Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer has been hit by a Rootkit, and I need help!


  • This topic is locked This topic is locked
39 replies to this topic

#1 mecharmor22

mecharmor22

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 28 March 2014 - 06:35 AM

Hello again,

 

I have used your services in the past with another problem concerning my computer, and after many years something has come up again. My computer has been infect from a random audio rootkit about nearly a week ago. it has been playing audio ads in the background without any programs running to my knowledge. It has destroyed the audio on my computer and is causing dozens of other problems.

 

I also had switched AT&T packages since my last problem was fixed. But then a problem came up with AT&T in which they disabled my McAfee Security suit upon switching. AT&T said they would reinstate my entire McAfee Security suit, but it has been more than 6 months with my computer exposed to the elements.

 

Since AT&T has not reinstated, I also need another security system just like it until that one is back online.

 

Here is the DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Gary Jay at 4:14:16 on 2014-03-28
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.1169 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gmail.com/
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
dURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\gary jay\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HPWRTOOLBOX] c:\program files\hewlett-packard\hp deskjet 460 series\toolbox\HPWRTBX.exe "-i"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
mExplorerRun: [6095] c:\docume~1\alluse~1\msmuuir.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: TaskbarNoNotification = dword:0
uPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: TaskbarNoNotification = dword:0
mPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: TaskbarNoNotification = dword:0
mPolicies-Explorer: HideSCAHealth = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C6E5D988-B1CA-4205-954A-C620162699F7} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gary jay\application data\mozilla\firefox\profiles\i9qp63rl.default-1343214318343\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\documents and settings\gary jay\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\gary jay\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\gary jay\local settings\application data\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2012-8-5 9216]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-3-26 1809720]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 167784]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2009-5-20 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2009-5-20 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-5-20 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-5-20 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-5-20 235840]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-1 565888]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-1 91640]
S1 tStLib;tStLib;c:\windows\system32\drivers\tStLib.sys [2014-3-17 55232]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;\??\c:\program files\vmlaunch\buddyvm.sys --> c:\program files\vmlaunch\BuddyVM.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-3-26 857912]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 167784]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-1 167784]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-1 203840]
S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-1 169320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 172416]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-7-5 60920]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-7-5 146872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-28 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-28 107736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-31 235264]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-7-5 65928]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-7-5 363080]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-7-5 92632]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-31 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-31 40552]
.
=============== Created Last 30 ================
.
2014-03-26 07:04:39    50648    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-03-26 07:04:39    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-03-25 23:04:30    --------    d--h--w-    C:\c00b7f9
2014-03-18 05:30:00    55232    ----a-w-    c:\windows\system32\drivers\tStLib.sys
2014-03-12 08:28:24    --------    d-----w-    c:\documents and settings\all users\application data\cau
2014-03-05 21:52:42    --------    d-----w-    c:\program files\HP
.
==================== Find3M  ====================
.
2014-03-28 09:24:50    107736    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-12 13:38:20    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 13:38:20    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-05 16:26:02    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-16 00:40:14    487016    ----a-w-    C:\SecurityScanner.dll
.
============= FINISH:  4:17:03.62 ===============
 

 

I need help with all of the above, and would like to do it right.

 

Thank you



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:50 PM

Posted 28 March 2014 - 07:02 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 28 March 2014 - 07:42 AM

05:30:14.0515 9244  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
05:30:23.0203 9244  ============================================================
05:30:23.0203 9244  Current date / time: 2014/03/28 05:30:23.0203
05:30:23.0203 9244  SystemInfo:
05:30:23.0203 9244  
05:30:23.0203 9244  OS Version: 5.1.2600 ServicePack: 3.0
05:30:23.0203 9244  Product type: Workstation
05:30:23.0203 9244  ComputerName: D1X0RGJ1
05:30:23.0203 9244  UserName: Gary Jay
05:30:23.0203 9244  Windows directory: C:\WINDOWS
05:30:23.0203 9244  System windows directory: C:\WINDOWS
05:30:23.0203 9244  Processor architecture: Intel x86
05:30:23.0203 9244  Number of processors: 2
05:30:23.0203 9244  Page size: 0x1000
05:30:23.0203 9244  Boot type: Normal boot
05:30:23.0203 9244  ============================================================
05:30:40.0984 9244  !crdlk
05:30:41.0000 9244  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
05:30:41.0015 9244  ============================================================
05:30:41.0015 9244  \Device\Harddisk0\DR0:
05:30:41.0015 9244  MBR partitions:
05:30:41.0015 9244  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x1BE190B0
05:30:41.0015 9244  ============================================================
05:30:41.0078 9244  C: <-> \Device\Harddisk0\DR0\Partition1
05:30:41.0093 9244  ============================================================
05:30:41.0093 9244  Initialize success
05:30:41.0093 9244  ============================================================
05:30:46.0093 8984  ============================================================
05:30:46.0093 8984  Scan started
05:30:46.0093 8984  Mode: Manual;
05:30:46.0093 8984  ============================================================
05:30:47.0687 8984  ================ Scan system memory ========================
05:30:47.0687 8984  System memory - ok
05:30:47.0687 8984  ================ Scan services =============================
05:30:47.0953 8984  Abiosdsk - ok
05:30:48.0000 8984  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
05:30:48.0000 8984  abp480n5 - ok
05:30:48.0093 8984  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:30:48.0093 8984  ACPI - ok
05:30:48.0156 8984  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
05:30:48.0156 8984  ACPIEC - ok
05:30:48.0312 8984  [ 9D96B0D5855FD1B98023B3EEC9F06786 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
05:30:48.0312 8984  AdobeFlashPlayerUpdateSvc - ok
05:30:48.0468 8984  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
05:30:48.0484 8984  adpu160m - ok
05:30:48.0562 8984  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
05:30:48.0562 8984  aec - ok
05:30:48.0640 8984  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
05:30:48.0640 8984  AFD - ok
05:30:48.0718 8984  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
05:30:48.0718 8984  agp440 - ok
05:30:48.0765 8984  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
05:30:48.0765 8984  agpCPQ - ok
05:30:48.0828 8984  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
05:30:48.0828 8984  Aha154x - ok
05:30:48.0875 8984  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
05:30:48.0875 8984  aic78u2 - ok
05:30:48.0953 8984  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
05:30:48.0953 8984  aic78xx - ok
05:30:49.0000 8984  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
05:30:49.0000 8984  Alerter - ok
05:30:49.0031 8984  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
05:30:49.0031 8984  ALG - ok
05:30:49.0078 8984  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
05:30:49.0078 8984  AliIde - ok
05:30:49.0125 8984  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
05:30:49.0125 8984  alim1541 - ok
05:30:49.0203 8984  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
05:30:49.0203 8984  amdagp - ok
05:30:49.0250 8984  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
05:30:49.0250 8984  amsint - ok
05:30:49.0296 8984  [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
05:30:49.0312 8984  ApfiltrService - ok
05:30:49.0406 8984  [ EC94E05B76D033B74394E7B2175103CF ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
05:30:49.0406 8984  APPDRV - ok
05:30:49.0468 8984  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
05:30:49.0468 8984  AppMgmt - ok
05:30:49.0546 8984  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:30:49.0546 8984  Arp1394 - ok
05:30:49.0625 8984  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
05:30:49.0625 8984  asc - ok
05:30:49.0687 8984  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
05:30:49.0687 8984  asc3350p - ok
05:30:49.0718 8984  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
05:30:49.0718 8984  asc3550 - ok
05:30:49.0843 8984  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
05:30:49.0843 8984  aspnet_state - ok
05:30:49.0906 8984  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:30:49.0906 8984  AsyncMac - ok
05:30:49.0953 8984  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
05:30:49.0953 8984  atapi - ok
05:30:49.0984 8984  Atdisk - ok
05:30:50.0000 8984  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:30:50.0000 8984  Atmarpc - ok
05:30:50.0062 8984  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
05:30:50.0062 8984  AudioSrv - ok
05:30:50.0125 8984  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
05:30:50.0125 8984  audstub - ok
05:30:50.0218 8984  [ 37F385A93C620CBE0F89C17E45F697A1 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
05:30:50.0250 8984  BCM43XX - ok
05:30:50.0343 8984  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
05:30:50.0343 8984  Beep - ok
05:30:50.0359 8984  Suspicious service (NoAccess): bfabf1ab1a0c70be
05:30:50.0406 8984  [ 0015D21DF3BA6BACACD3DC126028D76F ] bfabf1ab1a0c70be C:\WINDOWS\System32\Drivers\bfabf1ab1a0c70be.sys
05:30:50.0406 8984  Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\bfabf1ab1a0c70be.sys. md5: 0015D21DF3BA6BACACD3DC126028D76F
05:30:50.0656 8984  bfabf1ab1a0c70be ( Rootkit.Win32.Necurs.gen ) - infected
05:30:50.0656 8984  bfabf1ab1a0c70be - detected Rootkit.Win32.Necurs.gen (0)
05:30:50.0781 8984  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
05:30:50.0796 8984  BITS - ok
05:30:50.0921 8984  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
05:30:50.0921 8984  Bonjour Service - ok
05:30:51.0000 8984  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
05:30:51.0015 8984  Browser - ok
05:30:51.0093 8984  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
05:30:51.0093 8984  cbidf - ok
05:30:51.0109 8984  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
05:30:51.0109 8984  cbidf2k - ok
05:30:51.0156 8984  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:30:51.0156 8984  CCDECODE - ok
05:30:51.0203 8984  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
05:30:51.0203 8984  cd20xrnt - ok
05:30:51.0250 8984  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
05:30:51.0250 8984  Cdaudio - ok
05:30:51.0328 8984  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
05:30:51.0328 8984  Cdfs - ok
05:30:51.0375 8984  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:30:51.0390 8984  Cdrom - ok
05:30:51.0468 8984  [ 25C323075C5EA4A2555E35355A01F793 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
05:30:51.0468 8984  cfwids - ok
05:30:51.0500 8984  Changer - ok
05:30:51.0546 8984  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
05:30:51.0546 8984  CiSvc - ok
05:30:51.0656 8984  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
05:30:51.0656 8984  ClipSrv - ok
05:30:51.0734 8984  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:30:51.0734 8984  clr_optimization_v2.0.50727_32 - ok
05:30:51.0906 8984  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:30:51.0906 8984  clr_optimization_v4.0.30319_32 - ok
05:30:52.0015 8984  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
05:30:52.0015 8984  CmBatt - ok
05:30:52.0046 8984  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
05:30:52.0046 8984  CmdIde - ok
05:30:52.0093 8984  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
05:30:52.0093 8984  Compbatt - ok
05:30:52.0109 8984  COMSysApp - ok
05:30:52.0156 8984  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
05:30:52.0171 8984  Cpqarray - ok
05:30:52.0250 8984  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
05:30:52.0250 8984  CryptSvc - ok
05:30:52.0312 8984  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
05:30:52.0312 8984  dac2w2k - ok
05:30:52.0375 8984  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
05:30:52.0375 8984  dac960nt - ok
05:30:52.0468 8984  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
05:30:52.0484 8984  DcomLaunch - ok
05:30:52.0578 8984  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
05:30:52.0593 8984  Dhcp - ok
05:30:52.0656 8984  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
05:30:52.0656 8984  Disk - ok
05:30:52.0734 8984  [ A0500678A33802D8954153839301D539 ] DLABMFSM        C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
05:30:52.0734 8984  DLABMFSM - ok
05:30:52.0781 8984  [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM        C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
05:30:52.0781 8984  DLABOIOM - ok
05:30:52.0796 8984  [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
05:30:52.0812 8984  DLACDBHM - ok
05:30:52.0828 8984  [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM        C:\WINDOWS\system32\Drivers\DLADResM.SYS
05:30:52.0828 8984  DLADResM - ok
05:30:52.0843 8984  [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M        C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
05:30:52.0843 8984  DLAIFS_M - ok
05:30:52.0875 8984  [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM        C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
05:30:52.0875 8984  DLAOPIOM - ok
05:30:52.0890 8984  [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM        C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
05:30:52.0890 8984  DLAPoolM - ok
05:30:52.0921 8984  [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M        C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
05:30:52.0921 8984  DLARTL_M - ok
05:30:52.0937 8984  [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM        C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
05:30:52.0953 8984  DLAUDFAM - ok
05:30:52.0968 8984  [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M        C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
05:30:52.0968 8984  DLAUDF_M - ok
05:30:52.0984 8984  dmadmin - ok
05:30:53.0046 8984  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
05:30:53.0062 8984  dmboot - ok
05:30:53.0140 8984  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
05:30:53.0140 8984  dmio - ok
05:30:53.0187 8984  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
05:30:53.0187 8984  dmload - ok
05:30:53.0265 8984  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
05:30:53.0265 8984  dmserver - ok
05:30:53.0343 8984  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
05:30:53.0343 8984  DMusic - ok
05:30:53.0390 8984  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
05:30:53.0390 8984  Dnscache - ok
05:30:53.0453 8984  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
05:30:53.0453 8984  Dot3svc - ok
05:30:53.0515 8984  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
05:30:53.0515 8984  dpti2o - ok
05:30:53.0546 8984  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
05:30:53.0546 8984  drmkaud - ok
05:30:53.0640 8984  [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
05:30:53.0640 8984  DRVMCDB - ok
05:30:53.0687 8984  [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
05:30:53.0703 8984  DRVNDDM - ok
05:30:53.0750 8984  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
05:30:53.0750 8984  EapHost - ok
05:30:53.0781 8984  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
05:30:53.0781 8984  ERSvc - ok
05:30:53.0859 8984  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
05:30:53.0859 8984  Eventlog - ok
05:30:53.0921 8984  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
05:30:53.0921 8984  EventSystem - ok
05:30:53.0984 8984  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
05:30:54.0000 8984  Fastfat - ok
05:30:54.0046 8984  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
05:30:54.0046 8984  FastUserSwitchingCompatibility - ok
05:30:54.0109 8984  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
05:30:54.0125 8984  Fax - ok
05:30:54.0156 8984  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
05:30:54.0156 8984  Fdc - ok
05:30:54.0234 8984  [ 5C329E2AB8DD62310213CBFAC0178539 ] FilterService   C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
05:30:54.0234 8984  FilterService - ok
05:30:54.0281 8984  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
05:30:54.0281 8984  Fips - ok
05:30:54.0328 8984  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
05:30:54.0328 8984  Flpydisk - ok
05:30:54.0390 8984  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
05:30:54.0406 8984  FltMgr - ok
05:30:54.0500 8984  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
05:30:54.0500 8984  FontCache3.0.0.0 - ok
05:30:54.0656 8984  [ 7856550FCB1A99A487805332FE2B6C71 ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
05:30:54.0671 8984  FreemakeVideoCapture - ok
05:30:54.0703 8984  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:30:54.0703 8984  Fs_Rec - ok
05:30:54.0781 8984  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:30:54.0781 8984  Ftdisk - ok
05:30:54.0859 8984  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:30:54.0859 8984  Gpc - ok
05:30:54.0921 8984  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:30:54.0921 8984  HDAudBus - ok
05:30:55.0015 8984  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:30:55.0015 8984  helpsvc - ok
05:30:55.0140 8984  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
05:30:55.0140 8984  HidServ - ok
05:30:55.0187 8984  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:30:55.0187 8984  hidusb - ok
05:30:55.0265 8984  [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
05:30:55.0265 8984  HipShieldK - ok
05:30:55.0328 8984  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
05:30:55.0328 8984  hkmsvc - ok
05:30:55.0390 8984  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
05:30:55.0390 8984  hpn - ok
05:30:55.0453 8984  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
05:30:55.0468 8984  HTTP - ok
05:30:55.0531 8984  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
05:30:55.0531 8984  HTTPFilter - ok
05:30:55.0578 8984  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
05:30:55.0578 8984  i2omgmt - ok
05:30:55.0656 8984  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
05:30:55.0656 8984  i2omp - ok
05:30:55.0765 8984  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:30:55.0765 8984  i8042prt - ok
05:30:56.0078 8984  [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
05:30:56.0265 8984  ialm - ok
05:30:56.0390 8984  [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
05:30:56.0390 8984  iaStor - ok
05:30:56.0500 8984  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:30:56.0515 8984  idsvc - ok
05:30:56.0593 8984  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
05:30:56.0593 8984  Imapi - ok
05:30:56.0656 8984  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
05:30:56.0656 8984  ImapiService - ok
05:30:56.0734 8984  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
05:30:56.0734 8984  ini910u - ok
05:30:57.0015 8984  [ 613A2B00DA1D4A80DE1EC8CFB52C0D89 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
05:30:57.0140 8984  IntcAzAudAddService - ok
05:30:57.0218 8984  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
05:30:57.0234 8984  IntelIde - ok
05:30:57.0281 8984  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:30:57.0281 8984  intelppm - ok
05:30:57.0328 8984  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
05:30:57.0328 8984  Ip6Fw - ok
05:30:57.0359 8984  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:30:57.0359 8984  IpFilterDriver - ok
05:30:57.0406 8984  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:30:57.0406 8984  IpInIp - ok
05:30:57.0484 8984  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:30:57.0484 8984  IpNat - ok
05:30:57.0562 8984  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:30:57.0562 8984  IPSec - ok
05:30:57.0578 8984  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
05:30:57.0593 8984  IRENUM - ok
05:30:57.0656 8984  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:30:57.0656 8984  isapnp - ok
05:30:57.0765 8984  [ B9436A665A8621073A12338B16D7BFD4 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
05:30:57.0765 8984  JavaQuickStarterService - ok
05:30:57.0828 8984  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:30:57.0828 8984  Kbdclass - ok
05:30:57.0875 8984  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:30:57.0875 8984  kbdhid - ok
05:30:57.0937 8984  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
05:30:57.0953 8984  kmixer - ok
05:30:58.0000 8984  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
05:30:58.0015 8984  KSecDD - ok
05:30:58.0078 8984  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
05:30:58.0078 8984  LanmanServer - ok
05:30:58.0156 8984  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
05:30:58.0171 8984  lanmanworkstation - ok
05:30:58.0234 8984  lbrtfdc - ok
05:30:58.0328 8984  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
05:30:58.0328 8984  LmHosts - ok
05:30:58.0437 8984  [ 9A3D4FC6B86E7E36473079AB76AC703D ] LVcKap          C:\WINDOWS\system32\DRIVERS\LVcKap.sys
05:30:58.0468 8984  LVcKap - ok
05:30:58.0609 8984  [ 0ACBC11F19320AF6C19F2E20013D9095 ] LVMVDrv         C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
05:30:58.0640 8984  LVMVDrv - ok
05:30:58.0781 8984  [ E8ACF6DD83956FB63CEB058D5F51B18A ] lvpopflt        C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
05:30:58.0812 8984  lvpopflt - ok
05:30:58.0906 8984  [ 12866641284EBB41E627BB53C04DA959 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
05:30:58.0906 8984  LVPr2Mon - ok
05:30:58.0968 8984  [ 995D0B52870C7A5CAF3EA165FD674A35 ] LVPrcSrv        c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
05:30:58.0968 8984  LVPrcSrv - ok
05:30:59.0000 8984  [ A005CEE9BE199C5E375FAA559CA9A7A9 ] LVSrvLauncher   C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
05:30:59.0000 8984  LVSrvLauncher - ok
05:30:59.0062 8984  [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta        C:\WINDOWS\system32\drivers\LVUSBSta.sys
05:30:59.0062 8984  LVUSBSta - ok
05:30:59.0203 8984  [ 922BE6770499220DC27B529CA236815A ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
05:30:59.0234 8984  LVUVC - ok
05:30:59.0328 8984  [ C846349849475B7EC8B20A825449D531 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
05:30:59.0343 8984  MBAMProtector - ok
05:30:59.0500 8984  [ 47DF4BC3D1561B6DAFA0862735FA1493 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
05:30:59.0531 8984  MBAMScheduler - ok
05:30:59.0625 8984  [ 2CFC417EED3BF5DDA255CB7EF7E09D45 ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
05:30:59.0640 8984  MBAMService - ok
05:30:59.0734 8984  [ 661B911FA04E73FB073FF9B1C9BD2E05 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
05:30:59.0734 8984  MBAMSwissArmy - ok
05:30:59.0859 8984  [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
05:30:59.0859 8984  McMPFSvc - ok
05:30:59.0953 8984  [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:30:59.0953 8984  mcmscsvc - ok
05:30:59.0968 8984  [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:30:59.0984 8984  McNaiAnn - ok
05:31:00.0000 8984  [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:31:00.0000 8984  McNASvc - ok
05:31:00.0125 8984  [ E352CC1723B3B69A7BB1E81DBC9D9D78 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
05:31:00.0125 8984  McODS - ok
05:31:00.0171 8984  [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
05:31:00.0171 8984  McProxy - ok
05:31:00.0343 8984  [ 6FE0532CB16300C09D098F808EAAEE9D ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
05:31:00.0343 8984  McShield - ok
05:31:00.0406 8984  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
05:31:00.0421 8984  MDM - ok
05:31:00.0484 8984  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
05:31:00.0484 8984  Messenger - ok
05:31:00.0578 8984  [ 6708AD7D9ABDD6FDE1EB9B54FFE426B0 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
05:31:00.0578 8984  mfeapfk - ok
05:31:00.0625 8984  [ 375DE90B68533D9D0D7766D4CCB4CA32 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
05:31:00.0625 8984  mfeavfk - ok
05:31:00.0671 8984  [ 5ED806D4DF27AC11236BD9AD2CC10B7E ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
05:31:00.0671 8984  mfebopk - ok
05:31:00.0718 8984  [ 1A427BB508ACBEE09A88F08D1CA38E2F ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
05:31:00.0734 8984  mfefire - ok
05:31:00.0843 8984  [ 16BF9475BFCFAA420A8CB29E40284457 ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
05:31:00.0859 8984  mfefirek - ok
05:31:01.0000 8984  [ 875452ECDF4AEBE12B8C2EFD8599A36F ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
05:31:01.0000 8984  mfehidk - ok
05:31:01.0078 8984  [ D669ACBE7672819109706C3CFF6BD1DB ] mferkdet        C:\WINDOWS\system32\drivers\mferkdet.sys
05:31:01.0078 8984  mferkdet - ok
05:31:01.0171 8984  [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk         C:\WINDOWS\system32\drivers\mferkdk.sys
05:31:01.0171 8984  mferkdk - ok
05:31:01.0265 8984  [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk         C:\WINDOWS\system32\drivers\mfesmfk.sys
05:31:01.0265 8984  mfesmfk - ok
05:31:01.0328 8984  [ 1328C929A2F801BB93DBDFCDC25E0E7A ] mfetdi2k        C:\WINDOWS\system32\drivers\mfetdi2k.sys
05:31:01.0328 8984  mfetdi2k - ok
05:31:01.0453 8984  [ D66A1A16166897A5F7D04961F582F03B ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
05:31:01.0453 8984  mfevtp - ok
05:31:01.0578 8984  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
05:31:01.0578 8984  Microsoft Office Groove Audit Service - ok
05:31:01.0703 8984  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
05:31:01.0703 8984  mnmdd - ok
05:31:01.0750 8984  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
05:31:01.0750 8984  mnmsrvc - ok
05:31:01.0812 8984  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
05:31:01.0812 8984  Modem - ok
05:31:01.0890 8984  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:31:01.0890 8984  Mouclass - ok
05:31:01.0937 8984  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:31:01.0953 8984  mouhid - ok
05:31:01.0968 8984  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
05:31:01.0968 8984  MountMgr - ok
05:31:02.0093 8984  [ 338037EFA0E8E8699B2667D57B751574 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
05:31:02.0093 8984  MozillaMaintenance - ok
05:31:02.0187 8984  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
05:31:02.0203 8984  mraid35x - ok
05:31:02.0281 8984  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:31:02.0281 8984  MRxDAV - ok
05:31:02.0343 8984  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:31:02.0359 8984  MRxSmb - ok
05:31:02.0453 8984  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
05:31:02.0453 8984  MSDTC - ok
05:31:02.0531 8984  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
05:31:02.0531 8984  Msfs - ok
05:31:02.0562 8984  MSIServer - ok
05:31:02.0671 8984  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:31:02.0671 8984  MSKSSRV - ok
05:31:02.0734 8984  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:31:02.0734 8984  MSPCLOCK - ok
05:31:02.0781 8984  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
05:31:02.0781 8984  MSPQM - ok
05:31:02.0906 8984  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:31:02.0906 8984  mssmbios - ok
05:31:02.0953 8984  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
05:31:02.0953 8984  MSTEE - ok
05:31:03.0046 8984  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
05:31:03.0046 8984  Mup - ok
05:31:03.0109 8984  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:31:03.0109 8984  NABTSFEC - ok
05:31:03.0171 8984  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
05:31:03.0171 8984  napagent - ok
05:31:03.0250 8984  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
05:31:03.0250 8984  NDIS - ok
05:31:03.0296 8984  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:31:03.0296 8984  NdisIP - ok
05:31:03.0390 8984  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:31:03.0390 8984  NdisTapi - ok
05:31:03.0437 8984  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:31:03.0437 8984  Ndisuio - ok
05:31:03.0453 8984  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:31:03.0453 8984  NdisWan - ok
05:31:03.0500 8984  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
05:31:03.0500 8984  NDProxy - ok
05:31:03.0578 8984  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
05:31:03.0578 8984  NetBIOS - ok
05:31:03.0625 8984  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
05:31:03.0640 8984  NetBT - ok
05:31:03.0703 8984  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
05:31:03.0703 8984  NetDDE - ok
05:31:03.0718 8984  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
05:31:03.0734 8984  NetDDEdsdm - ok
05:31:03.0796 8984  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
05:31:03.0796 8984  Netlogon - ok
05:31:03.0875 8984  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
05:31:03.0875 8984  Netman - ok
05:31:04.0000 8984  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:31:04.0015 8984  NetTcpPortSharing - ok
05:31:04.0062 8984  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:31:04.0062 8984  NIC1394 - ok
05:31:04.0125 8984  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
05:31:04.0125 8984  Nla - ok
05:31:04.0187 8984  NMSAccess - ok
05:31:04.0312 8984  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf             C:\WINDOWS\system32\drivers\npf.sys
05:31:04.0312 8984  npf - ok
05:31:04.0375 8984  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
05:31:04.0375 8984  Npfs - ok
05:31:04.0437 8984  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
05:31:04.0453 8984  Ntfs - ok
05:31:04.0515 8984  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
05:31:04.0531 8984  NtLmSsp - ok
05:31:04.0609 8984  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
05:31:04.0625 8984  NtmsSvc - ok
05:31:04.0687 8984  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
05:31:04.0703 8984  Null - ok
05:31:04.0734 8984  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:31:04.0734 8984  NwlnkFlt - ok
05:31:04.0765 8984  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:31:04.0765 8984  NwlnkFwd - ok
05:31:04.0828 8984  [ BBD5503999F331278DB39046888D559C ] O2FLASH         C:\WINDOWS\system32\DRIVERS\o2flash.exe
05:31:04.0828 8984  O2FLASH - ok
05:31:04.0875 8984  [ 948AEFC4DB1E6CC5A8D9FC5740AEE392 ] O2MDRDR         C:\WINDOWS\system32\DRIVERS\o2media.sys
05:31:04.0875 8984  O2MDRDR - ok
05:31:04.0953 8984  [ 5472C48F44B49F07B16B421899E550F8 ] O2SDRDR         C:\WINDOWS\system32\DRIVERS\o2sd.sys
05:31:04.0953 8984  O2SDRDR - ok
05:31:05.0078 8984  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
05:31:05.0078 8984  odserv - ok
05:31:05.0156 8984  [ 58F478FD0115012CEEC75FB73628901C ] OEM13Afx        C:\WINDOWS\system32\Drivers\OEM13Afx.sys
05:31:05.0156 8984  OEM13Afx - ok
05:31:05.0281 8984  [ 86326062A90494BDD79CE383511D7D69 ] OEM13Vfx        C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
05:31:05.0281 8984  OEM13Vfx - ok
05:31:05.0343 8984  [ 12539B57ED05DE7552403A12B3E0161C ] OEM13Vid        C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
05:31:05.0359 8984  OEM13Vid - ok
05:31:05.0437 8984  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:31:05.0437 8984  ohci1394 - ok
05:31:05.0500 8984  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:31:05.0500 8984  ose - ok
05:31:05.0546 8984  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
05:31:05.0546 8984  Parport - ok
05:31:05.0578 8984  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
05:31:05.0593 8984  PartMgr - ok
05:31:05.0625 8984  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
05:31:05.0625 8984  ParVdm - ok
05:31:05.0671 8984  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
05:31:05.0671 8984  PCI - ok
05:31:05.0703 8984  PCIDump - ok
05:31:05.0734 8984  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
05:31:05.0734 8984  PCIIde - ok
05:31:05.0765 8984  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
05:31:05.0765 8984  Pcmcia - ok
05:31:05.0781 8984  PDCOMP - ok
05:31:05.0796 8984  PDFRAME - ok
05:31:05.0812 8984  PDRELI - ok
05:31:05.0828 8984  PDRFRAME - ok
05:31:05.0890 8984  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
05:31:05.0890 8984  perc2 - ok
05:31:05.0953 8984  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
05:31:05.0953 8984  perc2hib - ok
05:31:06.0046 8984  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
05:31:06.0046 8984  PlugPlay - ok
05:31:06.0078 8984  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
05:31:06.0093 8984  PolicyAgent - ok
05:31:06.0156 8984  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:31:06.0156 8984  PptpMiniport - ok
05:31:06.0187 8984  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
05:31:06.0187 8984  ProtectedStorage - ok
05:31:06.0218 8984  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
05:31:06.0218 8984  PSched - ok
05:31:06.0234 8984  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:31:06.0250 8984  Ptilink - ok
05:31:06.0343 8984  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
05:31:06.0343 8984  PxHelp20 - ok
05:31:06.0390 8984  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
05:31:06.0406 8984  ql1080 - ok
05:31:06.0437 8984  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
05:31:06.0437 8984  Ql10wnt - ok
05:31:06.0484 8984  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
05:31:06.0484 8984  ql12160 - ok
05:31:06.0546 8984  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
05:31:06.0562 8984  ql1240 - ok
05:31:06.0625 8984  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
05:31:06.0625 8984  ql1280 - ok
05:31:06.0671 8984  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:31:06.0671 8984  RasAcd - ok
05:31:06.0734 8984  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
05:31:06.0765 8984  RasAuto - ok
05:31:06.0843 8984  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:31:06.0843 8984  Rasl2tp - ok
05:31:06.0890 8984  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
05:31:06.0890 8984  RasMan - ok
05:31:06.0906 8984  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:31:06.0906 8984  RasPppoe - ok
05:31:06.0953 8984  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
05:31:06.0953 8984  Raspti - ok
05:31:06.0984 8984  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:31:06.0984 8984  Rdbss - ok
05:31:07.0015 8984  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:31:07.0015 8984  RDPCDD - ok
05:31:07.0031 8984  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:31:07.0031 8984  rdpdr - ok
05:31:07.0093 8984  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
05:31:07.0093 8984  RDPWD - ok
05:31:07.0187 8984  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
05:31:07.0187 8984  RDSessMgr - ok
05:31:07.0234 8984  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
05:31:07.0234 8984  redbook - ok
05:31:07.0281 8984  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
05:31:07.0281 8984  RemoteAccess - ok
05:31:07.0343 8984  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
05:31:07.0359 8984  RemoteRegistry - ok
05:31:07.0406 8984  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
05:31:07.0406 8984  RpcLocator - ok
05:31:07.0515 8984  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
05:31:07.0515 8984  RpcSs - ok
05:31:07.0562 8984  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
05:31:07.0578 8984  RSVP - ok
05:31:07.0640 8984  [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
05:31:07.0640 8984  RTLE8023xp - ok
05:31:07.0671 8984  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
05:31:07.0687 8984  SamSs - ok
05:31:07.0734 8984  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
05:31:07.0734 8984  SCardSvr - ok
05:31:07.0843 8984  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
05:31:07.0843 8984  Schedule - ok
05:31:07.0906 8984  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
05:31:07.0906 8984  sdbus - ok
05:31:07.0937 8984  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:31:07.0937 8984  Secdrv - ok
05:31:08.0000 8984  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
05:31:08.0015 8984  seclogon - ok
05:31:08.0078 8984  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
05:31:08.0093 8984  SENS - ok
05:31:08.0140 8984  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
05:31:08.0140 8984  Serial - ok
05:31:08.0265 8984  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
05:31:08.0281 8984  Sfloppy - ok
05:31:08.0406 8984  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
05:31:08.0406 8984  SharedAccess - ok
05:31:08.0453 8984  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
05:31:08.0453 8984  ShellHWDetection - ok
05:31:08.0500 8984  Simbad - ok
05:31:08.0578 8984  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
05:31:08.0578 8984  sisagp - ok
05:31:08.0703 8984  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
05:31:08.0718 8984  SkypeUpdate - ok
05:31:08.0812 8984  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:31:08.0812 8984  SLIP - ok
05:31:08.0890 8984  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
05:31:08.0890 8984  Sparrow - ok
05:31:08.0968 8984  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
05:31:08.0968 8984  splitter - ok
05:31:09.0031 8984  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
05:31:09.0031 8984  Spooler - ok
05:31:09.0093 8984  sprtsvc_dellsupportcenter - ok
05:31:09.0156 8984  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
05:31:09.0171 8984  sptd - ok
05:31:09.0265 8984  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
05:31:09.0281 8984  sr - ok
05:31:09.0328 8984  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
05:31:09.0343 8984  srservice - ok
05:31:09.0406 8984  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
05:31:09.0406 8984  Srv - ok
05:31:09.0484 8984  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
05:31:09.0484 8984  SSDPSRV - ok
05:31:09.0515 8984  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
05:31:09.0515 8984  stisvc - ok
05:31:09.0625 8984  [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
05:31:09.0625 8984  stllssvr - ok
05:31:09.0687 8984  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:31:09.0687 8984  streamip - ok
05:31:09.0734 8984  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
05:31:09.0750 8984  swenum - ok
05:31:09.0796 8984  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
05:31:09.0796 8984  swmidi - ok
05:31:09.0828 8984  SwPrv - ok
05:31:09.0906 8984  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
05:31:09.0921 8984  symc810 - ok
05:31:09.0984 8984  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
05:31:09.0984 8984  symc8xx - ok
05:31:10.0093 8984  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
05:31:10.0093 8984  sym_hi - ok
05:31:10.0140 8984  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
05:31:10.0140 8984  sym_u3 - ok
05:31:10.0203 8984  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
05:31:10.0203 8984  sysaudio - ok
05:31:10.0265 8984  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
05:31:10.0281 8984  SysmonLog - ok
05:31:10.0390 8984  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
05:31:10.0406 8984  TapiSrv - ok
05:31:10.0500 8984  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:31:10.0515 8984  Tcpip - ok
05:31:10.0593 8984  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
05:31:10.0593 8984  TDPIPE - ok
05:31:10.0625 8984  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
05:31:10.0625 8984  TDTCP - ok
05:31:10.0671 8984  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
05:31:10.0671 8984  TermDD - ok
05:31:10.0765 8984  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
05:31:10.0781 8984  TermService - ok
05:31:10.0828 8984  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
05:31:10.0828 8984  Themes - ok
05:31:10.0875 8984  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
05:31:10.0875 8984  TlntSvr - ok
05:31:10.0921 8984  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
05:31:10.0937 8984  TosIde - ok
05:31:11.0031 8984  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
05:31:11.0046 8984  TrkWks - ok
05:31:11.0156 8984  [ A6A3442B215A911F489BE156A4BA2D60 ] tStLib          C:\WINDOWS\system32\drivers\tStLib.sys
05:31:11.0156 8984  tStLib - ok
05:31:11.0250 8984  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
05:31:11.0250 8984  Udfs - ok
05:31:11.0375 8984  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
05:31:11.0375 8984  ultra - ok
05:31:11.0468 8984  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
05:31:11.0484 8984  Update - ok
05:31:11.0578 8984  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
05:31:11.0593 8984  upnphost - ok
05:31:11.0640 8984  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
05:31:11.0640 8984  UPS - ok
05:31:11.0734 8984  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
05:31:11.0750 8984  usbaudio - ok
05:31:11.0812 8984  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:31:11.0828 8984  usbccgp - ok
05:31:11.0843 8984  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:31:11.0859 8984  usbehci - ok
05:31:11.0921 8984  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:31:11.0921 8984  usbhub - ok
05:31:11.0968 8984  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:31:11.0968 8984  usbprint - ok
05:31:12.0046 8984  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:31:12.0046 8984  USBSTOR - ok
05:31:12.0093 8984  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:31:12.0093 8984  usbuhci - ok
05:31:12.0156 8984  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
05:31:12.0156 8984  usbvideo - ok
05:31:12.0218 8984  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
05:31:12.0218 8984  VgaSave - ok
05:31:12.0296 8984  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
05:31:12.0296 8984  viaagp - ok
05:31:12.0359 8984  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
05:31:12.0375 8984  ViaIde - ok
05:31:12.0421 8984  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
05:31:12.0421 8984  VolSnap - ok
05:31:12.0500 8984  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
05:31:12.0515 8984  VSS - ok
05:31:12.0609 8984  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
05:31:12.0625 8984  w32time - ok
05:31:12.0671 8984  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:31:12.0671 8984  Wanarp - ok
05:31:12.0734 8984  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
05:31:12.0750 8984  Wdf01000 - ok
05:31:12.0796 8984  WDICA - ok
05:31:12.0828 8984  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
05:31:12.0828 8984  wdmaud - ok
05:31:12.0859 8984  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
05:31:12.0875 8984  WebClient - ok
05:31:13.0000 8984  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
05:31:13.0015 8984  winmgmt - ok
05:31:13.0093 8984  wltrysvc - ok
05:31:13.0140 8984  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
05:31:13.0140 8984  WmdmPmSN - ok
05:31:13.0203 8984  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
05:31:13.0203 8984  Wmi - ok
05:31:13.0390 8984  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
05:31:13.0390 8984  WmiAcpi - ok
05:31:13.0468 8984  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
05:31:13.0468 8984  WmiApSrv - ok
05:31:13.0609 8984  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
05:31:13.0640 8984  WMPNetworkSvc - ok
05:31:13.0812 8984  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
05:31:13.0843 8984  WPFFontCache_v0400 - ok
05:31:13.0984 8984  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
05:31:13.0984 8984  wscsvc - ok
05:31:14.0062 8984  WSearch - ok
05:31:14.0171 8984  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:31:14.0171 8984  WSTCODEC - ok
05:31:14.0296 8984  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
05:31:14.0312 8984  wuauserv - ok
05:31:14.0375 8984  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:31:14.0390 8984  WudfPf - ok
05:31:14.0468 8984  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:31:14.0468 8984  WudfRd - ok
05:31:14.0546 8984  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
05:31:14.0562 8984  WudfSvc - ok
05:31:14.0671 8984  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
05:31:14.0671 8984  WZCSVC - ok
05:31:14.0765 8984  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
05:31:14.0781 8984  xmlprov - ok
05:31:14.0843 8984  {09BB444F-B2E2-4009-BAF2-7B727681223E} - ok
05:31:14.0937 8984  ================ Scan global ===============================
05:31:15.0015 8984  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
05:31:15.0046 8984  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
05:31:15.0078 8984  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
05:31:15.0109 8984  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
05:31:15.0109 8984  [Global] - ok
05:31:15.0109 8984  ================ Scan MBR ==================================
05:31:15.0140 8984  [ 27A9FC7708F39487D61506A5245BF3D8 ] \Device\Harddisk0\DR0
05:31:15.0468 8984  \Device\Harddisk0\DR0 - ok
05:31:15.0468 8984  ================ Scan VBR ==================================
05:31:15.0468 8984  [ 016BC2375AD0AFBF1BCBBD650D5000BD ] \Device\Harddisk0\DR0\Partition1
05:31:15.0468 8984  \Device\Harddisk0\DR0\Partition1 - ok
05:31:15.0468 8984  ============================================================
05:31:15.0468 8984  Scan finished
05:31:15.0468 8984  ============================================================
05:31:15.0500 7064  Detected object count: 1
05:31:15.0500 7064  Actual detected object count: 1
05:34:57.0750 7064  bfabf1ab1a0c70be ( Rootkit.Win32.Necurs.gen ) - skipped by user
05:34:57.0750 7064  bfabf1ab1a0c70be ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:50 PM

Posted 28 March 2014 - 08:50 AM

Please run TDSSKiller again.
 
This time, when the scan completes be sure to select Cure on the following entry....  

bfabf1ab1a0c70be ( Rootkit.Win32.Necurs.gen ) 
 
Post the new log that is made and let me know if you are still hearing the ads.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 28 March 2014 - 05:48 PM

There is delete, skip and copy to quarintine. Do I delete or copy to quarintine?



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:50 PM

Posted 28 March 2014 - 05:54 PM

Delete.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 28 March 2014 - 06:04 PM

15:46:03.0203 6300  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:46:05.0203 6300  ============================================================
15:46:05.0203 6300  Current date / time: 2014/03/28 15:46:05.0203
15:46:05.0203 6300  SystemInfo:
15:46:05.0203 6300  
15:46:05.0203 6300  OS Version: 5.1.2600 ServicePack: 3.0
15:46:05.0203 6300  Product type: Workstation
15:46:05.0203 6300  ComputerName: D1X0RGJ1
15:46:05.0203 6300  UserName: Gary Jay
15:46:05.0203 6300  Windows directory: C:\WINDOWS
15:46:05.0203 6300  System windows directory: C:\WINDOWS
15:46:05.0203 6300  Processor architecture: Intel x86
15:46:05.0203 6300  Number of processors: 2
15:46:05.0203 6300  Page size: 0x1000
15:46:05.0203 6300  Boot type: Normal boot
15:46:05.0203 6300  ============================================================
15:46:11.0218 6300  !crdlk
15:46:11.0468 6300  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
15:46:11.0484 6300  ============================================================
15:46:11.0484 6300  \Device\Harddisk0\DR0:
15:46:11.0484 6300  MBR partitions:
15:46:11.0484 6300  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x1BE190B0
15:46:11.0484 6300  ============================================================
15:46:11.0546 6300  C: <-> \Device\Harddisk0\DR0\Partition1
15:46:11.0546 6300  ============================================================
15:46:11.0546 6300  Initialize success
15:46:11.0546 6300  ============================================================
15:46:18.0515 6428  ============================================================
15:46:18.0515 6428  Scan started
15:46:18.0515 6428  Mode: Manual;
15:46:18.0515 6428  ============================================================
15:46:18.0812 6428  ================ Scan system memory ========================
15:46:18.0812 6428  System memory - ok
15:46:18.0812 6428  ================ Scan services =============================
15:46:19.0093 6428  Abiosdsk - ok
15:46:19.0140 6428  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:46:19.0140 6428  abp480n5 - ok
15:46:19.0218 6428  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:46:19.0218 6428  ACPI - ok
15:46:19.0265 6428  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:46:19.0265 6428  ACPIEC - ok
15:46:19.0421 6428  [ 9D96B0D5855FD1B98023B3EEC9F06786 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:46:19.0421 6428  AdobeFlashPlayerUpdateSvc - ok
15:46:19.0546 6428  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:46:19.0546 6428  adpu160m - ok
15:46:19.0640 6428  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:46:19.0640 6428  aec - ok
15:46:19.0718 6428  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:46:19.0734 6428  AFD - ok
15:46:19.0828 6428  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
15:46:19.0828 6428  agp440 - ok
15:46:19.0875 6428  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:46:19.0875 6428  agpCPQ - ok
15:46:19.0953 6428  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:46:19.0968 6428  Aha154x - ok
15:46:20.0015 6428  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:46:20.0015 6428  aic78u2 - ok
15:46:20.0046 6428  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:46:20.0046 6428  aic78xx - ok
15:46:20.0093 6428  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:46:20.0093 6428  Alerter - ok
15:46:20.0140 6428  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
15:46:20.0140 6428  ALG - ok
15:46:20.0203 6428  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
15:46:20.0203 6428  AliIde - ok
15:46:20.0296 6428  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:46:20.0296 6428  alim1541 - ok
15:46:20.0359 6428  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:46:20.0359 6428  amdagp - ok
15:46:20.0406 6428  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
15:46:20.0406 6428  amsint - ok
15:46:20.0484 6428  [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:46:20.0484 6428  ApfiltrService - ok
15:46:20.0609 6428  [ EC94E05B76D033B74394E7B2175103CF ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
15:46:20.0609 6428  APPDRV - ok
15:46:20.0671 6428  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:46:20.0671 6428  AppMgmt - ok
15:46:20.0750 6428  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:46:20.0750 6428  Arp1394 - ok
15:46:20.0796 6428  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
15:46:20.0796 6428  asc - ok
15:46:20.0843 6428  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:46:20.0843 6428  asc3350p - ok
15:46:20.0859 6428  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:46:20.0859 6428  asc3550 - ok
15:46:20.0984 6428  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:46:21.0000 6428  aspnet_state - ok
15:46:21.0046 6428  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:46:21.0046 6428  AsyncMac - ok
15:46:21.0093 6428  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:46:21.0093 6428  atapi - ok
15:46:21.0140 6428  Atdisk - ok
15:46:21.0171 6428  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:46:21.0171 6428  Atmarpc - ok
15:46:21.0234 6428  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:46:21.0234 6428  AudioSrv - ok
15:46:21.0281 6428  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:46:21.0281 6428  audstub - ok
15:46:21.0390 6428  [ 37F385A93C620CBE0F89C17E45F697A1 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:46:21.0406 6428  BCM43XX - ok
15:46:21.0468 6428  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:46:21.0468 6428  Beep - ok
15:46:21.0484 6428  Suspicious service (NoAccess): bfabf1ab1a0c70be
15:46:21.0546 6428  [ 0015D21DF3BA6BACACD3DC126028D76F ] bfabf1ab1a0c70be C:\WINDOWS\System32\Drivers\bfabf1ab1a0c70be.sys
15:46:21.0546 6428  Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\bfabf1ab1a0c70be.sys. md5: 0015D21DF3BA6BACACD3DC126028D76F
15:46:22.0203 6428  bfabf1ab1a0c70be ( Rootkit.Win32.Necurs.gen ) - infected
15:46:22.0203 6428  bfabf1ab1a0c70be - detected Rootkit.Win32.Necurs.gen (0)
15:46:22.0343 6428  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
15:46:22.0421 6428  BITS - ok
15:46:22.0656 6428  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:46:22.0687 6428  Bonjour Service - ok
15:46:22.0765 6428  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
15:46:22.0765 6428  Browser - ok
15:46:22.0828 6428  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:46:22.0843 6428  cbidf - ok
15:46:22.0890 6428  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:46:22.0906 6428  cbidf2k - ok
15:46:22.0953 6428  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:46:22.0953 6428  CCDECODE - ok
15:46:23.0046 6428  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:46:23.0062 6428  cd20xrnt - ok
15:46:23.0093 6428  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:46:23.0093 6428  Cdaudio - ok
15:46:23.0125 6428  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:46:23.0125 6428  Cdfs - ok
15:46:23.0171 6428  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:46:23.0187 6428  Cdrom - ok
15:46:23.0265 6428  [ 25C323075C5EA4A2555E35355A01F793 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
15:46:23.0281 6428  cfwids - ok
15:46:23.0546 6428  Changer - ok
15:46:23.0703 6428  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:46:23.0718 6428  CiSvc - ok
15:46:23.0859 6428  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:46:23.0859 6428  ClipSrv - ok
15:46:23.0953 6428  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:24.0015 6428  clr_optimization_v2.0.50727_32 - ok
15:46:24.0171 6428  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:46:24.0171 6428  clr_optimization_v4.0.30319_32 - ok
15:46:24.0281 6428  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:46:24.0296 6428  CmBatt - ok
15:46:24.0343 6428  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:46:24.0343 6428  CmdIde - ok
15:46:24.0390 6428  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:46:24.0406 6428  Compbatt - ok
15:46:24.0421 6428  COMSysApp - ok
15:46:24.0468 6428  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:46:24.0468 6428  Cpqarray - ok
15:46:24.0578 6428  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:46:24.0578 6428  CryptSvc - ok
15:46:24.0656 6428  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:46:24.0671 6428  dac2w2k - ok
15:46:24.0750 6428  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:46:24.0781 6428  dac960nt - ok
15:46:24.0937 6428  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:46:24.0937 6428  DcomLaunch - ok
15:46:25.0078 6428  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:46:25.0093 6428  Dhcp - ok
15:46:25.0171 6428  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:46:25.0171 6428  Disk - ok
15:46:25.0234 6428  [ A0500678A33802D8954153839301D539 ] DLABMFSM        C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
15:46:25.0234 6428  DLABMFSM - ok
15:46:25.0296 6428  [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM        C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
15:46:25.0296 6428  DLABOIOM - ok
15:46:25.0328 6428  [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:46:25.0328 6428  DLACDBHM - ok
15:46:25.0343 6428  [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM        C:\WINDOWS\system32\Drivers\DLADResM.SYS
15:46:25.0343 6428  DLADResM - ok
15:46:25.0359 6428  [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M        C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
15:46:25.0359 6428  DLAIFS_M - ok
15:46:25.0375 6428  [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM        C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
15:46:25.0390 6428  DLAOPIOM - ok
15:46:25.0406 6428  [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM        C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
15:46:25.0406 6428  DLAPoolM - ok
15:46:25.0437 6428  [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M        C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
15:46:25.0437 6428  DLARTL_M - ok
15:46:25.0453 6428  [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM        C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
15:46:25.0468 6428  DLAUDFAM - ok
15:46:25.0484 6428  [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M        C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
15:46:25.0484 6428  DLAUDF_M - ok
15:46:25.0500 6428  dmadmin - ok
15:46:25.0546 6428  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:46:25.0562 6428  dmboot - ok
15:46:25.0640 6428  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:46:25.0640 6428  dmio - ok
15:46:25.0671 6428  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:46:25.0671 6428  dmload - ok
15:46:25.0765 6428  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:46:25.0765 6428  dmserver - ok
15:46:25.0828 6428  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:46:25.0828 6428  DMusic - ok
15:46:25.0953 6428  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:46:25.0968 6428  Dnscache - ok
15:46:26.0140 6428  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:46:26.0140 6428  Dot3svc - ok
15:46:26.0203 6428  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:46:26.0203 6428  dpti2o - ok
15:46:26.0265 6428  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:46:26.0265 6428  drmkaud - ok
15:46:26.0343 6428  [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:46:26.0343 6428  DRVMCDB - ok
15:46:26.0406 6428  [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:46:26.0406 6428  DRVNDDM - ok
15:46:26.0468 6428  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:46:26.0468 6428  EapHost - ok
15:46:26.0500 6428  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:46:26.0500 6428  ERSvc - ok
15:46:26.0562 6428  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
15:46:26.0562 6428  Eventlog - ok
15:46:26.0656 6428  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
15:46:26.0656 6428  EventSystem - ok
15:46:26.0750 6428  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:46:26.0765 6428  Fastfat - ok
15:46:26.0828 6428  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:46:26.0843 6428  FastUserSwitchingCompatibility - ok
15:46:26.0906 6428  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
15:46:26.0937 6428  Fax - ok
15:46:27.0031 6428  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
15:46:27.0031 6428  Fdc - ok
15:46:27.0093 6428  [ 5C329E2AB8DD62310213CBFAC0178539 ] FilterService   C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
15:46:27.0093 6428  FilterService - ok
15:46:27.0156 6428  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:46:27.0156 6428  Fips - ok
15:46:27.0203 6428  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
15:46:27.0203 6428  Flpydisk - ok
15:46:27.0250 6428  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:46:27.0265 6428  FltMgr - ok
15:46:27.0515 6428  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:46:27.0531 6428  FontCache3.0.0.0 - ok
15:46:27.0734 6428  [ 7856550FCB1A99A487805332FE2B6C71 ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
15:46:27.0734 6428  FreemakeVideoCapture - ok
15:46:27.0796 6428  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:46:27.0796 6428  Fs_Rec - ok
15:46:27.0906 6428  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:46:27.0906 6428  Ftdisk - ok
15:46:27.0968 6428  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:46:27.0968 6428  Gpc - ok
15:46:28.0046 6428  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:46:28.0046 6428  HDAudBus - ok
15:46:28.0156 6428  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:46:28.0156 6428  helpsvc - ok
15:46:28.0296 6428  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
15:46:28.0296 6428  HidServ - ok
15:46:28.0359 6428  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:46:28.0359 6428  hidusb - ok
15:46:28.0437 6428  [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
15:46:28.0453 6428  HipShieldK - ok
15:46:28.0500 6428  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:46:28.0515 6428  hkmsvc - ok
15:46:28.0593 6428  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
15:46:28.0593 6428  hpn - ok
15:46:28.0656 6428  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:46:28.0656 6428  HTTP - ok
15:46:28.0703 6428  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:46:28.0703 6428  HTTPFilter - ok
15:46:28.0750 6428  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
15:46:28.0750 6428  i2omgmt - ok
15:46:28.0843 6428  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:46:28.0843 6428  i2omp - ok
15:46:28.0890 6428  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:46:28.0890 6428  i8042prt - ok
15:46:29.0109 6428  [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:46:29.0171 6428  ialm - ok
15:46:29.0265 6428  [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
15:46:29.0265 6428  iaStor - ok
15:46:29.0375 6428  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:46:29.0421 6428  idsvc - ok
15:46:29.0546 6428  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:46:29.0546 6428  Imapi - ok
15:46:29.0609 6428  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:46:29.0609 6428  ImapiService - ok
15:46:29.0687 6428  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:46:29.0687 6428  ini910u - ok
15:46:29.0937 6428  [ 613A2B00DA1D4A80DE1EC8CFB52C0D89 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:46:29.0968 6428  IntcAzAudAddService - ok
15:46:30.0046 6428  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
15:46:30.0046 6428  IntelIde - ok
15:46:30.0093 6428  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:46:30.0093 6428  intelppm - ok
15:46:30.0156 6428  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:46:30.0156 6428  Ip6Fw - ok
15:46:30.0187 6428  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:46:30.0203 6428  IpFilterDriver - ok
15:46:30.0265 6428  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:46:30.0265 6428  IpInIp - ok
15:46:30.0328 6428  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:46:30.0328 6428  IpNat - ok
15:46:30.0375 6428  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:46:30.0375 6428  IPSec - ok
15:46:30.0421 6428  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:46:30.0421 6428  IRENUM - ok
15:46:30.0531 6428  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:46:30.0531 6428  isapnp - ok
15:46:30.0703 6428  [ B9436A665A8621073A12338B16D7BFD4 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:46:30.0703 6428  JavaQuickStarterService - ok
15:46:30.0781 6428  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:46:30.0781 6428  Kbdclass - ok
15:46:30.0890 6428  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:46:30.0890 6428  kbdhid - ok
15:46:30.0921 6428  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:46:30.0921 6428  kmixer - ok
15:46:31.0031 6428  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:46:31.0031 6428  KSecDD - ok
15:46:31.0234 6428  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
15:46:31.0250 6428  LanmanServer - ok
15:46:31.0328 6428  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:46:31.0343 6428  lanmanworkstation - ok
15:46:31.0359 6428  lbrtfdc - ok
15:46:31.0500 6428  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:46:31.0515 6428  LmHosts - ok
15:46:31.0625 6428  [ 9A3D4FC6B86E7E36473079AB76AC703D ] LVcKap          C:\WINDOWS\system32\DRIVERS\LVcKap.sys
15:46:31.0656 6428  LVcKap - ok
15:46:31.0812 6428  [ 0ACBC11F19320AF6C19F2E20013D9095 ] LVMVDrv         C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
15:46:31.0828 6428  LVMVDrv - ok
15:46:32.0015 6428  [ E8ACF6DD83956FB63CEB058D5F51B18A ] lvpopflt        C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
15:46:32.0078 6428  lvpopflt - ok
15:46:32.0203 6428  [ 12866641284EBB41E627BB53C04DA959 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
15:46:32.0203 6428  LVPr2Mon - ok
15:46:32.0343 6428  [ 995D0B52870C7A5CAF3EA165FD674A35 ] LVPrcSrv        c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
15:46:32.0375 6428  LVPrcSrv - ok
15:46:32.0500 6428  [ A005CEE9BE199C5E375FAA559CA9A7A9 ] LVSrvLauncher   C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
15:46:32.0500 6428  LVSrvLauncher - ok
15:46:32.0578 6428  [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta        C:\WINDOWS\system32\drivers\LVUSBSta.sys
15:46:32.0578 6428  LVUSBSta - ok
15:46:32.0671 6428  [ 922BE6770499220DC27B529CA236815A ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
15:46:32.0750 6428  LVUVC - ok
15:46:32.0843 6428  [ C846349849475B7EC8B20A825449D531 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
15:46:32.0843 6428  MBAMProtector - ok
15:46:33.0046 6428  [ 47DF4BC3D1561B6DAFA0862735FA1493 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
15:46:33.0125 6428  MBAMScheduler - ok
15:46:33.0218 6428  [ 2CFC417EED3BF5DDA255CB7EF7E09D45 ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
15:46:33.0234 6428  MBAMService - ok
15:46:33.0468 6428  [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc        C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
15:46:33.0468 6428  McMPFSvc - ok
15:46:33.0531 6428  [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:46:33.0531 6428  mcmscsvc - ok
15:46:33.0593 6428  [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:46:33.0593 6428  McNaiAnn - ok
15:46:33.0640 6428  [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:46:33.0640 6428  McNASvc - ok
15:46:33.0812 6428  [ E352CC1723B3B69A7BB1E81DBC9D9D78 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
15:46:33.0812 6428  McODS - ok
15:46:33.0890 6428  [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:46:33.0890 6428  McProxy - ok
15:46:34.0015 6428  [ 6FE0532CB16300C09D098F808EAAEE9D ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:46:34.0031 6428  McShield - ok
15:46:34.0093 6428  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:46:34.0109 6428  MDM - ok
15:46:34.0218 6428  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
15:46:34.0218 6428  Messenger - ok
15:46:34.0343 6428  [ 6708AD7D9ABDD6FDE1EB9B54FFE426B0 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
15:46:34.0343 6428  mfeapfk - ok
15:46:34.0390 6428  [ 375DE90B68533D9D0D7766D4CCB4CA32 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
15:46:34.0390 6428  mfeavfk - ok
15:46:34.0453 6428  [ 5ED806D4DF27AC11236BD9AD2CC10B7E ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
15:46:34.0484 6428  mfebopk - ok
15:46:34.0578 6428  [ 1A427BB508ACBEE09A88F08D1CA38E2F ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:46:34.0578 6428  mfefire - ok
15:46:34.0703 6428  [ 16BF9475BFCFAA420A8CB29E40284457 ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
15:46:34.0718 6428  mfefirek - ok
15:46:34.0828 6428  [ 875452ECDF4AEBE12B8C2EFD8599A36F ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
15:46:34.0828 6428  mfehidk - ok
15:46:34.0953 6428  [ D669ACBE7672819109706C3CFF6BD1DB ] mferkdet        C:\WINDOWS\system32\drivers\mferkdet.sys
15:46:34.0953 6428  mferkdet - ok
15:46:35.0031 6428  [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk         C:\WINDOWS\system32\drivers\mferkdk.sys
15:46:35.0031 6428  mferkdk - ok
15:46:35.0125 6428  [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk         C:\WINDOWS\system32\drivers\mfesmfk.sys
15:46:35.0125 6428  mfesmfk - ok
15:46:35.0203 6428  [ 1328C929A2F801BB93DBDFCDC25E0E7A ] mfetdi2k        C:\WINDOWS\system32\drivers\mfetdi2k.sys
15:46:35.0203 6428  mfetdi2k - ok
15:46:35.0281 6428  [ D66A1A16166897A5F7D04961F582F03B ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
15:46:35.0281 6428  mfevtp - ok
15:46:35.0453 6428  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:46:35.0453 6428  Microsoft Office Groove Audit Service - ok
15:46:35.0500 6428  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
15:46:35.0515 6428  mnmdd - ok
15:46:35.0671 6428  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:46:35.0671 6428  mnmsrvc - ok
15:46:35.0703 6428  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:46:35.0703 6428  Modem - ok
15:46:35.0765 6428  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:46:35.0765 6428  Mouclass - ok
15:46:35.0828 6428  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:46:35.0828 6428  mouhid - ok
15:46:35.0890 6428  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:46:35.0890 6428  MountMgr - ok
15:46:36.0015 6428  [ 338037EFA0E8E8699B2667D57B751574 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:46:36.0015 6428  MozillaMaintenance - ok
15:46:36.0093 6428  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:46:36.0093 6428  mraid35x - ok
15:46:36.0156 6428  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:46:36.0156 6428  MRxDAV - ok
15:46:36.0218 6428  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:46:36.0218 6428  MRxSmb - ok
15:46:36.0296 6428  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:46:36.0296 6428  MSDTC - ok
15:46:36.0375 6428  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:46:36.0375 6428  Msfs - ok
15:46:36.0390 6428  MSIServer - ok
15:46:36.0468 6428  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:46:36.0468 6428  MSKSSRV - ok
15:46:36.0531 6428  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:46:36.0531 6428  MSPCLOCK - ok
15:46:36.0578 6428  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:46:36.0578 6428  MSPQM - ok
15:46:36.0640 6428  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:46:36.0640 6428  mssmbios - ok
15:46:36.0781 6428  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
15:46:36.0796 6428  MSTEE - ok
15:46:36.0906 6428  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:46:36.0906 6428  Mup - ok
15:46:36.0984 6428  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:46:36.0984 6428  NABTSFEC - ok
15:46:37.0046 6428  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:46:37.0062 6428  napagent - ok
15:46:37.0140 6428  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:46:37.0156 6428  NDIS - ok
15:46:37.0187 6428  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:46:37.0187 6428  NdisIP - ok
15:46:37.0234 6428  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:46:37.0234 6428  NdisTapi - ok
15:46:37.0296 6428  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:46:37.0296 6428  Ndisuio - ok
15:46:37.0312 6428  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:46:37.0312 6428  NdisWan - ok
15:46:37.0375 6428  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:46:37.0375 6428  NDProxy - ok
15:46:37.0437 6428  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:46:37.0437 6428  NetBIOS - ok
15:46:37.0484 6428  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:46:37.0500 6428  NetBT - ok
15:46:37.0546 6428  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:46:37.0546 6428  NetDDE - ok
15:46:37.0578 6428  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:46:37.0578 6428  NetDDEdsdm - ok
15:46:37.0625 6428  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:46:37.0640 6428  Netlogon - ok
15:46:37.0687 6428  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
15:46:37.0703 6428  Netman - ok
15:46:37.0796 6428  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:46:37.0875 6428  NetTcpPortSharing - ok
15:46:37.0921 6428  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:46:37.0921 6428  NIC1394 - ok
15:46:38.0015 6428  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:46:38.0015 6428  Nla - ok
15:46:38.0062 6428  NMSAccess - ok
15:46:38.0156 6428  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf             C:\WINDOWS\system32\drivers\npf.sys
15:46:38.0156 6428  npf - ok
15:46:38.0234 6428  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:46:38.0234 6428  Npfs - ok
15:46:38.0312 6428  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:46:38.0312 6428  Ntfs - ok
15:46:38.0375 6428  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:46:38.0375 6428  NtLmSsp - ok
15:46:38.0468 6428  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:46:38.0484 6428  NtmsSvc - ok
15:46:38.0562 6428  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:46:38.0562 6428  Null - ok
15:46:38.0593 6428  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:46:38.0593 6428  NwlnkFlt - ok
15:46:38.0640 6428  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:46:38.0640 6428  NwlnkFwd - ok
15:46:38.0687 6428  [ BBD5503999F331278DB39046888D559C ] O2FLASH         C:\WINDOWS\system32\DRIVERS\o2flash.exe
15:46:38.0687 6428  O2FLASH - ok
15:46:38.0750 6428  [ 948AEFC4DB1E6CC5A8D9FC5740AEE392 ] O2MDRDR         C:\WINDOWS\system32\DRIVERS\o2media.sys
15:46:38.0750 6428  O2MDRDR - ok
15:46:38.0781 6428  [ 5472C48F44B49F07B16B421899E550F8 ] O2SDRDR         C:\WINDOWS\system32\DRIVERS\o2sd.sys
15:46:38.0781 6428  O2SDRDR - ok
15:46:38.0968 6428  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:46:38.0984 6428  odserv - ok
15:46:39.0078 6428  [ 58F478FD0115012CEEC75FB73628901C ] OEM13Afx        C:\WINDOWS\system32\Drivers\OEM13Afx.sys
15:46:39.0078 6428  OEM13Afx - ok
15:46:39.0140 6428  [ 86326062A90494BDD79CE383511D7D69 ] OEM13Vfx        C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
15:46:39.0140 6428  OEM13Vfx - ok
15:46:39.0203 6428  [ 12539B57ED05DE7552403A12B3E0161C ] OEM13Vid        C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
15:46:39.0203 6428  OEM13Vid - ok
15:46:39.0312 6428  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:46:39.0312 6428  ohci1394 - ok
15:46:39.0359 6428  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:39.0375 6428  ose - ok
15:46:39.0437 6428  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
15:46:39.0437 6428  Parport - ok
15:46:39.0468 6428  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:46:39.0468 6428  PartMgr - ok
15:46:39.0500 6428  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:46:39.0500 6428  ParVdm - ok
15:46:39.0703 6428  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:46:39.0703 6428  PCI - ok
15:46:39.0718 6428  PCIDump - ok
15:46:39.0750 6428  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:46:39.0750 6428  PCIIde - ok
15:46:39.0796 6428  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:46:39.0796 6428  Pcmcia - ok
15:46:39.0812 6428  PDCOMP - ok
15:46:39.0843 6428  PDFRAME - ok
15:46:39.0859 6428  PDRELI - ok
15:46:39.0875 6428  PDRFRAME - ok
15:46:40.0031 6428  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
15:46:40.0031 6428  perc2 - ok
15:46:40.0109 6428  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:46:40.0109 6428  perc2hib - ok
15:46:40.0203 6428  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
15:46:40.0203 6428  PlugPlay - ok
15:46:40.0234 6428  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:46:40.0234 6428  PolicyAgent - ok
15:46:40.0312 6428  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:46:40.0312 6428  PptpMiniport - ok
15:46:40.0343 6428  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:46:40.0343 6428  ProtectedStorage - ok
15:46:40.0359 6428  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:46:40.0359 6428  PSched - ok
15:46:40.0375 6428  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:46:40.0375 6428  Ptilink - ok
15:46:40.0515 6428  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:46:40.0515 6428  PxHelp20 - ok
15:46:40.0625 6428  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:46:40.0625 6428  ql1080 - ok
15:46:40.0687 6428  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:46:40.0687 6428  Ql10wnt - ok
15:46:40.0734 6428  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:46:40.0734 6428  ql12160 - ok
15:46:40.0781 6428  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:46:40.0781 6428  ql1240 - ok
15:46:40.0875 6428  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:46:40.0875 6428  ql1280 - ok
15:46:40.0937 6428  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:46:40.0937 6428  RasAcd - ok
15:46:41.0015 6428  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:46:41.0046 6428  RasAuto - ok
15:46:41.0125 6428  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:46:41.0125 6428  Rasl2tp - ok
15:46:41.0187 6428  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:46:41.0187 6428  RasMan - ok
15:46:41.0218 6428  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:46:41.0218 6428  RasPppoe - ok
15:46:41.0312 6428  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:46:41.0312 6428  Raspti - ok
15:46:41.0359 6428  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:46:41.0359 6428  Rdbss - ok
15:46:41.0406 6428  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:46:41.0406 6428  RDPCDD - ok
15:46:41.0437 6428  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:46:41.0437 6428  rdpdr - ok
15:46:41.0500 6428  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:46:41.0500 6428  RDPWD - ok
15:46:41.0593 6428  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:46:41.0593 6428  RDSessMgr - ok
15:46:41.0671 6428  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:46:41.0671 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\redbook.sys. md5: F828DD7E1419B6653894A8F97A0094C5
15:46:41.0687 6428  redbook ( LockedFile.Multi.Generic ) - warning
15:46:41.0687 6428  redbook - detected LockedFile.Multi.Generic (1)
15:46:41.0765 6428  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:46:41.0765 6428  RemoteAccess - ok
15:46:41.0812 6428  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
15:46:41.0812 6428  RemoteRegistry - ok
15:46:41.0890 6428  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:46:41.0890 6428  RpcLocator - ok
15:46:41.0953 6428  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
15:46:41.0953 6428  RpcSs - ok
15:46:42.0015 6428  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:46:42.0015 6428  RSVP - ok
15:46:42.0078 6428  [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:46:42.0078 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys. md5: 89619EF503F949FAE09252A8B883EE11
15:46:42.0140 6428  RTLE8023xp ( LockedFile.Multi.Generic ) - warning
15:46:42.0140 6428  RTLE8023xp - detected LockedFile.Multi.Generic (1)
15:46:42.0171 6428  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:46:42.0171 6428  SamSs - ok
15:46:42.0218 6428  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:46:42.0218 6428  SCardSvr - ok
15:46:42.0328 6428  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:46:42.0343 6428  Schedule - ok
15:46:42.0468 6428  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:46:42.0468 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\sdbus.sys. md5: 8D04819A3CE51B9EB47E5689B44D43C4
15:46:42.0531 6428  sdbus ( LockedFile.Multi.Generic ) - warning
15:46:42.0531 6428  sdbus - detected LockedFile.Multi.Generic (1)
15:46:42.0593 6428  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:46:42.0593 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\secdrv.sys. md5: 90A3935D05B494A5A39D37E71F09A677
15:46:42.0593 6428  Secdrv ( LockedFile.Multi.Generic ) - warning
15:46:42.0593 6428  Secdrv - detected LockedFile.Multi.Generic (1)
15:46:42.0687 6428  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:46:42.0687 6428  seclogon - ok
15:46:42.0750 6428  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
15:46:42.0750 6428  SENS - ok
15:46:42.0828 6428  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
15:46:42.0828 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\Serial.sys. md5: CCA207A8896D4C6A0C9CE29A4AE411A7
15:46:42.0859 6428  Serial ( LockedFile.Multi.Generic ) - warning
15:46:42.0859 6428  Serial - detected LockedFile.Multi.Generic (1)
15:46:42.0984 6428  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
15:46:42.0984 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\Sfloppy.sys. md5: 8E6B8C671615D126FDC553D1E2DE5562
15:46:43.0000 6428  Sfloppy ( LockedFile.Multi.Generic ) - warning
15:46:43.0000 6428  Sfloppy - detected LockedFile.Multi.Generic (1)
15:46:43.0062 6428  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:46:43.0078 6428  SharedAccess - ok
15:46:43.0218 6428  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:46:43.0218 6428  ShellHWDetection - ok
15:46:43.0234 6428  Simbad - ok
15:46:43.0375 6428  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:46:43.0375 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\sisagp.sys. md5: 6B33D0EBD30DB32E27D1D78FE946A754
15:46:43.0421 6428  sisagp ( LockedFile.Multi.Generic ) - warning
15:46:43.0421 6428  sisagp - detected LockedFile.Multi.Generic (1)
15:46:43.0484 6428  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:46:43.0500 6428  SkypeUpdate - ok
15:46:43.0578 6428  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:46:43.0578 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\SLIP.sys. md5: 866D538EBE33709A5C9F5C62B73B7D14
15:46:43.0625 6428  SLIP ( LockedFile.Multi.Generic ) - warning
15:46:43.0625 6428  SLIP - detected LockedFile.Multi.Generic (1)
15:46:43.0718 6428  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:46:43.0718 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\sparrow.sys. md5: 83C0F71F86D3BDAF915685F3D568B20E
15:46:43.0750 6428  Sparrow ( LockedFile.Multi.Generic ) - warning
15:46:43.0750 6428  Sparrow - detected LockedFile.Multi.Generic (1)
15:46:43.0812 6428  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:46:43.0812 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\splitter.sys. md5: AB8B92451ECB048A4D1DE7C3FFCB4A9F
15:46:43.0843 6428  splitter ( LockedFile.Multi.Generic ) - warning
15:46:43.0843 6428  splitter - detected LockedFile.Multi.Generic (1)
15:46:43.0906 6428  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:46:43.0906 6428  Spooler - ok
15:46:44.0015 6428  sprtsvc_dellsupportcenter - ok
15:46:44.0093 6428  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
15:46:44.0109 6428  sptd - ok
15:46:44.0203 6428  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:46:44.0203 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\sr.sys. md5: 76BB022C2FB6902FD5BDD4F78FC13A5D
15:46:44.0328 6428  sr ( LockedFile.Multi.Generic ) - warning
15:46:44.0328 6428  sr - detected LockedFile.Multi.Generic (1)
15:46:44.0390 6428  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:46:44.0406 6428  srservice - ok
15:46:44.0468 6428  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:46:44.0468 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\srv.sys. md5: 47DDFC2F003F7F9F0592C6874962A2E7
15:46:44.0500 6428  Srv ( LockedFile.Multi.Generic ) - warning
15:46:44.0500 6428  Srv - detected LockedFile.Multi.Generic (1)
15:46:44.0562 6428  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:46:44.0578 6428  SSDPSRV - ok
15:46:44.0671 6428  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:46:44.0687 6428  stisvc - ok
15:46:44.0765 6428  [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:46:44.0765 6428  stllssvr - ok
15:46:44.0843 6428  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:46:44.0843 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\StreamIP.sys. md5: 77813007BA6265C4B6098187E6ED79D2
15:46:44.0875 6428  streamip ( LockedFile.Multi.Generic ) - warning
15:46:44.0875 6428  streamip - detected LockedFile.Multi.Generic (1)
15:46:44.0921 6428  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:46:44.0937 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\swenum.sys. md5: 3941D127AEF12E93ADDF6FE6EE027E0F
15:46:44.0937 6428  swenum ( LockedFile.Multi.Generic ) - warning
15:46:44.0937 6428  swenum - detected LockedFile.Multi.Generic (1)
15:46:45.0031 6428  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:46:45.0031 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\swmidi.sys. md5: 8CE882BCC6CF8A62F2B2323D95CB3D01
15:46:45.0046 6428  swmidi ( LockedFile.Multi.Generic ) - warning
15:46:45.0046 6428  swmidi - detected LockedFile.Multi.Generic (1)
15:46:45.0062 6428  SwPrv - ok
15:46:45.0125 6428  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
15:46:45.0125 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\symc810.sys. md5: 1FF3217614018630D0A6758630FC698C
15:46:45.0171 6428  symc810 ( LockedFile.Multi.Generic ) - warning
15:46:45.0171 6428  symc810 - detected LockedFile.Multi.Generic (1)
15:46:45.0265 6428  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:46:45.0265 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\symc8xx.sys. md5: 070E001D95CF725186EF8B20335F933C
15:46:45.0328 6428  symc8xx ( LockedFile.Multi.Generic ) - warning
15:46:45.0328 6428  symc8xx - detected LockedFile.Multi.Generic (1)
15:46:45.0421 6428  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:46:45.0421 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\sym_hi.sys. md5: 80AC1C4ABBE2DF3B738BF15517A51F2C
15:46:45.0468 6428  sym_hi ( LockedFile.Multi.Generic ) - warning
15:46:45.0468 6428  sym_hi - detected LockedFile.Multi.Generic (1)
15:46:45.0546 6428  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:46:45.0546 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\sym_u3.sys. md5: BF4FAB949A382A8E105F46EBB4937058
15:46:45.0578 6428  sym_u3 ( LockedFile.Multi.Generic ) - warning
15:46:45.0578 6428  sym_u3 - detected LockedFile.Multi.Generic (1)
15:46:45.0656 6428  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:46:45.0656 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\sysaudio.sys. md5: 8B83F3ED0F1688B4958F77CD6D2BF290
15:46:45.0687 6428  sysaudio ( LockedFile.Multi.Generic ) - warning
15:46:45.0687 6428  sysaudio - detected LockedFile.Multi.Generic (1)
15:46:45.0750 6428  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:46:45.0750 6428  SysmonLog - ok
15:46:45.0796 6428  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:46:45.0812 6428  TapiSrv - ok
15:46:45.0921 6428  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:46:45.0921 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\tcpip.sys. md5: 9AEFA14BD6B182D61E3119FA5F436D3D
15:46:45.0953 6428  Tcpip ( LockedFile.Multi.Generic ) - warning
15:46:45.0953 6428  Tcpip - detected LockedFile.Multi.Generic (1)
15:46:46.0015 6428  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:46:46.0015 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\TDPIPE.sys. md5: 6471A66807F5E104E4885F5B67349397
15:46:46.0031 6428  TDPIPE ( LockedFile.Multi.Generic ) - warning
15:46:46.0031 6428  TDPIPE - detected LockedFile.Multi.Generic (1)
15:46:46.0062 6428  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:46:46.0062 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\TDTCP.sys. md5: C56B6D0402371CF3700EB322EF3AAF61
15:46:46.0062 6428  TDTCP ( LockedFile.Multi.Generic ) - warning
15:46:46.0062 6428  TDTCP - detected LockedFile.Multi.Generic (1)
15:46:46.0093 6428  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:46:46.0093 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\termdd.sys. md5: 88155247177638048422893737429D9E
15:46:46.0156 6428  TermDD ( LockedFile.Multi.Generic ) - warning
15:46:46.0156 6428  TermDD - detected LockedFile.Multi.Generic (1)
15:46:46.0234 6428  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
15:46:46.0234 6428  TermService - ok
15:46:46.0281 6428  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:46:46.0281 6428  Themes - ok
15:46:46.0437 6428  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
15:46:46.0453 6428  TlntSvr - ok
15:46:46.0609 6428  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
15:46:46.0609 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\toside.sys. md5: F2790F6AF01321B172AA62F8E1E187D9
15:46:46.0640 6428  TosIde ( LockedFile.Multi.Generic ) - warning
15:46:46.0640 6428  TosIde - detected LockedFile.Multi.Generic (1)
15:46:46.0703 6428  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:46:46.0718 6428  TrkWks - ok
15:46:46.0906 6428  [ A6A3442B215A911F489BE156A4BA2D60 ] tStLib          C:\WINDOWS\system32\drivers\tStLib.sys
15:46:46.0906 6428  tStLib - ok
15:46:46.0968 6428  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:46:46.0968 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\Udfs.sys. md5: 5787B80C2E3C5E2F56C2A233D91FA2C9
15:46:47.0046 6428  Udfs ( LockedFile.Multi.Generic ) - warning
15:46:47.0046 6428  Udfs - detected LockedFile.Multi.Generic (1)
15:46:47.0187 6428  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
15:46:47.0187 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\ultra.sys. md5: 1B698A51CD528D8DA4FFAED66DFC51B9
15:46:47.0343 6428  ultra ( LockedFile.Multi.Generic ) - warning
15:46:47.0343 6428  ultra - detected LockedFile.Multi.Generic (1)
15:46:47.0406 6428  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:46:47.0406 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\update.sys. md5: 402DDC88356B1BAC0EE3DD1580C76A31
15:46:47.0468 6428  Update ( LockedFile.Multi.Generic ) - warning
15:46:47.0468 6428  Update - detected LockedFile.Multi.Generic (1)
15:46:47.0515 6428  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:46:47.0531 6428  upnphost - ok
15:46:47.0625 6428  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
15:46:47.0640 6428  UPS - ok
15:46:47.0812 6428  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
15:46:47.0812 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\usbaudio.sys. md5: E919708DB44ED8543A7C017953148330
15:46:47.0843 6428  usbaudio ( LockedFile.Multi.Generic ) - warning
15:46:47.0843 6428  usbaudio - detected LockedFile.Multi.Generic (1)
15:46:47.0984 6428  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:46:47.0984 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\usbccgp.sys. md5: 173F317CE0DB8E21322E71B7E60A27E8
15:46:48.0078 6428  usbccgp ( LockedFile.Multi.Generic ) - warning
15:46:48.0078 6428  usbccgp - detected LockedFile.Multi.Generic (1)
15:46:48.0187 6428  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:46:48.0187 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\usbehci.sys. md5: 65DCF09D0E37D4C6B11B5B0B76D470A7
15:46:48.0218 6428  usbehci ( LockedFile.Multi.Generic ) - warning
15:46:48.0218 6428  usbehci - detected LockedFile.Multi.Generic (1)
15:46:48.0312 6428  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:46:48.0312 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\usbhub.sys. md5: 1AB3CDDE553B6E064D2E754EFE20285C
15:46:48.0343 6428  usbhub ( LockedFile.Multi.Generic ) - warning
15:46:48.0343 6428  usbhub - detected LockedFile.Multi.Generic (1)
15:46:48.0406 6428  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:46:48.0406 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\usbprint.sys. md5: A717C8721046828520C9EDF31288FC00
15:46:48.0515 6428  usbprint ( LockedFile.Multi.Generic ) - warning
15:46:48.0515 6428  usbprint - detected LockedFile.Multi.Generic (1)
15:46:48.0593 6428  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:46:48.0593 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS. md5: A32426D9B14A089EAA1D922E0C5801A9
15:46:48.0671 6428  USBSTOR ( LockedFile.Multi.Generic ) - warning
15:46:48.0671 6428  USBSTOR - detected LockedFile.Multi.Generic (1)
15:46:48.0781 6428  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:46:48.0781 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\usbuhci.sys. md5: 26496F9DEE2D787FC3E61AD54821FFE6
15:46:48.0843 6428  usbuhci ( LockedFile.Multi.Generic ) - warning
15:46:48.0843 6428  usbuhci - detected LockedFile.Multi.Generic (1)
15:46:48.0921 6428  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
15:46:48.0921 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\usbvideo.sys. md5: 63BBFCA7F390F4C49ED4B96BFB1633E0
15:46:48.0937 6428  usbvideo ( LockedFile.Multi.Generic ) - warning
15:46:48.0937 6428  usbvideo - detected LockedFile.Multi.Generic (1)
15:46:49.0000 6428  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:46:49.0000 6428  Suspicious file (NoAccess): C:\WINDOWS\System32\drivers\vga.sys. md5: 0D3A8FAFCEACD8B7625CD549757A7DF1
15:46:49.0015 6428  VgaSave ( LockedFile.Multi.Generic ) - warning
15:46:49.0015 6428  VgaSave - detected LockedFile.Multi.Generic (1)
15:46:49.0078 6428  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:46:49.0078 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\viaagp.sys. md5: 754292CE5848B3738281B4F3607EAEF4
15:46:49.0203 6428  viaagp ( LockedFile.Multi.Generic ) - warning
15:46:49.0203 6428  viaagp - detected LockedFile.Multi.Generic (1)
15:46:49.0281 6428  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
15:46:49.0281 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\viaide.sys. md5: 3B3EFCDA263B8AC14FDF9CBDD0791B2E
15:46:49.0359 6428  ViaIde ( LockedFile.Multi.Generic ) - warning
15:46:49.0359 6428  ViaIde - detected LockedFile.Multi.Generic (1)
15:46:49.0421 6428  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:46:49.0437 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\VolSnap.sys. md5: 4C8FCB5CC53AAB716D810740FE59D025
15:46:49.0484 6428  VolSnap ( LockedFile.Multi.Generic ) - warning
15:46:49.0484 6428  VolSnap - detected LockedFile.Multi.Generic (1)
15:46:49.0734 6428  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
15:46:49.0734 6428  VSS - ok
15:46:49.0921 6428  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
15:46:49.0953 6428  w32time - ok
15:46:50.0171 6428  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:46:50.0171 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\wanarp.sys. md5: E20B95BAEDB550F32DD489265C1DA1F6
15:46:50.0281 6428  Wanarp ( LockedFile.Multi.Generic ) - warning
15:46:50.0281 6428  Wanarp - detected LockedFile.Multi.Generic (1)
15:46:50.0390 6428  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:46:50.0390 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\Wdf01000.sys. md5: FD47474BD21794508AF449D9D91AF6E6
15:46:50.0500 6428  Wdf01000 ( LockedFile.Multi.Generic ) - warning
15:46:50.0500 6428  Wdf01000 - detected LockedFile.Multi.Generic (1)
15:46:50.0593 6428  WDICA - ok
15:46:51.0031 6428  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:46:51.0031 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\wdmaud.sys. md5: 6768ACF64B18196494413695F0C3A00F
15:46:51.0078 6428  wdmaud ( LockedFile.Multi.Generic ) - warning
15:46:51.0078 6428  wdmaud - detected LockedFile.Multi.Generic (1)
15:46:51.0156 6428  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:46:51.0156 6428  WebClient - ok
15:46:51.0421 6428  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:46:51.0437 6428  winmgmt - ok
15:46:51.0812 6428  wltrysvc - ok
15:46:51.0921 6428  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
15:46:51.0921 6428  WmdmPmSN - ok
15:46:52.0218 6428  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
15:46:52.0281 6428  Wmi - ok
15:46:52.0406 6428  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:46:52.0406 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\wmiacpi.sys. md5: C42584FD66CE9E17403AEBCA199F7BDB
15:46:52.0453 6428  WmiAcpi ( LockedFile.Multi.Generic ) - warning
15:46:52.0453 6428  WmiAcpi - detected LockedFile.Multi.Generic (1)
15:46:52.0609 6428  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:46:52.0609 6428  WmiApSrv - ok
15:46:52.0828 6428  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
15:46:52.0890 6428  WMPNetworkSvc - ok
15:46:53.0562 6428  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:46:53.0687 6428  WPFFontCache_v0400 - ok
15:46:54.0000 6428  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
15:46:54.0031 6428  wscsvc - ok
15:46:54.0296 6428  WSearch - ok
15:46:54.0500 6428  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:46:54.0500 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS. md5: C98B39829C2BBD34E454150633C62C78
15:46:54.0687 6428  WSTCODEC ( LockedFile.Multi.Generic ) - warning
15:46:54.0687 6428  WSTCODEC - detected LockedFile.Multi.Generic (1)
15:46:54.0812 6428  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:46:54.0828 6428  wuauserv - ok
15:46:56.0328 6428  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:46:56.0328 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\WudfPf.sys. md5: F15FEAFFFBB3644CCC80C5DA584E6311
15:46:56.0390 6428  WudfPf ( LockedFile.Multi.Generic ) - warning
15:46:56.0390 6428  WudfPf - detected LockedFile.Multi.Generic (1)
15:46:56.0640 6428  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:46:56.0640 6428  Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\wudfrd.sys. md5: 28B524262BCE6DE1F7EF9F510BA3985B
15:46:56.0703 6428  WudfRd ( LockedFile.Multi.Generic ) - warning
15:46:56.0703 6428  WudfRd - detected LockedFile.Multi.Generic (1)
15:46:56.0750 6428  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
15:46:56.0765 6428  WudfSvc - ok
15:46:56.0875 6428  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:46:56.0875 6428  WZCSVC - ok
15:46:56.0953 6428  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:46:56.0968 6428  xmlprov - ok
15:46:57.0015 6428  {09BB444F-B2E2-4009-BAF2-7B727681223E} - ok
15:46:57.0109 6428  ================ Scan global ===============================
15:46:57.0203 6428  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:46:57.0250 6428  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
15:46:57.0281 6428  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
15:46:57.0312 6428  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:46:57.0312 6428  [Global] - ok
15:46:57.0312 6428  ================ Scan MBR ==================================
15:46:57.0343 6428  [ 27A9FC7708F39487D61506A5245BF3D8 ] \Device\Harddisk0\DR0
15:46:57.0781 6428  \Device\Harddisk0\DR0 - ok
15:46:57.0781 6428  ================ Scan VBR ==================================
15:46:57.0796 6428  [ 016BC2375AD0AFBF1BCBBD650D5000BD ] \Device\Harddisk0\DR0\Partition1
15:46:57.0796 6428  \Device\Harddisk0\DR0\Partition1 - ok
15:46:57.0796 6428  ============================================================
15:46:57.0796 6428  Scan finished
15:46:57.0796 6428  ============================================================
15:46:57.0828 6416  Detected object count: 48
15:46:57.0828 6416  Actual detected object count: 48
15:55:36.0328 6416  C:\WINDOWS\System32\Drivers\bfabf1ab1a0c70be.sys - copied to quarantine
15:55:36.0390 6416  HKLM\SYSTEM\ControlSet001\services\bfabf1ab1a0c70be - will be deleted on reboot
15:55:36.0437 6416  HKLM\SYSTEM\ControlSet003\services\bfabf1ab1a0c70be - will be deleted on reboot
15:55:36.0734 6416  C:\WINDOWS\System32\Drivers\bfabf1ab1a0c70be.sys - will be deleted on reboot
15:55:36.0734 6416  bfabf1ab1a0c70be ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
15:55:36.0750 6416  redbook ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0750 6416  redbook ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0750 6416  RTLE8023xp ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0750 6416  RTLE8023xp ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0750 6416  sdbus ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0750 6416  sdbus ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0765 6416  Secdrv ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0765 6416  Secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0765 6416  Serial ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0765 6416  Serial ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0765 6416  Sfloppy ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0765 6416  Sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0765 6416  sisagp ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0765 6416  sisagp ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0765 6416  SLIP ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0765 6416  SLIP ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0781 6416  Sparrow ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0781 6416  Sparrow ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0781 6416  splitter ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0781 6416  splitter ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0781 6416  sr ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0781 6416  sr ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0781 6416  Srv ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0781 6416  Srv ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0781 6416  streamip ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0781 6416  streamip ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0781 6416  swenum ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0781 6416  swenum ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0781 6416  swmidi ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0781 6416  swmidi ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0781 6416  symc810 ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0781 6416  symc810 ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0781 6416  symc8xx ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0781 6416  symc8xx ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0781 6416  sym_hi ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0781 6416  sym_hi ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0796 6416  sym_u3 ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0796 6416  sym_u3 ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0796 6416  sysaudio ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0796 6416  sysaudio ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0796 6416  Tcpip ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0796 6416  Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0796 6416  TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0796 6416  TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0796 6416  TDTCP ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0796 6416  TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0796 6416  TermDD ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0796 6416  TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0796 6416  TosIde ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0796 6416  TosIde ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0796 6416  Udfs ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0796 6416  Udfs ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0796 6416  ultra ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0796 6416  ultra ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0812 6416  Update ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0812 6416  Update ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0812 6416  usbaudio ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0812 6416  usbaudio ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0812 6416  usbccgp ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0812 6416  usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0812 6416  usbehci ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0812 6416  usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0812 6416  usbhub ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0812 6416  usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0812 6416  usbprint ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0812 6416  usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0812 6416  USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0812 6416  USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0812 6416  usbuhci ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0812 6416  usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0812 6416  usbvideo ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0812 6416  usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0812 6416  VgaSave ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0812 6416  VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0828 6416  viaagp ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0828 6416  viaagp ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0828 6416  ViaIde ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0828 6416  ViaIde ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0828 6416  VolSnap ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0828 6416  VolSnap ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0828 6416  Wanarp ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0828 6416  Wanarp ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0828 6416  Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0828 6416  Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0828 6416  wdmaud ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0828 6416  wdmaud ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0828 6416  WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0828 6416  WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0828 6416  WSTCODEC ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0828 6416  WSTCODEC ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0828 6416  WudfPf ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0828 6416  WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:36.0828 6416  WudfRd ( LockedFile.Multi.Generic ) - skipped by user
15:55:36.0828 6416  WudfRd ( LockedFile.Multi.Generic ) - User select action: Skip
15:55:46.0546 6284  Deinitialize success
 

15:58:04.0390 3240  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:58:06.0390 3240  ============================================================
15:58:06.0390 3240  Current date / time: 2014/03/28 15:58:06.0390
15:58:06.0390 3240  SystemInfo:
15:58:06.0390 3240  
15:58:06.0390 3240  OS Version: 5.1.2600 ServicePack: 3.0
15:58:06.0390 3240  Product type: Workstation
15:58:06.0390 3240  ComputerName: D1X0RGJ1
15:58:19.0562 3240  UserName: Gary Jay
15:58:19.0562 3240  Windows directory: C:\WINDOWS
15:58:19.0562 3240  System windows directory: C:\WINDOWS
15:58:19.0562 3240  Processor architecture: Intel x86
15:58:19.0562 3240  Number of processors: 2
15:58:19.0562 3240  Page size: 0x1000
15:58:19.0562 3240  Boot type: Normal boot
15:58:19.0562 3240  ============================================================
15:58:23.0390 3240  BG loaded
15:58:28.0109 3240  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:58:28.0125 3240  ============================================================
15:58:28.0125 3240  \Device\Harddisk0\DR0:
15:58:28.0187 3240  MBR partitions:
15:58:28.0187 3240  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x1BE190B0
15:58:28.0187 3240  ============================================================
15:58:28.0437 3240  C: <-> \Device\Harddisk0\DR0\Partition1
15:58:29.0484 3240  ============================================================
15:58:29.0484 3240  Initialize success
15:58:29.0484 3240  ============================================================
 



#8 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 29 March 2014 - 04:09 AM

The audio ads are gone for now. But there is another problem since the rootkit came onto my computer. For the past few days, something has been switching off the wave in my audio settings causing my audio to go mute. Even after the rootkit had been purged off of the computer, that something is still switching off the wave in the audio to mute or mute like settings. When I switch it back on, something switches it back mute.

 

Usually when I go into my account on windows, it plays that login theme. But when I went in for the past few days, the login theme wasn't playing. Same goes when I am logging out with the logout theme.

 

In addition, when I try to access my mcafee suit there is something blocking me from accessing the suit menu.

 

Also forgot to mention, TDSSKiller wanted to update as we were conducting the purge. Do I update to the next version?



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:50 PM

Posted 29 March 2014 - 08:55 AM

No....don't worry about updating TDSSKiller right now.   :)
 
Please be sure that you ran AdwCleaner with the instructions that I provided earlier and post the log that is made.  
------------
 
Please read through these instructions to familarize yourself with what to expect when this tool runs
 
Download ComboFix from one of these locations:
 
Link 1
Link 2
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 


RCUpdate1.png

 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
RC2-1.png
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Notes:
 
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 29 March 2014 - 05:48 PM

# AdwCleaner v3.022 - Report created 29/03/2014 at 15:38:55
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Gary Jay - D1X0RGJ1
# Running from : C:\Documents and Settings\Gary Jay\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Gary Jay\Application Data\Mozilla\Firefox\Profiles\i9qp63rl.default-1343214318343\user.js
File Found : C:\Documents and Settings\Gary Jay\Application Data\Mozilla\Firefox\Profiles\wwvskpbg.default\user.js
Folder Found : C:\Documents and Settings\Gary Jay\Application Data\Mozilla\Firefox\Profiles\i9qp63rl.default-1343214318343\Extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Documents and Settings\Gary Jay\Application Data\Mozilla\Firefox\Profiles\wwvskpbg.default\Extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found C:\DOCUME~1\GARYJA~1\LOCALS~1\Temp\boost_interprocess
Folder Found C:\DOCUME~1\GARYJA~1\LOCALS~1\Temp\boost_interprocess
Folder Found C:\DOCUME~1\GARYJA~1\LOCALS~1\Temp\boost_interprocess
Folder Found C:\DOCUME~1\GARYJA~1\LOCALS~1\Temp\boost_interprocess
Folder Found C:\Documents and Settings\All Users\Application Data\Conduit
Folder Found C:\Documents and Settings\All Users\Application Data\FreeMake
Folder Found C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\FreeMake
Folder Found C:\Documents and Settings\Gary Jay\Application Data\Mozilla\Firefox\Profiles\wwvskpbg.default\CT1060933
Folder Found C:\Documents and Settings\Gary Jay\Application Data\Mozilla\Firefox\Profiles\wwvskpbg.default\Smartbar
Folder Found C:\Documents and Settings\Gary Jay\Application Data\uniblue
Folder Found C:\Documents and Settings\Gary Jay\Local Settings\Application Data\FreeMake
Folder Found C:\Documents and Settings\Gary Jay\Local Settings\Application Data\OpenCandy
Folder Found C:\Documents and Settings\Gary Jay\Local Settings\Application Data\PackageAware
Folder Found C:\Documents and Settings\Gary Jay\Local Settings\Application Data\visi_coupon
Folder Found C:\Documents and Settings\Gary Jay\My Documents\FreeMake
Folder Found C:\Documents and Settings\Gary Jay\Start Menu\Programs\FreeMake
Folder Found C:\Documents and Settings\LocalService\Local Settings\Application Data\FreeMake
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\FreeMake
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\DAEMON Tools Toolbar
Folder Found C:\Program Files\FreeMake
Folder Found C:\Program Files\Vid-Saver

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Freemake
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Uniblue
Key Found : HKCU\Software\Vafmusic6
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\dt soft\daemon tools toolbar
Key Found : HKLM\Software\Freemake
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{101B9032-3984-48DF-923D-83549873D9F7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4EB9AA3-DF59-492A-B672-793F57CC829D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7421454-6B8A-428C-9059-7C7C7605FA9D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE5447FA-C502-4F44-842D-5E34D53F6361}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Key Found : HKLM\Software\TENCENT
Key Found : HKLM\Software\Uniblue
Key Found : HKLM\Software\Vafmusic6

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Gary Jay\Application Data\Mozilla\Firefox\Profiles\i9qp63rl.default-1343214318343\prefs.js ]

Line Found : user_pref("CT1060933.autoDisableScopes", -1);
Line Found : user_pref("CT3214568.autoDisableScopes", 10);
Line Found : user_pref("CT3302999.UserID", "UN28218272891238226");
Line Found : user_pref("CT3302999.fullUserID", "UN28218272891238226.IN.20131015214714");
Line Found : user_pref("CT3302999.installerVersion", "1.7.1.4");
Line Found : user_pref("CT3302999.versionFromInstaller", "10.20.1.8");
Line Found : user_pref("CT3302999.xpeMode", "0");
Line Found : user_pref("smartbar.machineId", "HGYF5CZFMALHAECSOV94K8QVPLZJBMZUAQBUBM/7P6RNSX8SIXGMYH/IFR4IZHXLWHY55TBDR8CYNWFLMR12XA");

[ File : C:\Documents and Settings\Gary Jay\Application Data\Mozilla\Firefox\Profiles\wwvskpbg.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [6887 octets] - [29/03/2014 15:38:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6947 octets] ##########
 



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:50 PM

Posted 29 March 2014 - 05:58 PM

Thanks....now when ComboFix completes, please post that log as well. :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 29 March 2014 - 06:02 PM

I still can't access my mcafee security suite menu. The malware is jamming it with the message saying that it has been prevented by a microsoft software restriction policy. Then it says "open event viewer or contact your system administrator."

 

Should I proceed using combofix?


Edited by mecharmor22, 29 March 2014 - 06:03 PM.


#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:50 PM

Posted 29 March 2014 - 08:08 PM

Yes....please continue with ComboFix.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 29 March 2014 - 08:53 PM

ComboFix 14-03-24.01 - Gary Jay 03/29/2014  18:14:57.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.2021 [GMT -7:00]
Running from: c:\documents and settings\Gary Jay\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gary Jay\Local Settings\Temporary Internet Files\SaltarSmart_iels
c:\program files\Vid-Saver
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSHOST32
-------\Service_SYSHOST32
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-28 to 2014-03-30  )))))))))))))))))))))))))))))))
.
.
2014-03-29 22:38 . 2014-03-29 22:39    --------    d-----w-    C:\AdwCleaner
2014-03-28 22:55 . 2014-03-28 22:55    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-03-26 07:04 . 2014-03-26 07:04    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-03-26 07:04 . 2014-03-05 16:26    50648    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-03-18 05:30 . 2014-03-18 05:30    55232    ----a-w-    c:\windows\system32\drivers\tStLib.sys
2014-03-16 02:21 . 2014-03-16 02:21    --------    d-----w-    c:\documents and settings\LocalService\Local Settings\Application Data\Sun
2014-03-12 08:51 . 2014-03-12 08:51    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\RealNetworks
2014-03-12 08:28 . 2014-03-12 08:39    --------    d-----w-    c:\documents and settings\All Users\Application Data\cau
2014-03-05 21:52 . 2014-03-05 21:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\HP
2014-03-05 21:52 . 2014-03-05 21:52    --------    d-----w-    c:\program files\HP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-30 01:34 . 2010-07-28 19:18    107736    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-12 13:38 . 2012-04-11 20:39    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-12 13:38 . 2011-05-20 20:41    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-05 16:26 . 2010-07-28 19:18    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-16 00:40 . 2014-01-16 00:40    487016    ----a-w-    C:\SecurityScanner.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-07 08:07    297808    ----a-w-    c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-21 137752]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1278064]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-21 166424]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 2289664]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"HPWRTOOLBOX"="c:\program files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" [2006-02-28 344064]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
.
c:\documents and settings\Gary Jay\Start Menu\Programs\Startup\
HOW_DECRYPT.HTML [2014-3-28 2777]
HOW_DECRYPT.TXT [2014-3-28 1261]
HOW_DECRYPT.URL [2014-3-28 133]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM13Mon.exe]
2008-07-16 21:32    36864    ----a-w-    c:\windows\OEM13Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07    2260480    --sha-r-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-05-25 03:02    198160    ----a-w-    c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Gary Jay\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-16 691696]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 146872]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 92632]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2013-02-19 91640]
S1 tStLib;tStLib;c:\windows\system32\drivers\tStLib.sys [2014-03-18 55232]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-02-08 9216]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-03-05 1809720]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-03-05 857912]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 169320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 172416]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 60920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-03-05 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-03-30 107736]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 363080]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-11-05 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-11-05 43608]
S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\Drivers\OEM13Afx.sys [2008-07-16 141376]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2008-07-16 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-07-16 235840]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 13:38]
.
2014-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2014-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2927431485-3582476614-1523970132-1005Core.job
- c:\documents and settings\Gary Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-14 04:03]
.
2014-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2927431485-3582476614-1523970132-1005UA.job
- c:\documents and settings\Gary Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-14 04:03]
.
2014-03-30 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2927431485-3582476614-1523970132-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-15 00:13]
.
2014-03-30 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2927431485-3582476614-1523970132-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-15 00:13]
.
2014-03-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2927431485-3582476614-1523970132-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-15 00:13]
.
2014-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2927431485-3582476614-1523970132-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-15 00:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Gary Jay\Application Data\Mozilla\Firefox\Profiles\i9qp63rl.default-1343214318343\
FF - prefs.js: browser.startup.homepage - about:home
! c r y p t e d !   C 0 0 B 7 F 9 9 F 6 B E 5 3 8 F C A 2 8 2 C B 8 F E E 9 8 4 2 C   ûï~¤äTÚ{ è’Ϻ¹bà¬G¼áõžÃŽƒœ‚á*eï)_Îã).˜çü„¸5`zü1Óüá£o}ÿ/·@—BJÔÕ,pÂAžgR…ë§|
ÖÄ|vøøo
ט#¼£-è\W$ŸÇB
¨r%Ë­a…¢¹ 䤾±Ìµg‡H6‚Çé‘ðÕrì<v›³¤èýª³ÛfyT5Ù7…t! À§÷@ˆ¹ª´áGV)©C¸2bsZqU¢2r‚Ÿ:7Â/æAÇEu`Ÿæ¸Q·‡ðPL ›÷Ìøœ+RÉ#70XêméózÔ\ˆfð3° @ñÁèΧž
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
SafeBoot-25486439.sys
SafeBoot-Wdf01000.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-29 18:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(7464)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\system32\NOTEPAD.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2014-03-29  18:50:48 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-30 01:50
.
Pre-Run: 209,353,834,496 bytes free
Post-Run: 215,327,002,624 bytes free
.
- - End Of File - - 236B7056ADCAC209695EA70ABE4277EA
27A9FC7708F39487D61506A5245BF3D8
 



#15 mecharmor22

mecharmor22
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 29 March 2014 - 08:55 PM

Before I ran combofix.

 

Some cypto defense thing got on my desktop. Its in a webpage file and a txt file. I think its more malware stuff by how its written. How should I dispose of those?

 

EDIT: its also in my documents as well.

 

EDIT2: I also found it in my videos after further looking around. I haven't opened a thing, and await the best way to dispose of those things.


Edited by mecharmor22, 30 March 2014 - 05:44 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users