42B0E04E5CF4 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

22:29:24.0281 0x0cc8 DLARTL_N - ok

22:29:24.0343 0x0cc8 [ F08E1DAFAC457893399E03430A6A1397, 0784ACE7CA81313A5A8E7B7CCCAFF21E607251FEF604574FDCC81A3AFC6FD127 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

22:29:24.0343 0x0cc8 DLAUDFAM - ok

22:29:24.0375 0x0cc8 [ E7D105ED1E694449D444A9933DF8E060, DA66408DF44AB7099BEEED82C21A93F65A04C6FCDBA1D2F5791852EF9FE74D0D ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

22:29:24.0375 0x0cc8 DLAUDF_M - ok

22:29:24.0390 0x0cc8 dlcj_device - ok

22:29:24.0406 0x0cc8 dmadmin - ok

22:29:24.0468 0x0cc8 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

22:29:24.0515 0x0cc8 dmboot - ok

22:29:24.0593 0x0cc8 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys

22:29:24.0593 0x0cc8 dmio - ok

22:29:24.0890 0x0cc8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys

22:29:24.0890 0x0cc8 dmload - ok

22:29:24.0937 0x0cc8 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll

22:29:24.0937 0x0cc8 dmserver - ok

22:29:24.0953 0x0cc8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

22:29:24.0953 0x0cc8 DMusic - ok

22:29:25.0000 0x0cc8 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

22:29:25.0015 0x0cc8 Dnscache - ok

22:29:25.0046 0x0cc8 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

22:29:25.0062 0x0cc8 Dot3svc - ok

22:29:25.0109 0x0cc8 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys

22:29:25.0109 0x0cc8 dpti2o - ok

22:29:25.0125 0x0cc8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

22:29:25.0125 0x0cc8 drmkaud - ok

22:29:25.0140 0x0cc8 [ FD0F95981FEF9073659D8EC58E40AA3C, 9EF2D538A90276DFF72BCE0E9A3AF50E607F2FD17B9EE46506156FBF3FC9E970 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

22:29:25.0140 0x0cc8 DRVMCDB - ok

22:29:25.0140 0x0cc8 [ B4869D320428CDC5EC4D7F5E808E99B5, A84D1D65E84C0B17CE48188AD95DF52E1FEF785E6C6415E028CB5F7F4F31C466 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

22:29:25.0140 0x0cc8 DRVNDDM - ok

22:29:25.0234 0x0cc8 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9, 047FDB1D039C28F194222C5168D78C1BFFAE3873CE2991DF4B1097D294C04ED9 ] DSproct C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

22:29:25.0234 0x0cc8 DSproct - ok

22:29:25.0234 0x0cc8 dwshd - ok

22:29:25.0281 0x0cc8 [ 3FCA03CBCA11269F973B70FA483C88EF, 0995989B9EBE5CE1C5489139849FB2AD69DE9749650BBC262AD754E5CE457C59 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

22:29:25.0281 0x0cc8 E100B - ok

22:29:25.0328 0x0cc8 [ 6F7CCD3C02B26D530900F06D98171A69, B733E924DA68FEA0E755CD1491C6C693CDFFAECE160046A74C9EF0A09822775F ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys

22:29:25.0343 0x0cc8 e1express - ok

22:29:25.0390 0x0cc8 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll

22:29:25.0390 0x0cc8 EapHost - ok

22:29:25.0468 0x0cc8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll

22:29:25.0468 0x0cc8 ERSvc - ok

22:29:25.0531 0x0cc8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe

22:29:25.0531 0x0cc8 Eventlog - ok

22:29:25.0578 0x0cc8 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\Es.dll

22:29:25.0593 0x0cc8 EventSystem - ok

22:29:25.0640 0x0cc8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

22:29:25.0656 0x0cc8 Fastfat - ok

22:29:25.0703 0x0cc8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

22:29:25.0703 0x0cc8 FastUserSwitchingCompatibility - ok

22:29:25.0718 0x0cc8 [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax C:\WINDOWS\system32\fxssvc.exe

22:29:25.0734 0x0cc8 Fax - ok

22:29:25.0781 0x0cc8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

22:29:25.0781 0x0cc8 Fdc - ok

22:29:25.0796 0x0cc8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys

22:29:25.0796 0x0cc8 Fips - ok

22:29:25.0796 0x0cc8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

22:29:25.0796 0x0cc8 Flpydisk - ok

22:29:25.0828 0x0cc8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

22:29:25.0828 0x0cc8 FltMgr - ok

22:29:25.0953 0x0cc8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

22:29:25.0953 0x0cc8 FontCache3.0.0.0 - ok

22:29:25.0968 0x0cc8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:29:25.0984 0x0cc8 Fs_Rec - ok

22:29:26.0000 0x0cc8 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:29:26.0000 0x0cc8 Ftdisk - ok

22:29:26.0031 0x0cc8 [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

22:29:26.0031 0x0cc8 GEARAspiWDM - ok

22:29:26.0125 0x0cc8 [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

22:29:26.0125 0x0cc8 GoToAssist - ok

22:29:26.0156 0x0cc8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:29:26.0171 0x0cc8 Gpc - ok

22:29:26.0218 0x0cc8 [ 6003BC70F1A8307262BD3C941BDA0B7E, E820EB4B7099687831A67D37F6004A58968D3B89BF7F964848191455E4DA3AF0 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys

22:29:26.0218 0x0cc8 grmnusb - ok

22:29:26.0234 0x0cc8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

22:29:26.0234 0x0cc8 HDAudBus - ok

22:29:26.0312 0x0cc8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

22:29:26.0312 0x0cc8 helpsvc - ok

22:29:26.0359 0x0cc8 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll

22:29:26.0359 0x0cc8 HidServ - ok

22:29:26.0390 0x0cc8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:29:26.0390 0x0cc8 HidUsb - ok

22:29:26.0453 0x0cc8 [ 156765F692192EA9039A6C4A809312FD, 73400BC5E5C92A2E7834CB8EB33B3D78BF73C875C98B1AD91B0112FBB8DB19E3 ] HipShieldK C:\WINDOWS\system32\drivers\HipShieldK.sys

22:29:26.0453 0x0cc8 HipShieldK - ok

22:29:26.0500 0x0cc8 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

22:29:26.0500 0x0cc8 hkmsvc - ok

22:29:26.0656 0x0cc8 [ 5007E21208DA68F60EBF43352BDFE6D0, 698B6AB8260E05D6A2D168939E8D7F9F1CC1C78FDEC4F6B9D1A7289FD83C841B ] HomeNetSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

22:29:26.0671 0x0cc8 HomeNetSvc - ok

22:29:26.0718 0x0cc8 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys

22:29:26.0718 0x0cc8 hpn - ok

22:29:26.0765 0x0cc8 [ 30CA91E657CEDE2F95359D6EF186F650, 6BBAFBE50E7819695A79586A086A9952B737E174BA2C63C1F180D97EC4AABA4B ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

22:29:26.0765 0x0cc8 HPZid412 - ok

22:29:26.0796 0x0cc8 [ EFD31AFA752AA7C7BBB57BCBE2B01C78, AC671CEE9F8DD9FE6C51069212AEB1736BB914361D4185D1E87068D244BF2B7A ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

22:29:26.0812 0x0cc8 HPZipr12 - ok

22:29:26.0843 0x0cc8 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

22:29:26.0843 0x0cc8 HPZius12 - ok

22:29:26.0890 0x0cc8 [ 77E4FF0B73BC0AEAAF39BF0C8104231F, A5D35FCD9E52003D990EB97DF1634DE9B516647C8DAAD3152550CD875DBBDA82 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

22:29:26.0890 0x0cc8 HSFHWBS2 - ok

22:29:26.0953 0x0cc8 [ 60E1604729A15EF4A3B05F298427B3B1, 139DE473F645A300DD436B4AA8359A23FCE3BB9688B6B597E89F8ADBC36A71B9 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

22:29:27.0046 0x0cc8 HSF_DP - ok

22:29:27.0093 0x0cc8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

22:29:27.0093 0x0cc8 HTTP - ok

22:29:27.0125 0x0cc8 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

22:29:27.0140 0x0cc8 HTTPFilter - ok

22:29:27.0156 0x0cc8 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys

22:29:27.0156 0x0cc8 i2omgmt - ok

22:29:27.0203 0x0cc8 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys

22:29:27.0203 0x0cc8 i2omp - ok

22:29:27.0203 0x0cc8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:29:27.0218 0x0cc8 i8042prt - ok

22:29:27.0312 0x0cc8 [ B122BE74E283A2BC7FEBC180BFD2EFD5, 3FB9AE63AB2ECAC62C03FF19BE60E39C8C2985868FBA393039795A660A05DED3 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

22:29:27.0312 0x0cc8 IAANTMON - ok

22:29:27.0328 0x0cc8 [ 019CF5F31C67030841233C545A0E217A, 594D97054E3A8034D8BC3AE3B9CD8A00D95BB68F8CDA84E96D8EE08D5F24E101 ] iastor C:\WINDOWS\system32\drivers\iastor.sys

22:29:27.0343 0x0cc8 iastor - ok

22:29:27.0484 0x0cc8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:29:27.0562 0x0cc8 idsvc - ok

22:29:27.0578 0x0cc8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

22:29:27.0578 0x0cc8 Imapi - ok

22:29:27.0640 0x0cc8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe

22:29:27.0640 0x0cc8 ImapiService - ok

22:29:27.0687 0x0cc8 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys

22:29:27.0703 0x0cc8 ini910u - ok

22:29:27.0703 0x0cc8 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

22:29:27.0703 0x0cc8 IntelIde - ok

22:29:27.0750 0x0cc8 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:29:27.0750 0x0cc8 intelppm - ok

22:29:27.0812 0x0cc8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

22:29:27.0812 0x0cc8 Ip6Fw - ok

22:29:27.0859 0x0cc8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:29:27.0859 0x0cc8 IpFilterDriver - ok

22:29:27.0875 0x0cc8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:29:27.0875 0x0cc8 IpInIp - ok

22:29:27.0890 0x0cc8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:29:27.0890 0x0cc8 IpNat - ok

22:29:28.0000 0x0cc8 [ 49918803B661367023BF325CF602AFDC, 2821451FD31EAFCB5D3081998756F7274B4C2594E9A378EEE5C1D5D92C1FC58C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

22:29:28.0046 0x0cc8 iPod Service - ok

22:29:28.0078 0x0cc8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:29:28.0078 0x0cc8 IPSec - ok

22:29:28.0093 0x0cc8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

22:29:28.0093 0x0cc8 IRENUM - ok

22:29:28.0125 0x0cc8 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:29:28.0125 0x0cc8 isapnp - ok

22:29:28.0281 0x0cc8 [ A5937B2A94424CF1B13A4AD503AF6B2E, E96CE4E526E053FB410987BD444627BC7B26FCE48DC0A61916ADD0A69EFA6941 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

22:29:28.0281 0x0cc8 JavaQuickStarterService - ok

22:29:28.0296 0x0cc8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:29:28.0296 0x0cc8 Kbdclass - ok

22:29:28.0296 0x0cc8 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

22:29:28.0296 0x0cc8 kbdhid - ok

22:29:28.0328 0x0cc8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

22:29:28.0328 0x0cc8 kmixer - ok

22:29:28.0390 0x0cc8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

22:29:28.0390 0x0cc8 KSecDD - ok

22:29:28.0437 0x0cc8 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

22:29:28.0437 0x0cc8 lanmanserver - ok

22:29:28.0500 0x0cc8 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

22:29:28.0500 0x0cc8 lanmanworkstation - ok

22:29:28.0500 0x0cc8 lbrtfdc - ok

22:29:28.0609 0x0cc8 [ 31D8B705DCD5F2366186E731F87C7A71, D73DC732EF74C3C0EADD650B65BC6EEB44EA2C4E86BFD5BE989971A34FBA160A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

22:29:28.0609 0x0cc8 LightScribeService - ok

22:29:28.0640 0x0cc8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

22:29:28.0640 0x0cc8 LmHosts - ok

22:29:28.0703 0x0cc8 [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

22:29:28.0703 0x0cc8 MBAMProtector - ok

22:29:28.0812 0x0cc8 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

22:29:28.0812 0x0cc8 MBAMScheduler - ok

22:29:28.0890 0x0cc8 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

22:29:28.0937 0x0cc8 MBAMService - ok

22:29:28.0968 0x0cc8 [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys

22:29:28.0968 0x0cc8 MBAMSwissArmy - ok

22:29:29.0078 0x0cc8 [ C59D9F880BEA416BAB4C57AD04242A71, 4B4E41C81DFEACA319DDBE4857C1C7AF03934E902005F601646CFB7A2865A9A6 ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe

22:29:29.0078 0x0cc8 McAPExe - ok

22:29:29.0093 0x0cc8 [ 5007E21208DA68F60EBF43352BDFE6D0, 698B6AB8260E05D6A2D168939E8D7F9F1CC1C78FDEC4F6B9D1A7289FD83C841B ] McMPFSvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

22:29:29.0093 0x0cc8 McMPFSvc - ok

22:29:29.0109 0x0cc8 [ 5007E21208DA68F60EBF43352BDFE6D0, 698B6AB8260E05D6A2D168939E8D7F9F1CC1C78FDEC4F6B9D1A7289FD83C841B ] McNaiAnn C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

22:29:29.0109 0x0cc8 McNaiAnn - ok

22:29:29.0234 0x0cc8 [ 3A01047FFF666D33EBDE3513D20DA1F5, 360A1D6C2CBDF9C25E72B872ACE36E69D43218E532248A08753490ED6C266CBE ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

22:29:29.0250 0x0cc8 McODS - ok

22:29:29.0296 0x0cc8 [ 5007E21208DA68F60EBF43352BDFE6D0, 698B6AB8260E05D6A2D168939E8D7F9F1CC1C78FDEC4F6B9D1A7289FD83C841B ] mcpltsvc C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

22:29:29.0296 0x0cc8 mcpltsvc - ok

22:29:29.0312 0x0cc8 [ 5007E21208DA68F60EBF43352BDFE6D0, 698B6AB8260E05D6A2D168939E8D7F9F1CC1C78FDEC4F6B9D1A7289FD83C841B ] McProxy C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

22:29:29.0312 0x0cc8 McProxy - ok

22:29:29.0359 0x0cc8 [ 263418671C2F112C72524B6B236E7518, B72AFC0D87F8F369254552F06186E66E67361D0A98ACE2BDCF2048E04F552193 ] McPvDrv C:\WINDOWS\system32\drivers\McPvDrv.sys

22:29:29.0359 0x0cc8 McPvDrv - ok

22:29:29.0406 0x0cc8 [ EEAEA6514BA7C9D273B5E87C4E1AAB30, 3B724C6A8867B1B7A45D832150E0CFAC1004D3B972A2A7BFDD2ADDDB2488BB1E ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

22:29:29.0406 0x0cc8 mdmxsdk - ok

22:29:29.0406 0x0cc8 MEMSWEEP2 - ok

22:29:29.0453 0x0cc8 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll

22:29:29.0453 0x0cc8 Messenger - ok

22:29:29.0484 0x0cc8 [ FA91872F88B8FA50C79F2DE733BBDE3A, E27DA7F7B14F48004B954E666B689E75DBB1635B1B519947EF3F9A88BADC0EF3 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys

22:29:29.0500 0x0cc8 mfeapfk - ok

22:29:29.0546 0x0cc8 [ 0C3A5639B14CF4BF2F4DFD7560AB6303, 4BFCEFDEB2034752B47210768BF8D24CF7E7565E19F7ED5546E33D91161AB4A5 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys

22:29:29.0546 0x0cc8 mfeavfk - ok

22:29:29.0578 0x0cc8 [ 136E4A096FF4DC3DBEB3266C21A0EEE2, DF47E9D97F8B959CA0FA9B9DD48397B70489A8376A04A2EF890B4533505F8A22 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys

22:29:29.0578 0x0cc8 mfebopk - ok

22:29:29.0671 0x0cc8 [ 1F0F4B564BFFD1E5C319F39DC3EEA17F, EF28D130E1BA96B9733A3AAEE6233CE7911DA12E7B12DCDCBCBDE86E5F2C0240 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

22:29:29.0687 0x0cc8 mfecore - ok

22:29:29.0796 0x0cc8 [ 4C363DA2098C3A88797F21AFE80E6DB8, 34357398DD4093EC38DE0EB39F7FF93E891EEC3AB659A05F965F4DD6A8DAC889 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

22:29:29.0796 0x0cc8 mfefire - ok

22:29:29.0859 0x0cc8 [ CBDACF701FE37DF562B44517A4F78825, 2C999FA65B88918C8220ABAB02FFD7EE6B91469E2490B3EB1C4E2C0F1C8E53EE ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys

22:29:29.0875 0x0cc8 mfefirek - ok

22:29:29.0953 0x0cc8 [ 3347D767382EB43EA3A1003EBABD9E94, EF0272151C5CF30C33FE958923045E6969F003E2696DEE81BBAD99E7E1B21DED ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys

22:29:30.0015 0x0cc8 mfehidk - ok

22:29:30.0046 0x0cc8 [ CDDF227A0D048CB0EEA75E868D308687, 64D8E15914576314F9A2554343F98513D062F49EF8E1F5DE80310AB35BD27EAC ] mfencbdc C:\WINDOWS\system32\DRIVERS\mfencbdc.sys

22:29:30.0062 0x0cc8 mfencbdc - ok

22:29:30.0140 0x0cc8 [ 4A4B3FCC03A3A924F51F26043D363A80, 78D561DB742C5E75288E4562227C03D0C80902FF5175197BD3F47A99685B3544 ] mfencrk C:\WINDOWS\system32\DRIVERS\mfencrk.sys

22:29:30.0140 0x0cc8 mfencrk - ok

22:29:30.0156 0x0cc8 [ 0FAE0500A631FC8308D732405192AFCD, 91E2DAFC423EFA47C78A28307EA8A95007C423D5FE52A7069156541A5EAAEB34 ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys

22:29:30.0156 0x0cc8 mfendisk - ok

22:29:30.0171 0x0cc8 [ 0FAE0500A631FC8308D732405192AFCD, 91E2DAFC423EFA47C78A28307EA8A95007C423D5FE52A7069156541A5EAAEB34 ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys

22:29:30.0171 0x0cc8 mfendiskmp - ok

22:29:30.0203 0x0cc8 [ 41FE2F288E05A6C8AB85DD56770FFBAD, 75AB2C2882DEDB85DFCB313C0F469723AD252CA8D0D4C73D5CA72D7DDCA1B0E7 ] mferkdk C:\WINDOWS\system32\drivers\mferkdk.sys

22:29:30.0203 0x0cc8 mferkdk - ok

22:29:30.0250 0x0cc8 [ 096B52EA918AA909BA5903D79E129005, A34B7E5DA4053B0C9A01EEAA1538B2950287DD56BC602D2E35365ABA6E7AA4DC ] mfesmfk C:\WINDOWS\system32\drivers\mfesmfk.sys

22:29:30.0250 0x0cc8 mfesmfk - ok

22:29:30.0265 0x0cc8 [ DC4AB8B971297A9C8C692E58E0DABF57, FFCA520EA20716850FD389AE02654D81E110C47A7BE249C0D2584352AB383F61 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys

22:29:30.0265 0x0cc8 mfetdi2k - ok

22:29:30.0312 0x0cc8 [ 9B4C6E57156EACBDB8B4977D1948149F, 759FC8AA5F175799DCECCF3C0B84EC25DC19CC791EB695B270B6F990F32C8EC5 ] mfevtp C:\WINDOWS\system32\mfevtps.exe

22:29:30.0328 0x0cc8 mfevtp - ok

22:29:30.0375 0x0cc8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

22:29:30.0375 0x0cc8 mnmdd - ok

22:29:30.0421 0x0cc8 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

22:29:30.0421 0x0cc8 mnmsrvc - ok

22:29:30.0484 0x0cc8 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys

22:29:30.0484 0x0cc8 Modem - ok

22:29:30.0515 0x0cc8 [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

22:29:30.0515 0x0cc8 MODEMCSA - ok

22:29:30.0609 0x0cc8 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys

22:29:30.0687 0x0cc8 monfilt - ok

22:29:30.0734 0x0cc8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:29:30.0734 0x0cc8 Mouclass - ok

22:29:30.0765 0x0cc8 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:29:30.0765 0x0cc8 mouhid - ok

22:29:30.0796 0x0cc8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

22:29:30.0796 0x0cc8 MountMgr - ok

22:29:30.0859 0x0cc8 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys

22:29:30.0859 0x0cc8 mraid35x - ok

22:29:30.0890 0x0cc8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:29:30.0890 0x0cc8 MRxDAV - ok

22:29:30.0968 0x0cc8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:29:30.0984 0x0cc8 MRxSmb - ok

22:29:31.0093 0x0cc8 [ B03E3F64B70F8031E65EB26DA23DE91A, 73184B4A75C1EA5D10B9D78A9E705432551DE15231F10C5A31021896D0938D80 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe

22:29:31.0093 0x0cc8 MSCamSvc - ok

22:29:31.0140 0x0cc8 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe

22:29:31.0140 0x0cc8 MSDTC - ok

22:29:31.0156 0x0cc8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

22:29:31.0156 0x0cc8 Msfs - ok

22:29:31.0218 0x0cc8 [ 7A0F9CBDBDB135113B9A3C138E20C85D, 2AEC135A2108ED1708368ADD496FD373862C00532CB495A9A68D6C54A82975EE ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys

22:29:31.0218 0x0cc8 MSHUSBVideo - ok

22:29:31.0218 0x0cc8 MSIServer - ok

22:29:31.0250 0x0cc8 [ 5007E21208DA68F60EBF43352BDFE6D0, 698B6AB8260E05D6A2D168939E8D7F9F1CC1C78FDEC4F6B9D1A7289FD83C841B ] MSK80Service C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

22:29:31.0265 0x0cc8 MSK80Service - ok

22:29:31.0281 0x0cc8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:29:31.0281 0x0cc8 MSKSSRV - ok

22:29:31.0343 0x0cc8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:29:31.0343 0x0cc8 MSPCLOCK - ok

22:29:31.0375 0x0cc8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

22:29:31.0375 0x0cc8 MSPQM - ok

22:29:31.0421 0x0cc8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:29:31.0421 0x0cc8 mssmbios - ok

22:29:31.0468 0x0cc8 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

22:29:31.0468 0x0cc8 MSTEE - ok

22:29:31.0515 0x0cc8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

22:29:31.0531 0x0cc8 Mup - ok

22:29:31.0546 0x0cc8 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

22:29:31.0546 0x0cc8 NABTSFEC - ok

22:29:31.0625 0x0cc8 [ 1E59AAED42A5E3A5ED86EC403F9C0776, EB71AC4F94E0A86A192ED582DF978C79AA00F9B9A18A59244499B831DB4CB57C ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys

22:29:31.0625 0x0cc8 NAL - ok

22:29:31.0687 0x0cc8 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll

22:29:31.0703 0x0cc8 napagent - ok

22:29:31.0718 0x0cc8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

22:29:31.0734 0x0cc8 NDIS - ok

22:29:31.0750 0x0cc8 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

22:29:31.0750 0x0cc8 NdisIP - ok

22:29:31.0796 0x0cc8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:29:31.0796 0x0cc8 NdisTapi - ok

22:29:31.0843 0x0cc8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:29:31.0843 0x0cc8 Ndisuio - ok

22:29:31.0859 0x0cc8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:29:31.0859 0x0cc8 NdisWan - ok

22:29:31.0906 0x0cc8 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

22:29:31.0906 0x0cc8 NDProxy - ok

22:29:31.0921 0x0cc8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

22:29:31.0921 0x0cc8 NetBIOS - ok

22:29:31.0937 0x0cc8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

22:29:31.0937 0x0cc8 NetBT - ok

22:29:31.0984 0x0cc8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe

22:29:31.0984 0x0cc8 NetDDE - ok

22:29:31.0984 0x0cc8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

22:29:32.0000 0x0cc8 NetDDEdsdm - ok

22:29:32.0031 0x0cc8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe

22:29:32.0031 0x0cc8 Netlogon - ok

22:29:32.0062 0x0cc8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll

22:29:32.0062 0x0cc8 Netman - ok

22:29:32.0109 0x0cc8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

22:29:32.0109 0x0cc8 NetTcpPortSharing - ok

22:29:32.0171 0x0cc8 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll

22:29:32.0171 0x0cc8 Nla - ok

22:29:32.0171 0x0cc8 NMIndexingService - ok

22:29:32.0187 0x0cc8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

22:29:32.0187 0x0cc8 Npfs - ok

22:29:32.0203 0x0cc8 nsrta - ok

22:29:32.0281 0x0cc8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

22:29:32.0296 0x0cc8 Ntfs - ok

22:29:32.0296 0x0cc8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

22:29:32.0312 0x0cc8 NtLmSsp - ok

22:29:32.0359 0x0cc8 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

22:29:32.0375 0x0cc8 NtmsSvc - ok

22:29:32.0406 0x0cc8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys

22:29:32.0406 0x0cc8 Null - ok

22:29:32.0578 0x0cc8 [ 5F30E55591B480D868881610C6A392BD, B2FDD14C4CE60C11DD211D08C69F1BF8BC247FC96E8042A01D9DE9C0B04D3A6F ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

22:29:32.0890 0x0cc8 Suspicious file ( Forged ): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: 5F30E55591B480D868881610C6A392BD, sha256: B2FDD14C4CE60C11DD211D08C69F1BF8BC247FC96E8042A01D9DE9C0B04D3A6F, fake md5: 5950E6CC9FB3FABB61604D395DBC8550, fake sha256: CA35DBF701215CDA51E3B85F9378C932FAA429FA5D1DEE3BC4CC938259031F2E

22:29:32.0921 0x0cc8 nv - detected ForgedFile.Multi.Generic ( 1 )

22:29:35.0953 0x0cc8 nv ( ForgedFile.Multi.Generic ) - warning

22:29:38.0953 0x0cc8 [ 9FE764D5EECCA13B0932FAB81A4A5A6F, 7BAD68F79FFEDDA1FC6F657DBF930F955D37F66632CD54650ACA4FFEEBFDC1E4 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

22:29:38.0968 0x0cc8 NVSvc - ok

22:29:39.0015 0x0cc8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:29:39.0015 0x0cc8 NwlnkFlt - ok

22:29:39.0078 0x0cc8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:29:39.0078 0x0cc8 NwlnkFwd - ok

22:29:39.0109 0x0cc8 [ 8B8B1BE2DBA4025DA6786C645F77F123, E47D5EED2F3AF85E2332C325DA80AEF2C4EC989E38A175194EBBFA967BA8BF81 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

22:29:39.0125 0x0cc8 NwlnkIpx - ok

22:29:39.0140 0x0cc8 [ 56D34A67C05E94E16377C60609741FF8, ABE48D3E7D38DB20E9D4884FC6FE42FAE0C5FAFD3AC86F1E585A4BB17C6F09C5 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

22:29:39.0140 0x0cc8 NwlnkNb - ok

22:29:39.0156 0x0cc8 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0, 899905C0EB182ABCDAE0D0D749C0BC39CD231B9FAEE733D5DFDAE86EB8BC755B ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

22:29:39.0171 0x0cc8 NwlnkSpx - ok

22:29:39.0218 0x0cc8 [ 36B9B950E3D2E100970A48D8BAD86740, B0F320E68974925E1BB199B9F59A191FA1EBA2D2F164F182FE7820A83220687C ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys

22:29:39.0234 0x0cc8 NWRDR - ok

22:29:39.0312 0x0cc8 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:29:39.0312 0x0cc8 ose - ok

22:29:39.0343 0x0cc8 [ 103A9B117A7D9903111955CDAFE65AC6, 06060CA6036F757ABB6C9CFD8376D70996E80ACC7896896DD426AEA0786E2B15 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

22:29:39.0359 0x0cc8 ossrv - ok

22:29:39.0406 0x0cc8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

22:29:39.0406 0x0cc8 Parport - ok

22:29:39.0468 0x0cc8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

22:29:39.0468 0x0cc8 PartMgr - ok

22:29:39.0515 0x0cc8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

22:29:39.0515 0x0cc8 ParVdm - ok

22:29:39.0546 0x0cc8 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

22:29:39.0562 0x0cc8 PCI - ok

22:29:39.0562 0x0cc8 PCIDump - ok

22:29:39.0625 0x0cc8 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

22:29:39.0625 0x0cc8 PCIIde - ok

22:29:39.0671 0x0cc8 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

22:29:39.0671 0x0cc8 Pcmcia - ok

22:29:39.0687 0x0cc8 PDCOMP - ok

22:29:39.0703 0x0cc8 PDFRAME - ok

22:29:39.0734 0x0cc8 PDRELI - ok

22:29:39.0750 0x0cc8 PDRFRAME - ok

22:29:39.0828 0x0cc8 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys

22:29:39.0828 0x0cc8 perc2 - ok

22:29:39.0890 0x0cc8 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys

22:29:39.0890 0x0cc8 perc2hib - ok

22:29:39.0968 0x0cc8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe

22:29:39.0968 0x0cc8 PlugPlay - ok

22:29:40.0031 0x0cc8 [ 45E333C6B7197ED61C70736472F3703B, FB69E5EABD33343C37A597D5E95688E1C3ACC88810B2DD305CFE471E36DC6871 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

22:29:40.0031 0x0cc8 Pml Driver HPZ12 - ok

22:29:40.0078 0x0cc8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

22:29:40.0078 0x0cc8 PolicyAgent - ok

22:29:40.0140 0x0cc8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:29:40.0140 0x0cc8 PptpMiniport - ok

22:29:40.0156 0x0cc8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

22:29:40.0156 0x0cc8 ProtectedStorage - ok

22:29:40.0187 0x0cc8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

22:29:40.0187 0x0cc8 PSched - ok

22:29:40.0234 0x0cc8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:29:40.0234 0x0cc8 Ptilink - ok

22:29:40.0296 0x0cc8 [ 3DDD425DE6F3DAE507CA2129838B3D53, AEBF4FC02ADF76323C286F0BD54DF1335F34BCDA9260A5F96F63D10BFAE9AC35 ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys

22:29:40.0296 0x0cc8 pwdrvio - ok

22:29:40.0312 0x0cc8 [ 0E634F8BE4D0E6A10317C6647AE31344, 2406C2C0CCD455ECBEEB3CE568A9402EEE4F2B8FF9A51181712AB37FA808E18A ] pwdspio C:\WINDOWS\system32\pwdspio.sys

22:29:40.0312 0x0cc8 pwdspio - ok

22:29:40.0375 0x0cc8 [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

22:29:40.0375 0x0cc8 PxHelp20 - ok

22:29:40.0421 0x0cc8 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys

22:29:40.0421 0x0cc8 ql1080 - ok

22:29:40.0484 0x0cc8 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

22:29:40.0484 0x0cc8 Ql10wnt - ok

22:29:40.0515 0x0cc8 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys

22:29:40.0515 0x0cc8 ql12160 - ok

22:29:40.0531 0x0cc8 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys

22:29:40.0531 0x0cc8 ql1240 - ok

22:29:40.0578 0x0cc8 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys

22:29:40.0578 0x0cc8 ql1280 - ok

22:29:40.0609 0x0cc8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:29:40.0609 0x0cc8 RasAcd - ok

22:29:40.0671 0x0cc8 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll

22:29:40.0671 0x0cc8 RasAuto - ok

22:29:40.0703 0x0cc8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:29:40.0703 0x0cc8 Rasl2tp - ok

22:29:40.0781 0x0cc8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll

22:29:40.0781 0x0cc8 RasMan - ok

22:29:40.0796 0x0cc8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:29:40.0796 0x0cc8 RasPppoe - ok

22:29:40.0843 0x0cc8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

22:29:40.0843 0x0cc8 Raspti - ok

22:29:40.0859 0x0cc8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:29:40.0875 0x0cc8 Rdbss - ok

22:29:40.0921 0x0cc8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:29:40.0937 0x0cc8 RDPCDD - ok

22:29:41.0000 0x0cc8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:29:41.0000 0x0cc8 rdpdr - ok

22:29:41.0093 0x0cc8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

22:29:41.0093 0x0cc8 RDPWD - ok

22:29:41.0156 0x0cc8 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

22:29:41.0156 0x0cc8 RDSessMgr - ok

22:29:41.0218 0x0cc8 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

22:29:41.0218 0x0cc8 redbook - ok

22:29:41.0265 0x0cc8 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

22:29:41.0265 0x0cc8 RemoteAccess - ok

22:29:41.0328 0x0cc8 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

22:29:41.0328 0x0cc8 RemoteRegistry - ok

22:29:41.0359 0x0cc8 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe

22:29:41.0359 0x0cc8 RpcLocator - ok

22:29:41.0406 0x0cc8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll

22:29:41.0406 0x0cc8 RpcSs - ok

22:29:41.0484 0x0cc8 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe

22:29:41.0484 0x0cc8 RSVP - ok

22:29:41.0531 0x0cc8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe

22:29:41.0531 0x0cc8 SamSs - ok

22:29:41.0625 0x0cc8 [ 328100AF2EFD951EAB657384EC361B6F, 2DECBF74E13511395AA13F931F06F4D557E67654DA3314D0095C332FB758B4D9 ] SamsungAllShareV2.0 C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

22:29:41.0625 0x0cc8 SamsungAllShareV2.0 - ok

22:29:41.0734 0x0cc8 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

22:29:41.0734 0x0cc8 SASDIFSV - ok

22:29:41.0781 0x0cc8 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

22:29:41.0781 0x0cc8 SASKUTIL - ok

22:29:41.0828 0x0cc8 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

22:29:41.0828 0x0cc8 SCardSvr - ok

22:29:41.0890 0x0cc8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll

22:29:41.0890 0x0cc8 Schedule - ok

22:29:41.0953 0x0cc8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:29:41.0953 0x0cc8 Secdrv - ok

22:29:42.0015 0x0cc8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll

22:29:42.0015 0x0cc8 seclogon - ok

22:29:42.0046 0x0cc8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll

22:29:42.0046 0x0cc8 SENS - ok

22:29:42.0078 0x0cc8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

22:29:42.0078 0x0cc8 serenum - ok

22:29:42.0109 0x0cc8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

22:29:42.0109 0x0cc8 Serial - ok

22:29:42.0203 0x0cc8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

22:29:42.0203 0x0cc8 Sfloppy - ok

22:29:42.0281 0x0cc8 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

22:29:42.0281 0x0cc8 SharedAccess - ok

22:29:42.0343 0x0cc8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

22:29:42.0343 0x0cc8 ShellHWDetection - ok

22:29:42.0359 0x0cc8 Simbad - ok

22:29:42.0437 0x0cc8 [ 1980FE1F5A32067DAD1D8776B63C2669, 26B53EAF89CDBBA8FFA154DBB1F1DA348F894FE1F1D0CA4060E32496464DD5D2 ] SimpleSlideShowServer C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe

22:29:42.0437 0x0cc8 SimpleSlideShowServer - ok

22:29:42.0484 0x0cc8 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys

22:29:42.0484 0x0cc8 sisagp - ok

22:29:42.0546 0x0cc8 [ F07AF60B152221472FBDB2FECEC4896D, A18FDCE8462A48429E249C44F0E49F844F2E3A4B5215349DE104F34D935EF983 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

22:29:42.0546 0x0cc8 SkypeUpdate - ok

22:29:42.0562 0x0cc8 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

22:29:42.0562 0x0cc8 SLIP - ok

22:29:42.0656 0x0cc8 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys

22:29:42.0656 0x0cc8 Sparrow - ok

22:29:42.0703 0x0cc8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys

22:29:42.0703 0x0cc8 splitter - ok

22:29:42.0765 0x0cc8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe

22:29:42.0765 0x0cc8 Spooler - ok

22:29:42.0781 0x0cc8 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

22:29:42.0796 0x0cc8 sr - ok

22:29:42.0875 0x0cc8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll

22:29:42.0875 0x0cc8 srservice - ok

22:29:42.0953 0x0cc8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

22:29:42.0968 0x0cc8 Srv - ok

22:29:43.0015 0x0cc8 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

22:29:43.0015 0x0cc8 SSDPSRV - ok

22:29:43.0140 0x0cc8 [ 797FCC1D859B203958E915BB82528DA9, CF2BB15ED03322323CEFAD2D9600959ADB41B22E22D78D81E79969C784F09A66 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys

22:29:43.0218 0x0cc8 STHDA - ok

22:29:43.0281 0x0cc8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll

22:29:43.0296 0x0cc8 stisvc - ok

22:29:43.0343 0x0cc8 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

22:29:43.0343 0x0cc8 streamip - ok

22:29:43.0390 0x0cc8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

22:29:43.0390 0x0cc8 swenum - ok

22:29:43.0406 0x0cc8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

22:29:43.0421 0x0cc8 swmidi - ok

22:29:43.0421 0x0cc8 SwPrv - ok

22:29:43.0500 0x0cc8 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys

22:29:43.0515 0x0cc8 symc810 - ok

22:29:43.0578 0x0cc8 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys

22:29:43.0578 0x0cc8 symc8xx - ok

22:29:43.0640 0x0cc8 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys

22:29:43.0640 0x0cc8 sym_hi - ok

22:29:43.0656 0x0cc8 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys

22:29:43.0656 0x0cc8 sym_u3 - ok

22:29:43.0703 0x0cc8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

22:29:43.0703 0x0cc8 sysaudio - ok

22:29:43.0750 0x0cc8 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

22:29:43.0765 0x0cc8 SysmonLog - ok

22:29:43.0812 0x0cc8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

22:29:43.0828 0x0cc8 TapiSrv - ok

22:29:43.0890 0x0cc8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:29:43.0890 0x0cc8 Tcpip - ok

22:29:43.0953 0x0cc8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

22:29:43.0953 0x0cc8 TDPIPE - ok

22:29:43.0968 0x0cc8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

22:29:43.0968 0x0cc8 TDTCP - ok

22:29:44.0000 0x0cc8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

22:29:44.0000 0x0cc8 TermDD - ok

22:29:44.0031 0x0cc8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll

22:29:44.0046 0x0cc8 TermService - ok

22:29:44.0078 0x0cc8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll

22:29:44.0078 0x0cc8 Themes - ok

22:29:44.0140 0x0cc8 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

22:29:44.0140 0x0cc8 TlntSvr - ok

22:29:44.0281 0x0cc8 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys

22:29:44.0281 0x0cc8 TosIde - ok

22:29:44.0312 0x0cc8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll

22:29:44.0312 0x0cc8 TrkWks - ok

22:29:44.0343 0x0cc8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

22:29:44.0359 0x0cc8 Udfs - ok

22:29:44.0453 0x0cc8 [ CA90D2C55EB3BB90687677BEA3DB0B59, 6638650E5CD0E5924B1BB6E318CF91C1F3634961D7741F754A4012E89A8458A8 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

22:29:44.0453 0x0cc8 UleadBurningHelper - ok

22:29:44.0484 0x0cc8 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys

22:29:44.0484 0x0cc8 ultra - ok

22:29:44.0562 0x0cc8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

22:29:44.0562 0x0cc8 Update - ok

22:29:44.0625 0x0cc8 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll

22:29:44.0625 0x0cc8 upnphost - ok

22:29:44.0671 0x0cc8 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe

22:29:44.0671 0x0cc8 UPS - ok

22:29:44.0734 0x0cc8 [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

22:29:44.0734 0x0cc8 USBAAPL - ok

22:29:44.0781 0x0cc8 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

22:29:44.0781 0x0cc8 usbaudio - ok

22:29:44.0843 0x0cc8 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:29:44.0843 0x0cc8 usbccgp - ok

22:29:44.0890 0x0cc8 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:29:44.0890 0x0cc8 usbehci - ok

22:29:44.0937 0x0cc8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:29:44.0937 0x0cc8 usbhub - ok

22:29:44.0968 0x0cc8 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:29:44.0968 0x0cc8 usbprint - ok

22:29:45.0031 0x0cc8 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:29:45.0031 0x0cc8 usbscan - ok

22:29:45.0046 0x0cc8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:29:45.0046 0x0cc8 USBSTOR - ok

22:29:45.0062 0x0cc8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:29:45.0062 0x0cc8 usbuhci - ok

22:29:45.0125 0x0cc8 [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys

22:29:45.0125 0x0cc8 usbvideo - ok

22:29:45.0140 0x0cc8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

22:29:45.0140 0x0cc8 VgaSave - ok

22:29:45.0203 0x0cc8 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys

22:29:45.0203 0x0cc8 viaagp - ok

22:29:45.0234 0x0cc8 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

22:29:45.0234 0x0cc8 ViaIde - ok

22:29:45.0250 0x0cc8 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

22:29:45.0250 0x0cc8 VolSnap - ok

22:29:45.0328 0x0cc8 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe

22:29:45.0343 0x0cc8 VSS - ok

22:29:45.0500 0x0cc8 [ E26744E5DD71A16E80D4DD5A286B8423, 877F06ADDDF60D3524055C7FF0D9D04BE7A6477F64CF8030576025E72598EB25 ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys

22:29:45.0609 0x0cc8 VX3000 - ok

22:29:45.0656 0x0cc8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time C:\WINDOWS\system32\w32time.dll

22:29:45.0671 0x0cc8 w32time - ok

22:29:45.0734 0x0cc8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:29:45.0734 0x0cc8 Wanarp - ok

22:29:45.0750 0x0cc8 wanatw - ok

22:29:45.0812 0x0cc8 [ 56242D5BE3BFC8F2A212E6D1F9A16697, 2ACA5991FED8E7D4D44F00157BC4B6404E595C2BFB4A58FF745B8C973E58C210 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

22:29:45.0812 0x0cc8 wceusbsh - ok

22:29:45.0828 0x0cc8 WDICA - ok

22:29:45.0859 0x0cc8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

22:29:45.0859 0x0cc8 wdmaud - ok

22:29:45.0875 0x0cc8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll

22:29:45.0875 0x0cc8 WebClient - ok

22:29:45.0968 0x0cc8 [ F59ED5A43B988A18EF582BB07B2327A7, E870821C9C4E31D3B05049FBA5D81358F9C30E6A67F600D4EA3A5736CA344028 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

22:29:46.0015 0x0cc8 winachsf - ok

22:29:46.0093 0x0cc8 [ F45DD1E1365D857DD08BC23563370D0E, D95AEBB2095579D716C62152C8B805E119812FD2E40F14F9A5BA2EFDE133303B ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe

22:29:46.0093 0x0cc8 WinDefend - ok

22:29:46.0218 0x0cc8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

22:29:46.0234 0x0cc8 winmgmt - ok

22:29:46.0343 0x0cc8 [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM C:\WINDOWS\system32\WsmSvc.dll

22:29:46.0421 0x0cc8 WinRM - ok

22:29:46.0500 0x0cc8 [ 482069CDA24AA0E94B1351E30EB3D01F, C5238E6DA85D6854A119A9687BE8448B8483EBD483F7823150CC0B24D321D26F ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

22:29:46.0500 0x0cc8 WmdmPmSN - ok

22:29:46.0562 0x0cc8 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll

22:29:46.0578 0x0cc8 Wmi - ok

22:29:46.0625 0x0cc8 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

22:29:46.0640 0x0cc8 WmiApSrv - ok

22:29:46.0656 0x0cc8 [ D7467F619F574AB36286D2903E751DEB, A194D7FCEFA676D4A312ADAA26A64F3690EB7A04B0A133B374FE23CCB472B984 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

22:29:46.0656 0x0cc8 WpdUsb - ok

22:29:46.0781 0x0cc8 [ 7CAEC4665452072662496CFCCAB727E2, 25771639042557CD1A348C405DCC7DD75DDC50323195A5833D9DAEEA442218B5 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

22:29:46.0828 0x0cc8 WPFFontCache_v0400 - ok

22:29:46.0890 0x0cc8 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

22:29:46.0890 0x0cc8 WS2IFSL - ok

22:29:46.0953 0x0cc8 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll

22:29:46.0953 0x0cc8 wscsvc - ok

22:29:47.0000 0x0cc8 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

22:29:47.0015 0x0cc8 WSTCODEC - ok

22:29:47.0031 0x0cc8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll

22:29:47.0031 0x0cc8 wuauserv - ok

22:29:47.0093 0x0cc8 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

22:29:47.0093 0x0cc8 WudfPf - ok

22:29:47.0140 0x0cc8 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

22:29:47.0156 0x0cc8 WudfRd - ok

22:29:47.0171 0x0cc8 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

22:29:47.0171 0x0cc8 WudfSvc - ok

22:29:47.0250 0x0cc8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

22:29:47.0265 0x0cc8 WZCSVC - ok

22:29:47.0312 0x0cc8 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll

22:29:47.0312 0x0cc8 xmlprov - ok

22:29:47.0328 0x0cc8 ================ Scan global ===============================

22:29:47.0390 0x0cc8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll

22:29:47.0437 0x0cc8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll

22:29:47.0468 0x0cc8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll

22:29:47.0515 0x0cc8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe

22:29:47.0515 0x0cc8 [ Global ] - ok

22:29:47.0515 0x0cc8 ================ Scan MBR ==================================

22:29:47.0546 0x0cc8 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0

22:29:47.0750 0x0cc8 \Device\Harddisk0\DR0 - ok

22:29:47.0750 0x0cc8 ================ Scan VBR ==================================

22:29:47.0750 0x0cc8 [ 800754E5830D050197B9358FA32B1197 ] \Device\Harddisk0\DR0\Partition1

22:29:47.0750 0x0cc8 \Device\Harddisk0\DR0\Partition1 - ok

22:29:47.0765 0x0cc8 Waiting for KSN requests completion. In queue: 133

22:29:48.0765 0x0cc8 Waiting for KSN requests completion. In queue: 133

22:29:49.0765 0x0cc8 Waiting for KSN requests completion. In queue: 133

22:29:50.0812 0x0cc8 AV detected via SS1: McAfee Anti-Virus and Anti-Spyware, , disabled, updated

22:29:50.0812 0x0cc8 FW detected via SS1: McAfee Firewall, , enabled

22:29:53.0453 0x0cc8 ============================================================

22:29:53.0453 0x0cc8 Scan finished

22:29:53.0453 0x0cc8 ============================================================

22:29:53.0484 0x0cb0 Detected object count: 1

22:29:53.0484 0x0cb0 Actual detected object count: 1

22:30:07.0890 0x0cb0 nv ( ForgedFile.Multi.Generic ) - skipped by user

22:30:07.0890 0x0cb0 nv ( ForgedFile.Multi.Generic ) - User select action: Skip



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 08 November 2013 - 02:33 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 charliehorse

charliehorse
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 08 November 2013 - 02:29 PM

TB,

 

When MBAM opened it showed a 'Protection Disabled' notification.

 

Here's the log from MBAM:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.08.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Bobby :: DGQ98YB1 [administrator]

Protection: Disabled

11/8/2013 06:33:57
mbam-log-2013-11-08 (06-33-57).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 506928
Time elapsed: 1 hour(s), 10 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Thanks.

 

Today I also realized that I cannot access the 'volume' in my computer, so I cannot listen to music, watch movies, and stream media content on my computer.


Edited by charliehorse, 08 November 2013 - 10:00 PM.


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 11 November 2013 - 03:12 AM

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 charliehorse

charliehorse
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 11 November 2013 - 04:00 PM

ComboFix 13-11-11.01 - Bobby 11/11/2013  11:18:25.7.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2093 [GMT -7:00]
Running from: c:\documents and settings\Bobby\Desktop\ComboFix2.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Bobby\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Bobby\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-11 to 2013-11-11  )))))))))))))))))))))))))))))))
.
.
2013-11-11 06:48 . 2013-11-11 06:48 -------- d-----w- c:\windows\LastGood
2013-11-10 02:21 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{036EE955-3622-461B-A0B5-D7C6F5D41256}\mpengine.dll
2013-11-10 02:12 . 2013-11-10 02:12 -------- d-----w- c:\windows\system32\Adobe
2013-11-03 19:09 . 2013-11-03 19:09 -------- d-----w- c:\documents and settings\Bobby\Local Settings\Application Data\Macroplant_LLC
2013-11-03 19:09 . 2013-11-03 19:09 -------- d-----w- c:\program files\iExplorer
2013-11-01 22:33 . 2013-11-01 22:35 -------- d-----w- c:\program files\Speccy
2013-10-31 14:11 . 2013-10-31 23:21 -------- d-----w- C:\AdwCleaner
2013-10-28 23:10 . 2013-10-28 23:10 -------- d-----w- c:\documents and settings\Bobby\Local Settings\Application Data\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-10 02:13 . 2012-10-11 00:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-10 02:13 . 2011-08-04 07:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-14 06:39 . 2008-06-14 13:51 7796464 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-10-02 03:58 . 2013-10-02 03:59 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-02 03:58 . 2009-03-18 07:48 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-02 03:58 . 2013-10-02 03:59 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-02 03:58 . 2011-01-16 03:25 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-25 02:53 . 2012-11-09 13:56 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-09-25 02:49 . 2011-06-10 07:09 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-09-25 02:48 . 2011-06-10 07:11 91736 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2013-09-25 02:45 . 2011-03-13 17:20 571608 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-09-25 02:44 . 2013-08-13 01:19 85064 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2013-09-25 02:44 . 2012-11-09 13:50 365256 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-09-25 02:44 . 2012-11-09 13:50 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-09-25 02:43 . 2012-11-09 13:49 235488 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-09-25 02:42 . 2012-11-09 13:49 133928 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-09-23 19:48 . 2012-10-27 01:05 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-09-23 18:33 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2004-08-04 10:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2013-09-20 15:37 . 2012-11-02 08:46 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 15:37 . 2012-11-02 08:46 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 15:37 . 2012-11-02 08:46 301248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-09-09 17:11 . 2011-06-10 07:13 66296 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2013-09-03 20:35 . 2009-10-02 21:01 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:31 . 2004-08-04 10:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2010-07-02 23:39 . 2010-07-02 23:39 322352 ----a-w- c:\program files\utorrent.exe
2010-06-13 16:34 . 2010-06-13 16:30 38874608 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2010-02-05 14:57 . 2010-02-05 14:57 1924200 ----a-w- c:\program files\install_flash_player 10 0 42.exe
2010-01-28 06:30 . 2010-01-28 06:30 1606064 ----a-w- c:\program files\googletalk-setup.exe
2010-01-23 22:53 . 2010-01-23 22:50 31603056 ----a-w- c:\program files\LifeCam3.0.exe
2009-10-14 01:37 . 2009-02-08 02:00 1296288 ----a-w- c:\program files\DMSetup.exe
2009-10-02 03:09 . 2009-10-02 03:06 18527244 ----a-w- c:\program files\vlc-1.0.2-win32.exe
2009-09-27 20:40 . 2009-09-27 20:39 2020136 ----a-w- c:\program files\SkypeSetup.exe
2009-09-27 14:19 . 2009-09-27 14:19 204496 ----a-w- c:\program files\StartUpLite.exe
2009-09-25 03:36 . 2009-09-25 03:35 16918824 ----a-w- c:\program files\install_icq65.exe
2009-09-22 05:09 . 2009-09-22 05:07 26739584 ----a-w- c:\program files\AdbeRdr910_en_US.exe
2009-09-20 17:33 . 2009-09-20 17:33 514560 ----a-w- c:\program files\OTL.exe
2009-09-10 22:05 . 2009-09-10 22:05 1925024 ----a-w- c:\program files\install_flash_player.exe
2009-08-23 19:57 . 2008-12-25 20:09 5955448 ----a-w- c:\program files\saSetup64.exe
2009-08-15 20:52 . 2009-04-16 13:57 11968896 ----a-w- c:\program files\mpas-fe.exe
2009-05-20 05:25 . 2009-05-20 05:25 11876776 ----a-w- c:\program files\mpas-fe2.exe
2009-04-16 14:05 . 2009-04-16 14:04 5289984 ----a-w- c:\program files\msxml4.msi
2009-04-16 14:04 . 2009-04-16 14:04 1070592 ----a-w- c:\program files\msxml3.msi
2009-04-16 00:40 . 2009-04-16 00:40 2262632 ----a-w- c:\program files\mat_1.0.25.3.exe
2009-04-16 00:12 . 2008-12-25 18:48 306864 ----a-w- c:\program files\mvtapp.exe
2009-03-16 06:27 . 2009-03-16 06:27 812344 ----a-w- c:\program files\HJTInstall.exe
2009-03-16 05:30 . 2009-03-16 05:14 16409960 ----a-w- c:\program files\setup-spybotsd162.exe
2009-01-14 08:40 . 2008-12-16 02:04 3782822 ----a-w- c:\program files\ConvertHelperSetup.exe
2008-12-25 20:19 . 2008-12-25 20:18 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-12-25 20:15 . 2008-12-25 20:15 2539400 ----a-w- c:\program files\mbam-setup.exe
2008-12-25 18:59 . 2008-12-25 18:59 983696 ----a-w- c:\program files\GoToAssist.exe
2008-11-16 16:22 . 2008-11-16 16:22 359656 ----a-w- c:\program files\msicuu2.exe
2008-10-23 02:10 . 2008-10-23 02:09 14566424 ----a-w- c:\program files\vlc-0.9.4-win32.exe
2008-07-27 01:55 . 2008-07-27 01:52 16527960 ----a-w- c:\program files\XDivXInstaller.exe
2008-06-14 13:37 . 2008-06-14 13:37 5154304 ----a-w- c:\program files\WindowsDefender.msi
2008-06-14 13:36 . 2008-06-14 13:35 1478696 ----a-w- c:\program files\GenuineCheck.exe
2003-03-19 04:20 . 2012-12-19 23:52 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 11:42 . 2012-12-19 23:52 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2012-07-14 00:17 . 2012-08-19 05:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-23 24576]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-12 5706480]
"cdloader"="c:\documents and settings\Bobby\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"dlcjmon.exe"="c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-09-30 430080]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 286720]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-02 285072]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\documents and settings\Bobby\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk.disabled [2006-10-11 493]
LaunchU3.exe.lnk.disabled [2011-1-17 2543]
Photo Loader supervisory.lnk.disabled [2007-3-3 794]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-03-03 03:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=sysaudio.sys
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bobby^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\Bobby\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MioNet"=2 (0x2)
"MBackMonitor"=3 (0x3)
"getPlus® Helper"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup
"Facebook Update"="c:\documents and settings\Bobby\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"Creative Detector U"="c:\program files\Creative\MediaSource5\CTDetctu.exe" /R
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"WD Drive Manager"=c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" /tray
"Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"WD Button Manager"=WDBtnMgr.exe
"UpdReg"=c:\windows\UpdReg.EXE
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcjpswx.exe"=
"%windir%\\explorer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Cold Coolin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Bobby\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\tuco\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Documents and Settings\\Bobby\\Desktop\\magicJack.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
"c:\\Documents and Settings\\tuco\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Bobby\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"54010:TCP"= 54010:TCP:Samsung AllShare SlideShow Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [6/10/2011 12:13 AM 66296]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/10/2011 12:11 AM 91736]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 10:48 AM 116608]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 7:39 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/11/2010 11:29 AM 701512]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [1/4/2013 8:00 AM 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 7:59 AM 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 7:59 AM 281560]
R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 7:59 AM 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\Mcafee\AMCore\mcshield.exe [1/4/2013 8:00 AM 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [1/4/2013 7:59 AM 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/10/2011 12:09 AM 172416]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/9/2012 6:56 AM 60920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/11/2010 11:29 AM 22856]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/9/2012 6:50 AM 365256]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [11/2/2012 1:46 AM 301248]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/12/2013 6:19 PM 85064]
S0 nsrta;nsrta;c:\windows\system32\drivers\fdrxcd.sys --> c:\windows\system32\drivers\fdrxcd.sys [?]
S1 458cbce0;458cbce0;c:\windows\system32\drivers\458cbce0.sys --> c:\windows\system32\drivers\458cbce0.sys [?]
S1 81437124;81437124;c:\windows\system32\drivers\81437124.sys --> c:\windows\system32\drivers\81437124.sys [?]
S1 87a27cae;87a27cae;c:\windows\system32\drivers\87a27cae.sys --> c:\windows\system32\drivers\87a27cae.sys [?]
S2 0090131384152505mcinstcleanup;McAfee Application Installer Cleanup (0090131384152505);c:\windows\TEMP\009013~1.EXE -cleanup -nolog --> c:\windows\TEMP\009013~1.EXE -cleanup -nolog [?]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [3/2/2012 4:00 PM 25504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [10/26/2012 6:05 PM 147912]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\AF.tmp --> c:\windows\system32\AF.tmp [?]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [11/2/2012 1:46 AM 80656]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/12/2013 6:19 PM 85064]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/22/2012 8:48 PM 30576]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/21/2012 9:57 AM 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/21/2012 9:57 AM 10200]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [3/2/2012 4:00 PM 27584]
S4 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 7:59 AM 281560]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 02:14]
.
2013-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752200638-408136642-4136389770-1010Core.job
- c:\documents and settings\Cold Coolin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-28 23:09]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752200638-408136642-4136389770-1010UA.job
- c:\documents and settings\Cold Coolin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-28 23:09]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752200638-408136642-4136389770-1014Core.job
- c:\documents and settings\tuco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-04 22:31]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752200638-408136642-4136389770-1014UA.job
- c:\documents and settings\tuco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-04 22:31]
.
2013-11-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2013-11-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9c444b47-a398-483c-9195-9becc05b4ffc.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-04 07:29]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 66.112.177.4 8.8.8.8
FF - ProfilePath - c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\ae5afxlh.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0&hl=en
FF - ExtSQL: !HIDDEN! 2009-08-22 14:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-11 11:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\AF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\D*& Ò*0 U* *3*D*\MostRecentApplication]
"Nam"="sstext3d.scr"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1208)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2013-11-11  11:34:37
ComboFix-quarantined-files.txt  2013-11-11 18:34
ComboFix2.txt  2013-10-30 04:17
ComboFix3.txt  2013-10-28 11:34
ComboFix4.txt  2011-01-30 00:34
.
Pre-Run: 18,044,780,544 bytes free
Post-Run: 18,193,297,408 bytes free
.
- - End Of File - - 227F29FA03580510F7A0F7A43989E3D8
5CB90281D1A59B251F6603134774EEC3
 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 12 November 2013 - 08:17 AM

That doesn´t look very good...

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Edited by TB-Psychotic, 12 November 2013 - 08:18 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 charliehorse

charliehorse
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 12 November 2013 - 05:52 PM

ComboFix 13-11-12.01 - Bobby 11/12/2013  14:31:58.9.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2091 [GMT -7:00]
Running from: c:\documents and settings\Bobby\Desktop\ComboFix2.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Bobby\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\Bobby\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_458cbce0
-------\Service_81437124
-------\Service_87a27cae
-------\Service_nsrta
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-12 to 2013-11-12  )))))))))))))))))))))))))))))))
.
.
2013-11-12 13:05 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4C3D8B47-2429-4C33-8803-3ACBB1A49C57}\mpengine.dll
2013-11-10 02:12 . 2013-11-10 02:12 -------- d-----w- c:\windows\system32\Adobe
2013-11-03 19:09 . 2013-11-03 19:09 -------- d-----w- c:\documents and settings\Bobby\Local Settings\Application Data\Macroplant_LLC
2013-11-03 19:09 . 2013-11-03 19:09 -------- d-----w- c:\program files\iExplorer
2013-11-01 22:33 . 2013-11-01 22:35 -------- d-----w- c:\program files\Speccy
2013-10-31 14:11 . 2013-10-31 23:21 -------- d-----w- C:\AdwCleaner
2013-10-28 23:10 . 2013-10-28 23:10 -------- d-----w- c:\documents and settings\Bobby\Local Settings\Application Data\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-10 02:13 . 2012-10-11 00:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-10 02:13 . 2011-08-04 07:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-14 06:39 . 2008-06-14 13:51 7796464 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-10-02 03:58 . 2013-10-02 03:59 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-02 03:58 . 2009-03-18 07:48 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-02 03:58 . 2013-10-02 03:59 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-10-02 03:58 . 2011-01-16 03:25 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-25 02:53 . 2012-11-09 13:56 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-09-25 02:49 . 2011-06-10 07:09 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-09-25 02:48 . 2011-06-10 07:11 91736 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2013-09-25 02:45 . 2011-03-13 17:20 571608 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-09-25 02:44 . 2013-08-13 01:19 85064 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2013-09-25 02:44 . 2012-11-09 13:50 365256 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-09-25 02:44 . 2012-11-09 13:50 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-09-25 02:43 . 2012-11-09 13:49 235488 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-09-25 02:42 . 2012-11-09 13:49 133928 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-09-23 19:48 . 2012-10-27 01:05 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-09-23 18:33 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2004-08-04 10:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2013-09-20 15:37 . 2012-11-02 08:46 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 15:37 . 2012-11-02 08:46 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 15:37 . 2012-11-02 08:46 301248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-09-09 17:11 . 2011-06-10 07:13 66296 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2013-09-03 20:35 . 2009-10-02 21:01 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:31 . 2004-08-04 10:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2010-07-02 23:39 . 2010-07-02 23:39 322352 ----a-w- c:\program files\utorrent.exe
2010-06-13 16:34 . 2010-06-13 16:30 38874608 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2010-02-05 14:57 . 2010-02-05 14:57 1924200 ----a-w- c:\program files\install_flash_player 10 0 42.exe
2010-01-28 06:30 . 2010-01-28 06:30 1606064 ----a-w- c:\program files\googletalk-setup.exe
2010-01-23 22:53 . 2010-01-23 22:50 31603056 ----a-w- c:\program files\LifeCam3.0.exe
2009-10-14 01:37 . 2009-02-08 02:00 1296288 ----a-w- c:\program files\DMSetup.exe
2009-10-02 03:09 . 2009-10-02 03:06 18527244 ----a-w- c:\program files\vlc-1.0.2-win32.exe
2009-09-27 20:40 . 2009-09-27 20:39 2020136 ----a-w- c:\program files\SkypeSetup.exe
2009-09-27 14:19 . 2009-09-27 14:19 204496 ----a-w- c:\program files\StartUpLite.exe
2009-09-25 03:36 . 2009-09-25 03:35 16918824 ----a-w- c:\program files\install_icq65.exe
2009-09-22 05:09 . 2009-09-22 05:07 26739584 ----a-w- c:\program files\AdbeRdr910_en_US.exe
2009-09-20 17:33 . 2009-09-20 17:33 514560 ----a-w- c:\program files\OTL.exe
2009-09-10 22:05 . 2009-09-10 22:05 1925024 ----a-w- c:\program files\install_flash_player.exe
2009-08-23 19:57 . 2008-12-25 20:09 5955448 ----a-w- c:\program files\saSetup64.exe
2009-08-15 20:52 . 2009-04-16 13:57 11968896 ----a-w- c:\program files\mpas-fe.exe
2009-05-20 05:25 . 2009-05-20 05:25 11876776 ----a-w- c:\program files\mpas-fe2.exe
2009-04-16 14:05 . 2009-04-16 14:04 5289984 ----a-w- c:\program files\msxml4.msi
2009-04-16 14:04 . 2009-04-16 14:04 1070592 ----a-w- c:\program files\msxml3.msi
2009-04-16 00:40 . 2009-04-16 00:40 2262632 ----a-w- c:\program files\mat_1.0.25.3.exe
2009-04-16 00:12 . 2008-12-25 18:48 306864 ----a-w- c:\program files\mvtapp.exe
2009-03-16 06:27 . 2009-03-16 06:27 812344 ----a-w- c:\program files\HJTInstall.exe
2009-03-16 05:30 . 2009-03-16 05:14 16409960 ----a-w- c:\program files\setup-spybotsd162.exe
2009-01-14 08:40 . 2008-12-16 02:04 3782822 ----a-w- c:\program files\ConvertHelperSetup.exe
2008-12-25 20:19 . 2008-12-25 20:18 15083520 ----a-w- c:\program files\spybotsd160.exe
2008-12-25 20:15 . 2008-12-25 20:15 2539400 ----a-w- c:\program files\mbam-setup.exe
2008-12-25 18:59 . 2008-12-25 18:59 983696 ----a-w- c:\program files\GoToAssist.exe
2008-11-16 16:22 . 2008-11-16 16:22 359656 ----a-w- c:\program files\msicuu2.exe
2008-10-23 02:10 . 2008-10-23 02:09 14566424 ----a-w- c:\program files\vlc-0.9.4-win32.exe
2008-07-27 01:55 . 2008-07-27 01:52 16527960 ----a-w- c:\program files\XDivXInstaller.exe
2008-06-14 13:37 . 2008-06-14 13:37 5154304 ----a-w- c:\program files\WindowsDefender.msi
2008-06-14 13:36 . 2008-06-14 13:35 1478696 ----a-w- c:\program files\GenuineCheck.exe
2003-03-19 04:20 . 2012-12-19 23:52 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 11:42 . 2012-12-19 23:52 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2012-07-14 00:17 . 2012-08-19 05:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-23 24576]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-12 5706480]
"cdloader"="c:\documents and settings\Bobby\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"GoogleChromeAutoLaunch_A5C21E68D15EF30E4E4006597AC0CFBE"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-10-09 844752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"dlcjmon.exe"="c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-09-30 430080]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 286720]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-02 285072]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 516912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\documents and settings\Bobby\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk.disabled [2006-10-11 493]
LaunchU3.exe.lnk.disabled [2011-1-17 2543]
Photo Loader supervisory.lnk.disabled [2007-3-3 794]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-03-03 03:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=sysaudio.sys
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bobby^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\documents and settings\Bobby\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MioNet"=2 (0x2)
"MBackMonitor"=3 (0x3)
"getPlus® Helper"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup
"Facebook Update"="c:\documents and settings\Bobby\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"Creative Detector U"="c:\program files\Creative\MediaSource5\CTDetctu.exe" /R
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"WD Drive Manager"=c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" /tray
"Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"WD Button Manager"=WDBtnMgr.exe
"UpdReg"=c:\windows\UpdReg.EXE
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcjcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcjpswx.exe"=
"%windir%\\explorer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Cold Coolin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Bobby\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\tuco\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Documents and Settings\\Bobby\\Desktop\\magicJack.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
"c:\\Documents and Settings\\tuco\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Bobby\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"54010:TCP"= 54010:TCP:Samsung AllShare SlideShow Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [6/10/2011 12:13 AM 66296]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/10/2011 12:11 AM 91736]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 10:48 AM 116608]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/12/2012 7:39 PM 418376]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [1/4/2013 8:00 AM 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 7:59 AM 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 7:59 AM 281560]
R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 7:59 AM 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\Mcafee\AMCore\mcshield.exe [1/4/2013 8:00 AM 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [1/4/2013 7:59 AM 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/10/2011 12:09 AM 172416]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/9/2012 6:56 AM 60920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/11/2010 11:29 AM 22856]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/9/2012 6:50 AM 365256]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [11/2/2012 1:46 AM 301248]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/12/2013 6:19 PM 85064]
S2 0090131384152505mcinstcleanup;McAfee Application Installer Cleanup (0090131384152505);c:\windows\TEMP\009013~1.EXE -cleanup -nolog --> c:\windows\TEMP\009013~1.EXE -cleanup -nolog [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/11/2010 11:29 AM 701512]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [3/2/2012 4:00 PM 25504]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [10/26/2012 6:05 PM 147912]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\AF.tmp --> c:\windows\system32\AF.tmp [?]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [11/2/2012 1:46 AM 80656]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/12/2013 6:19 PM 85064]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/22/2012 8:48 PM 30576]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/21/2012 9:57 AM 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/21/2012 9:57 AM 10200]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [3/2/2012 4:00 PM 27584]
S4 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [1/4/2013 7:59 AM 281560]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 0090131384152505MCINSTCLEANUP
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-12 01:21 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 02:14]
.
2013-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-12 01:09]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-12 01:09]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752200638-408136642-4136389770-1005Core.job
- c:\documents and settings\Bobby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 05:24]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752200638-408136642-4136389770-1005UA.job
- c:\documents and settings\Bobby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-25 05:24]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752200638-408136642-4136389770-1010Core.job
- c:\documents and settings\Cold Coolin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-28 23:09]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752200638-408136642-4136389770-1010UA.job
- c:\documents and settings\Cold Coolin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-28 23:09]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752200638-408136642-4136389770-1014Core.job
- c:\documents and settings\tuco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-04 22:31]
.
2013-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3752200638-408136642-4136389770-1014UA.job
- c:\documents and settings\tuco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-04 22:31]
.
2013-11-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2013-11-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9c444b47-a398-483c-9195-9becc05b4ffc.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-08-04 07:29]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 66.112.177.4 8.8.8.8
FF - ProfilePath - c:\documents and settings\Bobby\Application Data\Mozilla\Firefox\Profiles\ae5afxlh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0&hl=en
FF - ExtSQL: !HIDDEN! 2009-08-22 14:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-12 14:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\AF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\D*& Ò*0 U* *3*D*\MostRecentApplication]
"Nam"="sstext3d.scr"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1212)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2013-11-12  14:43:01
ComboFix-quarantined-files.txt  2013-11-12 21:42
ComboFix2.txt  2013-11-11 18:34
ComboFix3.txt  2013-10-30 04:17
ComboFix4.txt  2013-10-28 11:34
ComboFix5.txt  2013-11-12 20:52
.
Pre-Run: 17,527,316,480 bytes free
Post-Run: 17,510,801,408 bytes free
.
- - End Of File - - 9F653AD2A9729BF5FCE6F4FB8F753E46
5CB90281D1A59B251F6603134774EEC3
 



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 13 November 2013 - 03:54 AM

Then please run MBAM as explained and post up the log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 charliehorse

charliehorse
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 13 November 2013 - 10:45 AM

Sorry TB, I just wanted to post the ComboFix log, since I knew I'd let the MBAM full version run until I woke up...

 

 

Here it is:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.12.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bobby :: DGQ98YB1 [administrator]

Protection: Enabled

11/12/2013 18:20:09
mbam-log-2013-11-12 (18-20-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 502749
Time elapsed: 3 hour(s), 41 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 14 November 2013 - 02:50 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 charliehorse

charliehorse
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 15 November 2013 - 08:53 PM

Eset did not create a report, and it said, "No threats found"






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users