tama06
-
Posts
40 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by tama06
-
I started the Dr.Web program before grabbing the RKreport and cannot access it right now, while Dr.Web is in "Enhanced Protection Mode." I will post it ASAP.
-
Thanks for sticking with me! Rogue Killer did not have all five of those items. I deleted the two HJ items. the only other item was something called "task" and I deleted that, too. ComboFix-quarantined-files.txt: 2012-07-12 17:00:45 . 2012-07-12 17:00:45 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat 2012-07-12 17:00:42 . 2012-07-12 17:00:42 376 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat 2012-07-12 17:00:28 . 2012-07-12 17:00:29 205 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-ohevts.reg.dat 2012-07-12 17:00:28 . 2012-07-12 17:00:28 164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-muimsc.reg.dat 2012-07-12 16:46:06 . 2012-07-12 16:46:06 7,591 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-07-12 16:37:35 . 2012-07-12 16:37:35 58 ----a-w- C:\Qoobox\Quarantine\catchme.txt 2012-07-12 16:33:53 . 2012-07-12 16:33:53 51 ----a-w- C:\Qoobox\Quarantine\catchme.log 2012-06-27 17:01:44 . 2012-06-27 17:01:44 30 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming\uplog.txt.crypt.vir 2012-06-27 14:03:41 . 2012-06-27 14:03:43 411,648 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming\ohevts.dll.vir 2012-06-27 14:02:43 . 2012-06-27 14:02:31 138,752 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming\muimsc.dll.vir 2011-10-21 00:44:41 . 2011-10-21 00:44:53 5,342,064 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\YouTubeDownloaderSetup34.exe.vir
-
I have not quit/exitted RogueKiller yet, because when I try to, it says that elements have not been deleted... Do I quit anyway? Or do something else?
-
RogueKiller Report: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Tama06 [Admin rights] Mode: Scan -- Date: 07/12/2012 11:08:10 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [sUSP PATH] {8269C180-C8B6-4486-8AEE-CAEC83FDF84B}.job @ : C:\Users\Tama06\Desktop\Gampad_Pro.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\L --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250315AS ATA Device +++++ --- User --- [MBR] a8881ba5916fc08d980df47ee42eb746 [bSP] 476df2a6a58edcea29ab582f9f1820f3 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 226085 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463431680 | Size: 12189 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
-
Finished with those steps. Posting logs. ComboFixLog: ComboFix 12-07-12.02 - Tama06 07/12/2012 10:37:43.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1552 [GMT -6:00] Running from: c:\users\Tama06\Desktop\ComboFix.exe Command switches used :: c:\users\Tama06\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Tama06\AppData\Roaming\muimsc.dll c:\users\Tama06\AppData\Roaming\ohevts.dll c:\users\Tama06\AppData\Roaming\uplog.txt.crypt c:\users\Tama06\YouTubeDownloaderSetup34.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 ))))))))))))))))))))))))))))))) . . 2012-07-12 16:50 . 2012-07-12 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-12 16:28 . 2012-07-12 16:28 -------- d-----w- c:\program files (x86)\ERUNT 2012-07-12 14:00 . 2012-07-12 14:00 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-06-27 18:23 . 2012-06-27 18:23 -------- d-----w- c:\users\Tama06\AppData\Roaming\Malwarebytes 2012-06-27 18:22 . 2012-06-27 18:22 -------- d-----w- c:\programdata\Malwarebytes 2012-06-27 18:22 . 2012-06-27 18:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-27 18:22 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-27 14:02 . 2012-06-27 14:09 -------- d-----w- c:\programdata\529C50D800046EF3000161F1B4EB2367 2012-06-27 14:02 . 2012-06-27 20:41 -------- d-----w- c:\users\Tama06\AppData\Local\About 2012-06-26 15:10 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B44993E-8E8F-446E-ADE8-79861E4F56EA}\mpengine.dll 2012-06-21 13:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 13:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 13:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 13:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 13:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 13:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 13:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 13:37 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 13:37 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-17 06:19 . 2012-06-17 06:19 -------- d-----w- c:\program files\iPod 2012-06-17 06:19 . 2012-06-17 06:19 -------- d-----w- c:\program files\iTunes 2012-06-17 06:19 . 2012-06-17 06:19 -------- d-----w- c:\program files (x86)\iTunes 2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-17 06:12 . 2012-06-17 06:13 -------- d-----w- c:\program files (x86)\QuickTime 2012-06-13 18:04 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-06 00:52 . 2012-06-06 00:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-06 00:52 . 2011-10-04 22:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 02:56 . 2012-04-19 02:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 02:56 . 2012-04-19 02:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Tama06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Tama06\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-5-24 430080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "WallpaperStyle"= 2 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 257696] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-12 33096] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-03 1255736] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 00:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-muimsc - c:\users\Tama06\AppData\Roaming\muimsc.dll Wow6432Node-HKCU-Run-ohevts - c:\users\Tama06\AppData\Roaming\ohevts.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe . ************************************************************************** . Completion time: 2012-07-12 11:01:53 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-12 17:01 . Pre-Run: 114,145,607,680 bytes free Post-Run: 114,261,032,960 bytes free . - - End Of File - - 9677AF4641E4D155A7CB3FB822414766
-
Sorry about the Windows version mix-up... We've got 3 laptops and 4 desktops in the house at the moment, and it's sometimes hard to keep them straight. I'd already shut the infected one down and stowed it away (since we were leaving the country) when you asked about the OS. I am currently running ComboFix. I will post again as soon as it is finished.
-
Also, I've read on other forums that finding the encryption key is an important step in saving the files affected by the ransomware. I have not been able to locate (or recognise) such a file. This may simply be due to ignorance on my part...
-
Also, as to Antivirus software... I just downloaded Avast, but I think that's the only anti-virus I currently have. I believe that my laptop has an expired version of McAfee on it (possibly uninstalled). Will Avast do?
-
MBAM's latest log: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.27.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tama06 :: UTANO2 [administrator] Protection: Enabled 6/27/2012 4:37:06 PM mbam-log-2012-06-27 (16-37-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209583 Time elapsed: 12 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/2/2011 3:35:56 PM System Uptime: 7/12/2012 7:42:33 AM (1 hours ago) . Motherboard: Wistron | | 3612 Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 221 GiB total, 103.432 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.006 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP81: 6/12/2012 9:30:31 AM - Windows Update RP82: 6/14/2012 9:28:44 AM - Windows Update RP83: 6/19/2012 9:24:05 AM - Windows Update RP84: 6/21/2012 7:36:29 AM - Windows Update RP85: 6/26/2012 9:09:52 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 7-Zip 9.20 Acrobat.com Activate Norton Online Backup ActiveCheck component for HP Active Support Library Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5.5 Design Premium Adobe Download Assistant Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.4.6 Adobe Widget Browser Amazon Add to Wish List IE Extension 1.2 Amazon MP3 Downloader 1.0.12 Apple Application Support Apple Software Update Atheros Driver Installation Program Audacity 1.3.13 (Unicode) Bing Bar calibre Choice Guard Compatibility Pack for the 2007 Office system CyberLink DVD Suite Dropbox GIMP 2.6.11 Homepage Protection HP Advisor HP Customer Experience Enhancements HP DVD Play 3.7 HP Games HP Quick Launch Buttons HP Setup HP Smart Web Printing HP Support Assistant HP Update HP User Guides 0156 HP Wireless Assistant HPAsset component for HP Active Support Library Java Auto Updater Java 6 Update 29 Junk Mail filter update LabelPrint LAME v3.98.3 for Audacity LightScribe System Software LIMBO Magic Set Editor 2.0.0 Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Works Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal PDF Settings CS5 pdfsam PictureMover Power2Go PowerDirector PowerRecover QLBCASL QuickTime Realtek 8136 8168 8169 Ethernet Driver Realtek USB 2.0 Card Reader Seagate Dashboard Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Yahoo! Messenger YouTube Downloader 3.4 . ==== Event Viewer Messages From Past Week ======== . 7/12/2012 7:58:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2. 7/12/2012 7:43:59 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================
-
DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Tama06 at 8:03:46 on 2012-07-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1871 [GMT -6:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\HP\QuickPlay\QPService.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Windows\system32\taskeng.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [muimsc] rundll32.exe "C:\Users\Tama06\AppData\Roaming\muimsc.dll",PszDupW uRun: [ohevts] "C:\Windows\System32\rundll32.exe" "C:\Users\Tama06\AppData\Roaming\ohevts.dll",CreateClassDefinition mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Tama06\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tama06\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe uPolicies-system: WallpaperStyle = 2 mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) dPolicies-system: WallpaperStyle = 2 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51}\25166756E6723702E4563747 : DhcpNameServer = 192.168.1.1 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll BHO-X64: HelloWorldBHO - No File BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-27 654408] R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408] R3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 257696] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-07-12 14:00:21 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-06-27 18:23:04 -------- d-----w- C:\Users\Tama06\AppData\Roaming\Malwarebytes 2012-06-27 18:22:57 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-27 18:22:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-27 18:22:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-27 14:03:41 411648 ----a-w- C:\Users\Tama06\AppData\Roaming\ohevts.dll 2012-06-27 14:02:49 -------- d-----w- C:\ProgramData\529C50D800046EF3000161F1B4EB2367 2012-06-27 14:02:45 -------- d-----w- C:\Users\Tama06\AppData\Local\About 2012-06-27 14:02:43 138752 --sha-w- C:\Users\Tama06\AppData\Roaming\muimsc.dll 2012-06-26 15:10:59 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7B44993E-8E8F-446E-ADE8-79861E4F56EA}\mpengine.dll 2012-06-21 13:38:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 13:37:51 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 13:37:24 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 13:37:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-17 06:19:09 -------- d-----w- C:\Program Files\iPod 2012-06-17 06:19:08 -------- d-----w- C:\Program Files\iTunes 2012-06-17 06:19:08 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-13 18:04:36 209920 ----a-w- C:\Windows\System32\profsvc.dll . ==================== Find3M ==================== . 2012-06-06 00:52:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-06 00:52:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 8:04:47.08 ===============
-
I've run all the utilities. Everything apparently came back clear. TDSSKiller's Report: 08:00:38.0658 3696 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 08:00:38.0751 3696 ============================================================ 08:00:38.0751 3696 Current date / time: 2012/07/12 08:00:38.0751 08:00:38.0751 3696 SystemInfo: 08:00:38.0751 3696 08:00:38.0751 3696 OS Version: 6.1.7601 ServicePack: 1.0 08:00:38.0751 3696 Product type: Workstation 08:00:38.0751 3696 ComputerName: UTANO2 08:00:38.0751 3696 UserName: Tama06 08:00:38.0751 3696 Windows directory: C:\Windows 08:00:38.0751 3696 System windows directory: C:\Windows 08:00:38.0751 3696 Running under WOW64 08:00:38.0751 3696 Processor architecture: Intel x64 08:00:38.0751 3696 Number of processors: 1 08:00:38.0751 3696 Page size: 0x1000 08:00:38.0751 3696 Boot type: Normal boot 08:00:38.0751 3696 ============================================================ 08:00:39.0999 3696 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x4BB4D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x19, Type 'K0', Flags 0x00000040 08:00:39.0999 3696 Drive \Device\Harddisk1\DR2 - Size: 0xEE680000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 08:00:40.0015 3696 ============================================================ 08:00:40.0015 3696 \Device\Harddisk0\DR0: 08:00:40.0015 3696 MBR partitions: 08:00:40.0015 3696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 08:00:40.0015 3696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B992800 08:00:40.0015 3696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B9F6800, BlocksNum 0x17CE800 08:00:40.0015 3696 \Device\Harddisk1\DR2: 08:00:40.0015 3696 MBR partitions: 08:00:40.0015 3696 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x771480 08:00:40.0015 3696 ============================================================ 08:00:40.0031 3696 C: <-> \Device\Harddisk0\DR0\Partition1 08:00:40.0077 3696 D: <-> \Device\Harddisk0\DR0\Partition2 08:00:40.0077 3696 ============================================================ 08:00:40.0077 3696 Initialize success 08:00:40.0077 3696 ============================================================ 08:00:42.0168 4056 ============================================================ 08:00:42.0168 4056 Scan started 08:00:42.0168 4056 Mode: Manual; 08:00:42.0168 4056 ============================================================ 08:00:43.0447 4056 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 08:00:43.0447 4056 1394ohci - ok 08:00:43.0494 4056 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:00:43.0509 4056 ACPI - ok 08:00:43.0541 4056 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:00:43.0541 4056 AcpiPmi - ok 08:00:43.0665 4056 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 08:00:43.0681 4056 AdobeFlashPlayerUpdateSvc - ok 08:00:43.0743 4056 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 08:00:43.0759 4056 adp94xx - ok 08:00:43.0806 4056 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 08:00:43.0821 4056 adpahci - ok 08:00:43.0853 4056 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 08:00:43.0853 4056 adpu320 - ok 08:00:43.0899 4056 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 08:00:43.0899 4056 AeLookupSvc - ok 08:00:43.0993 4056 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 08:00:44.0009 4056 AFD - ok 08:00:44.0071 4056 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:00:44.0071 4056 agp440 - ok 08:00:44.0102 4056 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 08:00:44.0102 4056 ALG - ok 08:00:44.0133 4056 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:00:44.0133 4056 aliide - ok 08:00:44.0149 4056 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:00:44.0165 4056 amdide - ok 08:00:44.0227 4056 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 08:00:44.0227 4056 AmdK8 - ok 08:00:44.0243 4056 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 08:00:44.0243 4056 AmdPPM - ok 08:00:44.0274 4056 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:00:44.0289 4056 amdsata - ok 08:00:44.0321 4056 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 08:00:44.0321 4056 amdsbs - ok 08:00:44.0336 4056 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:00:44.0352 4056 amdxata - ok 08:00:44.0399 4056 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:00:44.0414 4056 AppID - ok 08:00:44.0430 4056 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 08:00:44.0445 4056 AppIDSvc - ok 08:00:44.0492 4056 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 08:00:44.0492 4056 Appinfo - ok 08:00:45.0038 4056 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 08:00:45.0038 4056 Apple Mobile Device - ok 08:00:45.0085 4056 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 08:00:45.0085 4056 arc - ok 08:00:45.0116 4056 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 08:00:45.0116 4056 arcsas - ok 08:00:45.0147 4056 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:00:45.0163 4056 AsyncMac - ok 08:00:45.0194 4056 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 08:00:45.0194 4056 atapi - ok 08:00:45.0303 4056 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys 08:00:45.0335 4056 athr - ok 08:00:45.0491 4056 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:00:45.0506 4056 AudioEndpointBuilder - ok 08:00:45.0522 4056 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:00:45.0537 4056 AudioSrv - ok 08:00:45.0600 4056 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 08:00:45.0600 4056 AxInstSV - ok 08:00:45.0678 4056 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 08:00:45.0693 4056 b06bdrv - ok 08:00:45.0740 4056 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:00:45.0756 4056 b57nd60a - ok 08:00:45.0834 4056 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 08:00:45.0834 4056 BBSvc - ok 08:00:45.0881 4056 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 08:00:45.0896 4056 BBUpdate - ok 08:00:45.0927 4056 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 08:00:45.0927 4056 BDESVC - ok 08:00:45.0959 4056 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:00:45.0959 4056 Beep - ok 08:00:46.0037 4056 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 08:00:46.0052 4056 BFE - ok 08:00:46.0146 4056 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 08:00:46.0161 4056 BITS - ok 08:00:46.0193 4056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 08:00:46.0208 4056 blbdrive - ok 08:00:46.0286 4056 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 08:00:46.0302 4056 Bonjour Service - ok 08:00:46.0333 4056 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 08:00:46.0349 4056 bowser - ok 08:00:46.0364 4056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 08:00:46.0364 4056 BrFiltLo - ok 08:00:46.0380 4056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 08:00:46.0380 4056 BrFiltUp - ok 08:00:46.0427 4056 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 08:00:46.0427 4056 Browser - ok 08:00:46.0458 4056 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:00:46.0473 4056 Brserid - ok 08:00:46.0489 4056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:00:46.0489 4056 BrSerWdm - ok 08:00:46.0489 4056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:00:46.0505 4056 BrUsbMdm - ok 08:00:46.0505 4056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:00:46.0505 4056 BrUsbSer - ok 08:00:46.0520 4056 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 08:00:46.0520 4056 BTHMODEM - ok 08:00:46.0551 4056 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 08:00:46.0551 4056 bthserv - ok 08:00:46.0598 4056 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys 08:00:46.0614 4056 CAXHWAZL - ok 08:00:46.0629 4056 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:00:46.0629 4056 cdfs - ok 08:00:46.0676 4056 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 08:00:46.0676 4056 cdrom - ok 08:00:46.0739 4056 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:00:46.0739 4056 CertPropSvc - ok 08:00:46.0770 4056 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 08:00:46.0770 4056 circlass - ok 08:00:47.0425 4056 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:00:47.0441 4056 CLFS - ok 08:00:47.0519 4056 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:00:47.0519 4056 clr_optimization_v2.0.50727_32 - ok 08:00:47.0581 4056 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:00:47.0581 4056 clr_optimization_v2.0.50727_64 - ok 08:00:47.0643 4056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:00:47.0643 4056 clr_optimization_v4.0.30319_32 - ok 08:00:47.0690 4056 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:00:47.0690 4056 clr_optimization_v4.0.30319_64 - ok 08:00:47.0721 4056 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 08:00:47.0721 4056 CmBatt - ok 08:00:47.0737 4056 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 08:00:47.0737 4056 cmdide - ok 08:00:47.0799 4056 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 08:00:47.0831 4056 CNG - ok 08:00:47.0894 4056 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys 08:00:47.0925 4056 CnxtHdAudService - ok 08:00:48.0019 4056 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 08:00:48.0034 4056 Com4QLBEx - ok 08:00:48.0050 4056 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 08:00:48.0066 4056 Compbatt - ok 08:00:48.0081 4056 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 08:00:48.0097 4056 CompositeBus - ok 08:00:48.0112 4056 COMSysApp - ok 08:00:48.0128 4056 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 08:00:48.0128 4056 crcdisk - ok 08:00:48.0190 4056 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 08:00:48.0190 4056 CryptSvc - ok 08:00:48.0268 4056 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:00:48.0284 4056 DcomLaunch - ok 08:00:48.0315 4056 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 08:00:48.0331 4056 defragsvc - ok 08:00:48.0378 4056 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 08:00:48.0378 4056 DfsC - ok 08:00:48.0456 4056 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 08:00:48.0471 4056 Dhcp - ok 08:00:48.0487 4056 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:00:48.0487 4056 discache - ok 08:00:48.0518 4056 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 08:00:48.0518 4056 Disk - ok 08:00:48.0549 4056 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 08:00:48.0565 4056 Dnscache - ok 08:00:48.0612 4056 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 08:00:48.0612 4056 dot3svc - ok 08:00:48.0658 4056 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 08:00:48.0658 4056 DPS - ok 08:00:48.0690 4056 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:00:48.0690 4056 drmkaud - ok 08:00:48.0768 4056 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 08:00:48.0799 4056 DXGKrnl - ok 08:00:48.0830 4056 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 08:00:48.0846 4056 EapHost - ok 08:00:48.0986 4056 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 08:00:49.0064 4056 ebdrv - ok 08:00:49.0594 4056 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 08:00:49.0594 4056 EFS - ok 08:00:49.0719 4056 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 08:00:49.0735 4056 ehRecvr - ok 08:00:49.0782 4056 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 08:00:49.0782 4056 ehSched - ok 08:00:49.0860 4056 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 08:00:49.0875 4056 elxstor - ok 08:00:49.0906 4056 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 08:00:49.0922 4056 ErrDev - ok 08:00:49.0984 4056 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 08:00:50.0000 4056 EventSystem - ok 08:00:50.0047 4056 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:00:50.0047 4056 exfat - ok 08:00:50.0078 4056 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:00:50.0078 4056 fastfat - ok 08:00:50.0172 4056 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 08:00:50.0187 4056 Fax - ok 08:00:50.0218 4056 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 08:00:50.0218 4056 fdc - ok 08:00:50.0265 4056 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 08:00:50.0265 4056 fdPHost - ok 08:00:50.0296 4056 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 08:00:50.0296 4056 FDResPub - ok 08:00:50.0312 4056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:00:50.0328 4056 FileInfo - ok 08:00:50.0343 4056 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:00:50.0343 4056 Filetrace - ok 08:00:50.0359 4056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 08:00:50.0359 4056 flpydisk - ok 08:00:50.0421 4056 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 08:00:50.0437 4056 FltMgr - ok 08:00:50.0515 4056 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 08:00:50.0562 4056 FontCache - ok 08:00:50.0640 4056 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:00:50.0655 4056 FontCache3.0.0.0 - ok 08:00:50.0702 4056 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:00:50.0702 4056 FsDepends - ok 08:00:50.0749 4056 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 08:00:50.0749 4056 Fs_Rec - ok 08:00:50.0827 4056 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:00:50.0827 4056 fvevol - ok 08:00:50.0858 4056 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 08:00:50.0858 4056 gagp30kx - ok 08:00:50.0967 4056 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 08:00:50.0967 4056 GameConsoleService - ok 08:00:51.0014 4056 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 08:00:51.0014 4056 GEARAspiWDM - ok 08:00:51.0092 4056 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 08:00:51.0123 4056 gpsvc - ok 08:00:51.0154 4056 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:00:51.0154 4056 hcw85cir - ok 08:00:51.0232 4056 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 08:00:51.0248 4056 HdAudAddService - ok 08:00:51.0279 4056 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 08:00:51.0279 4056 HDAudBus - ok 08:00:51.0326 4056 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 08:00:51.0326 4056 HidBatt - ok 08:00:51.0778 4056 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 08:00:51.0778 4056 HidBth - ok 08:00:51.0810 4056 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 08:00:51.0841 4056 HidIr - ok 08:00:51.0872 4056 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 08:00:51.0872 4056 hidserv - ok 08:00:51.0934 4056 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 08:00:51.0934 4056 HidUsb - ok 08:00:51.0981 4056 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 08:00:51.0997 4056 hkmsvc - ok 08:00:52.0044 4056 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 08:00:52.0059 4056 HomeGroupListener - ok 08:00:52.0106 4056 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 08:00:52.0122 4056 HomeGroupProvider - ok 08:00:52.0215 4056 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 08:00:52.0215 4056 HP Health Check Service - ok 08:00:52.0246 4056 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 08:00:52.0246 4056 HpqKbFiltr - ok 08:00:52.0324 4056 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 08:00:52.0324 4056 hpqwmiex - ok 08:00:52.0371 4056 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 08:00:52.0371 4056 HpSAMD - ok 08:00:52.0480 4056 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll 08:00:52.0512 4056 HsfXAudioService - ok 08:00:52.0590 4056 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys 08:00:52.0621 4056 HSF_DPV - ok 08:00:52.0792 4056 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 08:00:52.0808 4056 HTTP - ok 08:00:52.0855 4056 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 08:00:52.0855 4056 hwpolicy - ok 08:00:52.0902 4056 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 08:00:52.0902 4056 i8042prt - ok 08:00:52.0964 4056 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 08:00:52.0980 4056 iaStorV - ok 08:00:53.0104 4056 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:00:53.0136 4056 idsvc - ok 08:00:53.0604 4056 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys 08:00:53.0822 4056 igfx - ok 08:00:54.0274 4056 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 08:00:54.0274 4056 iirsp - ok 08:00:54.0352 4056 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 08:00:54.0384 4056 IKEEXT - ok 08:00:54.0415 4056 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 08:00:54.0415 4056 intelide - ok 08:00:54.0446 4056 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 08:00:54.0446 4056 intelppm - ok 08:00:54.0493 4056 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 08:00:54.0493 4056 IPBusEnum - ok 08:00:54.0555 4056 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:00:54.0555 4056 IpFilterDriver - ok 08:00:54.0602 4056 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 08:00:54.0618 4056 iphlpsvc - ok 08:00:54.0664 4056 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 08:00:54.0664 4056 IPMIDRV - ok 08:00:54.0711 4056 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:00:54.0711 4056 IPNAT - ok 08:00:54.0852 4056 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe 08:00:54.0898 4056 iPod Service - ok 08:00:54.0961 4056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:00:54.0961 4056 IRENUM - ok 08:00:54.0992 4056 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 08:00:54.0992 4056 isapnp - ok 08:00:55.0023 4056 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 08:00:55.0023 4056 iScsiPrt - ok 08:00:55.0070 4056 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 08:00:55.0070 4056 kbdclass - ok 08:00:55.0117 4056 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 08:00:55.0117 4056 kbdhid - ok 08:00:55.0164 4056 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:00:55.0164 4056 KeyIso - ok 08:00:55.0195 4056 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 08:00:55.0195 4056 KSecDD - ok 08:00:55.0226 4056 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 08:00:55.0226 4056 KSecPkg - ok 08:00:55.0273 4056 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:00:55.0273 4056 ksthunk - ok 08:00:55.0320 4056 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 08:00:55.0335 4056 KtmRm - ok 08:00:55.0398 4056 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 08:00:55.0413 4056 LanmanServer - ok 08:00:55.0460 4056 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 08:00:55.0460 4056 LanmanWorkstation - ok 08:00:55.0554 4056 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 08:00:55.0554 4056 LightScribeService - ok 08:00:55.0616 4056 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:00:55.0616 4056 lltdio - ok 08:00:55.0647 4056 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 08:00:55.0663 4056 lltdsvc - ok 08:00:55.0678 4056 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 08:00:55.0678 4056 lmhosts - ok 08:00:55.0725 4056 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 08:00:55.0725 4056 LSI_FC - ok 08:00:55.0741 4056 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 08:00:55.0756 4056 LSI_SAS - ok 08:00:55.0772 4056 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 08:00:55.0788 4056 LSI_SAS2 - ok 08:00:55.0803 4056 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 08:00:55.0803 4056 LSI_SCSI - ok 08:00:55.0834 4056 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:00:55.0834 4056 luafv - ok 08:00:55.0897 4056 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys 08:00:55.0897 4056 mbamchameleon - ok 08:00:55.0959 4056 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 08:00:55.0959 4056 MBAMProtector - ok 08:00:56.0022 4056 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 08:00:56.0053 4056 MBAMService - ok 08:00:56.0568 4056 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 08:00:56.0583 4056 Mcx2Svc - ok 08:00:56.0614 4056 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 08:00:56.0614 4056 mdmxsdk - ok 08:00:56.0630 4056 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 08:00:56.0630 4056 megasas - ok 08:00:56.0677 4056 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 08:00:56.0692 4056 MegaSR - ok 08:00:56.0739 4056 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:00:56.0739 4056 MMCSS - ok 08:00:56.0755 4056 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:00:56.0755 4056 Modem - ok 08:00:56.0802 4056 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:00:56.0802 4056 monitor - ok 08:00:56.0848 4056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 08:00:56.0848 4056 mouclass - ok 08:00:56.0880 4056 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 08:00:56.0880 4056 mouhid - ok 08:00:56.0942 4056 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 08:00:56.0942 4056 mountmgr - ok 08:00:56.0973 4056 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 08:00:56.0973 4056 mpio - ok 08:00:57.0004 4056 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:00:57.0004 4056 mpsdrv - ok 08:00:57.0098 4056 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 08:00:57.0129 4056 MpsSvc - ok 08:00:57.0192 4056 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 08:00:57.0192 4056 MRxDAV - ok 08:00:57.0223 4056 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:00:57.0223 4056 mrxsmb - ok 08:00:57.0270 4056 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:00:57.0285 4056 mrxsmb10 - ok 08:00:57.0301 4056 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:00:57.0301 4056 mrxsmb20 - ok 08:00:57.0348 4056 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 08:00:57.0348 4056 msahci - ok 08:00:57.0379 4056 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 08:00:57.0379 4056 msdsm - ok 08:00:57.0426 4056 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 08:00:57.0426 4056 MSDTC - ok 08:00:57.0472 4056 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:00:57.0472 4056 Msfs - ok 08:00:57.0504 4056 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:00:57.0504 4056 mshidkmdf - ok 08:00:57.0550 4056 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 08:00:57.0550 4056 msisadrv - ok 08:00:57.0582 4056 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 08:00:57.0597 4056 MSiSCSI - ok 08:00:57.0613 4056 msiserver - ok 08:00:57.0644 4056 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:00:57.0644 4056 MSKSSRV - ok 08:00:57.0660 4056 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:00:57.0660 4056 MSPCLOCK - ok 08:00:57.0675 4056 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:00:57.0675 4056 MSPQM - ok 08:00:57.0753 4056 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 08:00:57.0769 4056 MsRPC - ok 08:00:57.0800 4056 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 08:00:57.0800 4056 mssmbios - ok 08:00:57.0831 4056 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:00:57.0831 4056 MSTEE - ok 08:00:57.0847 4056 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 08:00:57.0847 4056 MTConfig - ok 08:00:57.0878 4056 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:00:57.0878 4056 Mup - ok 08:00:57.0940 4056 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 08:00:57.0972 4056 napagent - ok 08:00:58.0018 4056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:00:58.0034 4056 NativeWifiP - ok 08:00:58.0096 4056 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 08:00:58.0128 4056 NDIS - ok 08:00:58.0159 4056 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:00:58.0159 4056 NdisCap - ok 08:00:58.0190 4056 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:00:58.0190 4056 NdisTapi - ok 08:00:58.0252 4056 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 08:00:58.0252 4056 Ndisuio - ok 08:00:58.0315 4056 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 08:00:58.0315 4056 NdisWan - ok 08:00:58.0377 4056 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 08:00:58.0377 4056 NDProxy - ok 08:00:58.0798 4056 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:00:58.0814 4056 NetBIOS - ok 08:00:58.0861 4056 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 08:00:58.0876 4056 NetBT - ok 08:00:58.0923 4056 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:00:58.0923 4056 Netlogon - ok 08:00:58.0986 4056 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 08:00:59.0001 4056 Netman - ok 08:00:59.0032 4056 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 08:00:59.0032 4056 netprofm - ok 08:00:59.0110 4056 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 08:00:59.0110 4056 NetTcpPortSharing - ok 08:00:59.0376 4056 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 08:00:59.0485 4056 netw5v64 - ok 08:00:59.0594 4056 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 08:00:59.0594 4056 nfrd960 - ok 08:00:59.0672 4056 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 08:00:59.0688 4056 NlaSvc - ok 08:00:59.0703 4056 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:00:59.0719 4056 Npfs - ok 08:00:59.0750 4056 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 08:00:59.0750 4056 nsi - ok 08:00:59.0781 4056 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:00:59.0781 4056 nsiproxy - ok 08:00:59.0875 4056 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 08:00:59.0922 4056 Ntfs - ok 08:01:00.0031 4056 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:01:00.0031 4056 Null - ok 08:01:00.0062 4056 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 08:01:00.0078 4056 nvraid - ok 08:01:00.0109 4056 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 08:01:00.0109 4056 nvstor - ok 08:01:00.0140 4056 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 08:01:00.0156 4056 nv_agp - ok 08:01:00.0265 4056 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 08:01:00.0280 4056 odserv - ok 08:01:00.0312 4056 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 08:01:00.0327 4056 ohci1394 - ok 08:01:00.0358 4056 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:01:00.0358 4056 ose - ok 08:01:00.0421 4056 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:01:00.0436 4056 p2pimsvc - ok 08:01:00.0483 4056 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 08:01:00.0514 4056 p2psvc - ok 08:01:00.0546 4056 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 08:01:00.0546 4056 Parport - ok 08:01:00.0577 4056 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 08:01:00.0577 4056 partmgr - ok 08:01:00.0608 4056 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 08:01:00.0608 4056 PcaSvc - ok 08:01:00.0639 4056 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 08:01:00.0655 4056 pci - ok 08:01:01.0107 4056 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 08:01:01.0107 4056 pciide - ok 08:01:01.0154 4056 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 08:01:01.0170 4056 pcmcia - ok 08:01:01.0185 4056 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:01:01.0185 4056 pcw - ok 08:01:01.0248 4056 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:01:01.0263 4056 PEAUTH - ok 08:01:01.0341 4056 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 08:01:01.0341 4056 PerfHost - ok 08:01:01.0466 4056 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 08:01:01.0497 4056 pla - ok 08:01:01.0560 4056 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 08:01:01.0591 4056 PlugPlay - ok 08:01:01.0606 4056 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 08:01:01.0606 4056 PNRPAutoReg - ok 08:01:01.0653 4056 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:01:01.0653 4056 PNRPsvc - ok 08:01:01.0716 4056 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 08:01:01.0747 4056 PolicyAgent - ok 08:01:01.0794 4056 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 08:01:01.0794 4056 Power - ok 08:01:01.0887 4056 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 08:01:01.0887 4056 PptpMiniport - ok 08:01:01.0934 4056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 08:01:01.0934 4056 Processor - ok 08:01:01.0996 4056 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 08:01:01.0996 4056 ProfSvc - ok 08:01:02.0059 4056 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:01:02.0059 4056 ProtectedStorage - ok 08:01:02.0121 4056 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 08:01:02.0137 4056 Psched - ok 08:01:02.0215 4056 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 08:01:02.0262 4056 ql2300 - ok 08:01:02.0355 4056 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 08:01:02.0355 4056 ql40xx - ok 08:01:02.0402 4056 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 08:01:02.0418 4056 QWAVE - ok 08:01:02.0449 4056 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:01:02.0449 4056 QWAVEdrv - ok 08:01:02.0480 4056 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:01:02.0480 4056 RasAcd - ok 08:01:02.0527 4056 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:01:02.0527 4056 RasAgileVpn - ok 08:01:02.0574 4056 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 08:01:02.0574 4056 RasAuto - ok 08:01:02.0620 4056 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:01:02.0620 4056 Rasl2tp - ok 08:01:02.0683 4056 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 08:01:02.0698 4056 RasMan - ok 08:01:02.0745 4056 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:01:02.0745 4056 RasPppoe - ok 08:01:02.0776 4056 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:01:02.0776 4056 RasSstp - ok 08:01:02.0808 4056 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 08:01:02.0823 4056 rdbss - ok 08:01:02.0839 4056 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 08:01:02.0839 4056 rdpbus - ok 08:01:02.0870 4056 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:01:02.0870 4056 RDPCDD - ok 08:01:02.0917 4056 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:01:02.0917 4056 RDPENCDD - ok 08:01:02.0932 4056 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:01:02.0932 4056 RDPREFMP - ok 08:01:02.0995 4056 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 08:01:02.0995 4056 RDPWD - ok 08:01:03.0525 4056 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 08:01:03.0525 4056 rdyboost - ok 08:01:03.0556 4056 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 08:01:03.0572 4056 RemoteAccess - ok 08:01:03.0603 4056 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 08:01:03.0603 4056 RemoteRegistry - ok 08:01:03.0697 4056 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 08:01:03.0697 4056 RichVideo - ok 08:01:03.0744 4056 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 08:01:03.0744 4056 RpcEptMapper - ok 08:01:03.0775 4056 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 08:01:03.0775 4056 RpcLocator - ok 08:01:03.0837 4056 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:01:03.0853 4056 RpcSs - ok 08:01:03.0915 4056 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:01:03.0915 4056 rspndr - ok 08:01:03.0946 4056 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys 08:01:03.0962 4056 RSUSBSTOR - ok 08:01:04.0009 4056 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 08:01:04.0009 4056 RTL8167 - ok 08:01:04.0024 4056 RtsUIR - ok 08:01:04.0071 4056 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:01:04.0087 4056 SamSs - ok 08:01:04.0118 4056 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 08:01:04.0118 4056 sbp2port - ok 08:01:04.0149 4056 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 08:01:04.0165 4056 SCardSvr - ok 08:01:04.0212 4056 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 08:01:04.0212 4056 scfilter - ok 08:01:04.0305 4056 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 08:01:04.0336 4056 Schedule - ok 08:01:04.0383 4056 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:01:04.0383 4056 SCPolicySvc - ok 08:01:04.0446 4056 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 08:01:04.0446 4056 sdbus - ok 08:01:04.0477 4056 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 08:01:04.0477 4056 SDRSVC - ok 08:01:04.0570 4056 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe 08:01:04.0570 4056 SeagateDashboardService - ok 08:01:04.0617 4056 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:01:04.0617 4056 secdrv - ok 08:01:04.0664 4056 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 08:01:04.0680 4056 seclogon - ok 08:01:04.0711 4056 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 08:01:04.0711 4056 SENS - ok 08:01:04.0758 4056 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 08:01:04.0773 4056 SensrSvc - ok 08:01:04.0789 4056 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 08:01:04.0804 4056 Serenum - ok 08:01:04.0820 4056 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 08:01:04.0836 4056 Serial - ok 08:01:04.0867 4056 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 08:01:04.0867 4056 sermouse - ok 08:01:04.0929 4056 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 08:01:04.0929 4056 SessionEnv - ok 08:01:04.0960 4056 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 08:01:04.0960 4056 sffdisk - ok 08:01:04.0976 4056 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 08:01:04.0976 4056 sffp_mmc - ok 08:01:05.0007 4056 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 08:01:05.0007 4056 sffp_sd - ok 08:01:05.0038 4056 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 08:01:05.0038 4056 sfloppy - ok 08:01:05.0101 4056 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 08:01:05.0116 4056 SharedAccess - ok 08:01:05.0179 4056 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 08:01:05.0194 4056 ShellHWDetection - ok 08:01:05.0226 4056 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 08:01:05.0226 4056 SiSRaid2 - ok 08:01:05.0272 4056 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 08:01:05.0272 4056 SiSRaid4 - ok 08:01:05.0818 4056 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:01:05.0834 4056 Smb - ok 08:01:05.0881 4056 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 08:01:05.0881 4056 SNMPTRAP - ok 08:01:05.0896 4056 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:01:05.0896 4056 spldr - ok 08:01:05.0974 4056 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 08:01:05.0990 4056 Spooler - ok 08:01:06.0177 4056 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 08:01:06.0271 4056 sppsvc - ok 08:01:06.0364 4056 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 08:01:06.0364 4056 sppuinotify - ok 08:01:06.0442 4056 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 08:01:06.0458 4056 srv - ok 08:01:06.0489 4056 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 08:01:06.0505 4056 srv2 - ok 08:01:06.0567 4056 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 08:01:06.0583 4056 SrvHsfHDA - ok 08:01:06.0661 4056 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 08:01:06.0708 4056 SrvHsfV92 - ok 08:01:06.0864 4056 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 08:01:06.0895 4056 SrvHsfWinac - ok 08:01:06.0926 4056 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 08:01:06.0926 4056 srvnet - ok 08:01:06.0973 4056 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 08:01:06.0988 4056 SSDPSRV - ok 08:01:07.0004 4056 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 08:01:07.0020 4056 SstpSvc - ok 08:01:07.0051 4056 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 08:01:07.0051 4056 stexstor - ok 08:01:07.0129 4056 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 08:01:07.0144 4056 stisvc - ok 08:01:07.0191 4056 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 08:01:07.0191 4056 swenum - ok 08:01:07.0300 4056 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 08:01:07.0332 4056 SwitchBoard - ok 08:01:07.0378 4056 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 08:01:07.0394 4056 swprv - ok 08:01:07.0456 4056 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys 08:01:07.0472 4056 SynTP - ok 08:01:07.0800 4056 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 08:01:07.0846 4056 SysMain - ok 08:01:08.0190 4056 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 08:01:08.0190 4056 TabletInputService - ok 08:01:08.0221 4056 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 08:01:08.0236 4056 TapiSrv - ok 08:01:08.0283 4056 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 08:01:08.0283 4056 TBS - ok 08:01:08.0470 4056 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 08:01:08.0533 4056 Tcpip - ok 08:01:08.0689 4056 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 08:01:08.0704 4056 TCPIP6 - ok 08:01:08.0798 4056 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 08:01:08.0798 4056 tcpipreg - ok 08:01:08.0860 4056 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 08:01:08.0860 4056 TDPIPE - ok 08:01:08.0907 4056 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 08:01:08.0907 4056 TDTCP - ok 08:01:08.0985 4056 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 08:01:08.0985 4056 tdx - ok 08:01:09.0016 4056 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 08:01:09.0032 4056 TermDD - ok 08:01:09.0079 4056 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 08:01:09.0110 4056 TermService - ok 08:01:09.0126 4056 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 08:01:09.0141 4056 Themes - ok 08:01:09.0172 4056 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:01:09.0172 4056 THREADORDER - ok 08:01:09.0204 4056 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 08:01:09.0204 4056 TrkWks - ok 08:01:09.0282 4056 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 08:01:09.0282 4056 TrustedInstaller - ok 08:01:09.0344 4056 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:01:09.0344 4056 tssecsrv - ok 08:01:09.0391 4056 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 08:01:09.0391 4056 TsUsbFlt - ok 08:01:09.0469 4056 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 08:01:09.0469 4056 tunnel - ok 08:01:09.0516 4056 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 08:01:09.0516 4056 uagp35 - ok 08:01:09.0578 4056 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 08:01:09.0594 4056 udfs - ok 08:01:09.0625 4056 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 08:01:09.0640 4056 UI0Detect - ok 08:01:09.0672 4056 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 08:01:09.0672 4056 uliagpkx - ok 08:01:09.0718 4056 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 08:01:09.0718 4056 umbus - ok 08:01:09.0750 4056 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 08:01:09.0750 4056 UmPass - ok 08:01:09.0781 4056 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 08:01:09.0812 4056 upnphost - ok 08:01:10.0093 4056 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 08:01:10.0093 4056 USBAAPL64 - ok 08:01:10.0420 4056 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys 08:01:10.0436 4056 usbccgp - ok 08:01:10.0452 4056 USBCCID - ok 08:01:10.0498 4056 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 08:01:10.0498 4056 usbcir - ok 08:01:10.0530 4056 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 08:01:10.0530 4056 usbehci - ok 08:01:10.0576 4056 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 08:01:10.0592 4056 usbhub - ok 08:01:10.0623 4056 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 08:01:10.0623 4056 usbohci - ok 08:01:10.0670 4056 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 08:01:10.0670 4056 usbprint - ok 08:01:10.0701 4056 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:01:10.0701 4056 USBSTOR - ok 08:01:10.0717 4056 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 08:01:10.0732 4056 usbuhci - ok 08:01:10.0764 4056 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 08:01:10.0764 4056 UxSms - ok 08:01:10.0810 4056 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:01:10.0810 4056 VaultSvc - ok 08:01:10.0842 4056 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 08:01:10.0842 4056 vdrvroot - ok 08:01:10.0920 4056 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 08:01:10.0935 4056 vds - ok 08:01:10.0966 4056 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 08:01:10.0966 4056 vga - ok 08:01:10.0998 4056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 08:01:11.0013 4056 VgaSave - ok 08:01:11.0044 4056 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 08:01:11.0060 4056 vhdmp - ok 08:01:11.0076 4056 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 08:01:11.0076 4056 viaide - ok 08:01:11.0107 4056 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 08:01:11.0107 4056 volmgr - ok 08:01:11.0169 4056 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 08:01:11.0185 4056 volmgrx - ok 08:01:11.0216 4056 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 08:01:11.0232 4056 volsnap - ok 08:01:11.0263 4056 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 08:01:11.0278 4056 vsmraid - ok 08:01:11.0388 4056 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 08:01:11.0434 4056 VSS - ok 08:01:11.0544 4056 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 08:01:11.0544 4056 vwifibus - ok 08:01:11.0590 4056 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 08:01:11.0590 4056 vwififlt - ok 08:01:11.0622 4056 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 08:01:11.0622 4056 vwifimp - ok 08:01:11.0668 4056 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 08:01:11.0684 4056 W32Time - ok 08:01:11.0715 4056 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 08:01:11.0715 4056 WacomPen - ok 08:01:11.0793 4056 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:01:11.0793 4056 WANARP - ok 08:01:11.0809 4056 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:01:11.0809 4056 Wanarpv6 - ok 08:01:11.0902 4056 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 08:01:11.0934 4056 WatAdminSvc - ok 08:01:12.0027 4056 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 08:01:12.0074 4056 wbengine - ok 08:01:12.0636 4056 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 08:01:12.0636 4056 WbioSrvc - ok 08:01:12.0714 4056 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 08:01:12.0729 4056 wcncsvc - ok 08:01:12.0745 4056 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 08:01:12.0745 4056 WcsPlugInService - ok 08:01:12.0807 4056 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 08:01:12.0807 4056 Wd - ok 08:01:12.0854 4056 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 08:01:12.0870 4056 Wdf01000 - ok 08:01:12.0901 4056 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:01:12.0901 4056 WdiServiceHost - ok 08:01:12.0916 4056 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:01:12.0916 4056 WdiSystemHost - ok 08:01:12.0979 4056 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 08:01:12.0994 4056 WebClient - ok 08:01:13.0026 4056 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 08:01:13.0041 4056 Wecsvc - ok 08:01:13.0057 4056 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 08:01:13.0072 4056 wercplsupport - ok 08:01:13.0104 4056 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 08:01:13.0119 4056 WerSvc - ok 08:01:13.0182 4056 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 08:01:13.0182 4056 WfpLwf - ok 08:01:13.0213 4056 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 08:01:13.0213 4056 WIMMount - ok 08:01:13.0291 4056 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys 08:01:13.0306 4056 winachsf - ok 08:01:13.0353 4056 WinDefend - ok 08:01:13.0369 4056 WinHttpAutoProxySvc - ok 08:01:13.0431 4056 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 08:01:13.0431 4056 Winmgmt - ok 08:01:13.0572 4056 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 08:01:13.0618 4056 WinRM - ok 08:01:13.0759 4056 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 08:01:13.0759 4056 WinUsb - ok 08:01:13.0837 4056 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 08:01:13.0868 4056 Wlansvc - ok 08:01:13.0899 4056 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 08:01:13.0915 4056 WmiAcpi - ok 08:01:13.0977 4056 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 08:01:13.0993 4056 wmiApSrv - ok 08:01:14.0040 4056 WMPNetworkSvc - ok 08:01:14.0071 4056 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 08:01:14.0086 4056 WPCSvc - ok 08:01:14.0133 4056 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 08:01:14.0133 4056 WPDBusEnum - ok 08:01:14.0180 4056 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 08:01:14.0180 4056 ws2ifsl - ok 08:01:14.0196 4056 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 08:01:14.0211 4056 wscsvc - ok 08:01:14.0242 4056 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys 08:01:14.0242 4056 WSDPrintDevice - ok 08:01:14.0258 4056 WSearch - ok 08:01:14.0913 4056 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 08:01:14.0929 4056 wuauserv - ok 08:01:15.0069 4056 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 08:01:15.0085 4056 WudfPf - ok 08:01:15.0147 4056 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:01:15.0163 4056 WUDFRd - ok 08:01:15.0210 4056 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 08:01:15.0210 4056 wudfsvc - ok 08:01:15.0241 4056 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 08:01:15.0256 4056 WwanSvc - ok 08:01:15.0303 4056 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys 08:01:15.0303 4056 XAudio - ok 08:01:15.0366 4056 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 08:01:15.0381 4056 yukonw7 - ok 08:01:15.0444 4056 MBR (0x1B8) (efc2eced49282702db0b737570780fb0) \Device\Harddisk0\DR0 08:01:15.0646 4056 \Device\Harddisk0\DR0 - ok 08:01:15.0662 4056 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2 08:01:16.0177 4056 \Device\Harddisk1\DR2 - ok 08:01:16.0192 4056 Boot (0x1200) (eeb21de342fbc056de682cc90ab12256) \Device\Harddisk0\DR0\Partition0 08:01:16.0192 4056 \Device\Harddisk0\DR0\Partition0 - ok 08:01:16.0208 4056 Boot (0x1200) (659d390d60c15ac371319de8e71f0e1a) \Device\Harddisk0\DR0\Partition1 08:01:16.0208 4056 \Device\Harddisk0\DR0\Partition1 - ok 08:01:16.0255 4056 Boot (0x1200) (d02a354d4338c2c6d3bd13a989e477c0) \Device\Harddisk0\DR0\Partition2 08:01:16.0255 4056 \Device\Harddisk0\DR0\Partition2 - ok 08:01:16.0270 4056 Boot (0x1200) (cd5ac8129cf73e35797eed8e777e414b) \Device\Harddisk1\DR2\Partition0 08:01:16.0270 4056 \Device\Harddisk1\DR2\Partition0 - ok 08:01:16.0270 4056 ============================================================ 08:01:16.0270 4056 Scan finished 08:01:16.0270 4056 ============================================================ 08:01:16.0286 3988 Detected object count: 0 08:01:16.0286 3988 Actual detected object count: 0
-
Thank you for your patience. I'm back from overseas and have downloaded the utilities. I am starting to run them on my laptop. I will post logs as soon as I have them. Related issue: How do I determine if my portible hard drive was infected when I had it connected to the laptop? I don't want to reconnect it to my laptop or connect it to my clean PC, in case it is infected. My husband recommended taking it to a public computer (library, local copy-center)... Should I do that? Or will we reconnect it at the end of this laptop cleaning process?
-
Thank you fo the reply. I truly appreciate it... I will not be able to follow these steps for about two weeks, as I am leaving the country tomorrow morning for a vacation, and I have to pack and get ready today--I spent all day yesterday messing with the laptop and am now behind on packing/cleaning for the trip. =( My laptop is running Vista. It's three years old, but was completely reformatted to factory issue last year due to some other malware that was making it act wonky. I've had no issues since the reformat--until yesterday, when I got the ransomware. I've run MBAM quick scan and full scan several times since the infection. I turned wifi on long enough to update mbam, since it was claiming to be outdated, and then ran it again. On one of those run-throughs (after I let mbam update), it found the vsdsrv32 file and quarantine/deleted it. The last quick-scan I did found no questionable objects. Since I am leaving that computer offline, when I get back to the country to work on it, should I transcribe program logs, or can I copy them into text files and ferry them over to the clean computer to post here? Is ferrying safe? Can I use the same USB drive over and over, going back and forth between the sick machine and the clean one? I copied a bunch of files from the laptop to my portable HD yesterday when I noticed my computer was acting funny, but before I saw the WARNING.txt file. I cannot recall if they were encrypted or not when I copied them-- I was mostly copying folders, not looking at individual files. I want to say that I think they hadn't been hit, yet, but I'm not sure. I have not connected the drive to anything since then, because I'm worried that the virus may have infected all the files on the portable drive. Honestly, I'm not sure I want to know, yet, because if I can't decrypt the files, I've just lost everything... My desktop PC is brand new and I hadn't put any of my files on it, yet, so everything was either on the laptop or the portable HD. Anyways, I hope the additional info helps. Like I said, I'll be unavailable for about two weeks. I'll post logs as soon as I'm back in the country and can run the programs. Thank you.
-
My laptop is suffering from a malware program requesting my to send $100 to a yahoo email address for the decryption key to access my files. I have not tried to open any files since I got the message, though I did back up all my important data to my portable HD (though I am worried now that I thereby infected my portable HD)... The malware has populated all of the folders on my computer with a WARNING.txt file. A blue dialogue box that I cannot remove, move, or minimize has popped up in the middle of the screen with the same text from the WARNING.txt file (transcribed below). The pop-up window is called "vsdsrv32" on my taskbar. Also, when I try to open Task Manager, I can do so, but it immediately closes--I do not have time to do or see anything on it, just that the window ghosts open for a second. I have wifi turned off on my laptop, so that whomever did that cannot communicate with my laptop... I downloaded MBAM on my desktop and transfered it to the laptop on a stick drive I don't need to keep. I ran MBAM quick scan and it found 2 pieces of malware, but neither of them was apparently the ransomware. When I restarted the computer, the pop-up is still there. I'm running the deep scan, now, and it's found at least 1 piece of malware so far. Any help would be appreciated! Here is the text from the WARNING.txt file: WARNING! YOU WCAP ID: 3356 If you see this screen or read warning.txt. It means you IP address: 67.164.131.123 was included in WCAP Black List. From your PC was infringement one or more of the following items: 1. Viewing, listening, downloading or distributing audio or video files protected Copyright Law. 2. Spam or Ddos attack. 3. Downloading or distributing illegal content (child porno, phishing, etc.) 4. Downloading or distributing Software protected Copyright Law. The result of these infringement you PC and file was blocked. The decision was made about blocking on the basis of Digital Millennium Copyright Act (DMCA) amendment 1272 of 06/10/2011 You can remove you IP from black list and unblock PC and files paying money penalty 100$. STEP 1: Buy a MoneyPak in amount of $100 at the nearest store. STEP 2: Fill in the fields on the screen, and click Make Payment. Alternate send as an e-mail at WCAPLLC@yahoo.com . Indicate your WCAP ID in the message title and provide MoneyPak number. STEP 3: Check your e-mail. We will send you Unblock code once payment is verified. Your computer will roll back to the ordinary state. Q: Where can I purchase MoneyPak? A: MonekPak can be purchased at thousands of stores nationwide, including major retailers such as Wal-Mart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger and Meijer. Click here to find a store near. Q: How do I buy a MoneyPak at the store? A: Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak. Q: How I can make sure that you can really decipher my files? A: You can send ONE any ciphered file on email WCAPLLC@yahoo.com (Indicate your IS and /test decrypt/ phrase in the message title), in the response message you receive the deciphered file. WARNING!!!: If you don't pay money penalty 100$ within 72 HOURS, all your computer data will be deleted. WARNING!!! Dont remove this screen this may complicate or make impossible the decryption. Even after removing the screen, files will remain encrypted. You can confirm this moving crypt file to another PC. MONEYPAK _______________ EMAIL _______________ [Make Payment] Please contact us if you have any questions wcapllc@yahoo.com. Well, I ran the long scan, restarted, activated wifi long enough to update MBAM, and then ran the quick scan again. MBAM found the fiel that makes the popup and got rid of it (I'm doing another long scan, now). However, all of my files have been affected. They all have a .CRYPT extension after them and are inaccessible.