akasha

Members

View Profile See their activity

Posts
7
Joined
July 20, 2012
Last visited
July 20, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by akasha

Persistent Trojan.Agent following random audio assault

akasha replied to akasha's topic in Resolved Malware Removal Logs

Well, everything seems clean and stable now. I went through a couple of temporary file cleaners and removed browser histories, etc. and a couple of full shutdown and restarts to be sure. So far, so good. Thank you very much, Mr. C!!!
- July 20, 2012
- 13 replies
Persistent Trojan.Agent following random audio assault

akasha replied to akasha's topic in Resolved Malware Removal Logs

Finally got a clean MBAM scan! Happy... Happy... I also performed a quick virus scan and it was clean. While this is fantastic news, I am concerned about there being a back door or some kind left behind. (Probably did too much reading about Root.MBR and rootkits). Can I trust my computer again? Here is the MBAM log: --------------------------------------- Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.20.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Boom :: THOR [administrator] Protection: Enabled 7/20/2012 3:53:25 PM mbam-log-2012-07-20 (15-53-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 194862 Time elapsed: 2 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- July 20, 2012
- 13 replies
Persistent Trojan.Agent following random audio assault

akasha replied to akasha's topic in Resolved Malware Removal Logs

Here is the ComboFix log: ----------------------------------------------------- ComboFix 12-07-20.02 - Boom 07/20/2012 14:48:47.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.6406 [GMT -5:00] Running from: c:\users\Boom\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Boom\AppData\Roaming\.# c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))) . . 2012-07-20 19:54 . 2012-07-20 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-20 19:04 . 2012-07-20 19:34 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-19 12:45 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-19 12:45 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-19 12:45 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-19 12:45 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-19 12:45 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-19 12:45 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-07-19 12:45 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-07-19 12:43 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-19 12:43 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-19 12:43 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-19 12:43 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-19 12:43 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-19 12:43 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-19 12:43 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-19 12:30 . 2012-07-19 12:30 -------- d-----w- c:\users\Boom\AppData\Roaming\Malwarebytes 2012-07-19 12:29 . 2012-07-19 12:29 -------- d-----w- c:\programdata\Malwarebytes 2012-07-19 12:29 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-19 12:29 . 2012-07-19 12:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-18 18:32 . 2012-07-19 15:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-07-18 18:04 . 2012-07-18 19:32 -------- d-----w- c:\users\Boom\AppData\Local\ElevatedDiagnostics 2012-07-18 17:49 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 15:42 . 2012-07-04 15:42 -------- d-----w- c:\users\Boom\AppData\Local\Garmin 2012-07-04 15:42 . 2012-07-04 15:42 -------- d-----w- c:\users\Boom\AppData\Local\GARMIN_Corp 2012-07-04 15:38 . 2012-07-04 15:51 -------- d-----w- c:\programdata\Garmin 2012-07-04 14:59 . 2012-07-04 14:59 -------- d-----w- c:\program files (x86)\Garmin GPS Plugin 2012-07-04 14:59 . 2012-07-04 14:59 -------- d-----w- c:\program files\Garmin GPS Plugin 2012-07-04 14:59 . 2012-07-04 15:41 -------- d-----w- c:\program files (x86)\Garmin 2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-22 20:50 . 2012-05-25 22:09 29312 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll 2012-06-22 17:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 17:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 17:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 17:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 17:46 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 17:46 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 17:46 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 17:46 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 17:46 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-20 19:56 . 2011-04-24 04:40 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-07-19 15:39 . 2010-06-24 18:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-18 17:46 . 2011-05-22 20:46 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-05-04 11:06 . 2012-06-13 14:56 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 14:56 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 14:56 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 14:56 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 05:32 . 2012-06-13 14:56 1112064 ----a-w- c:\windows\system32\rdpcorets.dll 2012-04-28 03:55 . 2012-06-13 14:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 14:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 14:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 14:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 14:55 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 14:55 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 14:55 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 14:55 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 14:55 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 14:55 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}] 2011-04-20 21:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-24 3058304] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440] "ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936] "VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Boom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2011-4-23 548528] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 136176] R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944] R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2011-06-22 288112] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-04-24 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-04-24 79360] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-21 1038088] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 136176] R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys [2010-10-03 22040] R3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\DRIVERS\htcusbnet.sys [2010-12-15 153600] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-08-09 7821312] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2011-06-16 69888] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-22 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2011-04-11 71800] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632] S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 OrbisClient.Services;LabSim Configuration and Security;c:\program files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-03-11 52736] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-29 236136] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-17 71168] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-17 175104] S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-17 81920] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-19 210944] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-19 49664] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-10-01 131688] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 13:11] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 13:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-09-01 1449984] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll Trusted Zone: $talisma_url$ Trusted Zone: army.mil\www.us Trusted Zone: skillsoft.com\www Trusted Zone: skillwsa.com\www TCP: DhcpNameServer = 192.168.1.254 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB FF - ProfilePath - c:\users\Boom\AppData\Roaming\Mozilla\Firefox\Profiles\k5hkztq5.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-07-20 15:09:21 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-20 20:09 . Pre-Run: 650,593,075,200 bytes free Post-Run: 651,007,311,872 bytes free . - - End Of File - - 735BF53FD86D14DF5B7F4D9DA9437537
- July 20, 2012
- 13 replies
Persistent Trojan.Agent following random audio assault

akasha replied to akasha's topic in Resolved Malware Removal Logs

OK, I've got ComboFix and will go offline before disabling all malware and antivirus protections. Will report back once finished. Just to satisfy my curiosity, was my supposition that this got in piggybacked on an corrupt audio stream correct? I'm very diligent with McAfee and keeping my computer protected so this is particularly troubling...
- July 20, 2012
- 13 replies
Persistent Trojan.Agent following random audio assault

akasha replied to akasha's topic in Resolved Malware Removal Logs

McAfee indicated it deleted three trojans during the process. I'm not sure if it should have been disabled while performing the scan and clean but it reacted to what was being done by TDSSKiller. There are three logs in my C:\ folder (all from today within 5 min of each other). Here is the most recent log: ---------------------------------------------- 14:07:18.0054 0972 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 14:07:18.0772 0972 ============================================================ 14:07:18.0772 0972 Current date / time: 2012/07/20 14:07:18.0772 14:07:18.0772 0972 SystemInfo: 14:07:18.0772 0972 14:07:18.0772 0972 OS Version: 6.1.7601 ServicePack: 1.0 14:07:18.0772 0972 Product type: Workstation 14:07:18.0772 0972 ComputerName: THOR 14:07:18.0772 0972 UserName: Boom 14:07:18.0772 0972 Windows directory: C:\Windows 14:07:18.0772 0972 System windows directory: C:\Windows 14:07:18.0772 0972 Running under WOW64 14:07:18.0772 0972 Processor architecture: Intel x64 14:07:18.0772 0972 Number of processors: 8 14:07:18.0772 0972 Page size: 0x1000 14:07:18.0772 0972 Boot type: Normal boot 14:07:18.0772 0972 ============================================================ 14:07:19.0068 0972 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:07:19.0084 0972 ============================================================ 14:07:19.0084 0972 \Device\Harddisk0\DR0: 14:07:19.0084 0972 MBR partitions: 14:07:19.0084 0972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0x54A4C63B 14:07:19.0084 0972 ============================================================ 14:07:19.0286 0972 C: <-> \Device\Harddisk0\DR0\Partition0 14:07:19.0286 0972 ============================================================ 14:07:19.0286 0972 Initialize success 14:07:19.0286 0972 ============================================================ 14:07:29.0302 7268 ============================================================ 14:07:29.0302 7268 Scan started 14:07:29.0302 7268 Mode: Manual; SigCheck; TDLFS; 14:07:29.0302 7268 ============================================================ 14:07:30.0940 7268 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 14:07:31.0174 7268 1394ohci - ok 14:07:31.0486 7268 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 14:07:31.0533 7268 ACPI - ok 14:07:31.0579 7268 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 14:07:31.0954 7268 AcpiPmi - ok 14:07:32.0094 7268 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys 14:07:32.0219 7268 adfs - ok 14:07:32.0749 7268 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe 14:07:32.0781 7268 Adobe Version Cue CS4 - ok 14:07:32.0921 7268 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:07:32.0952 7268 AdobeARMservice - ok 14:07:33.0639 7268 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 14:07:33.0685 7268 adp94xx - ok 14:07:33.0888 7268 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 14:07:33.0935 7268 adpahci - ok 14:07:34.0107 7268 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 14:07:34.0153 7268 adpu320 - ok 14:07:34.0278 7268 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 14:07:34.0403 7268 AeLookupSvc - ok 14:07:34.0949 7268 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 14:07:35.0027 7268 AFD - ok 14:07:35.0121 7268 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 14:07:35.0152 7268 agp440 - ok 14:07:35.0199 7268 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 14:07:35.0230 7268 ALG - ok 14:07:35.0261 7268 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 14:07:35.0277 7268 aliide - ok 14:07:35.0292 7268 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 14:07:35.0308 7268 amdide - ok 14:07:35.0401 7268 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 14:07:35.0464 7268 AmdK8 - ok 14:07:35.0479 7268 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 14:07:35.0542 7268 AmdPPM - ok 14:07:35.0713 7268 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 14:07:35.0776 7268 amdsata - ok 14:07:36.0041 7268 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 14:07:36.0088 7268 amdsbs - ok 14:07:36.0135 7268 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 14:07:36.0181 7268 amdxata - ok 14:07:36.0275 7268 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 14:07:36.0540 7268 AppID - ok 14:07:36.0556 7268 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 14:07:36.0634 7268 AppIDSvc - ok 14:07:36.0665 7268 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 14:07:36.0712 7268 Appinfo - ok 14:07:37.0086 7268 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:07:37.0117 7268 Apple Mobile Device - ok 14:07:37.0242 7268 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 14:07:37.0273 7268 AppMgmt - ok 14:07:37.0398 7268 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 14:07:37.0429 7268 arc - ok 14:07:37.0445 7268 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 14:07:37.0476 7268 arcsas - ok 14:07:37.0570 7268 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 14:07:37.0601 7268 ASLDRService - ok 14:07:37.0632 7268 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 14:07:37.0648 7268 ASMMAP64 - ok 14:07:37.0773 7268 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 14:07:37.0866 7268 AsyncMac - ok 14:07:37.0913 7268 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 14:07:37.0944 7268 atapi - ok 14:07:38.0662 7268 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys 14:07:38.0787 7268 athr - ok 14:07:39.0021 7268 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 14:07:39.0036 7268 ATKGFNEXSrv - ok 14:07:39.0099 7268 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 14:07:39.0114 7268 ATKWMIACPIIO - ok 14:07:39.0847 7268 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 14:07:39.0910 7268 AudioEndpointBuilder - ok 14:07:39.0910 7268 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 14:07:39.0957 7268 AudioSrv - ok 14:07:40.0113 7268 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 14:07:40.0222 7268 AxInstSV - ok 14:07:40.0581 7268 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 14:07:40.0612 7268 b06bdrv - ok 14:07:40.0877 7268 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 14:07:40.0955 7268 b57nd60a - ok 14:07:41.0283 7268 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe 14:07:41.0329 7268 BBSvc - ok 14:07:41.0704 7268 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe 14:07:41.0704 7268 BBUpdate - ok 14:07:41.0860 7268 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 14:07:41.0907 7268 BDESVC - ok 14:07:42.0016 7268 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 14:07:42.0063 7268 Beep - ok 14:07:42.0453 7268 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 14:07:42.0499 7268 BFE - ok 14:07:43.0529 7268 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 14:07:43.0654 7268 BITS - ok 14:07:43.0997 7268 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 14:07:44.0028 7268 blbdrive - ok 14:07:44.0699 7268 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe 14:07:44.0808 7268 Bonjour Service - ok 14:07:44.0886 7268 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 14:07:45.0011 7268 bowser - ok 14:07:45.0120 7268 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys 14:07:45.0183 7268 bpenum - ok 14:07:45.0541 7268 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys 14:07:45.0744 7268 bpmp - ok 14:07:45.0900 7268 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys 14:07:46.0056 7268 bpusb - ok 14:07:46.0165 7268 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:07:46.0228 7268 BrFiltLo - ok 14:07:46.0228 7268 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:07:46.0243 7268 BrFiltUp - ok 14:07:46.0446 7268 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 14:07:46.0524 7268 Browser - ok 14:07:46.0852 7268 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 14:07:46.0914 7268 Brserid - ok 14:07:46.0961 7268 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 14:07:46.0992 7268 BrSerWdm - ok 14:07:46.0992 7268 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:07:47.0086 7268 BrUsbMdm - ok 14:07:47.0086 7268 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 14:07:47.0117 7268 BrUsbSer - ok 14:07:47.0257 7268 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 14:07:47.0289 7268 BTHMODEM - ok 14:07:47.0398 7268 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 14:07:47.0476 7268 bthserv - ok 14:07:47.0569 7268 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 14:07:47.0632 7268 cdfs - ok 14:07:47.0803 7268 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 14:07:47.0866 7268 cdrom - ok 14:07:47.0959 7268 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 14:07:48.0037 7268 CertPropSvc - ok 14:07:48.0225 7268 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys 14:07:48.0225 7268 cfwids - ok 14:07:48.0349 7268 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 14:07:48.0381 7268 circlass - ok 14:07:48.0895 7268 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 14:07:48.0927 7268 CLFS - ok 14:07:49.0067 7268 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:07:49.0098 7268 clr_optimization_v2.0.50727_32 - ok 14:07:49.0379 7268 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:07:49.0395 7268 clr_optimization_v2.0.50727_64 - ok 14:07:49.0660 7268 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:07:49.0675 7268 clr_optimization_v4.0.30319_32 - ok 14:07:49.0707 7268 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:07:49.0722 7268 clr_optimization_v4.0.30319_64 - ok 14:07:49.0800 7268 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 14:07:49.0847 7268 CmBatt - ok 14:07:49.0878 7268 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 14:07:49.0894 7268 cmdide - ok 14:07:50.0315 7268 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 14:07:50.0362 7268 CNG - ok 14:07:50.0487 7268 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 14:07:50.0487 7268 Compbatt - ok 14:07:50.0565 7268 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 14:07:50.0658 7268 CompositeBus - ok 14:07:50.0674 7268 COMSysApp - ok 14:07:50.0721 7268 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 14:07:50.0752 7268 crcdisk - ok 14:07:50.0986 7268 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe 14:07:51.0017 7268 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning 14:07:51.0017 7268 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1) 14:07:51.0017 7268 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 14:07:51.0033 7268 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 14:07:51.0033 7268 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 14:07:51.0220 7268 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 14:07:51.0282 7268 CryptSvc - ok 14:07:51.0407 7268 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 14:07:51.0485 7268 CSC - ok 14:07:52.0140 7268 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 14:07:52.0234 7268 CscService - ok 14:07:52.0998 7268 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 14:07:53.0045 7268 DcomLaunch - ok 14:07:53.0310 7268 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 14:07:53.0404 7268 defragsvc - ok 14:07:53.0591 7268 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 14:07:53.0653 7268 DfsC - ok 14:07:54.0043 7268 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 14:07:54.0137 7268 Dhcp - ok 14:07:54.0215 7268 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 14:07:54.0262 7268 discache - ok 14:07:54.0371 7268 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 14:07:54.0387 7268 Disk - ok 14:07:54.0730 7268 DMAgent (c4aebbeb530706b45b7916161a1f525d) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe 14:07:54.0745 7268 DMAgent ( UnsignedFile.Multi.Generic ) - warning 14:07:54.0745 7268 DMAgent - detected UnsignedFile.Multi.Generic (1) 14:07:54.0792 7268 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 14:07:54.0870 7268 Dnscache - ok 14:07:55.0104 7268 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 14:07:55.0213 7268 dot3svc - ok 14:07:55.0401 7268 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 14:07:55.0666 7268 DPS - ok 14:07:55.0697 7268 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 14:07:55.0713 7268 drmkaud - ok 14:07:55.0869 7268 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 14:07:55.0915 7268 DXGKrnl - ok 14:07:56.0009 7268 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 14:07:56.0087 7268 EapHost - ok 14:07:56.0664 7268 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 14:07:56.0742 7268 ebdrv - ok 14:07:57.0553 7268 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 14:07:57.0600 7268 EFS - ok 14:07:58.0333 7268 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 14:07:58.0380 7268 ehRecvr - ok 14:07:58.0552 7268 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 14:07:58.0614 7268 ehSched - ok 14:07:59.0332 7268 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 14:07:59.0379 7268 elxstor - ok 14:07:59.0425 7268 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 14:07:59.0535 7268 ErrDev - ok 14:07:59.0566 7268 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 14:07:59.0613 7268 EventSystem - ok 14:07:59.0722 7268 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 14:07:59.0784 7268 exfat - ok 14:07:59.0971 7268 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 14:08:00.0096 7268 fastfat - ok 14:08:00.0876 7268 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 14:08:00.0939 7268 Fax - ok 14:08:00.0985 7268 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 14:08:01.0032 7268 fdc - ok 14:08:01.0110 7268 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 14:08:01.0173 7268 fdPHost - ok 14:08:01.0282 7268 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 14:08:01.0313 7268 FDResPub - ok 14:08:01.0422 7268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 14:08:01.0453 7268 FileInfo - ok 14:08:01.0469 7268 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 14:08:01.0516 7268 Filetrace - ok 14:08:02.0436 7268 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 14:08:02.0514 7268 FLEXnet Licensing Service - ok 14:08:03.0949 7268 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 14:08:03.0996 7268 FLEXnet Licensing Service 64 - ok 14:08:04.0573 7268 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 14:08:04.0605 7268 flpydisk - ok 14:08:04.0917 7268 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 14:08:06.0102 7268 FltMgr - ok 14:08:06.0305 7268 FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys 14:08:06.0399 7268 FLxHCIc - ok 14:08:06.0445 7268 FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys 14:08:06.0508 7268 FLxHCIh - ok 14:08:07.0959 7268 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 14:08:08.0021 7268 FontCache - ok 14:08:08.0177 7268 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:08:08.0193 7268 FontCache3.0.0.0 - ok 14:08:08.0271 7268 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 14:08:08.0302 7268 FsDepends - ok 14:08:08.0427 7268 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 14:08:08.0458 7268 fssfltr - ok 14:08:10.0236 7268 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 14:08:10.0283 7268 fsssvc - ok 14:08:11.0250 7268 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 14:08:11.0266 7268 Fs_Rec - ok 14:08:11.0484 7268 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 14:08:11.0515 7268 fvevol - ok 14:08:11.0578 7268 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:08:11.0625 7268 gagp30kx - ok 14:08:11.0703 7268 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:08:11.0765 7268 GEARAspiWDM - ok 14:08:12.0779 7268 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 14:08:12.0904 7268 gpsvc - ok 14:08:13.0153 7268 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:08:13.0185 7268 gupdate - ok 14:08:13.0263 7268 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:08:13.0294 7268 gupdatem - ok 14:08:13.0653 7268 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 14:08:13.0684 7268 gusvc - ok 14:08:13.0746 7268 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 14:08:13.0793 7268 hcw85cir - ok 14:08:14.0121 7268 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 14:08:14.0183 7268 HdAudAddService - ok 14:08:14.0199 7268 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 14:08:14.0230 7268 HDAudBus - ok 14:08:14.0277 7268 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 14:08:14.0323 7268 HidBatt - ok 14:08:14.0386 7268 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 14:08:14.0417 7268 HidBth - ok 14:08:14.0448 7268 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 14:08:14.0495 7268 HidIr - ok 14:08:14.0604 7268 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 14:08:14.0713 7268 hidserv - ok 14:08:14.0854 7268 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 14:08:14.0916 7268 HidUsb - ok 14:08:15.0041 7268 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 14:08:15.0135 7268 hkmsvc - ok 14:08:15.0353 7268 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 14:08:15.0431 7268 HomeGroupListener - ok 14:08:15.0462 7268 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 14:08:15.0525 7268 HomeGroupProvider - ok 14:08:15.0946 7268 HP LaserJet Service (16959f84844dc9b2cef0d5b1a412370f) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe 14:08:15.0961 7268 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning 14:08:15.0961 7268 HP LaserJet Service - detected UnsignedFile.Multi.Generic (1) 14:08:16.0039 7268 HPFXBULKLEDM (e325f85012e793cee74b73c4f22ae311) C:\Windows\system32\drivers\hppdbulkio.sys 14:08:16.0164 7268 HPFXBULKLEDM - ok 14:08:16.0195 7268 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 14:08:16.0242 7268 HpSAMD - ok 14:08:16.0289 7268 htcusbnet (6b2a1b01b79036a265734964cba73aab) C:\Windows\system32\DRIVERS\htcusbnet.sys 14:08:16.0320 7268 htcusbnet - ok 14:08:16.0383 7268 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 14:08:16.0429 7268 HTTP - ok 14:08:16.0476 7268 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 14:08:16.0476 7268 hwpolicy - ok 14:08:16.0554 7268 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 14:08:16.0554 7268 i8042prt - ok 14:08:16.0741 7268 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys 14:08:16.0788 7268 iaStor - ok 14:08:16.0929 7268 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 14:08:16.0975 7268 iaStorV - ok 14:08:17.0100 7268 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:08:17.0116 7268 idsvc - ok 14:08:17.0131 7268 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 14:08:17.0147 7268 iirsp - ok 14:08:17.0209 7268 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 14:08:17.0256 7268 IKEEXT - ok 14:08:17.0724 7268 IntcAzAudAddService (bd9d02f706fcaf28d89f5435f18a4a04) C:\Windows\system32\drivers\RTKVHD64.sys 14:08:17.0755 7268 IntcAzAudAddService - ok 14:08:18.0426 7268 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 14:08:18.0457 7268 intelide - ok 14:08:18.0551 7268 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 14:08:18.0598 7268 intelppm - ok 14:08:18.0707 7268 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 14:08:18.0801 7268 IPBusEnum - ok 14:08:18.0847 7268 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:08:18.0941 7268 IpFilterDriver - ok 14:08:19.0347 7268 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 14:08:19.0378 7268 iphlpsvc - ok 14:08:19.0471 7268 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 14:08:19.0565 7268 IPMIDRV - ok 14:08:19.0596 7268 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 14:08:19.0674 7268 IPNAT - ok 14:08:19.0783 7268 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe 14:08:19.0799 7268 iPod Service - ok 14:08:19.0846 7268 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 14:08:19.0908 7268 IRENUM - ok 14:08:19.0986 7268 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 14:08:20.0017 7268 isapnp - ok 14:08:20.0267 7268 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 14:08:20.0298 7268 iScsiPrt - ok 14:08:20.0392 7268 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 14:08:20.0392 7268 kbdclass - ok 14:08:20.0470 7268 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 14:08:20.0532 7268 kbdhid - ok 14:08:20.0563 7268 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys 14:08:20.0641 7268 kbfiltr - ok 14:08:20.0704 7268 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:08:20.0751 7268 KeyIso - ok 14:08:20.0844 7268 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 14:08:20.0875 7268 KSecDD - ok 14:08:21.0016 7268 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 14:08:21.0047 7268 KSecPkg - ok 14:08:21.0109 7268 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 14:08:21.0203 7268 ksthunk - ok 14:08:21.0624 7268 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 14:08:21.0718 7268 KtmRm - ok 14:08:21.0889 7268 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 14:08:21.0952 7268 LanmanServer - ok 14:08:22.0092 7268 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 14:08:22.0155 7268 LanmanWorkstation - ok 14:08:22.0186 7268 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 14:08:22.0233 7268 lltdio - ok 14:08:22.0264 7268 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 14:08:22.0295 7268 lltdsvc - ok 14:08:22.0357 7268 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 14:08:22.0420 7268 lmhosts - ok 14:08:22.0747 7268 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 14:08:22.0825 7268 LMS - ok 14:08:22.0950 7268 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:08:22.0981 7268 LSI_FC - ok 14:08:23.0013 7268 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:08:23.0028 7268 LSI_SAS - ok 14:08:23.0075 7268 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:08:23.0106 7268 LSI_SAS2 - ok 14:08:23.0122 7268 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:08:23.0137 7268 LSI_SCSI - ok 14:08:23.0215 7268 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 14:08:23.0262 7268 luafv - ok 14:08:23.0356 7268 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 14:08:23.0387 7268 MBAMProtector - ok 14:08:23.0527 7268 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 14:08:23.0574 7268 MBAMService - ok 14:08:23.0621 7268 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys 14:08:23.0652 7268 MBfilt - ok 14:08:24.0027 7268 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 14:08:24.0058 7268 McAfee SiteAdvisor Service - ok 14:08:24.0323 7268 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe 14:08:24.0339 7268 McciCMService ( UnsignedFile.Multi.Generic ) - warning 14:08:24.0339 7268 McciCMService - detected UnsignedFile.Multi.Generic (1) 14:08:24.0557 7268 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe 14:08:24.0588 7268 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning 14:08:24.0588 7268 McciCMService64 - detected UnsignedFile.Multi.Generic (1) 14:08:24.0651 7268 McciServiceHost (eee1ea23c4777adb268a36196a631200) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe 14:08:24.0729 7268 McciServiceHost ( UnsignedFile.Multi.Generic ) - warning 14:08:24.0729 7268 McciServiceHost - detected UnsignedFile.Multi.Generic (1) 14:08:24.0729 7268 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 14:08:24.0744 7268 McMPFSvc - ok 14:08:24.0853 7268 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 14:08:24.0885 7268 mcmscsvc - ok 14:08:24.0931 7268 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 14:08:24.0947 7268 McNaiAnn - ok 14:08:24.0947 7268 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 14:08:24.0963 7268 McNASvc - ok 14:08:25.0524 7268 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe 14:08:25.0571 7268 McODS - ok 14:08:25.0571 7268 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 14:08:25.0602 7268 McProxy - ok 14:08:26.0632 7268 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\Windows\system32\drivers\McPvDrv.sys 14:08:26.0663 7268 McPvDrv - ok 14:08:26.0944 7268 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 14:08:26.0975 7268 McShield - ok 14:08:27.0100 7268 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 14:08:27.0162 7268 Mcx2Svc - ok 14:08:27.0708 7268 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 14:08:27.0755 7268 megasas - ok 14:08:28.0005 7268 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 14:08:28.0036 7268 MegaSR - ok 14:08:28.0067 7268 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 14:08:28.0083 7268 MEIx64 - ok 14:08:28.0317 7268 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys 14:08:28.0317 7268 mfeapfk - ok 14:08:28.0800 7268 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys 14:08:28.0831 7268 mfeavfk - ok 14:08:28.0863 7268 mfeavfk01 - ok 14:08:28.0972 7268 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 14:08:29.0003 7268 mfefire - ok 14:08:29.0284 7268 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys 14:08:29.0331 7268 mfefirek - ok 14:08:29.0721 7268 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys 14:08:29.0752 7268 mfehidk - ok 14:08:29.0877 7268 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys 14:08:29.0892 7268 mfenlfk - ok 14:08:30.0033 7268 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys 14:08:30.0064 7268 mferkdet - ok 14:08:30.0251 7268 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe 14:08:30.0251 7268 mfevtp - ok 14:08:30.0282 7268 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys 14:08:30.0329 7268 mfewfpk - ok 14:08:30.0407 7268 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:08:30.0454 7268 MMCSS - ok 14:08:30.0501 7268 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 14:08:30.0547 7268 Modem - ok 14:08:30.0813 7268 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 14:08:30.0844 7268 monitor - ok 14:08:31.0031 7268 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 14:08:31.0047 7268 mouclass - ok 14:08:31.0156 7268 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 14:08:31.0171 7268 mouhid - ok 14:08:31.0312 7268 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 14:08:31.0327 7268 mountmgr - ok 14:08:31.0359 7268 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 14:08:31.0374 7268 mpio - ok 14:08:31.0437 7268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 14:08:31.0468 7268 mpsdrv - ok 14:08:32.0482 7268 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 14:08:32.0560 7268 MpsSvc - ok 14:08:32.0794 7268 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS 14:08:32.0809 7268 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 14:08:32.0809 7268 MREMP50 - detected UnsignedFile.Multi.Generic (1) 14:08:32.0997 7268 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS 14:08:33.0012 7268 MREMP50a64 - ok 14:08:33.0043 7268 MREMPR5 - ok 14:08:33.0075 7268 MRENDIS5 - ok 14:08:33.0106 7268 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS 14:08:33.0121 7268 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 14:08:33.0121 7268 MRESP50 - detected UnsignedFile.Multi.Generic (1) 14:08:33.0153 7268 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS 14:08:33.0199 7268 MRESP50a64 - ok 14:08:33.0387 7268 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 14:08:33.0402 7268 MRxDAV - ok 14:08:33.0621 7268 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:08:33.0683 7268 mrxsmb - ok 14:08:33.0839 7268 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:08:33.0855 7268 mrxsmb10 - ok 14:08:33.0995 7268 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:08:34.0104 7268 mrxsmb20 - ok 14:08:34.0167 7268 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 14:08:34.0213 7268 msahci - ok 14:08:34.0447 7268 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 14:08:34.0510 7268 msdsm - ok 14:08:34.0666 7268 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 14:08:34.0713 7268 MSDTC - ok 14:08:34.0759 7268 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 14:08:34.0791 7268 Msfs - ok 14:08:34.0837 7268 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 14:08:34.0884 7268 mshidkmdf - ok 14:08:34.0915 7268 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 14:08:34.0931 7268 msisadrv - ok 14:08:35.0071 7268 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 14:08:35.0103 7268 MSiSCSI - ok 14:08:35.0103 7268 msiserver - ok 14:08:35.0399 7268 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 14:08:35.0415 7268 MSK80Service - ok 14:08:35.0571 7268 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 14:08:35.0633 7268 MSKSSRV - ok 14:08:35.0649 7268 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 14:08:35.0680 7268 MSPCLOCK - ok 14:08:35.0695 7268 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 14:08:35.0742 7268 MSPQM - ok 14:08:36.0054 7268 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 14:08:36.0070 7268 MsRPC - ok 14:08:36.0163 7268 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 14:08:36.0179 7268 mssmbios - ok 14:08:36.0210 7268 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 14:08:36.0241 7268 MSTEE - ok 14:08:36.0288 7268 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 14:08:36.0304 7268 MTConfig - ok 14:08:36.0382 7268 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 14:08:36.0397 7268 Mup - ok 14:08:36.0756 7268 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 14:08:36.0803 7268 napagent - ok 14:08:37.0037 7268 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 14:08:37.0115 7268 NativeWifiP - ok 14:08:37.0614 7268 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 14:08:37.0630 7268 NDIS - ok 14:08:37.0661 7268 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 14:08:37.0723 7268 NdisCap - ok 14:08:37.0833 7268 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 14:08:37.0864 7268 NdisTapi - ok 14:08:37.0942 7268 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 14:08:37.0989 7268 Ndisuio - ok 14:08:38.0067 7268 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 14:08:38.0113 7268 NdisWan - ok 14:08:38.0176 7268 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 14:08:38.0254 7268 NDProxy - ok 14:08:38.0347 7268 Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll 14:08:38.0363 7268 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 14:08:38.0363 7268 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 14:08:38.0441 7268 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 14:08:38.0503 7268 NetBIOS - ok 14:08:38.0659 7268 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 14:08:38.0769 7268 NetBT - ok 14:08:38.0815 7268 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:08:38.0831 7268 Netlogon - ok 14:08:39.0221 7268 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 14:08:39.0283 7268 Netman - ok 14:08:39.0549 7268 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 14:08:39.0611 7268 netprofm - ok 14:08:39.0783 7268 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:08:39.0814 7268 NetTcpPortSharing - ok 14:08:45.0882 7268 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys 14:08:45.0991 7268 NETwNs64 - ok 14:08:46.0522 7268 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 14:08:46.0537 7268 nfrd960 - ok 14:08:46.0647 7268 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 14:08:46.0693 7268 NlaSvc - ok 14:08:46.0771 7268 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys 14:08:46.0803 7268 NPF - ok 14:08:46.0881 7268 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 14:08:46.0959 7268 Npfs - ok 14:08:47.0005 7268 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 14:08:47.0052 7268 nsi - ok 14:08:47.0208 7268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 14:08:47.0239 7268 nsiproxy - ok 14:08:48.0097 7268 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 14:08:48.0129 7268 Ntfs - ok 14:08:48.0378 7268 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 14:08:48.0409 7268 Null - ok 14:08:48.0706 7268 NVHDA (ca12368b11461663b2ab9c954b95b5d3) C:\Windows\system32\drivers\nvhda64v.sys 14:08:48.0737 7268 NVHDA - ok 14:08:58.0643 7268 nvlddmkm (8a6beece74a51a104736f45d807ddee0) C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:08:58.0846 7268 nvlddmkm - ok 14:08:59.0673 7268 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 14:08:59.0751 7268 nvraid - ok 14:08:59.0860 7268 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 14:08:59.0907 7268 nvstor - ok 14:08:59.0985 7268 nvsvc (3c7d4129159fc89c55962cb883924114) C:\Windows\system32\nvvsvc.exe 14:09:00.0063 7268 nvsvc - ok 14:09:00.0141 7268 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 14:09:00.0172 7268 nv_agp - ok 14:09:00.0203 7268 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 14:09:00.0219 7268 ohci1394 - ok 14:09:00.0343 7268 OrbisClient.Services (5408e171d8a27c6f071c2794d20f7315) C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe 14:09:00.0343 7268 OrbisClient.Services ( UnsignedFile.Multi.Generic ) - warning 14:09:00.0343 7268 OrbisClient.Services - detected UnsignedFile.Multi.Generic (1) 14:09:00.0453 7268 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:09:00.0484 7268 ose - ok 14:09:03.0463 7268 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:09:03.0526 7268 osppsvc - ok 14:09:04.0119 7268 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:09:04.0134 7268 p2pimsvc - ok 14:09:04.0555 7268 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 14:09:04.0602 7268 p2psvc - ok 14:09:04.0805 7268 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 14:09:04.0852 7268 Parport - ok 14:09:04.0867 7268 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 14:09:04.0883 7268 partmgr - ok 14:09:05.0086 7268 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 14:09:05.0148 7268 PcaSvc - ok 14:09:05.0179 7268 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 14:09:05.0226 7268 pci - ok 14:09:05.0242 7268 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 14:09:05.0257 7268 pciide - ok 14:09:05.0304 7268 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 14:09:05.0335 7268 pcmcia - ok 14:09:05.0382 7268 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 14:09:05.0413 7268 pcw - ok 14:09:06.0209 7268 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 14:09:06.0318 7268 PEAUTH - ok 14:09:07.0254 7268 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 14:09:07.0348 7268 PeerDistSvc - ok 14:09:07.0426 7268 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 14:09:07.0457 7268 PerfHost - ok 14:09:08.0065 7268 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 14:09:08.0159 7268 pla - ok 14:09:08.0518 7268 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 14:09:08.0596 7268 PlugPlay - ok 14:09:08.0705 7268 Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll 14:09:08.0721 7268 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 14:09:08.0721 7268 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 14:09:08.0799 7268 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 14:09:08.0830 7268 PNRPAutoReg - ok 14:09:09.0251 7268 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:09:09.0298 7268 PNRPsvc - ok 14:09:09.0750 7268 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 14:09:09.0906 7268 PolicyAgent - ok 14:09:10.0125 7268 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 14:09:10.0234 7268 Power - ok 14:09:10.0452 7268 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 14:09:10.0561 7268 PptpMiniport - ok 14:09:10.0639 7268 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 14:09:10.0686 7268 Processor - ok 14:09:10.0889 7268 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 14:09:10.0936 7268 ProfSvc - ok 14:09:10.0951 7268 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:09:10.0967 7268 ProtectedStorage - ok 14:09:11.0139 7268 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 14:09:11.0201 7268 Psched - ok 14:09:11.0341 7268 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 14:09:11.0373 7268 PxHlpa64 - ok 14:09:12.0714 7268 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 14:09:12.0777 7268 ql2300 - ok 14:09:13.0759 7268 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 14:09:13.0791 7268 ql40xx - ok 14:09:14.0009 7268 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 14:09:14.0087 7268 QWAVE - ok 14:09:14.0103 7268 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 14:09:14.0134 7268 QWAVEdrv - ok 14:09:14.0165 7268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 14:09:14.0196 7268 RasAcd - ok 14:09:14.0274 7268 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:09:14.0352 7268 RasAgileVpn - ok 14:09:14.0461 7268 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 14:09:14.0539 7268 RasAuto - ok 14:09:14.0711 7268 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:09:14.0789 7268 Rasl2tp - ok 14:09:15.0132 7268 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 14:09:15.0210 7268 RasMan - ok 14:09:15.0273 7268 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 14:09:15.0319 7268 RasPppoe - ok 14:09:15.0366 7268 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 14:09:15.0444 7268 RasSstp - ok 14:09:15.0725 7268 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 14:09:15.0787 7268 rdbss - ok 14:09:15.0912 7268 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 14:09:15.0943 7268 rdpbus - ok 14:09:15.0959 7268 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:09:16.0021 7268 RDPCDD - ok 14:09:16.0193 7268 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 14:09:16.0302 7268 RDPDR - ok 14:09:16.0318 7268 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 14:09:16.0365 7268 RDPENCDD - ok 14:09:16.0396 7268 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 14:09:16.0443 7268 RDPREFMP - ok 14:09:16.0505 7268 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 14:09:16.0552 7268 RdpVideoMiniport - ok 14:09:16.0723 7268 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 14:09:16.0786 7268 RDPWD - ok 14:09:17.0160 7268 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 14:09:17.0238 7268 rdyboost - ok 14:09:17.0379 7268 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 14:09:17.0472 7268 RemoteAccess - ok 14:09:17.0613 7268 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 14:09:17.0691 7268 RemoteRegistry - ok 14:09:17.0784 7268 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe 14:09:17.0800 7268 rpcapd - ok 14:09:17.0878 7268 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 14:09:17.0956 7268 RpcEptMapper - ok 14:09:18.0049 7268 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 14:09:18.0081 7268 RpcLocator - ok 14:09:18.0642 7268 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 14:09:18.0705 7268 RpcSs - ok 14:09:18.0783 7268 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 14:09:18.0876 7268 rspndr - ok 14:09:18.0954 7268 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys 14:09:19.0032 7268 RSUSBVSTOR - ok 14:09:19.0391 7268 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys 14:09:19.0422 7268 RTL8167 - ok 14:09:19.0438 7268 S3XXx64 (8d9d16f3a38d54addd350605a0a2aba6) C:\Windows\system32\DRIVERS\S3XXx64.sys 14:09:19.0531 7268 S3XXx64 - ok 14:09:19.0563 7268 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:09:19.0578 7268 SamSs - ok 14:09:19.0641 7268 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 14:09:19.0734 7268 sbp2port - ok 14:09:19.0843 7268 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 14:09:19.0906 7268 SCardSvr - ok 14:09:19.0968 7268 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 14:09:20.0031 7268 scfilter - ok 14:09:20.0780 7268 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 14:09:20.0826 7268 Schedule - ok 14:09:20.0842 7268 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 14:09:20.0873 7268 SCPolicySvc - ok 14:09:21.0060 7268 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 14:09:21.0107 7268 SDRSVC - ok 14:09:21.0216 7268 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 14:09:21.0294 7268 secdrv - ok 14:09:21.0357 7268 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 14:09:21.0450 7268 seclogon - ok 14:09:21.0560 7268 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 14:09:21.0622 7268 SENS - ok 14:09:21.0653 7268 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 14:09:21.0669 7268 SensrSvc - ok 14:09:21.0700 7268 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 14:09:21.0747 7268 Serenum - ok 14:09:21.0840 7268 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 14:09:21.0872 7268 Serial - ok 14:09:21.0934 7268 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 14:09:21.0965 7268 sermouse - ok 14:09:22.0106 7268 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 14:09:22.0168 7268 SessionEnv - ok 14:09:22.0215 7268 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 14:09:22.0277 7268 sffdisk - ok 14:09:22.0293 7268 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 14:09:22.0324 7268 sffp_mmc - ok 14:09:22.0340 7268 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 14:09:22.0355 7268 sffp_sd - ok 14:09:22.0402 7268 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 14:09:22.0449 7268 sfloppy - ok 14:09:22.0480 7268 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 14:09:22.0542 7268 SharedAccess - ok 14:09:22.0808 7268 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 14:09:22.0870 7268 ShellHWDetection - ok 14:09:22.0932 7268 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys 14:09:22.0979 7268 SiSGbeLH - ok 14:09:22.0995 7268 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:09:22.0995 7268 SiSRaid2 - ok 14:09:23.0010 7268 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 14:09:23.0026 7268 SiSRaid4 - ok 14:09:23.0229 7268 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe 14:09:23.0260 7268 SkypeUpdate - ok 14:09:23.0291 7268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 14:09:23.0338 7268 Smb - ok 14:09:23.0385 7268 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 14:09:23.0416 7268 SNMPTRAP - ok 14:09:23.0463 7268 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 14:09:23.0510 7268 spldr - ok 14:09:23.0588 7268 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 14:09:23.0619 7268 Spooler - ok 14:09:25.0210 7268 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 14:09:25.0366 7268 sppsvc - ok 14:09:25.0787 7268 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 14:09:25.0818 7268 sppuinotify - ok 14:09:26.0520 7268 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 14:09:26.0567 7268 srv - ok 14:09:26.0942 7268 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 14:09:27.0004 7268 srv2 - ok 14:09:27.0144 7268 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 14:09:27.0191 7268 srvnet - ok 14:09:27.0550 7268 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 14:09:27.0628 7268 SSDPSRV - ok 14:09:27.0675 7268 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 14:09:27.0768 7268 SstpSvc - ok 14:09:28.0080 7268 Stereo Service (26b3f12537a6bfc7dcaa884917b31fd4) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 14:09:28.0174 7268 Stereo Service - ok 14:09:28.0221 7268 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 14:09:28.0236 7268 stexstor - ok 14:09:28.0314 7268 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 14:09:28.0408 7268 stisvc - ok 14:09:28.0580 7268 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 14:09:28.0595 7268 swenum - ok 14:09:28.0704 7268 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 14:09:28.0782 7268 swprv - ok 14:09:28.0782 7268 Synth3dVsc - ok 14:09:28.0970 7268 SynTP (bc642d540aedf9a253c74d10c848ebd2) C:\Windows\system32\DRIVERS\SynTP.sys 14:09:29.0032 7268 SynTP - ok 14:09:29.0968 7268 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 14:09:30.0015 7268 SysMain - ok 14:09:30.0498 7268 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 14:09:30.0545 7268 TabletInputService - ok 14:09:30.0701 7268 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys 14:09:30.0732 7268 tap0901 - ok 14:09:31.0481 7268 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 14:09:31.0528 7268 TapiSrv - ok 14:09:31.0653 7268 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 14:09:31.0715 7268 TBS - ok 14:09:32.0682 7268 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 14:09:32.0714 7268 Tcpip - ok 14:09:34.0727 7268 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 14:09:34.0789 7268 TCPIP6 - ok 14:09:35.0226 7268 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 14:09:35.0413 7268 tcpipreg - ok 14:09:35.0460 7268 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 14:09:35.0491 7268 TDPIPE - ok 14:09:35.0538 7268 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 14:09:35.0569 7268 TDTCP - ok 14:09:35.0710 7268 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 14:09:35.0741 7268 tdx - ok 14:09:35.0819 7268 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 14:09:35.0850 7268 TermDD - ok 14:09:36.0037 7268 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 14:09:36.0115 7268 TermService - ok 14:09:36.0225 7268 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 14:09:36.0287 7268 Themes - ok 14:09:36.0443 7268 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:09:36.0490 7268 THREADORDER - ok 14:09:36.0521 7268 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 14:09:36.0552 7268 TrkWks - ok 14:09:36.0739 7268 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 14:09:36.0817 7268 TrustedInstaller - ok 14:09:36.0880 7268 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:09:36.0958 7268 tssecsrv - ok 14:09:36.0989 7268 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 14:09:37.0036 7268 TsUsbFlt - ok 14:09:37.0036 7268 tsusbhub - ok 14:09:37.0192 7268 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 14:09:37.0270 7268 tunnel - ok 14:09:37.0285 7268 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys 14:09:37.0301 7268 TurboB - ok 14:09:37.0488 7268 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 14:09:37.0488 7268 TurboBoost - ok 14:09:37.0582 7268 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 14:09:37.0582 7268 uagp35 - ok 14:09:37.0863 7268 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 14:09:37.0941 7268 udfs - ok 14:09:37.0987 7268 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 14:09:38.0003 7268 UI0Detect - ok 14:09:38.0097 7268 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 14:09:38.0097 7268 uliagpkx - ok 14:09:38.0128 7268 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 14:09:38.0128 7268 umbus - ok 14:09:38.0175 7268 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 14:09:38.0206 7268 UmPass - ok 14:09:38.0424 7268 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 14:09:38.0455 7268 UmRdpService - ok 14:09:40.0593 7268 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 14:09:40.0624 7268 UNS - ok 14:09:41.0014 7268 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 14:09:41.0061 7268 upnphost - ok 14:09:41.0404 7268 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys 14:09:41.0497 7268 USBAAPL64 - ok 14:09:41.0607 7268 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 14:09:41.0685 7268 usbaudio - ok 14:09:41.0825 7268 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 14:09:41.0903 7268 usbccgp - ok 14:09:41.0934 7268 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 14:09:41.0950 7268 usbcir - ok 14:09:42.0012 7268 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 14:09:42.0059 7268 usbehci - ok 14:09:42.0153 7268 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 14:09:42.0184 7268 usbhub - ok 14:09:42.0231 7268 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 14:09:42.0293 7268 usbohci - ok 14:09:42.0340 7268 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 14:09:42.0355 7268 usbprint - ok 14:09:42.0480 7268 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:09:42.0527 7268 USBSTOR - ok 14:09:42.0558 7268 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 14:09:42.0589 7268 usbuhci - ok 14:09:42.0823 7268 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 14:09:42.0886 7268 usbvideo - ok 14:09:42.0964 7268 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 14:09:43.0011 7268 UxSms - ok 14:09:43.0073 7268 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:09:43.0120 7268 VaultSvc - ok 14:09:43.0182 7268 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 14:09:43.0213 7268 vdrvroot - ok 14:09:43.0245 7268 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 14:09:43.0291 7268 vds - ok 14:09:43.0338 7268 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 14:09:43.0354 7268 vga - ok 14:09:43.0479 7268 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 14:09:43.0557 7268 VgaSave - ok 14:09:43.0557 7268 VGPU - ok 14:09:43.0635 7268 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 14:09:43.0713 7268 vhdmp - ok 14:09:43.0853 7268 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 14:09:43.0884 7268 viaide - ok 14:09:44.0040 7268 VideAceWindowsService (0adf410187b71c9b855721c8d59cec7a) C:\ExpressGateUtil\VAWinService.exe 14:09:44.0071 7268 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - warning 14:09:44.0071 7268 VideAceWindowsService - detected UnsignedFile.Multi.Generic (1) 14:09:44.0227 7268 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 14:09:44.0227 7268 volmgr - ok 14:09:44.0664 7268 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 14:09:44.0680 7268 volmgrx - ok 14:09:44.0945 7268 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 14:09:44.0961 7268 volsnap - ok 14:09:45.0117 7268 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 14:09:45.0148 7268 vsmraid - ok 14:09:45.0475 7268 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 14:09:45.0538 7268 VSS - ok 14:09:45.0850 7268 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 14:09:45.0912 7268 vwifibus - ok 14:09:45.0990 7268 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 14:09:46.0006 7268 vwififlt - ok 14:09:46.0037 7268 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 14:09:46.0068 7268 vwifimp - ok 14:09:46.0287 7268 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 14:09:46.0333 7268 W32Time - ok 14:09:46.0380 7268 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 14:09:46.0396 7268 WacomPen - ok 14:09:46.0443 7268 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 14:09:46.0536 7268 WANARP - ok 14:09:46.0536 7268 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 14:09:46.0599 7268 Wanarpv6 - ok 14:09:47.0379 7268 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 14:09:47.0394 7268 WatAdminSvc - ok 14:09:48.0486 7268 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 14:09:48.0533 7268 wbengine - ok 14:09:48.0658 7268 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 14:09:48.0673 7268 WbioSrvc - ok 14:09:48.0736 7268 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 14:09:48.0798 7268 wcncsvc - ok 14:09:48.0829 7268 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 14:09:48.0845 7268 WcsPlugInService - ok 14:09:48.0939 7268 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 14:09:48.0954 7268 Wd - ok 14:09:49.0095 7268 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 14:09:49.0126 7268 Wdf01000 - ok 14:09:49.0157 7268 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:09:49.0188 7268 WdiServiceHost - ok 14:09:49.0188 7268 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:09:49.0219 7268 WdiSystemHost - ok 14:09:49.0391 7268 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 14:09:49.0469 7268 WebClient - ok 14:09:49.0500 7268 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 14:09:49.0547 7268 Wecsvc - ok 14:09:49.0625 7268 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 14:09:49.0687 7268 wercplsupport - ok 14:09:49.0765 7268 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 14:09:49.0828 7268 WerSvc - ok 14:09:50.0015 7268 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 14:09:50.0046 7268 WfpLwf - ok 14:09:51.0123 7268 WiMAXAppSrv (f3c522691316a24328a7b58b0a86028d) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe 14:09:51.0185 7268 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - warning 14:09:51.0185 7268 WiMAXAppSrv - detected UnsignedFile.Multi.Generic (1) 14:09:51.0450 7268 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys 14:09:51.0497 7268 WimFltr - ok 14:09:51.0575 7268 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 14:09:51.0575 7268 WIMMount - ok 14:09:51.0637 7268 WinDefend - ok 14:09:51.0637 7268 WinHttpAutoProxySvc - ok 14:09:51.0996 7268 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 14:09:52.0027 7268 Winmgmt - ok 14:09:53.0853 7268 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 14:09:54.0009 7268 WinRM - ok 14:09:54.0679 7268 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 14:09:54.0711 7268 WinUsb - ok 14:09:54.0757 7268 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 14:09:54.0789 7268 Wlansvc - ok 14:09:54.0929 7268 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:09:54.0960 7268 wlcrasvc - ok 14:09:55.0194 7268 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:09:55.0257 7268 wlidsvc - ok 14:09:55.0693 7268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 14:09:55.0725 7268 WmiAcpi - ok 14:09:55.0818 7268 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 14:09:55.0849 7268 wmiApSrv - ok 14:09:55.0927 7268 WMPNetworkSvc - ok 14:09:55.0959 7268 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 14:09:55.0990 7268 WPCSvc - ok 14:09:56.0052 7268 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 14:09:56.0083 7268 WPDBusEnum - ok 14:09:56.0130 7268 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 14:09:56.0177 7268 ws2ifsl - ok 14:09:56.0208 7268 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 14:09:56.0239 7268 wscsvc - ok 14:09:56.0239 7268 WSearch - ok 14:09:57.0144 7268 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 14:09:57.0207 7268 wuauserv - ok 14:09:58.0689 7268 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 14:09:58.0798 7268 WudfPf - ok 14:09:59.0094 7268 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:09:59.0344 7268 WUDFRd - ok 14:09:59.0531 7268 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 14:09:59.0609 7268 wudfsvc - ok 14:10:00.0217 7268 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 14:10:00.0280 7268 WwanSvc - ok 14:10:00.0405 7268 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:10:00.0436 7268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 14:10:00.0436 7268 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 14:10:00.0561 7268 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 14:10:00.0561 7268 \Device\Harddisk0\DR0 - detected TDSS File System (1) 14:10:00.0576 7268 Boot (0x1200) (79e96f049b622cf3befd074d562393bd) \Device\Harddisk0\DR0\Partition0 14:10:00.0592 7268 \Device\Harddisk0\DR0\Partition0 - ok 14:10:00.0592 7268 ============================================================ 14:10:00.0592 7268 Scan finished 14:10:00.0592 7268 ============================================================ 14:10:00.0592 6736 Detected object count: 16 14:10:00.0592 6736 Actual detected object count: 16 14:11:03.0742 6736 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0742 6736 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0742 6736 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0742 6736 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0757 6736 DMAgent ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0757 6736 DMAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0757 6736 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0757 6736 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0757 6736 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0757 6736 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0757 6736 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0757 6736 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0757 6736 McciServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0757 6736 McciServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0757 6736 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0757 6736 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0757 6736 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0757 6736 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0773 6736 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0773 6736 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0773 6736 OrbisClient.Services ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0773 6736 OrbisClient.Services ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0773 6736 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0773 6736 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0773 6736 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0773 6736 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:03.0773 6736 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - skipped by user 14:11:03.0773 6736 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:11:13.0117 6736 \Device\Harddisk0\DR0\# - copied to quarantine 14:11:13.0117 6736 \Device\Harddisk0\DR0 - copied to quarantine 14:11:13.0304 6736 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 14:11:13.0351 6736 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 14:11:13.0382 6736 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 14:11:20.0200 6736 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 14:11:20.0325 6736 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 14:11:20.0434 6736 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 14:11:20.0496 6736 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 14:11:20.0496 6736 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 14:11:20.0496 6736 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 14:11:20.0512 6736 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 14:11:20.0574 6736 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 14:11:20.0621 6736 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 14:11:20.0621 6736 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 14:11:20.0621 6736 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 14:11:20.0715 6736 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 14:11:23.0928 6736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 14:11:25.0519 6736 \Device\Harddisk0\DR0 - ok 14:11:25.0535 6736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 14:11:25.0535 6736 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 14:11:25.0535 6736 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 14:11:50.0885 9212 Deinitialize success
- July 20, 2012
- 13 replies
Persistent Trojan.Agent following random audio assault

akasha replied to akasha's topic in Resolved Malware Removal Logs

Hello Mr. C! Here are the results... RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Boom [Admin rights] Mode: Scan -- Date: 07/20/2012 13:45:54 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9750420AS +++++ --- User --- [MBR] 4f4bd665ff46c263e84119abadf61f5d [bSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 693400 Mo User != LL1 ... KO! --- LL1 --- [MBR] b8791cc19dede04521bb4fde369232ab [bSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code Partition table: 1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 693400 Mo User != LL2 ... KO! --- LL2 --- [MBR] b8791cc19dede04521bb4fde369232ab [bSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code Partition table: 1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 693400 Mo Finished : << RKreport[1].txt >> RKreport[1].txt
- July 20, 2012
- 13 replies
Persistent Trojan.Agent following random audio assault

akasha posted a topic in Resolved Malware Removal Logs

Background: On Tuesday I received a notification that my Adobe Flash Player needed to be updated. I allowed the update past my firewall as usual when these appear but a few minutes following a successful installation my computer began playing numerous audio feeds simultaneously despite closing the browser window. It persisted despite shutting down and restarting the computer. Coincidentally, Microsoft pushed an update at the same time. After uninstalling all Flash Player Plugins, the audio stopped. However, the Windows Software Removal Tool detected and partially removed a trojan DOS/ALureon.A. Since this was a partial removal, I did a full virus scan with our McAfee Antivirus software. It detected and quarantined a couple of files (BAFE.tmp & BAED.tmp) it also detected DNSChanger!ff. This was news to me because we always have the antivirus software running and scanning as well as a McAfee firewall. I even verified that there was no DNSChanger of any kind when the issue first hit the news. This leads me to think that piggy-backed on top of those audio files, something else came in while the computer was vulnerable. (Thank you Flash Player). I followed McAfee's instructions for removing DNSChanger!ff but when I went to start the computer after it hibernated, the system went into restore mode and the audio assault resumed (despite having the flash plugins gone). That's when I turned to Malwarebytes. The audio has stopped but something is still not right. Malwarebytes consistently finds two Trojan.Agent files using svchost.exe. Every time I try to remove these files with Malwarebytes they persist. I have tried repairing the MBR but the two Trojan.Agent files remain and appear to be quarantined. Even deleting them from the quarantine does not help. Additionallty, Malwarebytes is blocking something associated with svchost from connecting to potentially malicious web addresses as is evidenced by a popup every few minutes when my laptop is connected to the internet. I would dearly love to be rid of this malware and would appreciate your assistance. Following are the DDS and Attach files. I disconnected from the internet and disabled McAfee in order to create the files but they are usually running and fully up to date. Thank you. ------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Boom at 12:03:56 on 2012-07-20 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.6010 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files\P4G\BatteryLife.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\ExpressGateUtil\VAWinService.exe C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe C:\Windows\System32\rundll32.exe C:\Program Files\McAfee\MAT\McPvTray.exe C:\Program Files\ATT-SST\McciTrayApp.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe C:\ExpressGateUtil\VAWinAgent.exe C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\system32\SearchIndexer.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\Asus\Wireless Console 3\WimaxConsole.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Common Files\McAfee\Core\mchost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mWinlogon: Userinit=userinit.exe, BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Ghostery Add-On: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622155028.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" mRun: [sessionLogon] C:\ExpressGateUtil\SessionLogon.exe mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mRun: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Boom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: $talisma_url$ Trusted Zone: army.mil\www.us Trusted Zone: skillsoft.com\www Trusted Zone: skillwsa.com\www DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{3F31C18B-1ECC-48BC-839D-38B8E96B0EBC}\2375942554730373 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{3F31C18B-1ECC-48BC-839D-38B8E96B0EBC}\35471697262796467656021313 : DhcpNameServer = 24.93.41.125 24.93.41.126 TCP: Interfaces\{3F31C18B-1ECC-48BC-839D-38B8E96B0EBC}\35D434752425134335F51405 : DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{3F31C18B-1ECC-48BC-839D-38B8E96B0EBC}\D68637C6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{3F31C18B-1ECC-48BC-839D-38B8E96B0EBC}\F46666963656 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{DD41E401-E84B-42E3-86A1-6915A9861262} : DhcpNameServer = 192.168.1.254 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Ghostery Add-On: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll BHO-X64: Ghostery BHO - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120622155028.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r mRun-x64: [updReg] C:\Windows\UpdReg.EXE mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" mRun-x64: [sessionLogon] C:\ExpressGateUtil\SessionLogon.exe mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [(Default)] mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE mRun-x64: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Boom\AppData\Roaming\Mozilla\Firefox\Profiles\k5hkztq5.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll . ============= SERVICES / DRIVERS =============== . R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\Asus\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 655944] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-22 249936] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-7-8 517632] R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2011-7-8 315392] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-22 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-22 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-5-22 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-5-22 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-5-22 210584] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 OrbisClient.Services;LabSim Configuration and Security;C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe [2011-3-11 52736] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-29 236136] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-23 2655768] R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872] R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?] R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?] R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-12 136176] S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-4-12 142336] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-14 288112] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-23 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-23 79360] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-21 1038088] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-12 136176] S3 HPFXBULKLEDM;HPFXBULKLEDM;C:\Windows\system32\drivers\hppdbulkio.sys --> C:\Windows\system32\drivers\hppdbulkio.sys [?] S3 htcusbnet;HTC USB-NDIS miniport;C:\Windows\system32\DRIVERS\htcusbnet.sys --> C:\Windows\system32\DRIVERS\htcusbnet.sys [?] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?] S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-20 16:55:15 20480 ----a-w- C:\Windows\svchost.exe 2012-07-19 12:45:38 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-19 12:45:38 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-19 12:45:36 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-19 12:45:28 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-19 12:45:28 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-19 12:45:28 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-19 12:43:59 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll 2012-07-19 12:43:59 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2012-07-19 12:43:52 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll 2012-07-19 12:43:48 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2012-07-19 12:43:45 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll 2012-07-19 12:43:40 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2012-07-19 12:43:38 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-07-19 12:30:27 -------- d-----w- C:\Users\Boom\AppData\Roaming\Malwarebytes 2012-07-19 12:29:57 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-19 12:29:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-19 12:29:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-18 18:32:52 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-07-18 18:04:29 -------- d-----w- C:\Users\Boom\AppData\Local\ElevatedDiagnostics 2012-07-18 17:49:58 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-04 15:42:18 -------- d-----w- C:\Users\Boom\AppData\Local\Garmin 2012-07-04 15:42:07 -------- d-----w- C:\Users\Boom\AppData\Local\GARMIN_Corp 2012-07-04 15:38:44 -------- d-----w- C:\ProgramData\Garmin 2012-07-04 14:59:39 -------- d-----w- C:\Program Files (x86)\Garmin GPS Plugin 2012-07-04 14:59:36 -------- d-----w- C:\Program Files\Garmin GPS Plugin 2012-07-04 14:59:23 -------- d-----w- C:\Program Files (x86)\Garmin 2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll 2012-06-22 20:50:27 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll 2012-06-22 17:46:58 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-22 17:46:22 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-22 17:46:05 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-22 17:46:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2012-07-20 16:54:32 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 12:05:02.81 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 5/22/2011 2:47:45 PM System Uptime: 7/20/2012 11:53:56 AM (1 hours ago) . Motherboard: ASUSTeK Computer Inc. | | G73Sw Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 677 GiB total, 606.12 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Intel® Centrino® Advanced-N 6250 AGN Device ID: PCI\VEN_8086&DEV_0087&SUBSYS_13018086&REV_5F\002315FFFF99FB5000 Manufacturer: Intel Corporation Name: Intel® Centrino® Advanced-N 6250 AGN PNP Device ID: PCI\VEN_8086&DEV_0087&SUBSYS_13018086&REV_5F\002315FFFF99FB5000 Service: NETwNs64 . ==== System Restore Points =================== . RP95: 7/20/2012 11:37:00 AM - MBytes Removal Restore Point 1136 . ==== Installed Programs ====================== . Acrobat.com Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.5.1 - CPSID_83708 Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe After Effects CS4 Template Projects & Footage Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Asset Services CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles AE CS4 Adobe Color Video Profiles CS CS4 Adobe Contribute CS4 Adobe Creative Suite 4 Master Collection Adobe CS4 American English Speech Analysis Models Adobe CS4 French Speech Analysis Models Adobe CS4 German Speech Analysis Models Adobe CS4 International English Speech Analysis Models Adobe CS4 Italian Speech Analysis Models Adobe CS4 Japanese Speech Analysis Models Adobe CS4 Korean Speech Analysis Models Adobe CS4 Spanish Speech Analysis Models Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe Encore CS4 Library Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 STI-en Adobe Fonts All Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe MotionPicture Color Files CS4 Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Premiere Pro CS4 Third Party Content Adobe Reader X (10.1.3) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe Shockwave Player 11.6 Adobe SING CS4 Adobe Soundbooth CS4 Adobe Soundbooth CS4 Codecs Adobe Type Support CS4 Adobe Update Manager CS4 Adobe Version Cue CS4 Server Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Amazon Kindle Apple Application Support Apple Software Update ASUS AI Recovery ASUS Live Update ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS Virtual Camera Asus_G73_Screensaver AsusVibe2.0 AT&T Service & Support Tool ATK Package att.net Internet Mail Best Buy pc app Bing Bar Bing Rewards Client Installer Connect CyberLink Power2Go D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DirectX 9 Runtime ExpressGate Cloud ExpressVPN v3.0 ffdshow [rev 2527] [2008-12-19] Garmin BaseCamp Garmin City Navigator North America NT 2013.10 Update Garmin Communicator Plugin Garmin Lifetime Updater Ghostery IE Plugin Google Toolbar for Internet Explorer Google Update Helper HP LaserJet Professional CP1520 Series HPLaserJetHelp_LearnCenter HPLJUT hppCP1520LaserJetService hppLaserJetService hppTLBXFXCP1520 hpzTLBXFX Intel® Control Center Intel® Management Engine Components Java Auto Updater Java 6 Update 31 Junk Mail filter update kuler LabSim Malwarebytes Anti-Malware version 1.62.0.1300 McAfee Total Protection Mesh Runtime Messenger Companion Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 10.0.2 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) Nuance PDF Reader NVIDIA Stereoscopic 3D Driver PDF Settings CS4 Photoshop Camera Raw Pixel Bender Toolkit Printer's Apprentice Printer's Apprentice 8.1 QuickTime Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Reader Driver Roxio AACS Certificate Roxio Activation Module Roxio CinePlayer Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Skype™ 5.9 Suite Shared Configuration CS4 swMSM THX TruStudio Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash WinPcap 4.1.2 Wireless Console 3 Wireshark 1.6.0 WModem Driver Installer . ==== Event Viewer Messages From Past Week ======== . 7/20/2012 11:55:06 AM, Error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s). 7/19/2012 7:29:49 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846. 7/19/2012 7:29:49 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032. 7/19/2012 12:58:00 PM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance. 7/19/2012 10:41:07 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x8007045a'. Restart your computer, and then restart the WMPNetworkSvc service. 7/18/2012 9:17:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a00c509000, 0x0000000000000000, 0xfffff80002f269ca, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071812-31496-01. 7/18/2012 2:41:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 7/18/2012 2:41:05 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/18/2012 2:41:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} . ==== End Of File ===========================
- July 20, 2012
- 13 replies

Sign In

akasha

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by akasha

Persistent Trojan.Agent following random audio assault

Persistent Trojan.Agent following random audio assault

Persistent Trojan.Agent following random audio assault

Persistent Trojan.Agent following random audio assault

Persistent Trojan.Agent following random audio assault

Persistent Trojan.Agent following random audio assault

Persistent Trojan.Agent following random audio assault

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information