EirualMac
Members-
Posts
12 -
Joined
-
Last visited
Reputation
0 Neutral-
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
I finally am able to get back online with the laptop & cannot say for sure where it is in the cleaning process. I do know the security suite is hosed & will attack that at a later time. However, I would like to see what you recommend as the next steps. -
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
newest errors: GoogleToolbarnotifier.exe Entry Point Not found The procedure entry point RtlCopyContext could not be located in the dynamic link library ntdll.dll Skype.exe Entry Point not Found The procedure entry point RtlCopyContext could not be located in the dynamic link library ntdll.dll And when attempting to launch iE: iexpore.exe-Entry Point Not Found The procedure entry point RtlCopyContext could not be located in the dynamic link library ntdll.dll and of course nothing else (control panel, ie, etc...) will launch. I can open a window explorer. I am considering restoring from an earlier system restore point. Like a month ago.. -
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
This morning, I encountered a few errors: Last night, while reviewing the system, I discovered the antivirus has not updated definitions since Feb. Contacted the ISP, who said i had to uninstall their security suite and reinstall. I attempted to uninstall, and the system locked up, crashing iE. After rebooting, I couldn't get back online, and received multiple errors. I did do a system restore back to where I had removed the security suite software. At this time, the laptop is unable to get to the internet, Security Suite will not launch, and am receiving the following errors. WerFault.eze application error - the instruction at 0x7455f290 referenced memory at ..The memory could not be written. Completed stage_50: 9:11 I apologize - was trying to be proactive in getting the antivirus done, as I know it'lll have to be repaired before I can give them back this laptop. Windows explorer continues to crash, but I did complete the CFScript. : ComboFix 13-04-27.04 - Rooter 04/28/2013 9:00.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2453 [GMT -4:00] Running from: c:\users\Rooter\Desktop\ComboFix.exe Command switches used :: c:\users\Rooter\Desktop\CFScript.txt AV: Computer Security *Disabled/Outdated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Charter Security Suite 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Computer Security *Disabled/Outdated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 ))))))))))))))))))))))))))))))) . . 2013-04-28 13:14 . 2013-04-28 13:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-27 23:32 . 2013-04-27 23:32 -------- d-----w- c:\programdata\Malwarebytes 2013-04-27 22:01 . 2013-04-27 22:01 -------- d-----w- C:\FRST 2013-04-27 20:53 . 2013-04-28 12:44 -------- d-----w- c:\users\Rooter People 2013-04-27 20:23 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E371E36-F3E1-4EC6-8B6F-7699555F5B80}\mpengine.dll 2013-04-24 00:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 01:05 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 01:05 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-10 01:05 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-10 01:05 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 01:05 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 01:05 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-10 01:04 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 01:03 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-10 01:03 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 01:03 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 01:03 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 01:03 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-10 01:03 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 01:02 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-03 00:12 . 2013-04-03 00:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-10 10:35 . 2010-01-12 01:49 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 21:26 . 2012-04-01 11:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 21:26 . 2011-05-21 10:48 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 05:10 . 2009-12-21 20:09 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-02-12 05:45 . 2013-03-13 20:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 20:34 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 20:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 20:34 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 20:34 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 20:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-17 19:53 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{47B6A4A9-DC94-4738-9F20-7411D9691EA4}] 2011-04-20 17:29 81920 ----a-w- c:\program files (x86)\chartertoolbar\chartertoolbarDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{47B6A4A9-DC94-4738-9F20-7411D9691EA4}"= "c:\program files (x86)\chartertoolbar\chartertoolbarDx.dll" [2011-04-20 81920] . [HKEY_CLASSES_ROOT\clsid\{47b6a4a9-dc94-4738-9f20-7411d9691ea4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304] "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "F-Secure TNB"="c:\program files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "F-Secure Manager"="c:\program files (x86)\Charter Security Suite\Common\FSM32.EXE" [2012-10-18 310992] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\Rooter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Epson multimedia projector Registration.lnk - e:\common\EpsonReg\EX3210\EpsonReg.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "WallpaperStyle"= 2 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [2012-10-18 198864] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2010-07-08 25600] R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 217728] R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 217728] R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 217728] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-08-15 56016] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys [2012-10-18 62032] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [2012-10-18 14032] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-11-01 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264] S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\Charter Security Suite\fshoster32.exe [2012-11-26 183864] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184] S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:26] . 2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:16] . 2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:16] . 2013-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000Core.job - c:\users\Rooter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 20:16] . 2013-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000UA.job - c:\users\Rooter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 20:16] . 2013-04-24 c:\windows\Tasks\HPCeeScheduleForRooter.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . 2013-04-27 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~2\CHARTE~1\ANTI-V~1\fsav.exe [2010-02-06 16:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-11-01 487424] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 192.168.*.*;*.local IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html LSP: c:\program files (x86)\Charter Security Suite\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 192.168.1.254 DPF: {DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} - hxxps://eplans.atlantaga.gov/ProjectDox/Resources/Uploader/ChilkatZip2.cab . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-83740665.sys AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster] "ImagePath"="\"c:\program files (x86)\Charter Security Suite\fshoster32.exe\" -hosterid:0" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected] @Denied: ) (Everyone) "AgentIdentifier"="de46e0cf-be9e-46d0-9cd3-37e36dfb1c3a" "AuthorizationCode"="" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-28 09:37:26 ComboFix-quarantined-files.txt 2013-04-28 13:37 ComboFix2.txt 2013-04-27 22:43 . Pre-Run: 134,910,586,880 bytes free Post-Run: 134,705,893,376 bytes free . - - End Of File - - DC98B614276BBDE0B980BDC01A413C16 -
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
Completed Malwarebytes Anti-Rootkit. restarted Antivirus, firewall, security suite. Appears to be working fine. I am not able to report on any speed issues, as I don't have anything to compare to (since it's not my machine). However, win7 loads quickly, and the background programs a quickly loading as well. Malware log: Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.04.27.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rooter :: ROOTER-PC [administrator] 4/27/2013 7:42:56 PM mbar-log-2013-04-27 (19-42-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 32053 Time elapsed: 10 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
Only Suspicious found, no malicious objects found on TDSSKILLER 19:16:41.0467 5440 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:16:42.0091 5440 ============================================================ 19:16:42.0091 5440 Current date / time: 2013/04/27 19:16:42.0091 19:16:42.0091 5440 SystemInfo: 19:16:42.0091 5440 19:16:42.0091 5440 OS Version: 6.1.7601 ServicePack: 1.0 19:16:42.0091 5440 Product type: Workstation 19:16:42.0091 5440 ComputerName: ROOTER-PC 19:16:42.0091 5440 UserName: Rooter 19:16:42.0091 5440 Windows directory: C:\Windows 19:16:42.0091 5440 System windows directory: C:\Windows 19:16:42.0091 5440 Running under WOW64 19:16:42.0091 5440 Processor architecture: Intel x64 19:16:42.0091 5440 Number of processors: 2 19:16:42.0091 5440 Page size: 0x1000 19:16:42.0091 5440 Boot type: Normal boot 19:16:42.0091 5440 ============================================================ 19:16:42.0980 5440 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:16:42.0996 5440 ============================================================ 19:16:42.0996 5440 \Device\Harddisk0\DR0: 19:16:42.0996 5440 MBR partitions: 19:16:42.0996 5440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 19:16:42.0996 5440 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2395E800 19:16:42.0996 5440 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x239C2800, BlocksNum 0x1A38000 19:16:42.0996 5440 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0 19:16:42.0996 5440 ============================================================ 19:16:43.0011 5440 C: <-> \Device\Harddisk0\DR0\Partition2 19:16:43.0058 5440 D: <-> \Device\Harddisk0\DR0\Partition3 19:16:43.0058 5440 ============================================================ 19:16:43.0058 5440 Initialize success 19:16:43.0058 5440 ============================================================ 19:16:45.0538 4932 ============================================================ 19:16:45.0538 4932 Scan started 19:16:45.0538 4932 Mode: Manual; 19:16:45.0538 4932 ============================================================ 19:16:46.0318 4932 ================ Scan system memory ======================== 19:16:46.0318 4932 System memory - ok 19:16:46.0318 4932 ================ Scan services ============================= 19:16:46.0474 4932 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:16:46.0474 4932 1394ohci - ok 19:16:46.0506 4932 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 19:16:46.0506 4932 Accelerometer - ok 19:16:46.0568 4932 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:16:46.0568 4932 ACPI - ok 19:16:46.0584 4932 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:16:46.0584 4932 AcpiPmi - ok 19:16:46.0708 4932 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:16:46.0708 4932 AdobeARMservice - ok 19:16:46.0818 4932 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:16:46.0818 4932 AdobeFlashPlayerUpdateSvc - ok 19:16:46.0864 4932 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 19:16:46.0864 4932 adp94xx - ok 19:16:46.0911 4932 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 19:16:46.0911 4932 adpahci - ok 19:16:46.0927 4932 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 19:16:46.0927 4932 adpu320 - ok 19:16:46.0958 4932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:16:46.0958 4932 AeLookupSvc - ok 19:16:47.0098 4932 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe 19:16:47.0098 4932 AESTFilters - ok 19:16:47.0161 4932 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 19:16:47.0161 4932 AFD - ok 19:16:47.0239 4932 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe 19:16:47.0239 4932 AgereModemAudio - ok 19:16:47.0270 4932 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 19:16:47.0286 4932 AgereSoftModem - ok 19:16:47.0332 4932 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:16:47.0332 4932 agp440 - ok 19:16:47.0379 4932 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 19:16:47.0379 4932 ALG - ok 19:16:47.0395 4932 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 19:16:47.0395 4932 aliide - ok 19:16:47.0442 4932 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 19:16:47.0442 4932 AMD External Events Utility - ok 19:16:47.0442 4932 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 19:16:47.0442 4932 amdide - ok 19:16:47.0488 4932 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:16:47.0488 4932 AmdK8 - ok 19:16:47.0504 4932 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 19:16:47.0504 4932 AmdPPM - ok 19:16:47.0535 4932 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:16:47.0535 4932 amdsata - ok 19:16:47.0566 4932 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 19:16:47.0566 4932 amdsbs - ok 19:16:47.0582 4932 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:16:47.0582 4932 amdxata - ok 19:16:47.0644 4932 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 19:16:47.0644 4932 AppID - ok 19:16:47.0676 4932 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:16:47.0676 4932 AppIDSvc - ok 19:16:47.0722 4932 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 19:16:47.0722 4932 Appinfo - ok 19:16:47.0800 4932 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:16:47.0816 4932 Apple Mobile Device - ok 19:16:47.0847 4932 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 19:16:47.0847 4932 arc - ok 19:16:47.0863 4932 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 19:16:47.0863 4932 arcsas - ok 19:16:47.0894 4932 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:16:47.0894 4932 AsyncMac - ok 19:16:47.0941 4932 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 19:16:47.0941 4932 atapi - ok 19:16:48.0003 4932 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys 19:16:48.0019 4932 athr - ok 19:16:48.0066 4932 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 19:16:48.0066 4932 AtiHdmiService - ok 19:16:48.0175 4932 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 19:16:48.0237 4932 atikmdag - ok 19:16:48.0284 4932 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 19:16:48.0284 4932 AtiPcie - ok 19:16:48.0346 4932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:16:48.0362 4932 AudioEndpointBuilder - ok 19:16:48.0362 4932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:16:48.0378 4932 AudioSrv - ok 19:16:48.0424 4932 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:16:48.0424 4932 AxInstSV - ok 19:16:48.0456 4932 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 19:16:48.0456 4932 b06bdrv - ok 19:16:48.0502 4932 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:16:48.0502 4932 b57nd60a - ok 19:16:48.0580 4932 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 19:16:48.0596 4932 BBSvc - ok 19:16:48.0627 4932 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 19:16:48.0627 4932 BDESVC - ok 19:16:48.0643 4932 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 19:16:48.0643 4932 Beep - ok 19:16:48.0705 4932 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 19:16:48.0705 4932 BFE - ok 19:16:48.0736 4932 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 19:16:48.0736 4932 BITS - ok 19:16:48.0768 4932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:16:48.0768 4932 blbdrive - ok 19:16:48.0846 4932 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 19:16:48.0846 4932 Bonjour Service - ok 19:16:48.0892 4932 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:16:48.0892 4932 bowser - ok 19:16:48.0924 4932 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:16:48.0924 4932 BrFiltLo - ok 19:16:48.0955 4932 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:16:48.0955 4932 BrFiltUp - ok 19:16:48.0970 4932 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 19:16:48.0970 4932 BridgeMP - ok 19:16:49.0017 4932 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 19:16:49.0017 4932 Browser - ok 19:16:49.0048 4932 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:16:49.0048 4932 Brserid - ok 19:16:49.0064 4932 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:16:49.0064 4932 BrSerWdm - ok 19:16:49.0080 4932 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:16:49.0080 4932 BrUsbMdm - ok 19:16:49.0080 4932 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:16:49.0080 4932 BrUsbSer - ok 19:16:49.0111 4932 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:16:49.0111 4932 BTHMODEM - ok 19:16:49.0142 4932 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 19:16:49.0142 4932 bthserv - ok 19:16:49.0189 4932 catchme - ok 19:16:49.0220 4932 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:16:49.0220 4932 cdfs - ok 19:16:49.0267 4932 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:16:49.0267 4932 cdrom - ok 19:16:49.0329 4932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 19:16:49.0329 4932 CertPropSvc - ok 19:16:49.0360 4932 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:16:49.0360 4932 circlass - ok 19:16:49.0376 4932 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 19:16:49.0376 4932 CLFS - ok 19:16:49.0454 4932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:16:49.0454 4932 clr_optimization_v2.0.50727_32 - ok 19:16:49.0501 4932 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:16:49.0501 4932 clr_optimization_v2.0.50727_64 - ok 19:16:49.0610 4932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:16:49.0610 4932 clr_optimization_v4.0.30319_32 - ok 19:16:49.0672 4932 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:16:49.0672 4932 clr_optimization_v4.0.30319_64 - ok 19:16:49.0688 4932 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:16:49.0688 4932 CmBatt - ok 19:16:49.0719 4932 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:16:49.0719 4932 cmdide - ok 19:16:49.0766 4932 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 19:16:49.0766 4932 CNG - ok 19:16:49.0875 4932 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 19:16:49.0875 4932 Com4QLBEx - ok 19:16:49.0891 4932 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:16:49.0891 4932 Compbatt - ok 19:16:49.0906 4932 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:16:49.0906 4932 CompositeBus - ok 19:16:49.0922 4932 COMSysApp - ok 19:16:50.0031 4932 cpuz132 - ok 19:16:50.0047 4932 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 19:16:50.0047 4932 crcdisk - ok 19:16:50.0094 4932 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:16:50.0109 4932 CryptSvc - ok 19:16:50.0156 4932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:16:50.0156 4932 DcomLaunch - ok 19:16:50.0203 4932 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 19:16:50.0203 4932 defragsvc - ok 19:16:50.0265 4932 DeviceMonitorService - ok 19:16:50.0312 4932 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:16:50.0312 4932 DfsC - ok 19:16:50.0374 4932 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 19:16:50.0390 4932 Dhcp - ok 19:16:50.0530 4932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 19:16:50.0546 4932 discache - ok 19:16:50.0577 4932 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 19:16:50.0577 4932 Disk - ok 19:16:50.0624 4932 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:16:50.0624 4932 Dnscache - ok 19:16:50.0671 4932 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:16:50.0671 4932 dot3svc - ok 19:16:50.0718 4932 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 19:16:50.0718 4932 DPS - ok 19:16:50.0733 4932 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:16:50.0733 4932 drmkaud - ok 19:16:50.0796 4932 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:16:50.0796 4932 DXGKrnl - ok 19:16:50.0842 4932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 19:16:50.0842 4932 EapHost - ok 19:16:50.0905 4932 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 19:16:50.0936 4932 ebdrv - ok 19:16:50.0983 4932 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 19:16:50.0983 4932 EFS - ok 19:16:51.0061 4932 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:16:51.0061 4932 ehRecvr - ok 19:16:51.0092 4932 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 19:16:51.0092 4932 ehSched - ok 19:16:51.0139 4932 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 19:16:51.0139 4932 elxstor - ok 19:16:51.0154 4932 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys 19:16:51.0170 4932 enecir - ok 19:16:51.0201 4932 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:16:51.0201 4932 ErrDev - ok 19:16:51.0248 4932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 19:16:51.0248 4932 EventSystem - ok 19:16:51.0279 4932 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 19:16:51.0279 4932 exfat - ok 19:16:51.0373 4932 [ 66B1CCEFC2D4DB85571769779907655C ] F-Secure Gatekeeper C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys 19:16:51.0373 4932 F-Secure Gatekeeper - ok 19:16:51.0466 4932 [ 36FE693EC6519D333E1CA0169C121281 ] F-Secure HIPS C:\Program Files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys 19:16:51.0466 4932 F-Secure HIPS - ok 19:16:51.0482 4932 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:16:51.0498 4932 fastfat - ok 19:16:51.0544 4932 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 19:16:51.0560 4932 Fax - ok 19:16:51.0576 4932 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:16:51.0576 4932 fdc - ok 19:16:51.0607 4932 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 19:16:51.0607 4932 fdPHost - ok 19:16:51.0622 4932 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 19:16:51.0622 4932 FDResPub - ok 19:16:51.0654 4932 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:16:51.0654 4932 FileInfo - ok 19:16:51.0669 4932 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:16:51.0669 4932 Filetrace - ok 19:16:51.0700 4932 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:16:51.0700 4932 flpydisk - ok 19:16:51.0732 4932 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:16:51.0732 4932 FltMgr - ok 19:16:51.0794 4932 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 19:16:51.0810 4932 FontCache - ok 19:16:51.0856 4932 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:16:51.0856 4932 FontCache3.0.0.0 - ok 19:16:51.0919 4932 [ F59F2C574AA5D84477EB89F87C938F16 ] fsbts C:\Windows\system32\Drivers\fsbts.sys 19:16:51.0919 4932 fsbts - ok 19:16:51.0934 4932 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:16:51.0934 4932 FsDepends - ok 19:16:51.0997 4932 [ 10881D41226100F44DF3BF66F5EA75C6 ] fshoster C:\Program Files (x86)\Charter Security Suite\fshoster32.exe 19:16:51.0997 4932 fshoster - ok 19:16:52.0075 4932 [ 11CA1330E16D1772E868A86FBFD8A0AD ] FSMA C:\Program Files (x86)\Charter Security Suite\Common\FSMA32.EXE 19:16:52.0075 4932 FSMA - ok 19:16:52.0215 4932 [ FFF3982981DF6DCD12FFDBE8BB101451 ] fsni C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys 19:16:52.0215 4932 fsni - ok 19:16:52.0278 4932 [ C67B42683036A503A2123EBEE9220AAA ] FSORSPClient C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe 19:16:52.0278 4932 FSORSPClient - ok 19:16:52.0324 4932 [ 339E52896B03045FC2A738F9997FA38D ] fsvista C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys 19:16:52.0324 4932 fsvista - ok 19:16:52.0356 4932 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:16:52.0356 4932 Fs_Rec - ok 19:16:52.0402 4932 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:16:52.0402 4932 fvevol - ok 19:16:52.0434 4932 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 19:16:52.0434 4932 gagp30kx - ok 19:16:52.0558 4932 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 19:16:52.0558 4932 GamesAppService - ok 19:16:52.0621 4932 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:16:52.0621 4932 GEARAspiWDM - ok 19:16:52.0683 4932 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 19:16:52.0683 4932 gpsvc - ok 19:16:52.0777 4932 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:16:52.0777 4932 gupdate - ok 19:16:52.0808 4932 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:16:52.0808 4932 gupdatem - ok 19:16:52.0839 4932 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:16:52.0839 4932 gusvc - ok 19:16:52.0855 4932 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:16:52.0855 4932 hcw85cir - ok 19:16:52.0917 4932 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:16:52.0917 4932 HdAudAddService - ok 19:16:52.0948 4932 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 19:16:52.0948 4932 HDAudBus - ok 19:16:52.0964 4932 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 19:16:52.0964 4932 HidBatt - ok 19:16:52.0995 4932 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 19:16:52.0995 4932 HidBth - ok 19:16:53.0026 4932 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:16:53.0026 4932 HidIr - ok 19:16:53.0042 4932 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 19:16:53.0042 4932 hidserv - ok 19:16:53.0073 4932 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 19:16:53.0073 4932 HidUsb - ok 19:16:53.0104 4932 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:16:53.0104 4932 hkmsvc - ok 19:16:53.0151 4932 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:16:53.0167 4932 HomeGroupListener - ok 19:16:53.0198 4932 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:16:53.0198 4932 HomeGroupProvider - ok 19:16:53.0292 4932 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 19:16:53.0292 4932 HP Support Assistant Service - ok 19:16:53.0323 4932 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 19:16:53.0323 4932 hpdskflt - ok 19:16:53.0338 4932 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 19:16:53.0338 4932 HpqKbFiltr - ok 19:16:53.0416 4932 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 19:16:53.0416 4932 hpqwmiex - ok 19:16:53.0494 4932 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:16:53.0494 4932 HpSAMD - ok 19:16:53.0494 4932 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe 19:16:53.0494 4932 hpsrv - ok 19:16:53.0541 4932 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:16:53.0557 4932 HTTP - ok 19:16:53.0588 4932 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:16:53.0588 4932 hwpolicy - ok 19:16:53.0635 4932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 19:16:53.0635 4932 i8042prt - ok 19:16:53.0666 4932 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:16:53.0666 4932 iaStorV - ok 19:16:53.0760 4932 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 19:16:53.0760 4932 IDriverT - ok 19:16:53.0822 4932 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:16:53.0838 4932 idsvc - ok 19:16:53.0978 4932 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 19:16:54.0040 4932 igfx - ok 19:16:54.0072 4932 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 19:16:54.0072 4932 iirsp - ok 19:16:54.0118 4932 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 19:16:54.0134 4932 IKEEXT - ok 19:16:54.0134 4932 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 19:16:54.0134 4932 intelide - ok 19:16:54.0165 4932 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:16:54.0165 4932 intelppm - ok 19:16:54.0181 4932 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:16:54.0181 4932 IPBusEnum - ok 19:16:54.0228 4932 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:16:54.0228 4932 IpFilterDriver - ok 19:16:54.0274 4932 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:16:54.0290 4932 iphlpsvc - ok 19:16:54.0321 4932 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:16:54.0337 4932 IPMIDRV - ok 19:16:54.0352 4932 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:16:54.0368 4932 IPNAT - ok 19:16:54.0446 4932 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 19:16:54.0446 4932 iPod Service - ok 19:16:54.0477 4932 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:16:54.0477 4932 IRENUM - ok 19:16:54.0508 4932 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:16:54.0508 4932 isapnp - ok 19:16:54.0540 4932 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:16:54.0540 4932 iScsiPrt - ok 19:16:54.0571 4932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 19:16:54.0571 4932 kbdclass - ok 19:16:54.0586 4932 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 19:16:54.0586 4932 kbdhid - ok 19:16:54.0602 4932 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 19:16:54.0602 4932 KeyIso - ok 19:16:54.0649 4932 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:16:54.0649 4932 KSecDD - ok 19:16:54.0680 4932 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:16:54.0680 4932 KSecPkg - ok 19:16:54.0711 4932 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:16:54.0711 4932 ksthunk - ok 19:16:54.0742 4932 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 19:16:54.0742 4932 KtmRm - ok 19:16:54.0789 4932 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 19:16:54.0805 4932 LanmanServer - ok 19:16:54.0836 4932 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:16:54.0852 4932 LanmanWorkstation - ok 19:16:54.0898 4932 [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 19:16:54.0898 4932 LightScribeService - ok 19:16:54.0914 4932 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:16:54.0914 4932 lltdio - ok 19:16:54.0945 4932 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:16:54.0945 4932 lltdsvc - ok 19:16:54.0961 4932 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:16:54.0961 4932 lmhosts - ok 19:16:54.0992 4932 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 19:16:54.0992 4932 LSI_FC - ok 19:16:55.0023 4932 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 19:16:55.0023 4932 LSI_SAS - ok 19:16:55.0039 4932 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:16:55.0039 4932 LSI_SAS2 - ok 19:16:55.0054 4932 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:16:55.0054 4932 LSI_SCSI - ok 19:16:55.0086 4932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 19:16:55.0086 4932 luafv - ok 19:16:55.0148 4932 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:16:55.0148 4932 Mcx2Svc - ok 19:16:55.0179 4932 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 19:16:55.0179 4932 megasas - ok 19:16:55.0195 4932 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 19:16:55.0210 4932 MegaSR - ok 19:16:55.0226 4932 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 19:16:55.0226 4932 MMCSS - ok 19:16:55.0242 4932 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 19:16:55.0242 4932 Modem - ok 19:16:55.0257 4932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:16:55.0257 4932 monitor - ok 19:16:55.0351 4932 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe 19:16:55.0351 4932 MotoHelper - ok 19:16:55.0366 4932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 19:16:55.0366 4932 mouclass - ok 19:16:55.0382 4932 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:16:55.0382 4932 mouhid - ok 19:16:55.0429 4932 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:16:55.0429 4932 mountmgr - ok 19:16:55.0460 4932 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 19:16:55.0460 4932 mpio - ok 19:16:55.0491 4932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:16:55.0491 4932 mpsdrv - ok 19:16:55.0585 4932 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:16:55.0600 4932 MpsSvc - ok 19:16:55.0647 4932 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:16:55.0647 4932 MRxDAV - ok 19:16:55.0694 4932 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:16:55.0694 4932 mrxsmb - ok 19:16:55.0725 4932 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:16:55.0741 4932 mrxsmb10 - ok 19:16:55.0772 4932 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:16:55.0772 4932 mrxsmb20 - ok 19:16:55.0834 4932 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 19:16:55.0834 4932 msahci - ok 19:16:55.0866 4932 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:16:55.0866 4932 msdsm - ok 19:16:55.0881 4932 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 19:16:55.0881 4932 MSDTC - ok 19:16:55.0928 4932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:16:55.0928 4932 Msfs - ok 19:16:55.0928 4932 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:16:55.0928 4932 mshidkmdf - ok 19:16:55.0944 4932 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:16:55.0944 4932 msisadrv - ok 19:16:55.0975 4932 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:16:55.0975 4932 MSiSCSI - ok 19:16:55.0975 4932 msiserver - ok 19:16:56.0006 4932 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:16:56.0006 4932 MSKSSRV - ok 19:16:56.0022 4932 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:16:56.0022 4932 MSPCLOCK - ok 19:16:56.0037 4932 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:16:56.0037 4932 MSPQM - ok 19:16:56.0084 4932 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:16:56.0084 4932 MsRPC - ok 19:16:56.0131 4932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:16:56.0131 4932 mssmbios - ok 19:16:56.0146 4932 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:16:56.0146 4932 MSTEE - ok 19:16:56.0162 4932 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 19:16:56.0162 4932 MTConfig - ok 19:16:56.0193 4932 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 19:16:56.0193 4932 Mup - ok 19:16:56.0240 4932 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 19:16:56.0240 4932 napagent - ok 19:16:56.0271 4932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:16:56.0271 4932 NativeWifiP - ok 19:16:56.0334 4932 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:16:56.0334 4932 NDIS - ok 19:16:56.0349 4932 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:16:56.0349 4932 NdisCap - ok 19:16:56.0380 4932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:16:56.0380 4932 NdisTapi - ok 19:16:56.0427 4932 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:16:56.0427 4932 Ndisuio - ok 19:16:56.0474 4932 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:16:56.0474 4932 NdisWan - ok 19:16:56.0521 4932 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:16:56.0521 4932 NDProxy - ok 19:16:56.0552 4932 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:16:56.0552 4932 NetBIOS - ok 19:16:56.0599 4932 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:16:56.0599 4932 NetBT - ok 19:16:56.0599 4932 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 19:16:56.0614 4932 Netlogon - ok 19:16:56.0646 4932 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 19:16:56.0646 4932 Netman - ok 19:16:56.0661 4932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 19:16:56.0661 4932 netprofm - ok 19:16:56.0692 4932 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:16:56.0692 4932 NetTcpPortSharing - ok 19:16:56.0802 4932 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 19:16:56.0848 4932 netw5v64 - ok 19:16:56.0880 4932 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 19:16:56.0880 4932 nfrd960 - ok 19:16:56.0895 4932 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:16:56.0895 4932 NlaSvc - ok 19:16:56.0926 4932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:16:56.0926 4932 Npfs - ok 19:16:56.0958 4932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 19:16:56.0958 4932 nsi - ok 19:16:56.0973 4932 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:16:56.0973 4932 nsiproxy - ok 19:16:57.0036 4932 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:16:57.0051 4932 Ntfs - ok 19:16:57.0067 4932 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 19:16:57.0067 4932 Null - ok 19:16:57.0082 4932 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:16:57.0082 4932 nvraid - ok 19:16:57.0129 4932 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:16:57.0129 4932 nvstor - ok 19:16:57.0145 4932 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:16:57.0145 4932 nv_agp - ok 19:16:57.0176 4932 [ 6EEB54E34603DD417ECE187C8402320A ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys 19:16:57.0176 4932 NWADI - ok 19:16:57.0223 4932 [ D944D4341429093F55CB7F0EC87C86B3 ] NWUSBCDFIL64 C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys 19:16:57.0223 4932 NWUSBCDFIL64 - ok 19:16:57.0270 4932 [ 877CE72712D7860FD815884438D824B8 ] NWUSBModem_000 C:\Windows\system32\DRIVERS\nwusbmdm_000.sys 19:16:57.0270 4932 NWUSBModem_000 - ok 19:16:57.0301 4932 [ 877CE72712D7860FD815884438D824B8 ] NWUSBPort2_000 C:\Windows\system32\DRIVERS\nwusbser2_000.sys 19:16:57.0301 4932 NWUSBPort2_000 - ok 19:16:57.0348 4932 [ 877CE72712D7860FD815884438D824B8 ] NWUSBPort_000 C:\Windows\system32\DRIVERS\nwusbser_000.sys 19:16:57.0348 4932 NWUSBPort_000 - ok 19:16:57.0410 4932 [ 6F67805EBE1C879DE008ED21BFCF2F02 ] NWVZHelper C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe 19:16:57.0410 4932 NWVZHelper - ok 19:16:57.0457 4932 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:16:57.0457 4932 ohci1394 - ok 19:16:57.0488 4932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:16:57.0488 4932 p2pimsvc - ok 19:16:57.0519 4932 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 19:16:57.0519 4932 p2psvc - ok 19:16:57.0550 4932 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:16:57.0550 4932 Parport - ok 19:16:57.0566 4932 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:16:57.0566 4932 partmgr - ok 19:16:57.0597 4932 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:16:57.0597 4932 PcaSvc - ok 19:16:57.0644 4932 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 19:16:57.0644 4932 pci - ok 19:16:57.0660 4932 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 19:16:57.0660 4932 pciide - ok 19:16:57.0691 4932 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:16:57.0691 4932 pcmcia - ok 19:16:57.0722 4932 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 19:16:57.0722 4932 pcw - ok 19:16:57.0738 4932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:16:57.0738 4932 PEAUTH - ok 19:16:57.0816 4932 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:16:57.0816 4932 PerfHost - ok 19:16:57.0894 4932 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 19:16:57.0909 4932 pla - ok 19:16:57.0972 4932 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:16:57.0972 4932 PlugPlay - ok 19:16:58.0003 4932 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:16:58.0003 4932 PNRPAutoReg - ok 19:16:58.0018 4932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:16:58.0018 4932 PNRPsvc - ok 19:16:58.0034 4932 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:16:58.0050 4932 PolicyAgent - ok 19:16:58.0081 4932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 19:16:58.0081 4932 Power - ok 19:16:58.0096 4932 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:16:58.0096 4932 PptpMiniport - ok 19:16:58.0128 4932 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:16:58.0128 4932 Processor - ok 19:16:58.0174 4932 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 19:16:58.0190 4932 ProfSvc - ok 19:16:58.0190 4932 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:16:58.0206 4932 ProtectedStorage - ok 19:16:58.0252 4932 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:16:58.0252 4932 Psched - ok 19:16:58.0315 4932 [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 19:16:58.0315 4932 QBCFMonitorService - ok 19:16:58.0346 4932 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe 19:16:58.0362 4932 QBFCService - ok 19:16:58.0408 4932 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 19:16:58.0424 4932 ql2300 - ok 19:16:58.0440 4932 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 19:16:58.0440 4932 ql40xx - ok 19:16:58.0471 4932 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 19:16:58.0471 4932 QWAVE - ok 19:16:58.0486 4932 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:16:58.0486 4932 QWAVEdrv - ok 19:16:58.0502 4932 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:16:58.0502 4932 RasAcd - ok 19:16:58.0533 4932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:16:58.0533 4932 RasAgileVpn - ok 19:16:58.0549 4932 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 19:16:58.0549 4932 RasAuto - ok 19:16:58.0596 4932 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:16:58.0596 4932 Rasl2tp - ok 19:16:58.0642 4932 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 19:16:58.0642 4932 RasMan - ok 19:16:58.0658 4932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:16:58.0658 4932 RasPppoe - ok 19:16:58.0674 4932 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:16:58.0674 4932 RasSstp - ok 19:16:58.0720 4932 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:16:58.0720 4932 rdbss - ok 19:16:58.0736 4932 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:16:58.0736 4932 rdpbus - ok 19:16:58.0752 4932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:16:58.0752 4932 RDPCDD - ok 19:16:58.0783 4932 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:16:58.0783 4932 RDPENCDD - ok 19:16:58.0814 4932 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:16:58.0814 4932 RDPREFMP - ok 19:16:58.0845 4932 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:16:58.0845 4932 RDPWD - ok 19:16:58.0908 4932 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:16:58.0908 4932 rdyboost - ok 19:16:58.0939 4932 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:16:58.0939 4932 RemoteAccess - ok 19:16:58.0970 4932 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:16:58.0970 4932 RemoteRegistry - ok 19:16:59.0032 4932 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 19:16:59.0032 4932 RichVideo - ok 19:16:59.0064 4932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:16:59.0064 4932 RpcEptMapper - ok 19:16:59.0079 4932 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 19:16:59.0079 4932 RpcLocator - ok 19:16:59.0110 4932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 19:16:59.0126 4932 RpcSs - ok 19:16:59.0157 4932 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:16:59.0157 4932 rspndr - ok 19:16:59.0204 4932 [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 19:16:59.0204 4932 RSUSBSTOR - ok 19:16:59.0235 4932 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 19:16:59.0235 4932 RTL8167 - ok 19:16:59.0235 4932 RtsUIR - ok 19:16:59.0251 4932 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 19:16:59.0251 4932 SamSs - ok 19:16:59.0298 4932 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:16:59.0298 4932 sbp2port - ok 19:16:59.0313 4932 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:16:59.0329 4932 SCardSvr - ok 19:16:59.0360 4932 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:16:59.0360 4932 scfilter - ok 19:16:59.0422 4932 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 19:16:59.0438 4932 Schedule - ok 19:16:59.0469 4932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:16:59.0469 4932 SCPolicySvc - ok 19:16:59.0500 4932 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 19:16:59.0516 4932 sdbus - ok 19:16:59.0563 4932 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:16:59.0563 4932 SDRSVC - ok 19:16:59.0656 4932 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 19:16:59.0656 4932 SeaPort - ok 19:16:59.0688 4932 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:16:59.0703 4932 secdrv - ok 19:16:59.0703 4932 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 19:16:59.0703 4932 seclogon - ok 19:16:59.0734 4932 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 19:16:59.0734 4932 SENS - ok 19:16:59.0766 4932 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:16:59.0766 4932 SensrSvc - ok 19:16:59.0781 4932 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:16:59.0781 4932 Serenum - ok 19:16:59.0797 4932 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:16:59.0797 4932 Serial - ok 19:16:59.0844 4932 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 19:16:59.0844 4932 sermouse - ok 19:16:59.0890 4932 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 19:16:59.0890 4932 SessionEnv - ok 19:16:59.0906 4932 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:16:59.0906 4932 sffdisk - ok 19:16:59.0922 4932 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:16:59.0922 4932 sffp_mmc - ok 19:16:59.0937 4932 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:16:59.0937 4932 sffp_sd - ok 19:16:59.0953 4932 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:16:59.0953 4932 sfloppy - ok 19:16:59.0984 4932 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:16:59.0984 4932 SharedAccess - ok 19:17:00.0000 4932 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:17:00.0015 4932 ShellHWDetection - ok 19:17:00.0062 4932 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:17:00.0062 4932 SiSRaid2 - ok 19:17:00.0078 4932 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 19:17:00.0078 4932 SiSRaid4 - ok 19:17:00.0140 4932 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 19:17:00.0140 4932 SkypeUpdate - ok 19:17:00.0187 4932 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:17:00.0187 4932 Smb - ok 19:17:00.0218 4932 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:17:00.0218 4932 SNMPTRAP - ok 19:17:00.0234 4932 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 19:17:00.0234 4932 spldr - ok 19:17:00.0280 4932 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 19:17:00.0280 4932 Spooler - ok 19:17:00.0374 4932 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 19:17:00.0405 4932 sppsvc - ok 19:17:00.0436 4932 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:17:00.0436 4932 sppuinotify - ok 19:17:00.0483 4932 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 19:17:00.0499 4932 srv - ok 19:17:00.0546 4932 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:17:00.0546 4932 srv2 - ok 19:17:00.0577 4932 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 19:17:00.0577 4932 SrvHsfHDA - ok 19:17:00.0624 4932 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 19:17:00.0639 4932 SrvHsfV92 - ok 19:17:00.0670 4932 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 19:17:00.0670 4932 SrvHsfWinac - ok 19:17:00.0686 4932 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:17:00.0686 4932 srvnet - ok 19:17:00.0733 4932 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:17:00.0733 4932 SSDPSRV - ok 19:17:00.0748 4932 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:17:00.0748 4932 SstpSvc - ok 19:17:00.0873 4932 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe 19:17:00.0873 4932 STacSV - ok 19:17:00.0904 4932 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 19:17:00.0904 4932 stexstor - ok 19:17:00.0951 4932 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 19:17:00.0951 4932 STHDA - ok 19:17:01.0014 4932 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 19:17:01.0014 4932 stisvc - ok 19:17:01.0060 4932 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 19:17:01.0060 4932 swenum - ok 19:17:01.0092 4932 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 19:17:01.0107 4932 swprv - ok 19:17:01.0154 4932 [ 924D711941956F7420A4925592BE8253 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 19:17:01.0154 4932 SynTP - ok 19:17:01.0216 4932 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 19:17:01.0232 4932 SysMain - ok 19:17:01.0279 4932 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:17:01.0279 4932 TabletInputService - ok 19:17:01.0294 4932 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:17:01.0294 4932 TapiSrv - ok 19:17:01.0326 4932 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 19:17:01.0326 4932 TBS - ok 19:17:01.0404 4932 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:17:01.0419 4932 Tcpip - ok 19:17:01.0450 4932 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:17:01.0466 4932 TCPIP6 - ok 19:17:01.0497 4932 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:17:01.0497 4932 tcpipreg - ok 19:17:01.0528 4932 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:17:01.0528 4932 TDPIPE - ok 19:17:01.0575 4932 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:17:01.0575 4932 TDTCP - ok 19:17:01.0622 4932 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:17:01.0622 4932 tdx - ok 19:17:01.0669 4932 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 19:17:01.0669 4932 TermDD - ok 19:17:01.0716 4932 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 19:17:01.0731 4932 TermService - ok 19:17:01.0762 4932 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 19:17:01.0762 4932 Themes - ok 19:17:01.0778 4932 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 19:17:01.0778 4932 THREADORDER - ok 19:17:01.0872 4932 [ FBD16717FD68B206C4CE3BB3C9EE5CB3 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe 19:17:01.0872 4932 TomTomHOMEService - ok 19:17:01.0887 4932 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 19:17:01.0887 4932 TrkWks - ok 19:17:01.0950 4932 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:17:01.0950 4932 TrustedInstaller - ok 19:17:01.0981 4932 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:17:01.0996 4932 tssecsrv - ok 19:17:02.0043 4932 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:17:02.0043 4932 TsUsbFlt - ok 19:17:02.0090 4932 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:17:02.0090 4932 tunnel - ok 19:17:02.0106 4932 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 19:17:02.0106 4932 uagp35 - ok 19:17:02.0137 4932 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:17:02.0152 4932 udfs - ok 19:17:02.0184 4932 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:17:02.0184 4932 UI0Detect - ok 19:17:02.0199 4932 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:17:02.0199 4932 uliagpkx - ok 19:17:02.0246 4932 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 19:17:02.0246 4932 umbus - ok 19:17:02.0277 4932 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 19:17:02.0277 4932 UmPass - ok 19:17:02.0293 4932 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 19:17:02.0293 4932 upnphost - ok 19:17:02.0308 4932 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:17:02.0308 4932 usbccgp - ok 19:17:02.0324 4932 USBCCID - ok 19:17:02.0355 4932 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:17:02.0355 4932 usbcir - ok 19:17:02.0371 4932 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:17:02.0371 4932 usbehci - ok 19:17:02.0386 4932 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 19:17:02.0386 4932 usbfilter - ok 19:17:02.0418 4932 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:17:02.0418 4932 usbhub - ok 19:17:02.0433 4932 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 19:17:02.0433 4932 usbohci - ok 19:17:02.0449 4932 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:17:02.0449 4932 usbprint - ok 19:17:02.0496 4932 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:17:02.0496 4932 usbscan - ok 19:17:02.0527 4932 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:17:02.0527 4932 USBSTOR - ok 19:17:02.0542 4932 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 19:17:02.0542 4932 usbuhci - ok 19:17:02.0558 4932 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 19:17:02.0558 4932 usbvideo - ok 19:17:02.0574 4932 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 19:17:02.0574 4932 UxSms - ok 19:17:02.0605 4932 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 19:17:02.0605 4932 VaultSvc - ok 19:17:02.0620 4932 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:17:02.0620 4932 vdrvroot - ok 19:17:02.0667 4932 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 19:17:02.0667 4932 vds - ok 19:17:02.0698 4932 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:17:02.0698 4932 vga - ok 19:17:02.0714 4932 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 19:17:02.0714 4932 VgaSave - ok 19:17:02.0730 4932 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:17:02.0745 4932 vhdmp - ok 19:17:02.0761 4932 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 19:17:02.0761 4932 viaide - ok 19:17:02.0808 4932 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:17:02.0808 4932 volmgr - ok 19:17:02.0839 4932 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:17:02.0854 4932 volmgrx - ok 19:17:02.0854 4932 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:17:02.0870 4932 volsnap - ok 19:17:02.0901 4932 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 19:17:02.0901 4932 vsmraid - ok 19:17:02.0964 4932 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 19:17:02.0979 4932 VSS - ok 19:17:03.0010 4932 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 19:17:03.0010 4932 vwifibus - ok 19:17:03.0042 4932 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:17:03.0042 4932 vwififlt - ok 19:17:03.0073 4932 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 19:17:03.0073 4932 W32Time - ok 19:17:03.0088 4932 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 19:17:03.0088 4932 WacomPen - ok 19:17:03.0151 4932 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:17:03.0151 4932 WANARP - ok 19:17:03.0151 4932 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:17:03.0151 4932 Wanarpv6 - ok 19:17:03.0244 4932 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 19:17:03.0244 4932 WatAdminSvc - ok 19:17:03.0307 4932 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 19:17:03.0322 4932 wbengine - ok 19:17:03.0354 4932 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:17:03.0369 4932 WbioSrvc - ok 19:17:03.0416 4932 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:17:03.0416 4932 wcncsvc - ok 19:17:03.0432 4932 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:17:03.0432 4932 WcsPlugInService - ok 19:17:03.0463 4932 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 19:17:03.0463 4932 Wd - ok 19:17:03.0510 4932 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:17:03.0510 4932 Wdf01000 - ok 19:17:03.0525 4932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:17:03.0541 4932 WdiServiceHost - ok 19:17:03.0541 4932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:17:03.0541 4932 WdiSystemHost - ok 19:17:03.0588 4932 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 19:17:03.0588 4932 WebClient - ok 19:17:03.0619 4932 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:17:03.0619 4932 Wecsvc - ok 19:17:03.0634 4932 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:17:03.0634 4932 wercplsupport - ok 19:17:03.0650 4932 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 19:17:03.0650 4932 WerSvc - ok 19:17:03.0681 4932 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:17:03.0681 4932 WfpLwf - ok 19:17:03.0697 4932 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:17:03.0697 4932 WIMMount - ok 19:17:03.0712 4932 WinDefend - ok 19:17:03.0712 4932 WinHttpAutoProxySvc - ok 19:17:03.0775 4932 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:17:03.0775 4932 Winmgmt - ok 19:17:03.0837 4932 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 19:17:03.0868 4932 WinRM - ok 19:17:03.0915 4932 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 19:17:03.0915 4932 WinUsb - ok 19:17:03.0962 4932 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 19:17:03.0962 4932 Wlansvc - ok 19:17:04.0009 4932 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:17:04.0009 4932 WmiAcpi - ok 19:17:04.0040 4932 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:17:04.0040 4932 wmiApSrv - ok 19:17:04.0056 4932 WMPNetworkSvc - ok 19:17:04.0071 4932 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:17:04.0071 4932 WPCSvc - ok 19:17:04.0118 4932 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:17:04.0118 4932 WPDBusEnum - ok 19:17:04.0149 4932 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:17:04.0149 4932 ws2ifsl - ok 19:17:04.0165 4932 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 19:17:04.0180 4932 wscsvc - ok 19:17:04.0180 4932 WSearch - ok 19:17:04.0258 4932 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 19:17:04.0274 4932 wuauserv - ok 19:17:04.0321 4932 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:17:04.0321 4932 WudfPf - ok 19:17:04.0352 4932 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:17:04.0368 4932 WUDFRd - ok 19:17:04.0368 4932 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:17:04.0383 4932 wudfsvc - ok 19:17:04.0399 4932 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 19:17:04.0414 4932 WwanSvc - ok 19:17:04.0446 4932 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 19:17:04.0446 4932 yukonw7 - ok 19:17:04.0461 4932 ================ Scan global =============================== 19:17:04.0477 4932 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 19:17:04.0524 4932 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 19:17:04.0539 4932 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 19:17:04.0570 4932 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 19:17:04.0570 4932 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 19:17:04.0586 4932 [Global] - ok 19:17:04.0586 4932 ================ Scan MBR ================================== 19:17:04.0586 4932 [ DDE255BD595281C7119C5DCBA9F7F419 ] \Device\Harddisk0\DR0 19:17:04.0773 4932 \Device\Harddisk0\DR0 - ok 19:17:04.0773 4932 ================ Scan VBR ================================== 19:17:04.0773 4932 [ 98386FDD716BBFD0884BB7B5668D6AA5 ] \Device\Harddisk0\DR0\Partition1 19:17:04.0773 4932 \Device\Harddisk0\DR0\Partition1 - ok 19:17:04.0789 4932 [ D2B125975C2AB12197318E35C5C440E9 ] \Device\Harddisk0\DR0\Partition2 19:17:04.0789 4932 \Device\Harddisk0\DR0\Partition2 - ok 19:17:04.0820 4932 [ D220D8306A7D9CBCF7D4AF74A647EE43 ] \Device\Harddisk0\DR0\Partition3 19:17:04.0820 4932 \Device\Harddisk0\DR0\Partition3 - ok 19:17:04.0836 4932 [ 365840A14A1CDB120C56B2E17DDDCC9D ] \Device\Harddisk0\DR0\Partition4 19:17:04.0836 4932 \Device\Harddisk0\DR0\Partition4 - ok 19:17:04.0836 4932 ============================================================ 19:17:04.0836 4932 Scan finished 19:17:04.0836 4932 ============================================================ 19:17:04.0836 0396 Detected object count: 0 19:17:04.0836 0396 Actual detected object count: 0 19:17:27.0705 6108 Deinitialize success -
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
Combofix completed (I closed the first run attempt, rebooted laptop & restarted combofix). have recieved the "Illegal operation attempted on a registry key that has been marked for deletion." After the log was generated, and I attempted to launch iE to post the log. Am posting log from 2nd laptop, as I am rebooting laptop now. upon reboot, I will launch TDSSKiller. Log from Combofix ComboFix 13-04-27.04 - Rooter 04/27/2013 18:24:12.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2185 [GMT -4:00] Running from: c:\users\Rooter\Desktop\ComboFix.exe AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Charter Security Suite 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\videos\HP MediaSmart Demo.exe c:\users\Rooter\AppData\Roaming\.# . . ((((((((((((((((((((((((( Files Created from 2013-03-27 to 2013-04-27 ))))))))))))))))))))))))))))))) . . 2013-04-27 22:34 . 2013-04-27 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-27 20:53 . 2013-04-27 20:54 -------- d-----w- c:\users\Rooter People 2013-04-27 20:23 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E371E36-F3E1-4EC6-8B6F-7699555F5B80}\mpengine.dll 2013-04-24 00:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 01:05 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 01:05 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-10 01:05 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-10 01:05 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 01:05 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 01:05 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-10 01:04 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 01:03 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-10 01:03 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 01:03 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 01:03 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 01:03 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-10 01:03 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 01:02 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-03 00:12 . 2013-04-03 00:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-10 10:35 . 2010-01-12 01:49 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-13 21:26 . 2012-04-01 11:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 21:26 . 2011-05-21 10:48 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 05:10 . 2009-12-21 20:09 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-02-12 05:45 . 2013-03-13 20:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 20:34 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 20:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 20:34 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 20:34 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 20:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-17 19:53 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{47B6A4A9-DC94-4738-9F20-7411D9691EA4}] 2011-04-20 17:29 81920 ----a-w- c:\program files (x86)\chartertoolbar\chartertoolbarDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{47B6A4A9-DC94-4738-9F20-7411D9691EA4}"= "c:\program files (x86)\chartertoolbar\chartertoolbarDx.dll" [2011-04-20 81920] . [HKEY_CLASSES_ROOT\clsid\{47b6a4a9-dc94-4738-9f20-7411d9691ea4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304] "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "F-Secure TNB"="c:\program files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "F-Secure Hoster (42626)"="c:\program files (x86)\Charter Security Suite\fshoster32.exe" [2012-11-26 183864] "F-Secure Manager"="c:\program files (x86)\Charter Security Suite\Common\FSM32.EXE" [2012-10-18 310992] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\Rooter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Epson multimedia projector Registration.lnk - e:\common\EpsonReg\EX3210\EpsonReg.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "WallpaperStyle"= 2 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2010-07-08 25600] R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 217728] R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 217728] R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 217728] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-08-15 56016] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys [2012-10-18 62032] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [2012-10-18 14032] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-11-01 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264] S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\Charter Security Suite\fshoster32.exe [2012-11-26 183864] S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [2012-08-06 61176] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184] S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [2012-10-18 198864] S3 fsni;fsni;c:\program files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [2013-01-30 71680] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:26] . 2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:16] . 2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:16] . 2013-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000Core.job - c:\users\Rooter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 20:16] . 2013-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000UA.job - c:\users\Rooter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 20:16] . 2013-04-24 c:\windows\Tasks\HPCeeScheduleForRooter.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . 2013-04-27 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~2\CHARTE~1\ANTI-V~1\fsav.exe [2010-02-06 16:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-11-01 487424] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 192.168.*.*;*.local IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html LSP: c:\program files (x86)\Charter Security Suite\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 192.168.1.254 DPF: {DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} - hxxps://eplans.atlantaga.gov/ProjectDox/Resources/Uploader/ChilkatZip2.cab . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKLM-Run-RegWork - c:\program files (x86)\RegWork\RegWork.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster] "ImagePath"="\"c:\program files (x86)\Charter Security Suite\fshoster32.exe\" -hosterid:0" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected] @Denied: ) (Everyone) "AgentIdentifier"="de46e0cf-be9e-46d0-9cd3-37e36dfb1c3a" "AuthorizationCode"="" "42626_AgentIdentifier"="de46e0cf-be9e-46d0-9cd3-37e36dfb1c3a" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Charter Security Suite\Anti-Virus\FSGK32.EXE c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Charter Security Suite\Common\FSMA32.EXE c:\program files (x86)\Charter Security Suite\Anti-Virus\fssm32.exe c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . ************************************************************************** . Completion time: 2013-04-27 18:43:52 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-27 22:43 . Pre-Run: 133,343,596,544 bytes free Post-Run: 134,125,219,840 bytes free . - - End Of File - - D31647D4182DBD5C4B8D19D3CE58C185 -
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
Have been running the ComboFix for a while, received "Completed Stage_4" about 10 minutes ago - not being familiar with "Comcast Security Suite", could I have "not" closed/stopped the antivirus, causing ComboFix to stall? Have not touched laptop since launching ComboFix. -
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
RogueKiller Log: RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Rooter [Admin rights] Mode : Remove -- Date : 04/27/2013 16:40:14 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [sHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Rooter\AppData\Roaming\skype.dat) [x] -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS725032A9A364 ATA Device +++++ --- User --- [MBR] 58a2b4c86090ec0f56f133c99fec76c3 [bSP] 35a8b976d9a2aa6136dc919269895d6a : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 291517 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 597436416 | Size: 13424 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04272013_02d1640.txt >> RKreport[1]_S_04272013_02d1637.txt ; RKreport[2]_D_04272013_02d1640.txt -
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
Success on both! AdwCleaner Log: # AdwCleaner v2.202 - Logfile created 04/27/2013 at 16:31:47 # Updated 23/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Rooter - ROOTER-PC # Boot Mode : Normal # Running from : C:\Users\Rooter\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\user.js Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Users\Rooter\AppData\Local\Temp\BabylonToolbar Folder Deleted : C:\Users\Rooter\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Rooter\AppData\Roaming\Babylon Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{568F1261-D116-4E54-90B8-17D0ACDE2AD7} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{568F1261-D116-4E54-90B8-17D0ACDE2AD7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{568F1261-D116-4E54-90B8-17D0ACDE2AD7} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Rooter\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.35] : icon_url = "hxxp://www.babylon.com/favicon.ico", Deleted [l.38] : keyword = "babylon.com", Deleted [l.41] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_crm", ************************* AdwCleaner[s1].txt - [6593 octets] - [27/04/2013 16:31:47] ########## EOF - C:\AdwCleaner[s1].txt - [6653 octets] ########## -
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
fixlist.txt I deleted the first log and the fixlist.txt I have deleted it completely, and recreated it, and tried again. I must have typed it wrong. see below for newest log. sorry about that - Rebooted laptop after fix worked, windows started normally, white screen is gone - am able to access the desktop now (thank you!!). What should I do next? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2013 07 Ran by SYSTEM at 2013-04-27 16:00:43 Run:1 Running from H:\ Boot Mode: Recovery ============================================== C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6} moved successfully. C:\Users\Rooter\AppData\Roaming\skype.dat moved successfully. C:\Users\Rooter\AppData\Roaming\skype.ini moved successfully. == -
MoneyPak & white screen help needed
EirualMac replied to EirualMac's topic in Resolved Malware Removal Logs
I have copied to notepad, saving to flashdrive, and ran frst64, clicked on "fix", and received the following popup window: Farbar Recovery Scan Tool Warning: Looks you don't know what to do. To prevent damage to the system the tool will exit. Only option is to click on "OK". -
Hello, Am helping to clean up a laptop that is infected with MoneyPak (I believe)- Upon launching the laptop, user (only one) immediately loads to a white screen. MoneyPak never actually loads with the FBI warning screen, just remains a white screen. If I "shutdown" the pc (through ctrl-alt-delete for 5 seconds), laptop will shut down, and I will briefly see the desktop, and then laptop will shut down. Laptop is Win7 HP Pavilion Entertainment Have managed to run the Farbar Recovery Scan Tool, and the log is below (captured on thumb drive and am posting via a second laptop). Please advise next steps - Thanks!! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2013 07 Ran by SYSTEM on 27-04-2013 14:01:33 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2010-11-01] (Synaptics Incorporated) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-15] (Sun Microsystems, Inc.) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-11-01] (IDT, Inc.) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.) HKLM-x32\...\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [F-Secure TNB] "C:\Program Files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [2349664 2009-08-05] (F-Secure Corporation) HKLM-x32\...\Run: [RegWork] C:\Program Files (x86)\RegWork\RegWork.exe [x] HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask) HKLM-x32\...\Run: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1 [183864 2012-11-26] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\Common\FSM32.EXE" /splash [310992 2012-10-18] (F-Secure Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard) HKU\Default\...\Policies\system: [WallpaperStyle] 2 HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard) HKU\Default User\...\Policies\system: [WallpaperStyle] 2 HKU\Rooter\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-12-29] (Google Inc.) HKU\Rooter\...\Run: [Google Update] "C:\Users\Rooter\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2009-12-21] (Google Inc.) HKU\Rooter\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x] HKU\Rooter\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.) HKU\Rooter\...\Policies\system: [WallpaperStyle] 2 HKU\Rooter\...\Winlogon: [shell] explorer.exe,C:\Users\Rooter\AppData\Roaming\skype.dat [128512 2011-11-16] (HitSoft Group) <==== ATTENTION Startup: C:\Users\Rooter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson multimedia projector Registration.lnk ShortcutTarget: Epson multimedia projector Registration.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2010-11-01] (Andrea Electronics Corporation) S2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [183864 2012-11-26] (F-Secure Corporation) S3 FSMA; C:\Program Files (x86)\Charter Security Suite\Common\FSMA32.EXE [208592 2012-10-18] (F-Secure Corporation) S2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [61176 2012-08-06] (F-Secure Corporation) S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] () S2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] () S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-11-01] (IDT, Inc.) S2 DeviceMonitorService; "C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [198864 2012-10-18] () S1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys [62032 2012-10-18] (F-Secure Corporation) S0 fsbts; C:\Windows\SysWow64\Drivers\fsbts.sys [42672 2011-08-17] () S3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [71680 2013-01-30] (F-Secure Corporation) S1 fsvista; C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [14032 2012-10-18] () S3 cpuz132; \??\C:\Users\Rooter\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x] S4 eabfiltr; S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-27 14:01 - 2013-04-27 14:01 - 00000000 ____D C:\FRST 2013-04-25 14:13 - 2013-04-27 08:58 - 00000004 ____A C:\Users\Rooter\AppData\Roaming\skype.ini 2013-04-24 11:59 - 2013-04-24 11:59 - 14015490 ____A C:\Users\Public\Desktop\fsdiag.zip 2013-04-23 16:03 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-10 02:34 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-10 02:34 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-10 02:34 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-10 02:34 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-10 02:34 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-10 02:34 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-10 02:34 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-10 02:34 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-10 02:34 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-10 02:34 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-10 02:34 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-10 02:34 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-10 02:34 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-10 02:34 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-10 02:34 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-10 02:34 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-10 02:34 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-04-10 02:34 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-04-10 02:34 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-04-10 02:34 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-04-10 02:34 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-04-10 02:34 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-04-10 02:34 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-10 02:34 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-10 02:34 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-04-10 02:34 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-04-10 02:34 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-04-10 02:34 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-04-10 02:34 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-10 02:34 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-04-10 02:34 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-10 02:34 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-04-09 17:05 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2013-04-09 17:05 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-04-09 17:05 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2013-04-09 17:05 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-04-09 17:05 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-04-09 17:05 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-04-09 17:04 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-04-09 17:03 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-04-09 17:03 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-04-09 17:03 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-04-09 17:03 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-04-09 17:03 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-04-09 17:03 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys 2013-04-09 17:02 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-04-02 16:12 - 2013-04-02 16:12 - 00001979 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk ==================== One Month Modified Files and Folders ======= 2013-04-27 14:01 - 2013-04-27 14:01 - 00000000 ____D C:\FRST 2013-04-27 08:59 - 2009-11-24 00:15 - 01066933 ____A C:\Windows\WindowsUpdate.log 2013-04-27 08:59 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-27 08:59 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-27 08:58 - 2013-04-25 14:13 - 00000004 ____A C:\Users\Rooter\AppData\Roaming\skype.ini 2013-04-27 08:57 - 2009-07-13 21:13 - 00744066 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-27 08:56 - 2011-07-13 10:36 - 00448700 ____A C:\Windows\setupact.log 2013-04-27 08:55 - 2011-07-18 07:40 - 00000508 ____A C:\Windows\Tasks\Scheduled scanning task.job 2013-04-27 08:55 - 2010-01-29 10:16 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-27 08:55 - 2009-12-21 12:00 - 00000190 ____A C:ProgramData\HPWALog.txt 2013-04-27 08:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-26 15:53 - 2010-01-29 10:16 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-26 15:25 - 2012-04-01 03:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-26 15:06 - 2009-12-21 12:16 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000UA.job 2013-04-25 14:15 - 2010-09-25 10:01 - 00000000 ____D C:\Users\Rooter\AppData\Roaming\Skype 2013-04-24 11:59 - 2013-04-24 11:59 - 14015490 ____A C:\Users\Public\Desktop\fsdiag.zip 2013-04-24 10:30 - 2011-01-08 09:34 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForRooter.job 2013-04-20 10:06 - 2011-10-29 17:06 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-04-20 10:06 - 2010-01-12 12:03 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-04-14 11:53 - 2009-08-14 22:58 - 00000000 ____D C:ProgramData\Adobe 2013-04-14 11:52 - 2009-12-21 12:15 - 00000000 ____D C:\Users\Rooter\AppData\Roaming\Adobe 2013-04-12 06:45 - 2013-04-23 16:03 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-12 04:19 - 2011-07-18 12:39 - 00000340 ____A C:\Windows\Tasks\Regwork.job 2013-04-10 14:36 - 2009-12-21 12:16 - 00002370 ____A C:\Users\Rooter\Desktop\Google Chrome.lnk 2013-04-10 11:23 - 2009-12-21 12:16 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000Core.job 2013-04-10 02:47 - 2009-07-13 20:45 - 00348656 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-10 02:35 - 2010-01-11 17:49 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-06 14:49 - 2011-07-16 09:57 - 00022950 ____A C:\Windows\PFRO.log 2013-04-06 13:50 - 2012-01-11 04:51 - 00000000 __SHD C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6} 2013-04-02 16:12 - 2013-04-02 16:12 - 00001979 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-04-02 16:12 - 2009-08-14 22:58 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-04-02 16:11 - 2009-12-28 10:13 - 00000000 ____D C:\Users\Rooter\AppData\Local\Adobe 2013-03-29 13:42 - 2010-04-24 06:05 - 00000020 ____H C:ProgramData\PKP_DLdw.DAT ZeroAccess: C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6} C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\@ C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\L C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\U C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\L\00000004.@ C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\L\1afb2d56 C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\U\00000004.$ C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\U\00000008.$ C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\U\80000000.$ Other Malware: =========== C:\Users\Rooter\AppData\Roaming\skype.dat C:\Users\Rooter\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-12 05:55:31 Restore point made on: 2013-03-14 04:13:34 Restore point made on: 2013-03-18 03:46:40 Restore point made on: 2013-03-22 16:21:12 Restore point made on: 2013-03-26 03:54:45 Restore point made on: 2013-03-29 13:13:55 Restore point made on: 2013-04-02 16:22:09 Restore point made on: 2013-04-09 17:02:35 Restore point made on: 2013-04-10 02:33:10 Restore point made on: 2013-04-16 12:38:27 Restore point made on: 2013-04-23 14:06:02 Restore point made on: 2013-04-24 05:46:02 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 3836.2 MB Available physical RAM: 3129.41 MB Total Pagefile: 3834.34 MB Available Pagefile: 3113.43 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:284.68 GB) (Free:122.1 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] Drive e: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:2.19 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4) Drive h: (SPX) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 956 MB 0 B Partitions of Disk 0: =============== Disk ID: 762FB085 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 284 GB 200 MB Partition 3 Primary 13 GB 284 GB Partition 4 Primary 103 MB 297 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 284 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E RECOVERY NTFS Partition 13 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: C3072E18 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 955 MB 256 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H SPX FAT Removable 955 MB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (Size: 298 GB) (Disk ID: 762FB085) Partition 1: (Active) - (Size=199 MB) - (Type=07) (NTFS) Partition 2: (Not Active) - (Size=285 GB) - (Type=07) (NTFS) Partition 3: (Not Active) - (Size=13 GB) - (Type=07) (NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================================================================== Disk: 1 (MBR Code: Windows XP) (Size: 956 MB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=956 MB) - (Type=06) Last Boot: 2013-04-25 15:16 ==================== End Of Log ============================