Jump to content

Hotmail hacked

Bill James
 Share

Recommended Posts

Bill James

Bill James

Posted
Posted

My Hotmail account was hacked and I would like to know if my system has been compromised. I have read several posts in this forum to help myself, but some of the advice says it is user-specific and not for general use. I have already changed my password from strong to stronger. Below are log files from MBAM and HijackThis. The log file from NOD32 is too big to post, but it did not find any threats. Thank you for any help offered.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.10.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

dhl :: DHL-PC [administrator]

Protection: Enabled

6/10/2012 4:28:14 PM

mbam-log-2012-06-10 (16-28-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202676

Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

****************************************************************

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:42:24 PM, on 6/10/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Users\dhl\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.powerspec.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8198 bytes

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello Bill,

To be safe, you should change all your passwords for all your online accounts, etc.

I will not need the NOD32 log, nor any Hijackthis log (HJT is used very infrequently these days).

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites
Bill James

Bill James

Posted
  • Author
Posted

Hello Maurice -

Thank you (!) for your assistance...

RSIT log.txt -

Logfile of random's system information tool 1.09 (written by random/random)

Run by dhl at 2012-06-11 13:05:00

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 425 GB (89%) free of 477 GB

Total RAM: 4086 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:05:07 PM, on 6/11/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files\trend micro\dhl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.powerspec.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -update activex

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8971 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

WLIDSvcM.exe 1468

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fe67c805-f0f8-4568-8fd0-e37886e03c75 -SystemEventPortName:HostProcess-45f5d1ba-6fbd-4883-9691-56df25913ef7 -IoCancelEventPortName:HostProcess-ebe923b6-7966-4e36-8e53-1014df8bc909 -NonStateChangingEventPortName:HostProcess-ab3406f1-5705-40a3-bdbc-2c6f0dd4f585 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8207fb7a-fbf5-44e4-8e10-ee555ae8ed0c

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

C:\Windows\system32\igfxsrvc.exe -Embedding

"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

"C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe" start

"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files\Internet Explorer\iexplore.exe"

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:772 CREDAT:203009

"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -Embedding

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:772 CREDAT:137475

"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde

C:\Windows\splwow64.exe 8192

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\ERUNT\README.TXT

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524

taskhost.exe $(Arg0)

"C:\Users\dhl\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\dhl\AppData\Roaming\Mozilla\Firefox\Profiles\m44qfb7r.default

prefs.js - "browser.startup.homepage" - "http://www.stjosephradio.com/"

prefs.js - "extensions.enabledItems" - "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.235 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]

"Description"=DivX Plus Web Player

"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]

"Description"=DivX VOD Helper Plug-in

"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]

"Description"=Office Live Update v1.5

"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.2.202.235 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]

"Description"=DivX VOD Helper Plug-in

"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

NPOFF12.DLL

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-26 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]

DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]

DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-26 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-26 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-26 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"MEI_Startup"=c:\script_temp\startup.cmd []

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 165912]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560]

"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 363544]

"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-05-30 39408]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe [2012-05-07 631456]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"DivX Download Manager"=C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-28 1259376]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2009-09-23 261120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-11 13:05:00 ----D---- C:\rsit

2012-06-11 13:05:00 ----D---- C:\Program Files\trend micro

2012-06-11 13:00:26 ----D---- C:\Windows\ERDNT

2012-06-11 12:59:01 ----D---- C:\Program Files (x86)\ERUNT

2012-06-10 16:27:05 ----D---- C:\Users\dhl\AppData\Roaming\Malwarebytes

2012-06-10 16:27:00 ----D---- C:\ProgramData\Malwarebytes

2012-06-10 16:27:00 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-10 16:27:00 ----A---- C:\Windows\system32\drivers\mbam.sys

2012-05-20 16:26:34 ----D---- C:\Program Files\Microsoft Silverlight

2012-05-20 16:26:34 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2012-05-13 21:45:27 ----A---- C:\Windows\system32\DWrite.dll

2012-05-13 21:45:26 ----A---- C:\Windows\SYSWOW64\DWrite.dll

2012-05-13 21:45:21 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-05-13 21:45:20 ----A---- C:\Windows\system32\win32k.sys

2012-05-13 21:45:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2012-05-13 21:45:17 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2012-05-13 21:44:46 ----A---- C:\Windows\system32\drivers\partmgr.sys

2012-05-13 21:44:11 ----A---- C:\Windows\system32\drivers\tcpip.sys

======List of files/folders modified in the last 1 month======

2012-06-11 13:05:07 ----D---- C:\Windows\Prefetch

2012-06-11 13:05:04 ----D---- C:\Windows\Temp

2012-06-11 13:05:00 ----RD---- C:\Program Files

2012-06-11 13:00:26 ----D---- C:\Windows

2012-06-11 12:59:01 ----RD---- C:\Program Files (x86)

2012-06-11 12:53:50 ----D---- C:\Windows\system32\config

2012-06-11 12:46:24 ----D---- C:\Windows\System32

2012-06-11 12:46:24 ----D---- C:\Windows\inf

2012-06-11 12:46:24 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-06-10 16:27:00 ----HD---- C:\ProgramData

2012-06-10 16:27:00 ----D---- C:\Windows\system32\drivers

2012-06-10 15:58:43 ----SHD---- C:\System Volume Information

2012-06-04 11:10:22 ----D---- C:\Windows\system32\catroot

2012-05-20 17:08:39 ----RSD---- C:\Windows\assembly

2012-05-20 17:08:39 ----D---- C:\Windows\Microsoft.NET

2012-05-20 16:27:33 ----SHD---- C:\Windows\Installer

2012-05-20 16:27:33 ----SHD---- C:\Config.Msi

2012-05-13 22:01:26 ----D---- C:\Windows\winsxs

2012-05-13 21:59:53 ----D---- C:\Windows\SysWOW64

2012-05-13 21:57:28 ----A---- C:\Windows\system32\MRT.exe

2012-05-13 21:57:25 ----D---- C:\ProgramData\Microsoft Help

2012-05-13 21:54:28 ----D---- C:\Windows\system32\catroot2

2012-05-13 21:48:55 ----D---- C:\Program Files\Windows Journal

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]

R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]

R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]

S2 BrPar;BrPar; C:\Windows\System32\drivers\BrPar.sys []

S3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-04-24 28704]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-30 182768]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-10 1255736]

-----------------EOF-----------------

RSIT info.txt -

info.txt logfile of random's system information tool 1.09 2012-06-11 13:05:08

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}

Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe -maintain plugin

Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Brother 1440-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Brother\BRHL1440\DeIsL1.isu" -cbrunin144.dll

Brownie-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Brownie\Uninst.isu"

CarPlayer-->MsiExec.exe /I{27DFE8C1-69FA-4209-BF95-C188ADD58F01}

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Intel® Graphics Media Accelerator Driver-->C:\Windows\SysWOW64\igxpun.exe -uninstall

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

K-Lite Mega Codec Pack 6.7.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Expression Design 3-->"C:\Program Files (x86)\Microsoft Expression\Design 3\XSetup.exe" -x -AppLangId:1033 "-manifest:DesignManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Design 3\Setup;"

Microsoft Expression Design 3-->MsiExec.exe /I{E9980014-BE11-4891-A5F4-0F2917B856BC}

Microsoft Expression Encoder 3-->"C:\Program Files (x86)\Microsoft Expression\Encoder 3\XSetup.exe" -x -AppLangId:1033 "-manifest:EncoderManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Encoder 3\Setup;D:\Setup"

Microsoft Expression Encoder 3-->MsiExec.exe /X{F73340A9-8AA9-49C4-937E-E271B837056C}

Microsoft Expression Web 3 SP1-->msiexec -qb /package {65BCF909-6AF7-4B01-8EB3-713CE2873DC8} /uninstall {752E90AC-3F11-4EA3-88EA-96441047EC31}

Microsoft Expression Web 3-->"C:\Program Files (x86)\Microsoft Expression\Web 3\XSetup.exe" -x -AppLangId:1033 "-manifest:WebManifest.cab" "-source:C:\Program Files (x86)\Microsoft Expression\Web 3\Setup;"

Microsoft Expression Web 3-->MsiExec.exe /I{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}

Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Mozilla Firefox 9.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft Expression Design 3 (KB2667727)-->msiexec -qb /package {E9980014-BE11-4891-A5F4-0F2917B856BC} /uninstall {9981CE5A-87DB-4AB1-99CC-E0D55EB8AA82} MSIUNINSTALLSUPERSEDEDCOMPONENTS=1

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {31C0F635-15AD-4AA3-A3C6-B542B403D0EE}

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3069CE04-082C-4669-9BA1-E6AA66330C1F}

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC}

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B4C12F08-B0EF-4CC4-AD5F-381DD62BF640}

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition -->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {075C2272-0881-46D3-B3A5-1D83D6940270}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}

VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

======System event log======

Computer Name: dhl-PC

Event Code: 10016

Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D3DCB472-7261-43CE-924B-0704BD730D5F}

and APPID

{D3DCB472-7261-43CE-924B-0704BD730D5F}

to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Record Number: 15431

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20100816170014.000000-000

Event Type: Error

User: dhl-PC\dhl

Computer Name: dhl-PC

Event Code: 10016

Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{145B4335-FE2A-4927-A040-7C35AD3180EF}

and APPID

{145B4335-FE2A-4927-A040-7C35AD3180EF}

to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Record Number: 15430

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20100816170014.000000-000

Event Type: Error

User: dhl-PC\dhl

Computer Name: dhl-PC

Event Code: 10016

Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D3DCB472-7261-43CE-924B-0704BD730D5F}

and APPID

{D3DCB472-7261-43CE-924B-0704BD730D5F}

to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Record Number: 15293

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20100816062214.000000-000

Event Type: Error

User: dhl-PC\dhl

Computer Name: dhl-PC

Event Code: 10016

Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{145B4335-FE2A-4927-A040-7C35AD3180EF}

and APPID

{145B4335-FE2A-4927-A040-7C35AD3180EF}

to the user dhl-PC\dhl SID (S-1-5-21-3953167327-737837418-790444171-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Record Number: 15292

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20100816062214.000000-000

Event Type: Error

User: dhl-PC\dhl

Computer Name: dhl-PC

Event Code: 1014

Message: Name resolution for the name www.theshepherdz.net timed out after none of the configured DNS servers responded.

Record Number: 15109

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20100816032952.614584-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: dhl-PC

Event Code: 10010

Message: Application 'C:\Program Files (x86)\ESET Activation Helper (Noderator)\Activator.exe' (pid 2936) cannot be restarted - Application SID does not match Conductor SID..

Record Number: 753

Source Name: Microsoft-Windows-RestartManager

Time Written: 20100202013820.211898-000

Event Type: Warning

User: dhl-PC\dhl

Computer Name: dhl-PC

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

2 user registry handles leaked from \Registry\User\S-1-5-21-3953167327-737837418-790444171-1000:

Process 436 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3953167327-737837418-790444171-1000

Process 1344 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3953167327-737837418-790444171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

Record Number: 719

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20100202013113.389418-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: dhl-PC

Event Code: 11

Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 892) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.

Record Number: 616

Source Name: Microsoft-Windows-RPC-Events

Time Written: 20100202011120.943645-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: dhl-PC

Event Code: 1008

Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 609

Source Name: Microsoft-Windows-Search

Time Written: 20100202041246.000000-000

Event Type: Warning

User:

Computer Name: WIN-ER7M96845DO

Event Code: 6001

Message: The winlogon notification subscriber <GPClient> failed a notification event.

Record Number: 588

Source Name: Microsoft-Windows-Winlogon

Time Written: 20090915164922.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: WIN-ER7M96845DO

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: WIN-ER7M96845DO$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x1cc

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 408

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090915164836.012925-000

Event Type: Audit Success

User:

Computer Name: WIN-ER7M96845DO

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 407

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090915164834.593322-000

Event Type: Audit Success

User:

Computer Name: WIN-ER7M96845DO

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: WIN-ER7M96845DO$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x1cc

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 406

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090915164834.593322-000

Event Type: Audit Success

User:

Computer Name: WIN-ER7M96845DO

Event Code: 4738

Message: A user account was changed.

Subject:

Security ID: S-1-5-21-2195378087-2105780848-3631974299-500

Account Name: Administrator

Account Domain: WIN-ER7M96845DO

Logon ID: 0x1c45a

Target Account:

Security ID: S-1-5-21-2195378087-2105780848-3631974299-500

Account Name: Administrator

Account Domain: WIN-ER7M96845DO

Changed Attributes:

SAM Account Name: -

Display Name: -

User Principal Name: -

Home Directory: -

Home Drive: -

Script Path: -

Profile Path: -

User Workstations: -

Password Last Set: -

Account Expires: -

Primary Group ID: -

AllowedToDelegateTo: -

Old UAC Value: 0x211

New UAC Value: 0x211

User Account Control: -

User Parameters: -

SID History: -

Logon Hours: -

Additional Information:

Privileges: -

Record Number: 405

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090915164832.502918-000

Event Type: Audit Success

User:

Computer Name: WIN-ER7M96845DO

Event Code: 1102

Message: The audit log was cleared.

Subject:

Security ID: S-1-5-21-2195378087-2105780848-3631974299-500

Account Name: Administrator

Domain Name: WIN-ER7M96845DO

Logon ID: 0x1c45a

Record Number: 404

Source Name: Microsoft-Windows-Eventlog

Time Written: 20090915164831.301716-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=170a

-----------------EOF-----------------

Security Check checkup.txt -

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

ESET NOD32 Antivirus 5.0

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Adobe Flash Player 11.2.202.235

Adobe Reader X (10.1.3)

Mozilla Firefox (9.0.1)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

BitDefender log file -

QuickScan 32-bit v0.9.9.114

---------------------------

Scan date: Mon Jun 11 13:54:31 2012

Machine ID: 5478CD8F

No infection found.

-------------------

Processes

---------

Adobe Acrobat Update Service

1244 C:\Program Files (x86)\Common Files

\Adobe\ARM\1.0\armsvc.exe

DivX Download Manager Service

2788 C:\Program Files (x86)\DivX\DivX

Plus Web Player\DDMService.exe

DivX Update

2816 C:\Program Files (x86)\DivX\DivX

Update\DivXUpdate.exe

ESET Smart Security

1300 C:\Program Files\ESET\ESET NOD32

Antivirus\x86\ekrn.exe

Google Toolbar for Internet Explorer

912 C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbarUser_32.exe

Malwarebytes Anti-Malware

2856 C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbamgui.exe

Malwarebytes Anti-Malware

2428 C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbamservice.exe

Microsoft® Windows® Operating System

1696 C:\Windows\SysWOW64\notepad.exe

Windows® Internet Explorer

2832 C:\Program Files (x86)\Internet

Explorer\iexplore.exe

Windows® Internet Explorer

3688 C:\Program Files (x86)\Internet

Explorer\iexplore.exe

Windows® Internet Explorer

4864 C:\Program Files (x86)\Internet

Explorer\iexplore.exe

(verified) GoogleToolbarNotifier

2704 C:\Program Files (x86)\Google

\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Network activity

----------------

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.125.224.243

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.125.224.243

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 216.156.149.105

Process iexplore.exe (2832) connected on port

443 (HTTP over SSL) --> 184.24.21.186

Process iexplore.exe (2832) connected on port

443 (HTTP over SSL) --> 184.24.21.186

Process iexplore.exe (2832) connected on port

443 (HTTP over SSL) --> 184.24.21.186

Process iexplore.exe (2832) connected on port

443 (HTTP over SSL) --> 184.24.21.186

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.125.224.161

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.125.224.161

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 23.67.56.34

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 23.67.56.34

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 23.67.56.34

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.125.224.252

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.125.224.252

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.217.253.90

Process iexplore.exe (2832) connected on port

443 (HTTP over SSL) --> 184.24.18.110

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 69.171.234.69

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 69.171.234.69

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.122.142.12

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.122.142.12

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 72.5.64.91

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.125.224.187

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 74.125.224.187

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 107.14.32.27

Process iexplore.exe (2832) connected on port 80

(HTTP) --> 107.14.32.104

Process iexplore.exe (4864) connected on port 80

(HTTP) --> 74.125.224.161

Process iexplore.exe (4864) connected on port 80

(HTTP) --> 74.125.224.161

Process iexplore.exe (4864) connected on port 80

(HTTP) --> 184.24.31.139

Process iexplore.exe (4864) connected on port 80

(HTTP) --> 107.14.32.51

Autoruns and critical files

---------------------------

Adobe Reader and Acrobat Manager

C:\Program Files (x86)\Common Files\Adobe

\ARM\1.0\AdobeARM.exe

Adobe® Flash® Player Update Service

C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe

Apple Push

C:\Program Files (x86)\Common Files\Apple

\Apple Application Support\APSDaemon.exe

DivX Download Manager Service

C:\Program Files (x86)\DivX\DivX Plus Web

Player\DDMService.exe

DivX Update

C:\Program Files (x86)\DivX\DivX Update

\DivXUpdate.exe

ESET Smart Security

C:\Program Files\ESET\ESET NOD32 Antivirus

\egui.exe

Malwarebytes Anti-Malware

C:\Program Files (x86)\Malwarebytes' Anti-

Malware\mbamgui.exe

Microsoft® Windows® Operating System

C:\Program Files\Windows Sidebar\sidebar.exe

Microsoft® Windows® Operating System

C:\Windows\system32\userinit.exe

Windows Live Messenger

C:\Program Files (x86)\Windows Live

\Messenger\msnmsgr.exe

(verified) Google Update

C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe

(verified) GoogleToolbarNotifier

C:\Program Files (x86)\Google

\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Browser plugins

---------------

2007 Microsoft Office system

C:\Program Files (x86)\Mozilla Firefox

\plugins\NPOFF12.DLL

AcroIEHelperShim Library

C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat

C:\Program Files (x86)\Adobe\Reader

10.0\Reader\AIR\nppdf32.dll

Adobe Acrobat

C:\Program Files (x86)\Internet Explorer

\plugins\nppdf32.dll

Adobe Acrobat

C:\Program Files (x86)\Mozilla Firefox

\plugins\nppdf32.dll

Adobe® Flash® Player ActiveX

C:\Windows\Downloaded Program Files

\FP_AX_CAB_INSTALLER.exe

Bitdefender QuickScan

C:\Windows\Downloaded Program Files\qsax.dll

Bitdefender QuickScan

C:\Windows\Downloaded Program Files

\qsax64.dll

DivX VOD Helper Plug-in

C:\Program Files (x86)\DivX\DivX OVS Helper

\npovshelper.dll

DivX Web Player

c:\program files (x86)\divx\divx plus web

player\npdivx32.dll

Google Toolbar for Internet Explorer

C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll

Google Update

C:\Program Files (x86)\Google\Update

\1.3.21.111\npGoogleUpdate3.dll

Microsoft Office Live Plug-in for

Firef C:\Program Files (x86)\Microsoft\Office

Live\npOLW.dll

Microsoft® CoReXT

C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll

Microsoft® CoReXT

C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WLIDNSP.DLL

Microsoft® CoReXT

C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WLIDNSP.DLL

Microsoft® Windows® Operating System

C:\Windows\system32\mswsock.dll

Microsoft® Windows® Operating System

C:\Windows\system32\NLAapi.dll

NPSWF32_11_2_202_235.dll

C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_11_2_202_235.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Internet Explorer

\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Internet Explorer

\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Internet Explorer

\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Internet Explorer

\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Internet Explorer

\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Internet Explorer

\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Internet Explorer

\plugins\npqtplugin7.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Mozilla Firefox

\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Mozilla Firefox

\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Mozilla Firefox

\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Mozilla Firefox

\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Mozilla Firefox

\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Mozilla Firefox

\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.9

C:\Program Files (x86)\Mozilla Firefox

\plugins\npqtplugin7.dll

Silverlight Plug-In

c:\Program Files (x86)\Microsoft

Silverlight\5.1.10411.0\npctrl.dll

Windows® Internet Explorer

c:\windows\syswow64\ieframe.dll

(verified) Microsoft® Windows® Operating System

C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System

C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System

C:\Windows\System32\winrnr.dll

Missing files

-------------

File not found: C:\Windows\system32\Macromed

\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -

update activex

--> HKCU\Software\Microsoft\Windows

\CurrentVersion\RunOnce\"FlashPlayerUpdate"

Scan

----

MD5: 7ec56424e3e77ebf4bf5e0798175e4e5 C:

\Program Files (x86)\Adobe\Reader 10.0\Reader

\AIR\nppdf32.dll

MD5: 76f6365f5417c5e0fd1edc16542e588c C:

\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelper.dll

MD5: 60e5af8b7b4140c711b050fae5a3ab70 C:

\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:

\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe

MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C:

\Program Files (x86)\Common Files\Adobe\ARM

\1.0\armsvc.exe

MD5: f7dd2d785280db73dc9060f80361befb C:

\Program Files (x86)\Common Files\Apple\Apple

Application Support\APSDaemon.exe

MD5: 2424231bbd703a677d115c29983b4293 C:

\Program Files (x86)\Common Files\microsoft

shared\OFFICE12\MSOXMLMF.DLL

MD5: 785f487a64950f3cb8e9f16253ba3b7b C:

\Program Files (x86)\Common Files\Microsoft

Shared\OFFICE12\ODSERV.EXE

MD5: cf39a105cd553eed31e2255aff4c6742 C:

\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll

MD5: 45406ffd87f6ba4345b018e303a64ff1 C:

\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\wlidcli.DLL

MD5: 12b79422a23814429cda9e734c58f78f C:

\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WLIDNSP.DLL

MD5: b938c1ae3adce166190895685b0beb0d C:

\Program Files (x86)\DivX\DivX OVS Helper

\npovshelper.dll

MD5: 57d8c4ed26dfd7ef0e2cb196fb8bfb54 C:

\Program Files (x86)\DivX\DivX Plus Web Player

\DDMService.exe

MD5: 4b988e3393789572cdb143ddac3a2fc0 C:

\Program Files (x86)\DivX\DivX Plus Web Player

\DivXDownloadManager.dll

MD5: abb7a668b5d11bff77dd00cc2b6c8db0 c:

\program files (x86)\divx\divx plus web player

\npdivx32.dll

MD5: 4eb0c6c3ef4d8885cf2b5d0062f31e44 C:

\Program Files (x86)\DivX\DivX Update

\DivXUpdate.exe

MD5: eb4cdf2eca64fbacafbad2b04b1b2862 C:

\Program Files (x86)\DivX\DivX Update

\DivXUpdateCheck.dll

MD5: 249c198a1a8d8e14c0137e2cea474934 C:

\Program Files (x86)\Google\Google Toolbar

\Component

\GoogleToolbarDynamic_32_17695C964715481C.dll

MD5: 8cae3cf7fcec8a0f1726041b211c1b4f C:

\Program Files (x86)\Google\Google Toolbar

\Component

\GoogleToolbarDynamic_mui_en_6934F32E05F1ABDC.dl

l

MD5: 5b97ab550022b2783894c558fa2e1310 C:

\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll

MD5: 7a6dfce4b8033ccd303918faccca9588 C:

\Program Files (x86)\Google\Google Toolbar

\GoogleToolbarUser_32.exe

MD5: e460233208906ecc0e8f057b25562f13 C:

\Program Files (x86)\Google

\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll

MD5: ab3668c159e1cfea184f72650bd66807 C:

\Program Files (x86)\Google

\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:

\Program Files (x86)\Google\Update

\1.3.21.111\npGoogleUpdate3.dll

MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:

\Program Files (x86)\Internet Explorer

\ieproxy.dll

MD5: 92cb47a8dc9427d8f406aaf84384adf2 C:

\Program Files (x86)\Internet Explorer

\IEShims.dll

MD5: 904e13ba41af2e353a32cf351ca53639 C:

\Program Files (x86)\Internet Explorer

\iexplore.exe

MD5: 7d894ed61ef0505277d8a476d7df43f1 C:

\Program Files (x86)\Internet Explorer\plugins

\nppdf32.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Internet Explorer\plugins

\npqtplugin.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Internet Explorer\plugins

\npqtplugin2.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Internet Explorer\plugins

\npqtplugin3.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Internet Explorer\plugins

\npqtplugin4.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Internet Explorer\plugins

\npqtplugin5.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Internet Explorer\plugins

\npqtplugin6.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Internet Explorer\plugins

\npqtplugin7.dll

MD5: 64cc5502c69fc6d67735c10cb579c548 C:

\Program Files (x86)\Malwarebytes' Anti-Malware

\mbam.dll

MD5: 0d4f461d515bb1c933533c712d99e75b C:

\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamcore.dll

MD5: 1b82bcf0b8f9228b39f75b0dfa079a21 C:

\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamgui.exe

MD5: 60721aa3316a200a8de23f1c502382fd C:

\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamnet.dll

MD5: ba400ed640bca1eae5c727ae17c10207 C:

\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe

MD5: 9013599b12923a45c029c34e8d2211ac c:

\Program Files (x86)\Microsoft Silverlight

\5.1.10411.0\npctrl.dll

MD5: 9a6101f29e2e9d41b99cbcc8f106e8fe C:

\Program Files (x86)\Mozilla Firefox\plugins

\NPOFF12.DLL

MD5: 7d894ed61ef0505277d8a476d7df43f1 C:

\Program Files (x86)\Mozilla Firefox\plugins

\nppdf32.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin2.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin3.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin4.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin5.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin6.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:

\Program Files (x86)\Mozilla Firefox\plugins

\npqtplugin7.dll

MD5: 24b1666fd14cc71c7b0679ac61625b90 C:

\Program Files (x86)\Windows Live\Messenger

\msnmsgr.exe

MD5: afb5b500ad69e24ed1bc15d1161641ef C:

\Program Files\Common Files\Microsoft Shared

\Windows Live\WLIDNSP.DLL

MD5: 2bacd71123f42cea603f4e205e1ae337 C:

\Program Files\Common Files\Microsoft Shared

\Windows Live\WLIDSVC.EXE

MD5: 293bbb2f26200f92dc5917751a489f3d C:

\Program Files\ESET\ESET NOD32 Antivirus

\egui.exe

MD5: c7bb95cf9631aa401e4aded1648f6af7 C:

\Program Files\ESET\ESET NOD32 Antivirus

\x86\ekrn.exe

MD5: 2e70a8b199aed648b2568bbabc7ca9d0 C:

\Program Files\ESET\ESET NOD32 Antivirus

\x86\ekrnAmon.dll

MD5: 3629d654b61c49ee199b6c7822d5645d C:

\Program Files\ESET\ESET NOD32 Antivirus

\x86\ekrnDmon.dll

MD5: 56a494af81a76498e93ed0091f9557e4 C:

\Program Files\ESET\ESET NOD32 Antivirus

\x86\ekrnEmon.dll

MD5: f1f2e1983d5a32590002702c634f9ad2 C:

\Program Files\ESET\ESET NOD32 Antivirus

\x86\ekrnEpfw.dll

MD5: d23bbc0827b1d8730c8c1cfa1d82ccd5 C:

\Program Files\ESET\ESET NOD32 Antivirus

\x86\ekrnHips.dll

MD5: 225b0dfb3490fd7860b0c12a8103031a C:

\Program Files\ESET\ESET NOD32 Antivirus

\x86\ekrnMailPlugins.dll

MD5: aa7f66b5d4b20a8bf4d0607ecfa0d274 C:

\Program Files\ESET\ESET NOD32 Antivirus

\x86\ekrnScan.dll

MD5: 8bd055a8eb90193b72f5175fa8506156 C:

\Program Files\ESET\ESET NOD32 Antivirus

\x86\ekrnUpdate.dll

MD5: f26102500a90e72fa73e9ab40c1dfb81 C:

\Program Files\ESET\ESET NOD32 Antivirus

\x86\updater.dll

MD5: a9f3bfc9345f49614d5859ec95b9e994 C:

\Program Files\Windows Media Player\wmpnetwk.exe

MD5: e3bf29ced96790cdaafa981ffddf53a3 C:

\Program Files\Windows Sidebar\sidebar.exe

MD5: 368b2bee3f88bfb883d2c74a258de6f6 C:

\Windows\AppPatch\AcLayers.DLL

MD5: 2a8c7ca8b40ca320bf88d0ff92da7cf8 C:

\Windows\Downloaded Program Files\qsax.dll

MD5: 70a2de4c57aa4e19b25312c55b53f5b5 C:

\Windows\Downloaded Program Files\qsax64.dll

MD5: c4002b6b41975f057d98c439030cea07 C:

\Windows\ehome\ehRecvr.exe

MD5: 332feab1435662fc6c672e25beb37be3 C:

\Windows\Explorer.exe

MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:

\Windows\Microsoft.NET\Framework64\v3.0\Windows

Communication Foundation\infocard.exe

MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:

\Windows\Microsoft.Net\Framework64\v3.0\WPF

\PresentationFontCache.exe

MD5: 773212b2aaa24c1e31f10246b15b276c C:

\Windows\servicing\TrustedInstaller.exe

MD5: 37ce7a79d901235504f9add99a7ac177 C:

\Windows\system32\api-ms-win-core-console-l1-1-

0.dll

MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:

\Windows\system32\api-ms-win-core-datetime-l1-1

-0.dll

MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:

\Windows\system32\api-ms-win-core-debug-l1-1-

0.dll

MD5: cb4863f2bd46aa02d954b86b56a149da C:

\Windows\system32\api-ms-win-core-delayload-l1-

1-0.dll

MD5: 2cae4ed96aa903578452b85e5383940c C:

\Windows\system32\api-ms-win-core-

errorhandling-l1-1-0.dll

MD5: e96170a923a69711b4d08e885f05d889 C:

\Windows\system32\api-ms-win-core-fibers-l1-1-

0.dll

MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:

\Windows\system32\api-ms-win-core-file-l1-1-

0.dll

MD5: 15df9eb8daba744e4d0e9b117f760f49 C:

\Windows\system32\api-ms-win-core-handle-l1-1-

0.dll

MD5: a2385b02cb492131af6f79959a42a93f C:

\Windows\system32\api-ms-win-core-heap-l1-1-

0.dll

MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:

\Windows\system32\api-ms-win-core-interlocked-

l1-1-0.dll

MD5: 88dc1714e38d4eb41a4378aab98e753b C:

\Windows\system32\api-ms-win-core-io-l1-1-0.dll

MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:

\Windows\system32\api-ms-win-core-

libraryloader-l1-1-0.dll

MD5: b302a1630e5aea2d830b76bbcd761d72 C:

\Windows\system32\api-ms-win-core-localization-

l1-1-0.dll

MD5: 22f767bb3b704f79363999bd4a49e68e C:

\Windows\system32\api-ms-win-core-

localregistry-l1-1-0.dll

MD5: 00b83152f99e846fefb139c574cd4a96 C:

\Windows\system32\api-ms-win-core-memory-l1-1-

0.dll

MD5: 50035c36acee069d0c209288208626d9 C:

\Windows\system32\api-ms-win-core-misc-l1-1-

0.dll

MD5: cdf677ad479fa99f2e4d9766b83ef53c C:

\Windows\system32\api-ms-win-core-namedpipe-l1-

1-0.dll

MD5: 12c34c7325b74e8347e8db75279a8f3f C:

\Windows\system32\api-ms-win-core-

processenvironment-l1-1-0.dll

MD5: 96324ed3218133a13fff82055afac733 C:

\Windows\system32\api-ms-win-core-

processthreads-l1-1-0.dll

MD5: a7bdf88a46bcc218b73e383e6547ba5f C:

\Windows\system32\api-ms-win-core-profile-l1-1-

0.dll

MD5: 573c70d7076f2f101752a727db7c2280 C:

\Windows\system32\api-ms-win-core-rtlsupport-l1

-1-0.dll

MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:

\Windows\system32\api-ms-win-core-string-l1-1-

0.dll

MD5: 0cc90316b34118e3b8af760d92c262a4 C:

\Windows\system32\api-ms-win-core-synch-l1-1-

0.dll

MD5: 6f399c3e562c4e69df96039743a7aa26 C:

\Windows\system32\api-ms-win-core-sysinfo-l1-1-

0.dll

MD5: f3b94e04053c2483a6fecf953d6661d6 C:

\Windows\system32\api-ms-win-core-threadpool-l1

-1-0.dll

MD5: c6942a18444bfffc3cceca69a7e1879c C:

\Windows\system32\api-ms-win-core-util-l1-1-

0.dll

MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:

\Windows\system32\api-ms-win-core-xstate-l1-1-

0.dll

MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:

\Windows\system32\api-ms-win-security-base-l1-1

-0.dll

MD5: 863f793d15b4026b1a5fdeca873d4d84 C:

\Windows\system32\apphelp.dll

MD5: c940f2f5c60b3727c5f18840735b229c C:

\Windows\system32\AUDIOSES.DLL

MD5: 7a6986dd659b96398a11af5173892715 C:

\Windows\system32\Cabinet.dll

MD5: ad7b9c14083b52bc532fba5948342b98 C:

\Windows\system32\cmd.exe

MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:

\Windows\system32\credssp.dll

MD5: a585bebf7d054bd9618eda0922d5484a C:

\Windows\system32\cryptsvc.dll

MD5: 28ca821606669bb9215ce010767720fa C:

\Windows\system32\cryptui.dll

MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:

\Windows\system32\cscapi.dll

MD5: 35cede6439ff0d8903223a0817ffe46c C:

\Windows\system32\d2d1.dll

MD5: 2de90400a63818fa38c4c5c9adb166bf C:

\Windows\system32\d3d10_1.dll

MD5: 9c36a3ca80f9b204c670336d344f5df8 C:

\Windows\system32\d3d10_1core.dll

MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:

\Windows\system32\D3D10Warp.dll

MD5: 284b59d7b56fc76c80e622ab856b1fab C:

\Windows\System32\davclnt.dll

MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:

\Windows\system32\dbghelp.dll

MD5: 162d247e995eaebf3ef4289069e1111c C:

\Windows\system32\DEVRTL.dll

MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:

\Windows\system32\dhcpcore.dll

MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:

\Windows\system32\DNSAPI.dll

MD5: 2fe6d5be0629f706197b30c0aa05de30 C:

\Windows\System32\drivers\BrPar.sys

MD5: a29d734f650f958424743be3baa052c8 C:

\Windows\system32\DWrite.dll

MD5: 0411b7958c524bb2e91ee1b3035fe321 C:

\Windows\system32\dxgi.dll

MD5: 1060d60cca69a8136a87dbe3c8f4a467 C:

\Windows\system32\EhStorAPI.dll

MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:

\Windows\system32\explorer.exe

MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:

\Windows\system32\explorerframe.dll

MD5: 1e8d06aae74fed674c1156b3fea911c2 C:

\Windows\system32\faultrep.dll

MD5: 03a03a453f1aaae0c73aaaf895321c7a C:

\Windows\System32\fwpuclnt.dll

MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:

\Windows\system32\IEADVPACK.DLL

MD5: b23137887833d849edb4f03ed8124e71 C:

\Windows\system32\ieframe.dll

MD5: cf316fa04d6bd6168223a0e029c6c874 C:

\Windows\system32\IEUI.dll

MD5: 68563ac389f92ee79f1c714288ba1dce C:

\Windows\system32\ImgUtil.dll

MD5: a6f09e5669d9a19035f6d942caa15882 C:

\Windows\system32\IMM32.DLL

MD5: a90dc9abd65db1a8902f361103029952 C:

\Windows\system32\IPHLPAPI.DLL

MD5: 243974ec02f7ae49e4179c54624143ab C:

\Windows\system32\MMDevAPI.DLL

MD5: f82bf2cb075b49e9fab5ff213c45c020 C:

\Windows\system32\MSHTML.dll

MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:

\Windows\system32\msi.dll

MD5: 067adf4dfa75ce40ade163a5933e8953 C:

\Windows\system32\msieftp.dll

MD5: eee470f2a771fc0b543bdeef74fceca0 C:

\Windows\system32\msiexec.exe

MD5: 35aae2e841aa1a949775168e119482c9 C:

\Windows\system32\msls31.dll

MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:

\Windows\system32\mswsock.dll

MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:

\Windows\System32\msxml3.dll

MD5: 269d867585cda04d3972a39f3694e7df C:

\Windows\System32\msxml6.dll

MD5: 8b57a1ad493653bb57f281fe75dd175b C:

\Windows\System32\NaturalLanguage6.dll

MD5: 8ce1a6d16b9077e91e192499eb611c5f C:

\Windows\system32\netapi32.dll

MD5: 20b3934db73eaba2b49b7177873cb81f C:

\Windows\system32\netutils.dll

MD5: 3d57ffbad3ed16b63de3879bab0fb56f C:

\Windows\system32\NetworkExplorer.dll

MD5: 104a1070e90f1c530328e69b49718841 C:

\Windows\system32\NLAapi.dll

MD5: d7b7159bc8374e87d8c45a30377a3440 C:

\Windows\System32\ntlanman.dll

MD5: 03f3b770dfbed6131653ceda8ca780f0 C:

\Windows\system32\ntshrui.dll

MD5: 8e01332cc4b68bc6b5b7effe374442aa C:

\Windows\system32\OLEACC.dll

MD5: 414bba67a3ded1d28437eb66aeb8a720 C:

\Windows\system32\pla.dll

MD5: e98278865e8daba21cfe5fe4be34210a C:

\Windows\system32\PortableDeviceApi.dll

MD5: 12c45e3cb6d65f73209549e2d02eca7a C:

\Windows\system32\propsys.dll

MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:

\Windows\system32\provsvc.dll

MD5: 63b282fb2550893724647a359ba2323f C:

\Windows\system32\query.dll

MD5: 5997d769cdb108390dcfaebf442bf816 C:

\Windows\system32\RpcRtRemote.dll

MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:

\Windows\system32\rtutils.dll

MD5: 68ecca523ed760aafc03c5d587569859 C:

\Windows\system32\samcli.dll

MD5: a42e7748be906434c5fd17161d168c20 C:

\Windows\system32\SCHEDCLI.DLL

MD5: 6581b52e133cc6d00661c58968c7e212 C:

\Windows\system32\SearchFolder.dll

MD5: 236f286e103fd44bd85fdd93097fd5dd C:

\Windows\system32\SearchIndexer.exe

MD5: 69678722290c78d5d7198c60b5a4e3e8 C:

\Windows\system32\Secur32.dll

MD5: 4ae380f39a0032eab7dd953030b26d28 C:

\Windows\system32\sessenv.dll

MD5: be247ae996a9fde007a27b51413a6c79 C:

\Windows\System32\shdocvw.dll

MD5: 414da952a35bf5d50192e28263b40577 C:

\Windows\System32\shsvcs.dll

MD5: 4b9e4ce667df26ada061aa81e9aa841d C:

\Windows\system32\SPFILEQ.dll

MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:

\Windows\system32\srvcli.dll

MD5: 6a1e8deb746912df47cf651e138401d7 C:

\Windows\System32\StructuredQuery.dll

MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:

\Windows\system32\SXS.DLL

MD5: 613bf4820361543956909043a265c6ac C:

\Windows\System32\tapisrv.dll

MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:

\Windows\system32\tquery.dll

MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:

\Windows\system32\USERENV.dll

MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 C:

\Windows\system32\userinit.exe

MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:

\Windows\system32\wbem\fastprox.dll

MD5: 704314fd398c81d5f342caa5df7b7f21 C:

\Windows\system32\wbemcomn.dll

MD5: 34eee0dfaadb4f691d6d5308a51315dc C:

\Windows\System32\wcncsvc.dll

MD5: d205c24a9d069049fe2df2a1b38726a7 C:

\Windows\system32\wdmaud.drv

MD5: a9d880f97530d5b8fee278923349929d C:

\Windows\System32\webclnt.dll

MD5: 590d5c506044fe02ff7643e32ff9bdac C:

\Windows\system32\wer.dll

MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:

\Windows\system32\windowscodecs.dll

MD5: ca9f7888b524d8100b977c81f44c3234 C:

\Windows\System32\winhttp.dll

MD5: d5aefad57c08349a4393d987df7c715d C:

\Windows\system32\WINMM.dll

MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:

\Windows\system32\WinSCard.dll

MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:

\Windows\system32\WINSPOOL.DRV

MD5: 418e881201583a3039d81f43e39e6c78 C:

\Windows\System32\WINSTA.dll

MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:

\Windows\system32\wkscli.dll

MD5: a8cdf3768604ff95b54669e20053d569 C:

\Windows\system32\WSCAPI.dll

MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:

\Windows\system32\WsmSvc.dll

MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:

\Windows\system32\WTSAPI32.dll

MD5: edf2a5e96bec469da3f64e9bdd386111 C:

\Windows\system32\xmllite.dll

MD5: d2958325c1ae1ae37a83334c6229e3bc C:

\Windows\SysWOW64\actxprxy.dll

MD5: 95e2376b3323f062eb562b8586d0f14a C:

\Windows\syswow64\ADVAPI32.dll

MD5: 45760eecc8b74b251171be4f247f17cb C:

\Windows\SysWOW64\browcli.dll

MD5: f436e847fa799ecd75ad8c313673f450 C:

\Windows\syswow64\CFGMGR32.dll

MD5: d1de1eafde97be41cf6585027ff3e732 C:

\Windows\syswow64\COMDLG32.dll

MD5: 454e292861a4ef1d72f43f42bbaf6917 C:

\Windows\syswow64\CRYPT32.dll

MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:

\Windows\SysWOW64\cscapi.dll

MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:

\Windows\syswow64\DEVOBJ.dll

MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:

\Windows\SysWOW64\DNSAPI.dll

MD5: 4312debdacbe338f0b90e7f08e7672be C:

\Windows\SysWOW64\Dxtmsft.dll

MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:

\Windows\SysWOW64\Dxtrans.dll

MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:

\Windows\syswow64\GDI32.dll

MD5: ee9d715af1b928982f417238b9914484 C:

\Windows\SysWOW64\ieapfltr.dll

MD5: b23137887833d849edb4f03ed8124e71 c:

\windows\syswow64\ieframe.dll

MD5: 1341915d4705a3ba68bc49e83024ade0 C:

\Windows\syswow64\iertutil.dll

MD5: b2db6aba2e292235749b80a9c3dfa867 C:

\Windows\syswow64\imagehlp.dll

MD5: a90dc9abd65db1a8902f361103029952 C:

\Windows\SysWOW64\IPHLPAPI.DLL

MD5: 328e900311d5c31f399730c7ccc8883a C:

\Windows\SysWOW64\jscript9.dll

MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:

\Windows\syswow64\kernel32.dll

MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:

\Windows\syswow64\KERNELBASE.dll

MD5: 76d5a3d2a50402a0b9b6ed13c4371e79 C:

\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe

MD5: de5a4d89c47b9a1cc97dfab11a795abb C:

\Windows\SysWOW64\Macromed\Flash

\NPSWF32_11_2_202_235.dll

MD5: 938f39b50bafe13d6f58c7790682c010 C:

\Windows\syswow64\MSASN1.dll

MD5: f82bf2cb075b49e9fab5ff213c45c020 C:

\Windows\SysWOW64\mshtml.dll

MD5: 35aae2e841aa1a949775168e119482c9 C:

\Windows\SysWOW64\msls31.dll

MD5: 4c1e16b9a53102c8d6fba587cbcb95de C:

\Windows\SysWOW64\msv1_0.DLL

MD5: 9dc80a8aaaaac397bdab3c67165a824e C:

\Windows\syswow64\msvcrt.dll

MD5: 20b3934db73eaba2b49b7177873cb81f C:

\Windows\SysWOW64\netutils.dll

MD5: d378bffb70923139d6a4f546864aa61c C:

\Windows\SysWOW64\notepad.exe

MD5: e73b0f1819602cb6ef176fb78d76a47b C:

\Windows\SysWOW64\ntdll.dll

MD5: 928cf7268086631f54c3d8e17238c6dd C:

\Windows\syswow64\ole32.dll

MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:

\Windows\syswow64\OLEAUT32.dll

MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:

\Windows\syswow64\RPCRT4.dll

MD5: 5997d769cdb108390dcfaebf442bf816 C:

\Windows\SysWOW64\RpcRtRemote.dll

MD5: 68ecca523ed760aafc03c5d587569859 C:

\Windows\SysWOW64\samcli.dll

MD5: 1affb765af1fdcc0c185c38e9ddddaee C:

\Windows\SysWOW64\schannel.dll

MD5: 10fb16b50affda6d44588f3c445dc273 C:

\Windows\syswow64\SETUPAPI.dll

MD5: be247ae996a9fde007a27b51413a6c79 C:

\Windows\SysWOW64\SHDOCVW.dll

MD5: 358fc25391c6733eaf49db480afdfd8c C:

\Windows\syswow64\SHELL32.dll

MD5: 8cc3c111d653e96f3ea1590891491d71 C:

\Windows\syswow64\SHLWAPI.dll

MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:

\Windows\SysWOW64\srvcli.dll

MD5: 44b2693080979a0e05085b3faaa43a09 C:

\Windows\syswow64\SspiCli.dll

MD5: 672d7c5080acb003343006405da2e621 C:

\Windows\SysWOW64\thumbcache.dll

MD5: 4c162b2a8e175f46db41b21c77688221 C:

\Windows\syswow64\urlmon.dll

MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:

\Windows\syswow64\USER32.dll

MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:

\Windows\syswow64\USP10.dll

MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:

\Windows\SysWOW64\vbscript.dll

MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:

\Windows\SysWOW64\WindowsCodecs.dll

MD5: 44465367256d1c72b58f5abaa19e7016 C:

\Windows\syswow64\WININET.dll

MD5: a7d79e9f660340ab20cd73f12910985f C:

\Windows\syswow64\WINTRUST.dll

MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:

\Windows\SysWOW64\wkscli.dll

MD5: a8bb45f9ecad993461e0fef8e2a99152 C:

\Windows\syswow64\WLDAP32.dll

MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:

\Windows\syswow64\WS2_32.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:

\Windows\WinSxS

\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.507

27.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:

\Windows\WinSxS

\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.507

27.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: db001faea818ae2e14a74e0adc530fc0 C:

\Windows\WinSxS

\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.307

29.4940_none_50916076bcb9a742\MSVCP90.dll

MD5: b3892e6da8e2c8ce4b0a9d3eb9a185e5 C:

\Windows\WinSxS

\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.307

29.4940_none_50916076bcb9a742\MSVCR90.dll

MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:

\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_5.82.7601.17514_none_e

c83dffa859149af\Comctl32.dll

MD5: 352b3dc62a0d259a82a052238425c872 C:

\Windows\WinSxS\x86_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_41

e6975e2bd6f2b2\Comctl32.dll

MD5: 7717f84f483002815490033bf069dabd C:

\Windows\WinSxS

\x86_microsoft.windows.gdiplus_6595b64144ccf1df_

1.1.7601.17825_none_72d273598668a06b\gdiplus.dll

No file uploaded.

Scan finished - communication took 2 sec

Total traffic - 0.01 MB sent, 0.93 KB recvd

Scanned 376 files and modules - 33 seconds

================================================

==============================

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Bill James only. If you are a casual viewer, do NOT try this on your system!

If you are not Bill James and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of aswMBR log

TDSSKILLER log

the C:\Combofix.txt log

Link to post
Share on other sites
Bill James

Bill James

Posted
  • Author
Posted

Hello Maurice -

Thank you for your continued assistance...

aswMBR log -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-14 00:27:34

-----------------------------

00:27:34.381 OS Version: Windows x64 6.1.7601 Service Pack 1

00:27:34.381 Number of processors: 4 586 0x170A

00:27:34.381 ComputerName: DHL-PC UserName: dhl

00:27:35.770 Initialize success

00:31:32.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

00:31:32.507 Disk 0 Vendor: WDC_WD5000AAKS-00M9A0 05.01D05 Size: 476940MB BusType: 3

00:31:32.507 Disk 0 MBR read successfully

00:31:32.507 Disk 0 MBR scan

00:31:32.507 Disk 0 Windows 7 default MBR code

00:31:32.507 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63

00:31:32.523 Disk 0 scanning C:\Windows\system32\drivers

00:31:36.797 Service scanning

00:31:45.221 Modules scanning

00:31:45.221 Scan finished successfully

00:33:28.400 Disk 0 MBR has been saved successfully to "C:\Users\dhl\Desktop\MBR.dat"

00:33:28.400 The log file has been saved successfully to "C:\Users\dhl\Desktop\aswMBR.txt"

**************************************************************************

TDSSKILLER log -

00:36:31.0270 4032 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

00:36:31.0738 4032 ============================================================

00:36:31.0738 4032 Current date / time: 2012/06/14 00:36:31.0738

00:36:31.0738 4032 SystemInfo:

00:36:31.0738 4032

00:36:31.0738 4032 OS Version: 6.1.7601 ServicePack: 1.0

00:36:31.0738 4032 Product type: Workstation

00:36:31.0738 4032 ComputerName: DHL-PC

00:36:31.0738 4032 UserName: dhl

00:36:31.0738 4032 Windows directory: C:\Windows

00:36:31.0738 4032 System windows directory: C:\Windows

00:36:31.0738 4032 Running under WOW64

00:36:31.0738 4032 Processor architecture: Intel x64

00:36:31.0738 4032 Number of processors: 4

00:36:31.0738 4032 Page size: 0x1000

00:36:31.0738 4032 Boot type: Normal boot

00:36:31.0738 4032 ============================================================

00:36:32.0564 4032 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:36:32.0596 4032 ============================================================

00:36:32.0596 4032 \Device\Harddisk0\DR0:

00:36:32.0596 4032 MBR partitions:

00:36:32.0596 4032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A3857F1

00:36:32.0596 4032 ============================================================

00:36:32.0611 4032 C: <-> \Device\Harddisk0\DR0\Partition0

00:36:32.0611 4032 ============================================================

00:36:32.0611 4032 Initialize success

00:36:32.0611 4032 ============================================================

00:36:53.0266 2716 ============================================================

00:36:53.0266 2716 Scan started

00:36:53.0266 2716 Mode: Manual;

00:36:53.0266 2716 ============================================================

00:36:54.0061 2716 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:36:54.0077 2716 1394ohci - ok

00:36:54.0092 2716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:36:54.0108 2716 ACPI - ok

00:36:54.0124 2716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:36:54.0124 2716 AcpiPmi - ok

00:36:54.0233 2716 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

00:36:54.0233 2716 AdobeARMservice - ok

00:36:54.0342 2716 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

00:36:54.0342 2716 AdobeFlashPlayerUpdateSvc - ok

00:36:54.0404 2716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

00:36:54.0404 2716 adp94xx - ok

00:36:54.0436 2716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

00:36:54.0436 2716 adpahci - ok

00:36:54.0467 2716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

00:36:54.0467 2716 adpu320 - ok

00:36:54.0482 2716 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

00:36:54.0482 2716 AeLookupSvc - ok

00:36:54.0545 2716 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

00:36:54.0545 2716 AFD - ok

00:36:54.0576 2716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:36:54.0576 2716 agp440 - ok

00:36:54.0592 2716 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

00:36:54.0592 2716 ALG - ok

00:36:54.0623 2716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:36:54.0623 2716 aliide - ok

00:36:54.0638 2716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:36:54.0638 2716 amdide - ok

00:36:54.0654 2716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

00:36:54.0654 2716 AmdK8 - ok

00:36:54.0670 2716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

00:36:54.0670 2716 AmdPPM - ok

00:36:54.0701 2716 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

00:36:54.0701 2716 amdsata - ok

00:36:54.0716 2716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

00:36:54.0716 2716 amdsbs - ok

00:36:54.0732 2716 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

00:36:54.0732 2716 amdxata - ok

00:36:54.0763 2716 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:36:54.0763 2716 AppID - ok

00:36:54.0779 2716 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

00:36:54.0779 2716 AppIDSvc - ok

00:36:54.0794 2716 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

00:36:54.0794 2716 Appinfo - ok

00:36:54.0826 2716 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

00:36:54.0826 2716 AppMgmt - ok

00:36:54.0841 2716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

00:36:54.0841 2716 arc - ok

00:36:54.0857 2716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

00:36:54.0857 2716 arcsas - ok

00:36:54.0872 2716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:36:54.0872 2716 AsyncMac - ok

00:36:54.0888 2716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:36:54.0888 2716 atapi - ok

00:36:54.0935 2716 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:36:54.0966 2716 AudioEndpointBuilder - ok

00:36:54.0982 2716 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:36:54.0982 2716 AudioSrv - ok

00:36:55.0013 2716 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

00:36:55.0013 2716 AxInstSV - ok

00:36:55.0044 2716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

00:36:55.0044 2716 b06bdrv - ok

00:36:55.0091 2716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:36:55.0106 2716 b57nd60a - ok

00:36:55.0122 2716 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

00:36:55.0138 2716 BDESVC - ok

00:36:55.0138 2716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:36:55.0138 2716 Beep - ok

00:36:55.0216 2716 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

00:36:55.0216 2716 BFE - ok

00:36:55.0262 2716 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

00:36:55.0294 2716 BITS - ok

00:36:55.0325 2716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

00:36:55.0325 2716 blbdrive - ok

00:36:55.0356 2716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:36:55.0356 2716 bowser - ok

00:36:55.0372 2716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:36:55.0372 2716 BrFiltLo - ok

00:36:55.0372 2716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:36:55.0372 2716 BrFiltUp - ok

00:36:55.0403 2716 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

00:36:55.0403 2716 Browser - ok

00:36:55.0434 2716 BrPar - ok

00:36:55.0450 2716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:36:55.0450 2716 Brserid - ok

00:36:55.0450 2716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:36:55.0450 2716 BrSerWdm - ok

00:36:55.0465 2716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:36:55.0465 2716 BrUsbMdm - ok

00:36:55.0465 2716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:36:55.0465 2716 BrUsbSer - ok

00:36:55.0465 2716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

00:36:55.0465 2716 BTHMODEM - ok

00:36:55.0496 2716 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

00:36:55.0496 2716 bthserv - ok

00:36:55.0512 2716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:36:55.0512 2716 cdfs - ok

00:36:55.0559 2716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

00:36:55.0559 2716 cdrom - ok

00:36:55.0590 2716 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:36:55.0590 2716 CertPropSvc - ok

00:36:55.0606 2716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

00:36:55.0606 2716 circlass - ok

00:36:55.0637 2716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:36:55.0637 2716 CLFS - ok

00:36:55.0699 2716 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:36:55.0699 2716 clr_optimization_v2.0.50727_32 - ok

00:36:55.0746 2716 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

00:36:55.0746 2716 clr_optimization_v2.0.50727_64 - ok

00:36:55.0808 2716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:36:55.0808 2716 clr_optimization_v4.0.30319_32 - ok

00:36:55.0824 2716 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

00:36:55.0824 2716 clr_optimization_v4.0.30319_64 - ok

00:36:55.0840 2716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

00:36:55.0840 2716 CmBatt - ok

00:36:55.0855 2716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:36:55.0855 2716 cmdide - ok

00:36:55.0902 2716 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

00:36:55.0902 2716 CNG - ok

00:36:55.0918 2716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

00:36:55.0918 2716 Compbatt - ok

00:36:55.0949 2716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

00:36:55.0949 2716 CompositeBus - ok

00:36:55.0949 2716 COMSysApp - ok

00:36:55.0964 2716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

00:36:55.0964 2716 crcdisk - ok

00:36:56.0027 2716 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

00:36:56.0027 2716 CryptSvc - ok

00:36:56.0074 2716 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

00:36:56.0074 2716 CSC - ok

00:36:56.0120 2716 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

00:36:56.0136 2716 CscService - ok

00:36:56.0167 2716 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:36:56.0183 2716 DcomLaunch - ok

00:36:56.0214 2716 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

00:36:56.0214 2716 defragsvc - ok

00:36:56.0276 2716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:36:56.0276 2716 DfsC - ok

00:36:56.0308 2716 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

00:36:56.0323 2716 Dhcp - ok

00:36:56.0339 2716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:36:56.0339 2716 discache - ok

00:36:56.0339 2716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

00:36:56.0354 2716 Disk - ok

00:36:56.0370 2716 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

00:36:56.0370 2716 Dnscache - ok

00:36:56.0401 2716 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

00:36:56.0417 2716 dot3svc - ok

00:36:56.0448 2716 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

00:36:56.0448 2716 DPS - ok

00:36:56.0464 2716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:36:56.0464 2716 drmkaud - ok

00:36:56.0510 2716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

00:36:56.0526 2716 DXGKrnl - ok

00:36:56.0573 2716 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys

00:36:56.0573 2716 eamonm - ok

00:36:56.0588 2716 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

00:36:56.0604 2716 EapHost - ok

00:36:56.0729 2716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

00:36:56.0776 2716 ebdrv - ok

00:36:56.0838 2716 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

00:36:56.0838 2716 EFS - ok

00:36:56.0885 2716 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys

00:36:56.0885 2716 ehdrv - ok

00:36:56.0963 2716 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

00:36:56.0978 2716 ehRecvr - ok

00:36:56.0994 2716 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

00:36:56.0994 2716 ehSched - ok

00:36:57.0119 2716 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

00:36:57.0119 2716 ekrn - ok

00:36:57.0212 2716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

00:36:57.0212 2716 elxstor - ok

00:36:57.0259 2716 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys

00:36:57.0259 2716 epfwwfpr - ok

00:36:57.0290 2716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:36:57.0290 2716 ErrDev - ok

00:36:57.0337 2716 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

00:36:57.0353 2716 EventSystem - ok

00:36:57.0368 2716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:36:57.0368 2716 exfat - ok

00:36:57.0384 2716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:36:57.0400 2716 fastfat - ok

00:36:57.0446 2716 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

00:36:57.0462 2716 Fax - ok

00:36:57.0462 2716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

00:36:57.0462 2716 fdc - ok

00:36:57.0478 2716 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

00:36:57.0478 2716 fdPHost - ok

00:36:57.0493 2716 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

00:36:57.0493 2716 FDResPub - ok

00:36:57.0509 2716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:36:57.0509 2716 FileInfo - ok

00:36:57.0509 2716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:36:57.0509 2716 Filetrace - ok

00:36:57.0524 2716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

00:36:57.0524 2716 flpydisk - ok

00:36:57.0571 2716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:36:57.0571 2716 FltMgr - ok

00:36:57.0634 2716 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

00:36:57.0649 2716 FontCache - ok

00:36:57.0712 2716 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

00:36:57.0712 2716 FontCache3.0.0.0 - ok

00:36:57.0727 2716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:36:57.0727 2716 FsDepends - ok

00:36:57.0743 2716 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

00:36:57.0743 2716 Fs_Rec - ok

00:36:57.0790 2716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:36:57.0805 2716 fvevol - ok

00:36:57.0821 2716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

00:36:57.0821 2716 gagp30kx - ok

00:36:57.0868 2716 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

00:36:57.0883 2716 gpsvc - ok

00:36:57.0992 2716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

00:36:57.0992 2716 gupdate - ok

00:36:58.0008 2716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

00:36:58.0008 2716 gupdatem - ok

00:36:58.0024 2716 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

00:36:58.0024 2716 gusvc - ok

00:36:58.0039 2716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:36:58.0039 2716 hcw85cir - ok

00:36:58.0086 2716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:36:58.0086 2716 HdAudAddService - ok

00:36:58.0117 2716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

00:36:58.0117 2716 HDAudBus - ok

00:36:58.0117 2716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

00:36:58.0117 2716 HidBatt - ok

00:36:58.0133 2716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

00:36:58.0133 2716 HidBth - ok

00:36:58.0133 2716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

00:36:58.0133 2716 HidIr - ok

00:36:58.0148 2716 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

00:36:58.0148 2716 hidserv - ok

00:36:58.0180 2716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

00:36:58.0180 2716 HidUsb - ok

00:36:58.0211 2716 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

00:36:58.0211 2716 hkmsvc - ok

00:36:58.0242 2716 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

00:36:58.0258 2716 HomeGroupListener - ok

00:36:58.0289 2716 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

00:36:58.0289 2716 HomeGroupProvider - ok

00:36:58.0304 2716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:36:58.0304 2716 HpSAMD - ok

00:36:58.0367 2716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:36:58.0382 2716 HTTP - ok

00:36:58.0398 2716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:36:58.0398 2716 hwpolicy - ok

00:36:58.0429 2716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

00:36:58.0429 2716 i8042prt - ok

00:36:58.0476 2716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

00:36:58.0492 2716 iaStorV - ok

00:36:58.0570 2716 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

00:36:58.0585 2716 idsvc - ok

00:36:58.0850 2716 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys

00:36:58.0928 2716 igfx - ok

00:36:59.0022 2716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

00:36:59.0022 2716 iirsp - ok

00:36:59.0069 2716 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

00:36:59.0100 2716 IKEEXT - ok

00:36:59.0116 2716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:36:59.0116 2716 intelide - ok

00:36:59.0147 2716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:36:59.0147 2716 intelppm - ok

00:36:59.0162 2716 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

00:36:59.0178 2716 IPBusEnum - ok

00:36:59.0194 2716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:36:59.0194 2716 IpFilterDriver - ok

00:36:59.0240 2716 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

00:36:59.0256 2716 iphlpsvc - ok

00:36:59.0287 2716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:36:59.0287 2716 IPMIDRV - ok

00:36:59.0303 2716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:36:59.0303 2716 IPNAT - ok

00:36:59.0318 2716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:36:59.0318 2716 IRENUM - ok

00:36:59.0334 2716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:36:59.0334 2716 isapnp - ok

00:36:59.0365 2716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:36:59.0365 2716 iScsiPrt - ok

00:36:59.0396 2716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

00:36:59.0396 2716 kbdclass - ok

00:36:59.0412 2716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

00:36:59.0412 2716 kbdhid - ok

00:36:59.0428 2716 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:36:59.0443 2716 KeyIso - ok

00:36:59.0443 2716 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

00:36:59.0443 2716 KSecDD - ok

00:36:59.0474 2716 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

00:36:59.0474 2716 KSecPkg - ok

00:36:59.0490 2716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:36:59.0490 2716 ksthunk - ok

00:36:59.0521 2716 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

00:36:59.0537 2716 KtmRm - ok

00:36:59.0568 2716 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

00:36:59.0568 2716 LanmanServer - ok

00:36:59.0599 2716 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

00:36:59.0599 2716 LanmanWorkstation - ok

00:36:59.0630 2716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:36:59.0630 2716 lltdio - ok

00:36:59.0662 2716 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

00:36:59.0677 2716 lltdsvc - ok

00:36:59.0677 2716 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

00:36:59.0677 2716 lmhosts - ok

00:36:59.0708 2716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

00:36:59.0708 2716 LSI_FC - ok

00:36:59.0708 2716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

00:36:59.0708 2716 LSI_SAS - ok

00:36:59.0724 2716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:36:59.0724 2716 LSI_SAS2 - ok

00:36:59.0724 2716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:36:59.0724 2716 LSI_SCSI - ok

00:36:59.0755 2716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:36:59.0755 2716 luafv - ok

00:36:59.0802 2716 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

00:36:59.0802 2716 MBAMProtector - ok

00:36:59.0896 2716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

00:36:59.0896 2716 MBAMService - ok

00:36:59.0927 2716 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

00:36:59.0927 2716 Mcx2Svc - ok

00:36:59.0942 2716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

00:36:59.0942 2716 megasas - ok

00:36:59.0958 2716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

00:36:59.0958 2716 MegaSR - ok

00:36:59.0989 2716 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:36:59.0989 2716 MMCSS - ok

00:37:00.0005 2716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:37:00.0005 2716 Modem - ok

00:37:00.0020 2716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:37:00.0020 2716 monitor - ok

00:37:00.0052 2716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

00:37:00.0052 2716 mouclass - ok

00:37:00.0067 2716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

00:37:00.0067 2716 mouhid - ok

00:37:00.0098 2716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:37:00.0098 2716 mountmgr - ok

00:37:00.0145 2716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:37:00.0145 2716 mpio - ok

00:37:00.0161 2716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:37:00.0161 2716 mpsdrv - ok

00:37:00.0223 2716 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

00:37:00.0239 2716 MpsSvc - ok

00:37:00.0254 2716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:37:00.0254 2716 MRxDAV - ok

00:37:00.0286 2716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:37:00.0286 2716 mrxsmb - ok

00:37:00.0332 2716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:37:00.0332 2716 mrxsmb10 - ok

00:37:00.0348 2716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:37:00.0348 2716 mrxsmb20 - ok

00:37:00.0364 2716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:37:00.0364 2716 msahci - ok

00:37:00.0395 2716 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:37:00.0395 2716 msdsm - ok

00:37:00.0410 2716 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

00:37:00.0410 2716 MSDTC - ok

00:37:00.0442 2716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:37:00.0442 2716 Msfs - ok

00:37:00.0457 2716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:37:00.0457 2716 mshidkmdf - ok

00:37:00.0457 2716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:37:00.0457 2716 msisadrv - ok

00:37:00.0488 2716 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

00:37:00.0488 2716 MSiSCSI - ok

00:37:00.0504 2716 msiserver - ok

00:37:00.0520 2716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:37:00.0520 2716 MSKSSRV - ok

00:37:00.0535 2716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:37:00.0535 2716 MSPCLOCK - ok

00:37:00.0535 2716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:37:00.0535 2716 MSPQM - ok

00:37:00.0582 2716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:37:00.0582 2716 MsRPC - ok

00:37:00.0598 2716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

00:37:00.0598 2716 mssmbios - ok

00:37:00.0613 2716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:37:00.0613 2716 MSTEE - ok

00:37:00.0629 2716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

00:37:00.0629 2716 MTConfig - ok

00:37:00.0644 2716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:37:00.0644 2716 Mup - ok

00:37:00.0691 2716 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

00:37:00.0707 2716 napagent - ok

00:37:00.0738 2716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:37:00.0738 2716 NativeWifiP - ok

00:37:00.0800 2716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

00:37:00.0800 2716 NDIS - ok

00:37:00.0816 2716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:37:00.0816 2716 NdisCap - ok

00:37:00.0832 2716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:37:00.0832 2716 NdisTapi - ok

00:37:00.0878 2716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:37:00.0878 2716 Ndisuio - ok

00:37:00.0910 2716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:37:00.0910 2716 NdisWan - ok

00:37:00.0941 2716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:37:00.0941 2716 NDProxy - ok

00:37:00.0941 2716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:37:00.0941 2716 NetBIOS - ok

00:37:00.0972 2716 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:37:00.0988 2716 NetBT - ok

00:37:01.0003 2716 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:37:01.0003 2716 Netlogon - ok

00:37:01.0050 2716 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

00:37:01.0050 2716 Netman - ok

00:37:01.0081 2716 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

00:37:01.0097 2716 netprofm - ok

00:37:01.0144 2716 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:37:01.0159 2716 NetTcpPortSharing - ok

00:37:01.0175 2716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

00:37:01.0175 2716 nfrd960 - ok

00:37:01.0206 2716 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

00:37:01.0206 2716 NlaSvc - ok

00:37:01.0222 2716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:37:01.0222 2716 Npfs - ok

00:37:01.0237 2716 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

00:37:01.0237 2716 nsi - ok

00:37:01.0237 2716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:37:01.0253 2716 nsiproxy - ok

00:37:01.0331 2716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

00:37:01.0362 2716 Ntfs - ok

00:37:01.0409 2716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:37:01.0409 2716 Null - ok

00:37:01.0456 2716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

00:37:01.0456 2716 nvraid - ok

00:37:01.0487 2716 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys

00:37:01.0487 2716 nvsmu - ok

00:37:01.0518 2716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

00:37:01.0518 2716 nvstor - ok

00:37:01.0534 2716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:37:01.0549 2716 nv_agp - ok

00:37:01.0643 2716 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

00:37:01.0658 2716 odserv - ok

00:37:01.0674 2716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:37:01.0674 2716 ohci1394 - ok

00:37:01.0705 2716 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:37:01.0705 2716 ose - ok

00:37:01.0752 2716 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:37:01.0752 2716 p2pimsvc - ok

00:37:01.0799 2716 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

00:37:01.0799 2716 p2psvc - ok

00:37:01.0830 2716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

00:37:01.0830 2716 Parport - ok

00:37:01.0861 2716 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

00:37:01.0861 2716 partmgr - ok

00:37:01.0877 2716 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

00:37:01.0877 2716 PcaSvc - ok

00:37:01.0892 2716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:37:01.0892 2716 pci - ok

00:37:01.0908 2716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:37:01.0908 2716 pciide - ok

00:37:01.0939 2716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

00:37:01.0939 2716 pcmcia - ok

00:37:01.0939 2716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:37:01.0955 2716 pcw - ok

00:37:01.0986 2716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:37:01.0986 2716 PEAUTH - ok

00:37:02.0048 2716 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

00:37:02.0064 2716 PeerDistSvc - ok

00:37:02.0126 2716 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

00:37:02.0126 2716 PerfHost - ok

00:37:02.0251 2716 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

00:37:02.0267 2716 pla - ok

00:37:02.0314 2716 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

00:37:02.0329 2716 PlugPlay - ok

00:37:02.0345 2716 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

00:37:02.0345 2716 PNRPAutoReg - ok

00:37:02.0376 2716 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:37:02.0392 2716 PNRPsvc - ok

00:37:02.0407 2716 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

00:37:02.0438 2716 PolicyAgent - ok

00:37:02.0454 2716 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

00:37:02.0454 2716 Power - ok

00:37:02.0501 2716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:37:02.0501 2716 PptpMiniport - ok

00:37:02.0532 2716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

00:37:02.0532 2716 Processor - ok

00:37:02.0563 2716 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

00:37:02.0563 2716 ProfSvc - ok

00:37:02.0594 2716 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:37:02.0594 2716 ProtectedStorage - ok

00:37:02.0626 2716 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:37:02.0626 2716 Psched - ok

00:37:02.0688 2716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

00:37:02.0704 2716 ql2300 - ok

00:37:02.0766 2716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

00:37:02.0766 2716 ql40xx - ok

00:37:02.0797 2716 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

00:37:02.0797 2716 QWAVE - ok

00:37:02.0813 2716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:37:02.0813 2716 QWAVEdrv - ok

00:37:02.0813 2716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:37:02.0813 2716 RasAcd - ok

00:37:02.0828 2716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:37:02.0844 2716 RasAgileVpn - ok

00:37:02.0844 2716 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

00:37:02.0844 2716 RasAuto - ok

00:37:02.0875 2716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:37:02.0875 2716 Rasl2tp - ok

00:37:02.0922 2716 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

00:37:02.0922 2716 RasMan - ok

00:37:02.0938 2716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:37:02.0938 2716 RasPppoe - ok

00:37:02.0953 2716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:37:02.0953 2716 RasSstp - ok

00:37:02.0984 2716 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:37:03.0000 2716 rdbss - ok

00:37:03.0000 2716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

00:37:03.0000 2716 rdpbus - ok

00:37:03.0016 2716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:37:03.0016 2716 RDPCDD - ok

00:37:03.0047 2716 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

00:37:03.0047 2716 RDPDR - ok

00:37:03.0062 2716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:37:03.0062 2716 RDPENCDD - ok

00:37:03.0078 2716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:37:03.0078 2716 RDPREFMP - ok

00:37:03.0109 2716 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

00:37:03.0109 2716 RDPWD - ok

00:37:03.0140 2716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:37:03.0140 2716 rdyboost - ok

00:37:03.0172 2716 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

00:37:03.0172 2716 RemoteAccess - ok

00:37:03.0187 2716 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

00:37:03.0187 2716 RemoteRegistry - ok

00:37:03.0218 2716 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

00:37:03.0218 2716 RpcEptMapper - ok

00:37:03.0234 2716 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

00:37:03.0234 2716 RpcLocator - ok

00:37:03.0281 2716 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:37:03.0281 2716 RpcSs - ok

00:37:03.0296 2716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:37:03.0296 2716 rspndr - ok

00:37:03.0328 2716 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys

00:37:03.0328 2716 RTL8167 - ok

00:37:03.0359 2716 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

00:37:03.0359 2716 s3cap - ok

00:37:03.0390 2716 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:37:03.0390 2716 SamSs - ok

00:37:03.0406 2716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:37:03.0421 2716 sbp2port - ok

00:37:03.0437 2716 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

00:37:03.0437 2716 SCardSvr - ok

00:37:03.0468 2716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:37:03.0468 2716 scfilter - ok

00:37:03.0546 2716 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

00:37:03.0562 2716 Schedule - ok

00:37:03.0593 2716 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:37:03.0593 2716 SCPolicySvc - ok

00:37:03.0624 2716 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

00:37:03.0624 2716 SDRSVC - ok

00:37:03.0655 2716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:37:03.0655 2716 secdrv - ok

00:37:03.0671 2716 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

00:37:03.0671 2716 seclogon - ok

00:37:03.0686 2716 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

00:37:03.0686 2716 SENS - ok

00:37:03.0702 2716 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

00:37:03.0702 2716 SensrSvc - ok

00:37:03.0702 2716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

00:37:03.0718 2716 Serenum - ok

00:37:03.0733 2716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

00:37:03.0733 2716 Serial - ok

00:37:03.0733 2716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

00:37:03.0749 2716 sermouse - ok

00:37:03.0780 2716 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

00:37:03.0780 2716 SessionEnv - ok

00:37:03.0811 2716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:37:03.0811 2716 sffdisk - ok

00:37:03.0827 2716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:37:03.0827 2716 sffp_mmc - ok

00:37:03.0842 2716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:37:03.0842 2716 sffp_sd - ok

00:37:03.0858 2716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

00:37:03.0858 2716 sfloppy - ok

00:37:03.0889 2716 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

00:37:03.0905 2716 SharedAccess - ok

00:37:03.0952 2716 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

00:37:03.0967 2716 ShellHWDetection - ok

00:37:03.0983 2716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:37:03.0983 2716 SiSRaid2 - ok

00:37:03.0998 2716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

00:37:03.0998 2716 SiSRaid4 - ok

00:37:04.0014 2716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:37:04.0014 2716 Smb - ok

00:37:04.0030 2716 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

00:37:04.0030 2716 SNMPTRAP - ok

00:37:04.0030 2716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:37:04.0030 2716 spldr - ok

00:37:04.0061 2716 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

00:37:04.0076 2716 Spooler - ok

00:37:04.0248 2716 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

00:37:04.0295 2716 sppsvc - ok

00:37:04.0357 2716 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

00:37:04.0357 2716 sppuinotify - ok

00:37:04.0420 2716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:37:04.0420 2716 srv - ok

00:37:04.0451 2716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:37:04.0451 2716 srv2 - ok

00:37:04.0482 2716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:37:04.0482 2716 srvnet - ok

00:37:04.0498 2716 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

00:37:04.0513 2716 SSDPSRV - ok

00:37:04.0513 2716 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

00:37:04.0513 2716 SstpSvc - ok

00:37:04.0544 2716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

00:37:04.0544 2716 stexstor - ok

00:37:04.0591 2716 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

00:37:04.0607 2716 stisvc - ok

00:37:04.0638 2716 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

00:37:04.0638 2716 storflt - ok

00:37:04.0654 2716 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

00:37:04.0654 2716 StorSvc - ok

00:37:04.0669 2716 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

00:37:04.0669 2716 storvsc - ok

00:37:04.0685 2716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

00:37:04.0685 2716 swenum - ok

00:37:04.0716 2716 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

00:37:04.0732 2716 swprv - ok

00:37:04.0825 2716 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

00:37:04.0841 2716 SysMain - ok

00:37:04.0919 2716 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

00:37:04.0919 2716 TabletInputService - ok

00:37:04.0950 2716 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

00:37:04.0950 2716 TapiSrv - ok

00:37:04.0966 2716 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

00:37:04.0966 2716 TBS - ok

00:37:05.0075 2716 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

00:37:05.0090 2716 Tcpip - ok

00:37:05.0200 2716 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

00:37:05.0215 2716 TCPIP6 - ok

00:37:05.0262 2716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:37:05.0262 2716 tcpipreg - ok

00:37:05.0293 2716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:37:05.0293 2716 TDPIPE - ok

00:37:05.0309 2716 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

00:37:05.0309 2716 TDTCP - ok

00:37:05.0356 2716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:37:05.0356 2716 tdx - ok

00:37:05.0387 2716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

00:37:05.0387 2716 TermDD - ok

00:37:05.0418 2716 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

00:37:05.0434 2716 TermService - ok

00:37:05.0449 2716 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

00:37:05.0449 2716 Themes - ok

00:37:05.0465 2716 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:37:05.0465 2716 THREADORDER - ok

00:37:05.0480 2716 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

00:37:05.0496 2716 TrkWks - ok

00:37:05.0527 2716 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

00:37:05.0527 2716 TrustedInstaller - ok

00:37:05.0543 2716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:37:05.0543 2716 tssecsrv - ok

00:37:05.0574 2716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:37:05.0574 2716 TsUsbFlt - ok

00:37:05.0621 2716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:37:05.0621 2716 tunnel - ok

00:37:05.0636 2716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

00:37:05.0636 2716 uagp35 - ok

00:37:05.0668 2716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:37:05.0683 2716 udfs - ok

00:37:05.0699 2716 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

00:37:05.0699 2716 UI0Detect - ok

00:37:05.0730 2716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:37:05.0730 2716 uliagpkx - ok

00:37:05.0761 2716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

00:37:05.0777 2716 umbus - ok

00:37:05.0777 2716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

00:37:05.0777 2716 UmPass - ok

00:37:05.0824 2716 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

00:37:05.0824 2716 UmRdpService - ok

00:37:05.0839 2716 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

00:37:05.0855 2716 upnphost - ok

00:37:05.0870 2716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys

00:37:05.0870 2716 usbccgp - ok

00:37:05.0917 2716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:37:05.0917 2716 usbcir - ok

00:37:05.0933 2716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

00:37:05.0933 2716 usbehci - ok

00:37:05.0964 2716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

00:37:05.0964 2716 usbhub - ok

00:37:05.0980 2716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

00:37:05.0980 2716 usbohci - ok

00:37:06.0011 2716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

00:37:06.0011 2716 usbprint - ok

00:37:06.0026 2716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:37:06.0026 2716 USBSTOR - ok

00:37:06.0042 2716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

00:37:06.0042 2716 usbuhci - ok

00:37:06.0042 2716 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

00:37:06.0058 2716 UxSms - ok

00:37:06.0073 2716 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:37:06.0073 2716 VaultSvc - ok

00:37:06.0089 2716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:37:06.0089 2716 vdrvroot - ok

00:37:06.0136 2716 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

00:37:06.0151 2716 vds - ok

00:37:06.0167 2716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:37:06.0167 2716 vga - ok

00:37:06.0182 2716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:37:06.0182 2716 VgaSave - ok

00:37:06.0214 2716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:37:06.0214 2716 vhdmp - ok

00:37:06.0229 2716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:37:06.0229 2716 viaide - ok

00:37:06.0260 2716 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

00:37:06.0260 2716 vmbus - ok

00:37:06.0260 2716 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

00:37:06.0276 2716 VMBusHID - ok

00:37:06.0276 2716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:37:06.0276 2716 volmgr - ok

00:37:06.0323 2716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:37:06.0323 2716 volmgrx - ok

00:37:06.0338 2716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:37:06.0338 2716 volsnap - ok

00:37:06.0370 2716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

00:37:06.0370 2716 vsmraid - ok

00:37:06.0463 2716 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

00:37:06.0479 2716 VSS - ok

00:37:06.0557 2716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

00:37:06.0557 2716 vwifibus - ok

00:37:06.0588 2716 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

00:37:06.0604 2716 W32Time - ok

00:37:06.0619 2716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

00:37:06.0619 2716 WacomPen - ok

00:37:06.0635 2716 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:37:06.0635 2716 WANARP - ok

00:37:06.0650 2716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:37:06.0650 2716 Wanarpv6 - ok

00:37:06.0744 2716 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

00:37:06.0775 2716 WatAdminSvc - ok

00:37:06.0853 2716 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

00:37:06.0869 2716 wbengine - ok

00:37:06.0916 2716 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

00:37:06.0916 2716 WbioSrvc - ok

00:37:06.0962 2716 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

00:37:06.0978 2716 wcncsvc - ok

00:37:06.0994 2716 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

00:37:06.0994 2716 WcsPlugInService - ok

00:37:07.0009 2716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

00:37:07.0009 2716 Wd - ok

00:37:07.0040 2716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:37:07.0056 2716 Wdf01000 - ok

00:37:07.0056 2716 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:37:07.0072 2716 WdiServiceHost - ok

00:37:07.0072 2716 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:37:07.0072 2716 WdiSystemHost - ok

00:37:07.0103 2716 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

00:37:07.0103 2716 WebClient - ok

00:37:07.0134 2716 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

00:37:07.0134 2716 Wecsvc - ok

00:37:07.0150 2716 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

00:37:07.0150 2716 wercplsupport - ok

00:37:07.0165 2716 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

00:37:07.0181 2716 WerSvc - ok

00:37:07.0196 2716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:37:07.0196 2716 WfpLwf - ok

00:37:07.0212 2716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:37:07.0212 2716 WIMMount - ok

00:37:07.0243 2716 WinDefend - ok

00:37:07.0243 2716 WinHttpAutoProxySvc - ok

00:37:07.0306 2716 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

00:37:07.0306 2716 Winmgmt - ok

00:37:07.0399 2716 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

00:37:07.0430 2716 WinRM - ok

00:37:07.0540 2716 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

00:37:07.0555 2716 Wlansvc - ok

00:37:07.0696 2716 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:37:07.0727 2716 wlidsvc - ok

00:37:07.0805 2716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:37:07.0805 2716 WmiAcpi - ok

00:37:07.0836 2716 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

00:37:07.0836 2716 wmiApSrv - ok

00:37:07.0867 2716 WMPNetworkSvc - ok

00:37:07.0898 2716 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

00:37:07.0898 2716 WPCSvc - ok

00:37:07.0930 2716 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

00:37:07.0930 2716 WPDBusEnum - ok

00:37:07.0945 2716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:37:07.0945 2716 ws2ifsl - ok

00:37:07.0961 2716 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

00:37:07.0961 2716 wscsvc - ok

00:37:07.0961 2716 WSearch - ok

00:37:08.0086 2716 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

00:37:08.0117 2716 wuauserv - ok

00:37:08.0195 2716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:37:08.0195 2716 WudfPf - ok

00:37:08.0226 2716 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:37:08.0226 2716 WUDFRd - ok

00:37:08.0257 2716 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

00:37:08.0257 2716 wudfsvc - ok

00:37:08.0273 2716 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

00:37:08.0273 2716 WwanSvc - ok

00:37:08.0304 2716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

00:37:08.0460 2716 \Device\Harddisk0\DR0 - ok

00:37:08.0460 2716 Boot (0x1200) (8cee7e06e41ed8beb2395274e658b625) \Device\Harddisk0\DR0\Partition0

00:37:08.0460 2716 \Device\Harddisk0\DR0\Partition0 - ok

00:37:08.0476 2716 ============================================================

00:37:08.0476 2716 Scan finished

00:37:08.0476 2716 ============================================================

00:37:08.0476 2512 Detected object count: 0

00:37:08.0476 2512 Actual detected object count: 0

00:42:22.0894 4468 Deinitialize success

********************************************************************************

ComboFix.txt log -

ComboFix 12-06-13.05 - dhl 06/14/2012 0:51.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.2503 [GMT -7:00]

Running from: c:\users\dhl\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\dhl\AppData\Roaming\Local

c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\.ddr

c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Player_RB_v1_en.divx.ddr

c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx(2).ddr

c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr

c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)

c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Player_RB_v1_en.divx

c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en(2).divx

c:\users\dhl\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx

.

.

((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))

.

.

2012-06-14 08:00 . 2012-06-14 08:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-14 06:21 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F7F3D3C-6120-4E64-A06F-053BC096F750}\mpengine.dll

2012-06-11 20:54 . 2012-06-11 20:54 -------- d-----w- c:\users\dhl\AppData\Roaming\QuickScan

2012-06-11 20:05 . 2012-06-11 20:05 -------- d-----w- C:\rsit

2012-06-11 20:05 . 2012-06-11 20:05 -------- d-----w- c:\program files\trend micro

2012-06-11 19:59 . 2012-06-11 19:59 -------- d-----w- c:\program files (x86)\ERUNT

2012-06-10 23:27 . 2012-06-10 23:27 -------- d-----w- c:\users\dhl\AppData\Roaming\Malwarebytes

2012-06-10 23:27 . 2012-06-10 23:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-10 23:27 . 2012-06-10 23:27 -------- d-----w- c:\programdata\Malwarebytes

2012-06-10 23:27 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-20 23:26 . 2012-05-20 23:26 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-20 23:26 . 2012-05-20 23:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-14 06:49 . 2012-04-03 23:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-14 06:49 . 2011-05-23 05:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-07 22:13 . 2012-04-03 23:13 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-31 06:05 . 2012-05-14 04:45 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-14 04:45 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-14 04:45 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10 . 2012-05-14 04:45 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 11:35 . 2012-05-14 04:44 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-17 07:58 . 2012-05-14 04:44 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2009-06-27 20:08 . 2011-01-04 01:24 1874432 ----a-w- c:\program files\CarPlayer.msi

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-30 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 136176]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:49]

.

2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 18:49]

.

2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-30 18:49]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\dhl\AppData\Roaming\Mozilla\Firefox\Profiles\m44qfb7r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.stjosephradio.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-MEI_Startup - c:\script_temp\startup.cmd

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3953167327-737837418-790444171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3953167327-737837418-790444171-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-14 01:04:47 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-14 08:04

.

Pre-Run: 445,822,136,320 bytes free

Post-Run: 446,005,514,240 bytes free

.

- - End Of File - - F073315DC803B38468CBBF11429BFE25

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

de-install the old (insecure) Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or Google or any other widget or toolbar !!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Offline (boot) scan with Windows Defender Offline

I suggest you get and run the Microsoft Windows Defender Offline. This is an "offline" tool that you boot the pc with and scan your system for malware.

To get started, find a blank CD, DVD, or USB flash drive with at least 250 MB of free space and then download and run the tool—the tool will help you create the removable media.

The basic sequence of steps are

a) Download and SAVE the tool to a unique folder/location on your pc

b) Create the CD/DVD/USB-flash drive with tool

c) Set pc to boot from the offline media

d) Place media in & restart system

e) Run the tool. Have infinite patience & have it scan the entire system. Remove any malware that is found.

Download & info link http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

The frequently asked questions for this tool

http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Hi.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Edited by Maurice Naggar
Link to post
Share on other sites
Bill James

Bill James

Posted
  • Author
Posted

Hello Maurice -

Thank you for your continued help...

MBAM log -

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.18.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

dhl :: DHL-PC [administrator]

Protection: Enabled

6/18/2012 9:11:36 AM

mbam-log-2012-06-18 (09-11-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup |

Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205091

Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt -

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by dhl at 9:16:58 on 2012-06-18

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.2800 [GMT -7:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://sn135w.snt135.mail.live.com/default.aspx?wa=wsignin1.0

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web

Player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{A1D07E8E-3293-432C-A29A-7D63DD5D529F} : DhcpNameServer = 209.18.47.61 209.18.47.62

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus

Web Player\npdivx32.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported

sites - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll

mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\dhl\AppData\Roaming\Mozilla\Firefox\Profiles\m44qfb7r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.stjosephradio.com/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-10 654408]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [2012-6-17 257224]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat

\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-06-18 03:51:20 -------- d-----w- C:\Users\dhl\AppData\Local\{79CEA627-2DD4-4760-AD88-C98C9B1489AA}

2012-06-18 03:25:14 -------- d-----w- C:\Windows\Microsoft Antimalware

2012-06-18 02:01:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-18 02:01:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-18 01:31:14 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-18 01:31:14 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-06-18 00:08:16 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CCA566D-5DCA-

4BD2-A6F5-4C4ED96927B4}\mpengine.dll

2012-06-14 08:01:20 -------- d-----w- C:\$RECYCLE.BIN

2012-06-14 07:50:19 98816 ----a-w- C:\Windows\sed.exe

2012-06-14 07:50:19 518144 ----a-w- C:\Windows\SWREG.exe

2012-06-14 07:50:19 256000 ----a-w- C:\Windows\PEV.exe

2012-06-14 07:50:19 208896 ----a-w- C:\Windows\MBR.exe

2012-06-14 06:17:36 -------- d-----w- C:\Users\dhl\AppData\Local\{01C27DC5-7362-44D8-ABF1-EBC4A5F92255}

2012-06-14 06:17:25 -------- d-----w- C:\Users\dhl\AppData\Local\{2738FBDC-3EFF-40E4-9BE4-82328A071A48}

2012-06-11 20:54:21 -------- d-----w- C:\Users\dhl\AppData\Roaming\QuickScan

2012-06-11 20:05:00 -------- d-----w- C:\Program Files\trend micro

2012-06-11 19:42:58 -------- d-----w- C:\Users\dhl\AppData\Local\{D108205E-D1B3-4413-BAA2-C70735B4D5BA}

2012-06-11 19:42:47 -------- d-----w- C:\Users\dhl\AppData\Local\{43619CD6-B90A-42E5-B929-EB5E12385DA2}

2012-06-10 23:27:05 -------- d-----w- C:\Users\dhl\AppData\Roaming\Malwarebytes

2012-06-10 23:27:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-10 23:27:00 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-10 23:27:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-10 22:17:35 -------- d-----w- C:\Users\dhl\AppData\Local\{9D497B4F-FEAC-4E10-8ED9-16E4EEED40A1}

2012-06-10 22:17:25 -------- d-----w- C:\Users\dhl\AppData\Local\{97A6E8BC-DFC4-478C-8050-A0A06440AF00}

2012-06-04 18:06:45 -------- d-----w- C:\Users\dhl\AppData\Local\{E3E04E59-1781-47D5-9714-432877A27619}

2012-06-04 18:06:35 -------- d-----w- C:\Users\dhl\AppData\Local\{58DF7E52-A81B-429A-92B2-CB31F5C2A3BF}

2012-05-29 05:18:15 -------- d-----w- C:\Users\dhl\AppData\Local\{5A901FE0-13D6-4F15-89B3-3D6B27B83DC3}

2012-05-29 05:18:06 -------- d-----w- C:\Users\dhl\AppData\Local\{A973B747-4A9F-4574-A7D1-8045AE5448A6}

2012-05-29 05:17:55 -------- d-----w- C:\Users\dhl\AppData\Local\{DA8BE5D0-67B4-4622-A260-6F964A0F6971}

2012-05-28 17:17:43 -------- d-----w- C:\Users\dhl\AppData\Local\{1DB6FD35-CEBF-4639-BFA9-B6824EEF09F0}

2012-05-28 17:17:33 -------- d-----w- C:\Users\dhl\AppData\Local\{098AEFE4-F015-4CD5-90A2-946F918AA703}

2012-05-28 00:35:09 -------- d-----w- C:\Users\dhl\AppData\Local\{96E737D3-C05F-480D-A70B-F182819D510C}

2012-05-28 00:34:57 -------- d-----w- C:\Users\dhl\AppData\Local\{C979DB7F-4976-4F2D-8AFB-9EFB26FF4423}

2012-05-26 20:05:34 -------- d-----w- C:\Users\dhl\AppData\Local\{C6244F59-0EFC-416E-BC0C-A9370D5BA2B1}

2012-05-26 20:05:21 -------- d-----w- C:\Users\dhl\AppData\Local\{D8D7881F-2387-4264-89E1-1FC45162A91A}

2012-05-25 03:43:41 -------- d-----w- C:\Users\dhl\AppData\Local\{FE94CCDC-CFD8-402A-8F56-D0DABE47C6A6}

2012-05-25 03:43:30 -------- d-----w- C:\Users\dhl\AppData\Local\{66FC4D1B-F0EA-499F-B1DF-8B6F149B4DA4}

2012-05-25 03:39:59 -------- d-----w- C:\Users\dhl\AppData\Local\{9CAFE2B2-62D0-4030-957F-97D9FD9FBD44}

2012-05-25 03:37:20 -------- d-----w- C:\Users\dhl\AppData\Local\{1D24C4D6-DDE6-473B-A984-8CC0091FECD0}

2012-05-25 03:35:08 -------- d-----w- C:\Users\dhl\AppData\Local\{77EA15AA-D7EE-4B2E-81F1-74076A90E4B2}

2012-05-25 03:33:08 -------- d-----w- C:\Users\dhl\AppData\Local\{184EF255-DCC3-41E4-9F65-2FCF3BA92F8D}

2012-05-24 00:32:30 -------- d-----w- C:\Users\dhl\AppData\Local\{ED89A35C-7BB6-4566-9295-8CAF587F046D}

2012-05-24 00:32:16 -------- d-----w- C:\Users\dhl\AppData\Local\{335C75B2-F84D-4CA4-A6E0-0033D68B9E05}

2012-05-21 20:27:57 -------- d-----w- C:\Users\dhl\AppData\Local\{58965474-522C-47C6-9F71-0C4236B415ED}

2012-05-21 20:27:44 -------- d-----w- C:\Users\dhl\AppData\Local\{32A07178-D537-4A41-B2A4-A68D0DBA27DB}

2012-05-20 23:22:07 -------- d-----w- C:\Users\dhl\AppData\Local\{04CDB062-70C2-402D-A23B-AA1B34F97CBA}

2012-05-20 23:21:54 -------- d-----w- C:\Users\dhl\AppData\Local\{2D437AFE-1AE5-43C7-8C25-C49E378B8AFA}

.

==================== Find3M ====================

.

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-07 22:13:08 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2009-06-27 20:08:18 1874432 ----a-w- C:\Program Files\CarPlayer.msi

.

============= FINISH: 9:17:43.79 ===============

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use on a periodic basis to backup Windows registry.

Delete the following if still present:

aswMBR.exe

TDSSKILLER.exe

We are finished here. Best regards.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.