Komodo Posted August 17, 2012 ID:586717 Share Posted August 17, 2012 MBAM hasn't been able to remove a TrojanDropper.BCMiner and Rootkit. I can scan again right after the restart and all 5 infected files coe up again. I have also attached the MBAM log.It looks like you have resolved this with other users, so I'm hoping you can help me as well. ThanksIt's not letting me attach any files, so I have copied any pasted the text (DDS, Attach, and mbam log)..DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1Run by Tice at 14:26:48 on 2012-08-17Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4701 [GMT -7:00].AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exeC:\Program Files (x86)\TechSmith\Jing\Jing.exeC:\Users\Tice\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exe-netsvcsC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exe"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDnsC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localuURLSearchHooks: H - No FileuURLSearchHooks: H - No FilemWinlogon: Userinit=userinit.exe,BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLLBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB: {37153479-1976-43C3-A1EE-557513977B64} - No FileuRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorunuRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exemRun: [<NO NAME>]mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\Tice\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tice\AppData\Roaming\Dropbox\bin\Dropbox.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLLSP: mswsock.dllTCP: DhcpNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{0847DC48-9B03-413B-9F08-4A6D9A31BB75} : DhcpNameServer = 75.75.75.75 75.75.76.76Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLLBHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLLBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dllBHO-X64: Yontoo Layers - No FileTB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllTB-X64: {37153479-1976-43C3-A1EE-557513977B64} - No FilemRun-x64: [(Default)]mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Tice\AppData\Roaming\Mozilla\Firefox\Profiles\q7tdqoys.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.comFF - plugin: C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dllFF - plugin: C:\Users\Tice\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: C:\Users\Tice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Users\Tice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Tice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.---- FIREFOX POLICIES ----FF - user.js: general.useragent.extra.brc -FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 317b2d27-9148-407d-a26b-0be16b388313FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics.FF - user.js: extensions.autoDisableScopes - 14.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-26 1127448]R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-28 44768]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 250056]S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-9-15 245760]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-6 113120]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-08-17 21:11:05 20480 ----a-w- C:\Windows\svchost.exe2012-08-17 18:47:07 -------- d-----r- C:\Users\Tice\Dropbox2012-08-17 18:43:29 -------- d-----w- C:\Users\Tice\AppData\Roaming\Dropbox2012-08-17 00:14:17 -------- d-----w- C:\Program Files\Enigma Software Group2012-08-17 00:13:27 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP2012-08-17 00:13:26 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard2012-08-14 03:06:46 -------- d-----w- C:\Program Files (x86)\Oracle2012-08-14 01:12:18 -------- d-----w- C:\Users\Tice\AppData\Roaming\BSW2012-08-03 02:49:41 -------- d-----w- C:\ProgramData\PopCap Games2012-08-03 02:49:41 -------- d-----w- C:\Program Files (x86)\PopCap Games2012-07-29 14:29:08 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%2012-07-28 19:38:59 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFDF6384-9617-4C31-A52B-C6968F98FF9D}\mpengine.dll.==================== Find3M ====================.2012-08-15 02:47:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-15 02:47:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-07-16 01:21:55 268952 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2012-07-16 01:21:55 268952 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2012-07-15 02:20:35 268952 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02012-07-06 05:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2012-07-06 05:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe.============= FINISH: 14:27:53.76 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 9/15/2011 3:38:56 PMSystem Uptime: 8/17/2012 2:13:25 PM (0 hours ago).Motherboard: FOXCONN | | 2AB1Processor: AMD Phenom II X2 521 Processor | CPU 1 | 3500/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 920 GiB total, 819.292 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.361 GiB free.E: is CDROM ()F: is CDROM ()G: is RemovableH: is RemovableI: is RemovableJ: is CDROM ()L: is CDROM ()M: is RemovableN: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP111: 7/17/2012 6:33:17 AM - Windows UpdateRP112: 7/24/2012 6:31:34 PM - Windows UpdateRP113: 7/28/2012 12:38:39 PM - Windows UpdateRP114: 8/5/2012 2:27:48 PM - Scheduled CheckpointRP115: 8/6/2012 11:20:06 PM - HPSF Restore PointRP116: 8/7/2012 12:07:33 AM - HPSF Restore PointRP117: 8/13/2012 8:04:35 PM - Installed Java 7 Update 5RP118: 8/13/2012 8:05:43 PM - Removed JavaFX 2.1.0RP119: 8/13/2012 8:06:19 PM - Installed JavaFX 2.1.1RP120: 8/13/2012 9:33:26 PM - Removed Zinio Reader 4RP121: 8/13/2012 9:34:45 PM - Removed Palm Desktop by ACCESSRP122: 8/16/2012 5:13:32 PM - Installed SpyHunterRP123: 8/16/2012 5:53:36 PM - Removed SpyHunter.==== Installed Programs ======================.µTorrentAdobe AIRAdobe Digital EditionsAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Shockwave Player 11.6Agatha Christie - Peril at End HouseAMD VISION Engine Control CenterAngry BirdsAngry Birds RioAngry Birds SeasonsAngry Birds SpaceApple Application SupportApple Software Updateavast! Free AntivirusBejeweled 2 DeluxeBejeweled 3Blackhawk Striker 2Blasterball 3BlioBounce SymphonyBrother MFL-Pro Suite MFC-J615WBuild-a-lot 2Cake ManiaCall of Duty - United OffensiveCatalyst Control Center - BrandingCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishChuzzle DeluxeD3DX10DAEMON Tools ProDiner Dash 2 Restaurant RescueDora's World AdventureDropboxFamilySearch Indexing 3.13.1Farm FrenzyFATE - The Traitor SoulGoogle Talk PluginHeroes of Might and Magic VHewlett-Packard ACLM.NET v1.1.1.0HP Customer Experience EnhancementsHP GamesHP LinkUpHP MediaSmart/TouchSmart NetflixHP MovieStoreHP OdometerHP SetupHP Setup ManagerHP Support AssistantHP Support InformationHP UpdateHulu DesktopHydraVisionJava Auto UpdaterJava 7 Update 5JavaFX 2.1.1JingJunk Mail filter updateLabelPrintMagic ISO Maker v5.5 (build 0273)Magic ISO Maker v5.5 (build 0281)MagicDisc 2.7.105Mah Jong MedleyMalwarebytes Anti-Malware version 1.61.0.1400Mesh RuntimeMicrosoft Office 2010Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WSE 3.0 RuntimeMight & Magic Heroes VIMozilla Firefox 14.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Mystery P.I. - Stolen in San FranciscoNamco All-Stars PAC-MANPalm Desktop by ACCESSPDF Complete Special EditionPenguins!Pet Vet 3D Animal HospitalPet Vet 3D Down UnderPet Vet 3D Wild Animal HospitalPlants vs. ZombiesPlants vs. Zombies - Game of the YearPlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferPower2GoPressReaderPunkBuster ServicesQuickTimeRealtek High Definition Audio DriverRecovery ManagerRemote Graphics ReceiverRoxioNow PlayerScanSoft PaperPort 11Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Skype™ 5.8Slingo SupremeswMSMTripleA Version 1_5_2_1Ubisoft Game LauncherUnity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update Installer for WildTangent Games AppVirtual Villagers 4 - The Tree of LifeVLC media player 1.1.11Wheel of Fortune 2WildTangent Games App (HP Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWolfenstein - Enemy TerritoryZuma Deluxe.==== Event Viewer Messages From Past Week ========.8/17/2012 2:25:53 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470248918/17/2012 2:25:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-21470248918/17/2012 2:14:43 PM, Error: Service Control Manager [7000] - The AODDriver4.0 service failed to start due to the following error: The system cannot find the path specified.8/17/2012 2:14:33 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the BFE service which failed to start because of the following error: Access is denied.8/17/2012 2:14:30 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error: Access is denied.8/17/2012 2:14:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.8/17/2012 2:14:28 PM, Error: Service Control Manager [7000] - The BFE service failed to start due to the following error: Access is denied.8/16/2012 11:42:55 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.8/14/2012 11:22:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8800108b2cb, 0xfffff8800292ea50, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\081412-28204-01.dmp. Report Id: 081412-28204-01.8/13/2012 9:15:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb47ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\Minidump\081312-25615-01.dmp. Report Id: 081312-25615-01.8/13/2012 9:12:05 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.8/13/2012 9:12:03 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.8/13/2012 9:08:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 9:08:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb67ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\Minidump\081312-22120-01.dmp. Report Id: 081312-22120-01.8/13/2012 9:05:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cbc7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\Minidump\081312-25942-01.dmp. Report Id: 081312-25942-01.8/11/2012 7:59:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service..==== End Of File ===========================Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.13.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Tice :: TICE-HP [administrator]8/17/2012 2:03:10 PMmbam-log-2012-08-17 (14-03-10).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 203953Time elapsed: 3 minute(s), 56 second(s)Memory Processes Detected: 1C:\Windows\svchost.exe (Trojan.Agent) -> 2696 -> Delete on reboot.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 4C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.(end) Link to post Share on other sites More sharing options...
MrCharlie Posted August 17, 2012 ID:586718 Share Posted August 17, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC Link to post Share on other sites More sharing options...
Komodo Posted August 18, 2012 Author ID:586796 Share Posted August 18, 2012 Here is the report from RogueKiller. ThanksRogueKiller V7.6.6 [08/10/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Tice [Admin rights]Mode: Scan -- Date: 08/17/2012 17:39:53¤¤¤ Bad processes: 1 ¤¤¤[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]¤¤¤ Registry Entries: 4 ¤¤¤[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][FILE] @ : c:\windows\installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\@ --> FOUND[ZeroAccess][FOLDER] U : c:\windows\installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U --> FOUND[ZeroAccess][FOLDER] L : c:\windows\installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\L --> FOUND[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤¤¤¤ HOSTS File: ¤¤¤¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HDS721010CLA332 SATA Disk Device +++++--- User ---[MBR] e5b8e230b36494830f956d29c0f87ccc[bSP] fe7250244a6987badde9a87e2ff5cd48 : Windows Vista/7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942352 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930143744 | Size: 11415 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] 5446a21687269152910ccad135e89947[bSP] 3e994ff66c0e7c7bdcf881de13609d25 : Windows 7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++Error reading User MBR!User = LL1 ... OK!Error reading LL2 MBR!+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++Error reading User MBR!User = LL1 ... OK!Error reading LL2 MBR!+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++Error reading User MBR!User = LL1 ... OK!Error reading LL2 MBR!+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++Error reading User MBR!User = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 18, 2012 ID:586906 Share Posted August 18, 2012 ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤Here you go......Your computer is infected with a nasty rootkit. Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.-----------------------------------------Please make sure system restore is running and create a new restore point before continuing!For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.How to tell > 32 or 64 bitPlug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]Now press the Search button[*]When the search is complete, search.txt will also be written to your USB[*]Type exit and reboot the computer normally[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)MrC Link to post Share on other sites More sharing options...
Komodo Posted August 18, 2012 Author ID:586970 Share Posted August 18, 2012 Here is the FRST and Search Txt:Scan result of Farbar Recovery Scan Tool Version: 18-08-2012Ran by SYSTEM at 18-08-2012 09:07:13Running from H:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [3722416 2011-09-06] (AVAST Software)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)HKU\Tice\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd)HKU\Tice\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2918224 2012-02-01] (TechSmith Corporation)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76Startup: C:\Users\Tice\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> (No File)==================== Services (Whitelisted) ======2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2011-09-06] (AVAST Software)2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-04-14] ()========================== Drivers (Whitelisted) =============2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-09-06] (AVAST Software)2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [65368 2011-09-06] (AVAST Software)1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software)1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [601944 2011-09-06] (AVAST Software)1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [301912 2011-09-06] (AVAST Software)1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58200 2011-09-06] (AVAST Software)1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [272448 2011-11-30] (DT Soft Ltd)3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]3 BFE; . [x]3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]========================== NetSvcs (Whitelisted) ======================= One Month Created Files and Folders ==============2012-08-18 09:07 - 2012-08-18 09:07 - 00000000 ____D C:\FRST2012-08-17 16:39 - 2012-08-17 16:39 - 00002812 ____A C:\Users\Tice\Desktop\RKreport[1].txt2012-08-17 16:38 - 2012-08-17 16:39 - 00000000 ____D C:\Users\Tice\Desktop\RK_Quarantine2012-08-17 16:38 - 2012-08-17 16:38 - 01558528 ____A C:\Users\Tice\Desktop\RogueKiller.exe2012-08-17 13:28 - 2012-08-17 13:28 - 00017089 ____A C:\Users\Tice\Desktop\DDS.txt2012-08-17 13:28 - 2012-08-17 13:28 - 00013642 ____A C:\Users\Tice\Desktop\Attach.txt2012-08-17 13:23 - 2012-08-17 13:23 - 00607260 ____R (Swearware) C:\Users\Tice\Desktop\dds.scr2012-08-17 13:11 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe2012-08-17 10:47 - 2012-08-17 13:14 - 00000000 ___RD C:\Users\Tice\Dropbox2012-08-17 10:47 - 2012-08-17 10:47 - 00001041 ____A C:\Users\Tice\Desktop\Dropbox.lnk2012-08-17 10:43 - 2012-08-17 21:30 - 00000000 ____D C:\Users\Tice\AppData\Roaming\Dropbox2012-08-17 10:42 - 2012-08-17 10:43 - 17798272 ____A (Dropbox, Inc.) C:\Users\Tice\Desktop\Dropbox 1.4.12.exe2012-08-16 16:14 - 2012-08-16 16:14 - 00000000 ____D C:\Program Files\Enigma Software Group2012-08-16 16:13 - 2012-08-16 16:54 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP2012-08-14 10:23 - 2012-08-14 10:23 - 00000000 ____D C:\Users\All Users\HotSync2012-08-13 20:35 - 2012-08-13 20:35 - 00000000 ____D C:\Users\Tice\AppData\Roaming\HotSync2012-08-13 20:03 - 2012-08-13 20:14 - 00000000 ___SD C:\32788R22FWJFW2012-08-13 20:03 - 2012-08-13 20:03 - 00000000 ____D C:\Windows\erdnt2012-08-13 19:06 - 2012-08-13 19:06 - 00000000 ____D C:\Program Files (x86)\Oracle2012-08-13 19:06 - 2012-07-05 21:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2012-08-13 19:05 - 2012-06-27 00:43 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2012-08-13 19:05 - 2012-06-27 00:43 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe2012-08-13 19:04 - 2012-08-13 19:05 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b06.log2012-08-13 19:04 - 2012-08-13 19:04 - 00000000 ____D C:\Users\All Users\McAfee2012-08-13 17:12 - 2012-08-13 17:17 - 00000000 ____D C:\Users\Tice\AppData\Roaming\BSW2012-08-13 17:11 - 2012-08-13 17:12 - 03182633 ____A (BrettspielWelt GmbH) C:\Users\Tice\Downloads\BrettspielWelt_en.exe2012-08-04 16:19 - 2012-08-04 16:19 - 00001076 ____A C:\Users\Public\Desktop\Angry Birds.lnk2012-08-02 18:49 - 2012-08-02 18:49 - 42715656 ____A C:\Users\Tice\Downloads\PlantsVsZombies_20120801.exe2012-08-02 18:49 - 2012-08-02 18:49 - 00001315 ____A C:\Users\Public\Desktop\Plants vs. Zombies.lnk2012-08-02 18:49 - 2012-08-02 18:49 - 00000000 ____D C:\Users\All Users\PopCap Games2012-08-02 18:49 - 2012-08-02 18:49 - 00000000 ____D C:\Program Files (x86)\PopCap Games2012-07-29 06:29 - 2012-07-29 06:29 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%2012-07-28 11:33 - 2012-08-14 10:22 - 00000000 ____D C:\Windows\Minidump2012-07-28 09:31 - 2012-07-28 09:40 - 00000000 ____D C:\Program Files (x86)\Google============ 3 Months Modified Files ========================2012-08-17 22:06 - 2012-06-05 17:56 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934525634-3787459049-2266934747-1000UA.job2012-08-17 21:47 - 2012-06-24 18:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2012-08-17 18:06 - 2012-06-05 17:56 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934525634-3787459049-2266934747-1000Core.job2012-08-17 16:39 - 2012-08-17 16:39 - 00002812 ____A C:\Users\Tice\Desktop\RKreport[1].txt2012-08-17 16:38 - 2012-08-17 16:38 - 01558528 ____A C:\Users\Tice\Desktop\RogueKiller.exe2012-08-17 13:28 - 2012-08-17 13:28 - 00017089 ____A C:\Users\Tice\Desktop\DDS.txt2012-08-17 13:28 - 2012-08-17 13:28 - 00013642 ____A C:\Users\Tice\Desktop\Attach.txt2012-08-17 13:23 - 2012-08-17 13:23 - 00607260 ____R (Swearware) C:\Users\Tice\Desktop\dds.scr2012-08-17 13:21 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-08-17 13:21 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-08-17 13:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-08-17 13:13 - 2009-07-13 20:51 - 00067948 ____A C:\Windows\setupact.log2012-08-17 13:09 - 2010-11-20 19:47 - 01116452 ____A C:\Windows\PFRO.log2012-08-17 10:47 - 2012-08-17 10:47 - 00001041 ____A C:\Users\Tice\Desktop\Dropbox.lnk2012-08-17 10:43 - 2012-08-17 10:42 - 17798272 ____A (Dropbox, Inc.) C:\Users\Tice\Desktop\Dropbox 1.4.12.exe2012-08-17 10:38 - 2011-09-16 17:47 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForTice.job2012-08-17 06:47 - 2011-09-16 17:25 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log2012-08-16 20:28 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI2012-08-15 18:12 - 2011-09-15 14:38 - 01737389 ____A C:\Windows\WindowsUpdate.log2012-08-14 18:47 - 2012-05-05 10:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2012-08-14 18:47 - 2011-09-15 17:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2012-08-14 10:22 - 2011-05-26 02:01 - 00285266 ____N C:\Windows\Minidump\081412-28204-01.dmp2012-08-13 20:15 - 2011-05-26 02:01 - 00285202 ____N C:\Windows\Minidump\081312-25615-01.dmp2012-08-13 20:08 - 2011-05-26 02:01 - 00285202 ____N C:\Windows\Minidump\081312-22120-01.dmp2012-08-13 20:04 - 2011-05-26 02:01 - 00285202 ____N C:\Windows\Minidump\081312-25942-01.dmp2012-08-13 19:05 - 2012-08-13 19:04 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b06.log2012-08-13 17:12 - 2012-08-13 17:11 - 03182633 ____A (BrettspielWelt GmbH) C:\Users\Tice\Downloads\BrettspielWelt_en.exe2012-08-04 16:19 - 2012-08-04 16:19 - 00001076 ____A C:\Users\Public\Desktop\Angry Birds.lnk2012-08-02 18:49 - 2012-08-02 18:49 - 42715656 ____A C:\Users\Tice\Downloads\PlantsVsZombies_20120801.exe2012-08-02 18:49 - 2012-08-02 18:49 - 00001315 ____A C:\Users\Public\Desktop\Plants vs. Zombies.lnk2012-08-02 09:17 - 2011-05-26 02:01 - 00285266 ____N C:\Windows\Minidump\080212-28688-01.dmp2012-07-29 17:36 - 2011-05-26 02:01 - 00285202 ____N C:\Windows\Minidump\072912-21668-01.dmp2012-07-28 11:46 - 2011-10-28 06:33 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt2012-07-28 11:33 - 2011-05-26 02:01 - 00285394 ____N C:\Windows\Minidump\072812-29998-01.dmp2012-07-16 18:01 - 2012-07-16 18:01 - 00001908 ____A C:\Users\Tice\Desktop\Might & Magic Heroes VI - Shortcut.lnk2012-07-16 17:42 - 2011-05-26 01:45 - 00093663 ____A C:\Windows\DirectX.log2012-07-15 17:21 - 2012-04-14 21:03 - 00268952 ____A C:\Windows\SysWOW64\PnkBstrB.xtr2012-07-15 17:21 - 2012-04-14 08:10 - 00268952 ____A C:\Windows\SysWOW64\PnkBstrB.exe2012-07-14 18:20 - 2012-04-14 08:10 - 00268952 ____A C:\Windows\SysWOW64\PnkBstrB.ex02012-07-14 06:21 - 2009-07-13 21:08 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT2012-07-12 05:53 - 2011-09-15 14:41 - 00110912 ____A C:\Users\Tice\AppData\Local\GDIPFONTCACHEV1.DAT2012-07-12 05:48 - 2009-07-13 20:45 - 00418608 ____A C:\Windows\System32\FNTCACHE.DAT2012-07-11 22:13 - 2011-10-14 20:28 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2012-07-11 20:10 - 2012-07-11 20:10 - 00014840 ____A C:\Users\Tice\Downloads\peabestowsdoodles.zip2012-07-11 20:09 - 2012-07-11 20:09 - 00015018 ____A C:\Users\Tice\Downloads\peanjhwhimsy.zip2012-07-11 20:08 - 2012-07-11 20:08 - 00009211 ____A C:\Users\Tice\Downloads\peaannie.zip2012-07-05 21:06 - 2012-08-13 19:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2012-07-05 21:06 - 2012-05-26 22:05 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll2012-07-05 21:06 - 2012-05-26 22:05 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2012-06-27 13:52 - 2012-06-27 13:50 - 17060081 ____A C:\Users\Tice\Downloads\bom-without-images.zip2012-06-27 00:43 - 2012-08-13 19:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2012-06-27 00:43 - 2012-08-13 19:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe2012-06-23 16:07 - 2012-06-23 16:06 - 132894602 ____A C:\Users\Tice\Downloads\triplea_1_5_2_1_windows_installer_with_java.exe2012-06-23 11:51 - 2012-06-23 11:51 - 26141741 ____A (NickOnline ) C:\Users\Tice\Downloads\setup.exe2012-06-14 08:16 - 2011-12-05 15:04 - 00188200 ___AH C:\Windows\SysWOW64\mlfcache.dat2012-06-11 19:08 - 2012-07-11 22:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-06-10 16:20 - 2011-09-25 15:07 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk2012-06-09 15:38 - 2012-06-09 15:37 - 82271334 ____A (Telltale Games) C:\Users\Tice\Downloads\8BitIsEnough_setup.exe2012-06-08 21:43 - 2012-07-11 06:21 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2012-06-08 20:41 - 2012-07-11 06:21 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2012-06-06 22:38 - 2012-06-06 22:38 - 00020882 ____A C:\Users\Tice\Downloads\[kat.ph]sierra.adventure.games.pack.collection.torrent2012-06-06 18:19 - 2012-06-06 18:19 - 00466314 ____A C:\Users\Tice\Downloads\[kat.ph]sierra.games.collection.and.more.torrent2012-06-06 18:11 - 2012-06-06 18:11 - 00001132 ____A C:\Users\Public\Desktop\Firefox.lnk2012-06-06 18:10 - 2012-06-06 18:10 - 16574016 ____A (Mozilla) C:\Users\Tice\Downloads\Firefox Setup 13.0.exe2012-06-06 15:13 - 2012-06-06 15:13 - 00475801 ____A C:\Users\Tice\Downloads\hashcalc.zip2012-06-06 14:27 - 2012-06-06 14:27 - 04733064 ____A (WebMinds, Inc. ) C:\Users\Tice\Downloads\regacesetup.exe2012-06-06 14:17 - 2012-06-06 14:17 - 01058280 ____A C:\Users\Tice\Downloads\mstask.zip_downloader.exe2012-06-06 14:02 - 2012-06-06 14:02 - 00008835 ____A C:\Users\Tice\Downloads\icfgnt1.zip2012-06-05 22:06 - 2012-07-11 06:21 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll2012-06-05 22:06 - 2012-07-11 06:21 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll2012-06-05 22:02 - 2012-07-11 06:20 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll2012-06-05 21:05 - 2012-07-11 06:21 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2012-06-05 21:05 - 2012-07-11 06:21 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2012-06-05 21:03 - 2012-07-11 06:20 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll2012-06-05 17:56 - 2012-06-05 17:56 - 00739832 ____A (Google Inc.) C:\Users\Tice\Downloads\GoogleVoiceAndVideoSetup.exe2012-06-03 19:55 - 2011-09-15 22:01 - 00000945 ____A C:\Users\Public\Desktop\µTorrent.lnk2012-06-02 14:19 - 2012-06-21 06:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2012-06-02 14:19 - 2012-06-21 06:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll2012-06-02 14:19 - 2012-06-21 06:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2012-06-02 14:19 - 2012-06-21 06:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll2012-06-02 14:19 - 2012-06-21 06:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll2012-06-02 14:19 - 2012-06-21 06:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2012-06-02 14:15 - 2012-06-21 06:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll2012-06-02 14:15 - 2012-06-21 06:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll2012-06-02 14:15 - 2012-06-21 06:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe2012-06-02 10:29 - 2012-06-02 10:29 - 00002061 ____A C:\Users\Tice\Desktop\Domination.lnk2012-06-02 10:28 - 2012-06-02 10:28 - 07112192 ____A C:\Users\Tice\Downloads\Domination_install_1.1.0.8.exe2012-06-01 21:50 - 2012-07-11 06:21 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys2012-06-01 21:48 - 2012-07-11 06:21 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2012-06-01 21:48 - 2012-07-11 06:21 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys2012-06-01 21:45 - 2012-07-11 06:21 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll2012-06-01 21:44 - 2012-07-11 06:21 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll2012-06-01 20:40 - 2012-07-11 06:21 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2012-06-01 20:40 - 2012-07-11 06:21 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2012-06-01 20:39 - 2012-07-11 06:21 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2012-06-01 20:34 - 2012-07-11 06:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2012-05-31 11:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe2012-05-26 22:04 - 2012-05-26 22:04 - 00892360 ____A (Oracle Corporation) C:\Users\Tice\Downloads\jre-7u4-windows-i586-iftw.exe2012-05-26 21:58 - 2012-05-26 21:58 - 00000820 ____A C:\Users\Tice\Desktop\Colossus.jnlp2012-05-26 21:42 - 2012-05-26 21:42 - 00000841 ____A C:\Users\Tice\Downloads\Colossus-public-testing.jnlpZeroAccess:C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\@C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\LC:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\UC:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\L\00000004.@C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\L\201d3ddeC:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\00000004.@C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\00000008.@C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\000000cb.@C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\80000000.@C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\80000032.@C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\80000064.@ZeroAccess:C:\Windows\assembly\GAC_32\Desktop.iniZeroAccess:C:\Windows\assembly\GAC_64\Desktop.iniType 00 partition infection:C:\Windows\svchost.exe========================= Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check ============C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitTDL4: custom:26000022 <===== ATTENTION!==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK========================= Memory info ======================Percentage of memory in use: 15%Total physical RAM: 5887.29 MBAvailable physical RAM: 4995.86 MBTotal Pagefile: 5885.48 MBAvailable Pagefile: 4966.9 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB======================= Partitions =========================1 Drive c: (OS) (Fixed) (Total:920.27 GB) (Free:816.26 GB) NTFS2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]3 Drive f: (Disk1) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS4 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS5 Drive h: () (Removable) (Total:0.95 GB) (Free:0.27 GB) FAT11 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS12 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 973 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 920 GB 101 MB Partition 3 Primary 11 GB 920 GB==================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 Y SYSTEM NTFS Partition 100 MB Healthy ==================================================================================Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 C OS NTFS Partition 920 GB Healthy ==================================================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 4 E HP_RECOVERY NTFS Partition 11 GB Healthy ==================================================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 973 MB 123 KB==================================================================================Disk: 1Partition 1Type : 06Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 5 H FAT Removable 973 MB Healthy ==================================================================================Last Boot: 2012-08-17 07:30======================= End Of Log ==========================Farbar Recovery Scan Tool Version: 18-08-2012Ran by SYSTEM at 2012-08-18 09:09:21Running from H:\================== Search: "services.exe" ===================C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\System32\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB====== End Of Search ====== Link to post Share on other sites More sharing options...
MrCharlie Posted August 18, 2012 ID:586976 Share Posted August 18, 2012 OK, here you go......Please carefully carry out this procedure!!!!!!Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.MrC Link to post Share on other sites More sharing options...
Komodo Posted August 18, 2012 Author ID:586989 Share Posted August 18, 2012 Here is the Fixlog txt:Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 18-08-2012Ran by SYSTEM at 2012-08-18 10:04:56 Run:1Running from D:\==============================================C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007} moved successfully.C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.The operation completed successfully.The operation completed successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MrCharlie Posted August 18, 2012 ID:586999 Share Posted August 18, 2012 Well Done, lets run ComboFix to clear up any leftovers.Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
Komodo Posted August 19, 2012 Author ID:587193 Share Posted August 19, 2012 Below is the ComboFix log. ThanksComboFix 12-08-18.03 - Tice 08/18/2012 21:00:20.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4883 [GMT -7:00]Running from: c:\users\Tice\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Tice\AUTORUN.INFc:\windows\security\Database\tmp.edbc:\windows\svchost.exe..((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))..2012-08-19 04:08 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe2012-08-19 04:05 . 2012-08-19 04:05 -------- d-----w- c:\users\Default\AppData\Local\temp2012-08-18 17:07 . 2012-08-18 17:07 -------- d-----w- C:\FRST2012-08-17 18:47 . 2012-08-19 04:07 -------- d-----r- c:\users\Tice\Dropbox2012-08-17 18:43 . 2012-08-19 04:09 -------- d-----w- c:\users\Tice\AppData\Roaming\Dropbox2012-08-17 00:14 . 2012-08-17 00:14 -------- d-----w- c:\program files\Enigma Software Group2012-08-17 00:13 . 2012-08-17 00:54 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP2012-08-17 00:13 . 2012-08-17 00:13 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard2012-08-14 18:23 . 2012-08-14 18:23 -------- d-----w- c:\programdata\HotSync2012-08-14 04:35 . 2012-08-14 04:35 -------- d-----w- c:\users\Tice\AppData\Roaming\HotSync2012-08-14 03:06 . 2012-08-14 03:06 -------- d-----w- c:\program files (x86)\Oracle2012-08-14 03:04 . 2012-08-14 03:04 -------- d-----w- c:\programdata\McAfee2012-08-14 01:12 . 2012-08-14 01:17 -------- d-----w- c:\users\Tice\AppData\Roaming\BSW2012-08-03 02:49 . 2012-08-03 02:49 -------- d-----w- c:\programdata\PopCap Games2012-08-03 02:49 . 2012-08-03 02:49 -------- d-----w- c:\program files (x86)\PopCap Games2012-07-29 14:29 . 2012-07-29 14:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%2012-07-28 19:38 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFDF6384-9617-4C31-A52B-C6968F98FF9D}\mpengine.dll2012-07-28 17:31 . 2012-07-28 17:40 -------- d-----w- c:\program files (x86)\Google...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-08-15 02:47 . 2012-05-05 18:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-08-15 02:47 . 2011-09-16 01:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-16 01:21 . 2012-04-15 05:03 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2012-07-16 01:21 . 2012-04-14 16:10 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2012-07-15 02:20 . 2012-04-14 16:10 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02012-07-12 06:13 . 2011-10-15 04:28 59701280 ----a-w- c:\windows\system32\MRT.exe2012-07-06 05:06 . 2012-05-27 06:05 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2012-07-06 05:06 . 2012-05-27 06:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll2012-06-12 03:08 . 2012-07-12 06:15 3148800 ----a-w- c:\windows\system32\win32k.sys2012-06-09 05:43 . 2012-07-11 14:21 14172672 ----a-w- c:\windows\system32\shell32.dll2012-06-06 06:06 . 2012-07-11 14:21 2004480 ----a-w- c:\windows\system32\msxml6.dll2012-06-06 06:06 . 2012-07-11 14:21 1881600 ----a-w- c:\windows\system32\msxml3.dll2012-06-06 06:02 . 2012-07-11 14:20 1133568 ----a-w- c:\windows\system32\cdosys.dll2012-06-06 05:05 . 2012-07-11 14:21 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll2012-06-06 05:05 . 2012-07-11 14:21 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll2012-06-06 05:03 . 2012-07-11 14:20 805376 ----a-w- c:\windows\SysWow64\cdosys.dll2012-06-02 22:19 . 2012-06-21 14:53 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-21 14:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-21 14:53 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-21 14:53 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-21 14:52 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 22:19 . 2012-06-21 14:53 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-21 14:53 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-21 14:52 36864 ----a-w- c:\windows\system32\wuapp.exe2012-06-02 22:15 . 2012-06-21 14:53 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 05:50 . 2012-07-11 14:21 458704 ----a-w- c:\windows\system32\drivers\cng.sys2012-06-02 05:48 . 2012-07-11 14:21 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-06-02 05:48 . 2012-07-11 14:21 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2012-06-02 05:45 . 2012-07-11 14:21 340992 ----a-w- c:\windows\system32\schannel.dll2012-06-02 05:44 . 2012-07-11 14:21 307200 ----a-w- c:\windows\system32\ncrypt.dll2012-06-02 04:40 . 2012-07-11 14:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll2012-06-02 04:40 . 2012-07-11 14:21 225280 ----a-w- c:\windows\SysWow64\schannel.dll2012-06-02 04:39 . 2012-07-11 14:21 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll2012-06-02 04:34 . 2012-07-11 14:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 94208 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 94208 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 94208 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 94208 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296].c:\users\Tice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Tice\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904]S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-01 272448]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-10 365568]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-09-17 115216]S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552]S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 02:47].2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934525634-3787459049-2266934747-1000Core.job- c:\users\Tice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 01:56].2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934525634-3787459049-2266934747-1000UA.job- c:\users\Tice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 01:56].2012-08-17 c:\windows\Tasks\HPCeeScheduleForTice.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 97792 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 97792 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 97792 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-06-30 04:19 97792 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 75.75.75.75 75.75.76.76FF - ProfilePath - c:\users\Tice\AppData\Roaming\Mozilla\Firefox\Profiles\q7tdqoys.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.comFF - user.js: general.useragent.extra.brc -FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 317b2d27-9148-407d-a26b-0be16b388313FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopicsFF - user.js: extensions.autoDisableScopes - 14.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exeAddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exeAddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Bonjour\mDNSResponder.exec:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exec:\windows\SysWOW64\PnkBstrA.exe.**************************************************************************.Completion time: 2012-08-18 21:13:50 - machine was rebootedComboFix-quarantined-files.txt 2012-08-19 04:13.Pre-Run: 877,619,359,744 bytes freePost-Run: 878,831,841,280 bytes free.- - End Of File - - 545DA4721D78AB1D3A60A79141EE359E Link to post Share on other sites More sharing options...
MrCharlie Posted August 19, 2012 ID:587220 Share Posted August 19, 2012 Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on Continue----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.-------------------Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIf malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
Komodo Posted August 19, 2012 Author ID:587433 Share Posted August 19, 2012 TDSKiller log:14:56:58.0708 3272 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:0514:56:59.0207 3272 ============================================================14:56:59.0207 3272 Current date / time: 2012/08/19 14:56:59.020714:56:59.0207 3272 SystemInfo:14:56:59.0207 3272 14:56:59.0207 3272 OS Version: 6.1.7601 ServicePack: 1.014:56:59.0207 3272 Product type: Workstation14:56:59.0207 3272 ComputerName: TICE-HP14:56:59.0207 3272 UserName: Tice14:56:59.0207 3272 Windows directory: C:\Windows14:56:59.0207 3272 System windows directory: C:\Windows14:56:59.0207 3272 Running under WOW6414:56:59.0207 3272 Processor architecture: Intel x6414:56:59.0207 3272 Number of processors: 214:56:59.0207 3272 Page size: 0x100014:56:59.0207 3272 Boot type: Normal boot14:56:59.0207 3272 ============================================================14:57:00.0221 3272 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004014:57:00.0377 3272 ============================================================14:57:00.0377 3272 \Device\Harddisk0\DR0:14:57:00.0377 3272 MBR partitions:14:57:00.0377 3272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200014:57:00.0377 3272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7308800014:57:00.0377 3272 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x730BA800, BlocksNum 0x164B80014:57:00.0377 3272 ============================================================14:57:00.0393 3272 C: <-> \Device\Harddisk0\DR0\Partition214:57:00.0440 3272 D: <-> \Device\Harddisk0\DR0\Partition314:57:00.0440 3272 ============================================================14:57:00.0455 3272 Initialize success14:57:00.0455 3272 ============================================================14:57:50.0189 3864 ============================================================14:57:50.0189 3864 Scan started14:57:50.0189 3864 Mode: Manual; SigCheck; TDLFS;14:57:50.0189 3864 ============================================================14:57:51.0000 3864 ================ Scan services =============================14:57:51.0172 3864 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys14:57:51.0281 3864 1394ohci - ok14:57:51.0328 3864 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys14:57:51.0375 3864 ACPI - ok14:57:51.0422 3864 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys14:57:51.0484 3864 AcpiPmi - ok14:57:51.0624 3864 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe14:57:51.0656 3864 AdobeFlashPlayerUpdateSvc - ok14:57:51.0718 3864 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys14:57:51.0765 3864 adp94xx - ok14:57:51.0827 3864 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys14:57:51.0858 3864 adpahci - ok14:57:51.0874 3864 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys14:57:51.0890 3864 adpu320 - ok14:57:51.0921 3864 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll14:57:51.0952 3864 AeLookupSvc - ok14:57:52.0030 3864 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys14:57:52.0092 3864 AFD - ok14:57:52.0139 3864 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys14:57:52.0155 3864 agp440 - ok14:57:52.0155 3864 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe14:57:52.0170 3864 ALG - ok14:57:52.0217 3864 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys14:57:52.0248 3864 aliide - ok14:57:52.0295 3864 [ ca0d6c1390f4b3baf2a0a69d1a7f8332 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe14:57:52.0358 3864 AMD External Events Utility - ok14:57:52.0436 3864 AMD FUEL Service - ok14:57:52.0451 3864 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys14:57:52.0467 3864 amdide - ok14:57:52.0498 3864 [ 6a2eeb0c4133b20773bb3dd0b7b377b4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys14:57:52.0560 3864 amdiox64 - ok14:57:52.0592 3864 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys14:57:52.0607 3864 AmdK8 - ok14:57:52.0779 3864 [ 75e4baca583ae02c11e9ac8747e2abe0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys14:57:52.0888 3864 amdkmdag - ok14:57:52.0904 3864 [ b765cf4b32f347be747b21ae22641025 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys14:57:52.0919 3864 amdkmdap - ok14:57:52.0982 3864 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys14:57:53.0028 3864 AmdPPM - ok14:57:53.0091 3864 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys14:57:53.0122 3864 amdsata - ok14:57:53.0138 3864 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys14:57:53.0153 3864 amdsbs - ok14:57:53.0169 3864 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys14:57:53.0184 3864 amdxata - ok14:57:53.0200 3864 [ caee7c1afc9f1c9ee8dd11acd18d22e7 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys14:57:53.0200 3864 amd_sata - ok14:57:53.0216 3864 [ 23726116b4fbcc84fc45b95157c08f5f ] amd_xata C:\Windows\system32\drivers\amd_xata.sys14:57:53.0231 3864 amd_xata - ok14:57:53.0262 3864 AODDriver4.0 - ok14:57:53.0325 3864 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys14:57:53.0418 3864 AppID - ok14:57:53.0434 3864 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll14:57:53.0465 3864 AppIDSvc - ok14:57:53.0465 3864 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll14:57:53.0496 3864 Appinfo - ok14:57:53.0574 3864 [ 20f6f19fe9e753f2780dc2fa083ad597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe14:57:53.0606 3864 Apple Mobile Device - ok14:57:53.0699 3864 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys14:57:53.0715 3864 arc - ok14:57:53.0730 3864 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys14:57:53.0746 3864 arcsas - ok14:57:53.0840 3864 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe14:57:53.0871 3864 aspnet_state - ok14:57:53.0918 3864 [ 5a68b880c16ad5a6aa20b49a47ffff24 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys14:57:53.0949 3864 aswFsBlk - ok14:57:53.0964 3864 [ 230613be2d3da8053879be5ed2848f2d ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys14:57:53.0980 3864 aswMonFlt - ok14:57:54.0011 3864 [ 0dc1996ae4178d7d14744ef6b3082313 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys14:57:54.0042 3864 aswRdr - ok14:57:54.0074 3864 [ b6ff911c23775cdfdd49612d92637af4 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys14:57:54.0089 3864 aswSnx - ok14:57:54.0120 3864 [ 5a590d8516376aed1829fc07d3bdaa4b ] aswSP C:\Windows\system32\drivers\aswSP.sys14:57:54.0136 3864 aswSP - ok14:57:54.0152 3864 [ 3239c0082fb0c1c4ee323730b85690a5 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys14:57:54.0152 3864 aswTdi - ok14:57:54.0214 3864 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys14:57:54.0276 3864 AsyncMac - ok14:57:54.0323 3864 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys14:57:54.0354 3864 atapi - ok14:57:54.0417 3864 [ 4bf5bca6e2608cd8a00bc4a6673a9f47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys14:57:54.0432 3864 AtiHDAudioService - ok14:57:54.0479 3864 [ e82e61f46d1336447f4deff8c074f13e ] AtiPcie C:\Windows\system32\drivers\AtiPcie64.sys14:57:54.0495 3864 AtiPcie - ok14:57:54.0526 3864 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll14:57:54.0557 3864 AudioEndpointBuilder - ok14:57:54.0573 3864 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll14:57:54.0604 3864 AudioSrv - ok14:57:54.0682 3864 [ c76769f246250edad34a5581419e9d60 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe14:57:54.0713 3864 avast! Antivirus - ok14:57:54.0744 3864 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll14:57:54.0776 3864 AxInstSV - ok14:57:54.0838 3864 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys14:57:54.0900 3864 b06bdrv - ok14:57:54.0963 3864 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys14:57:55.0010 3864 b57nd60a - ok14:57:55.0056 3864 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll14:57:55.0103 3864 BDESVC - ok14:57:55.0119 3864 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys14:57:55.0166 3864 Beep - ok14:57:55.0197 3864 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll14:57:55.0228 3864 BFE - ok14:57:55.0275 3864 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys14:57:55.0306 3864 blbdrive - ok14:57:55.0337 3864 [ 1c87705ccb2f60172b0fc86b5d82f00d ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe14:57:55.0368 3864 Bonjour Service - ok14:57:55.0493 3864 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys14:57:55.0587 3864 bowser - ok14:57:55.0680 3864 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys14:57:55.0712 3864 BrFiltLo - ok14:57:55.0727 3864 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys14:57:55.0758 3864 BrFiltUp - ok14:57:55.0805 3864 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys14:57:55.0836 3864 BridgeMP - ok14:57:55.0899 3864 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll14:57:55.0961 3864 Browser - ok14:57:56.0008 3864 [ 6df544e72ff139e8fbbba6d0e569bea5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys14:57:56.0070 3864 BrSerIb - ok14:57:56.0086 3864 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys14:57:56.0117 3864 Brserid - ok14:57:56.0148 3864 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys14:57:56.0164 3864 BrSerWdm - ok14:57:56.0226 3864 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys14:57:56.0273 3864 BrUsbMdm - ok14:57:56.0289 3864 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys14:57:56.0304 3864 BrUsbSer - ok14:57:56.0336 3864 [ 80082ad46578f0d3270d2e56d6433082 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys14:57:56.0367 3864 BrUsbSIb - ok14:57:56.0429 3864 [ ea7e57f87d6fee5fd6c5f813c04e8cd2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe14:57:56.0445 3864 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning14:57:56.0445 3864 BrYNSvc - detected UnsignedFile.Multi.Generic (1)14:57:56.0476 3864 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys14:57:56.0492 3864 BTHMODEM - ok14:57:56.0538 3864 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll14:57:56.0632 3864 bthserv - ok14:57:56.0663 3864 catchme - ok14:57:56.0726 3864 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys14:57:56.0772 3864 cdfs - ok14:57:56.0819 3864 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys14:57:56.0866 3864 cdrom - ok14:57:56.0913 3864 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll14:57:56.0960 3864 CertPropSvc - ok14:57:56.0960 3864 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys14:57:56.0975 3864 circlass - ok14:57:57.0006 3864 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys14:57:57.0006 3864 CLFS - ok14:57:57.0084 3864 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe14:57:57.0116 3864 clr_optimization_v2.0.50727_32 - ok14:57:57.0131 3864 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe14:57:57.0147 3864 clr_optimization_v2.0.50727_64 - ok14:57:57.0240 3864 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe14:57:57.0272 3864 clr_optimization_v4.0.30319_32 - ok14:57:57.0303 3864 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe14:57:57.0318 3864 clr_optimization_v4.0.30319_64 - ok14:57:57.0350 3864 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys14:57:57.0365 3864 CmBatt - ok14:57:57.0396 3864 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys14:57:57.0412 3864 cmdide - ok14:57:57.0490 3864 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys14:57:57.0521 3864 CNG - ok14:57:57.0552 3864 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys14:57:57.0568 3864 Compbatt - ok14:57:57.0615 3864 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys14:57:57.0662 3864 CompositeBus - ok14:57:57.0677 3864 COMSysApp - ok14:57:57.0693 3864 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys14:57:57.0708 3864 crcdisk - ok14:57:57.0740 3864 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll14:57:57.0755 3864 CryptSvc - ok14:57:57.0802 3864 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll14:57:57.0849 3864 DcomLaunch - ok14:57:57.0911 3864 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll14:57:57.0974 3864 defragsvc - ok14:57:57.0989 3864 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys14:57:58.0020 3864 DfsC - ok14:57:58.0083 3864 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll14:57:58.0176 3864 Dhcp - ok14:57:58.0239 3864 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys14:57:58.0301 3864 discache - ok14:57:58.0410 3864 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys14:57:58.0473 3864 Disk - ok14:57:58.0629 3864 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll14:57:58.0754 3864 Dnscache - ok14:57:58.0816 3864 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll14:57:58.0878 3864 dot3svc - ok14:57:58.0878 3864 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll14:57:58.0910 3864 DPS - ok14:57:58.0956 3864 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys14:57:58.0972 3864 drmkaud - ok14:57:59.0019 3864 [ 1cecd1252261153c7873b5d9eb259d65 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys14:57:59.0034 3864 dtsoftbus01 - ok14:57:59.0066 3864 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys14:57:59.0081 3864 DXGKrnl - ok14:57:59.0112 3864 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll14:57:59.0128 3864 EapHost - ok14:57:59.0190 3864 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys14:57:59.0237 3864 ebdrv - ok14:57:59.0253 3864 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe14:57:59.0268 3864 EFS - ok14:57:59.0315 3864 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe14:57:59.0378 3864 ehRecvr - ok14:57:59.0393 3864 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe14:57:59.0409 3864 ehSched - ok14:57:59.0471 3864 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys14:57:59.0502 3864 elxstor - ok14:57:59.0534 3864 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys14:57:59.0549 3864 ErrDev - ok14:57:59.0643 3864 esgiguard - ok14:57:59.0705 3864 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll14:57:59.0768 3864 EventSystem - ok14:57:59.0830 3864 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys14:57:59.0877 3864 exfat - ok14:57:59.0892 3864 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys14:57:59.0939 3864 fastfat - ok14:57:59.0986 3864 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe14:58:00.0064 3864 Fax - ok14:58:00.0080 3864 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys14:58:00.0095 3864 fdc - ok14:58:00.0173 3864 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll14:58:00.0251 3864 fdPHost - ok14:58:00.0251 3864 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll14:58:00.0267 3864 FDResPub - ok14:58:00.0298 3864 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys14:58:00.0329 3864 FileInfo - ok14:58:00.0345 3864 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys14:58:00.0376 3864 Filetrace - ok14:58:00.0392 3864 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys14:58:00.0407 3864 flpydisk - ok14:58:00.0407 3864 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys14:58:00.0423 3864 FltMgr - ok14:58:00.0454 3864 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll14:58:00.0485 3864 FontCache - ok14:58:00.0516 3864 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe14:58:00.0516 3864 FontCache3.0.0.0 - ok14:58:00.0532 3864 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys14:58:00.0548 3864 FsDepends - ok14:58:00.0594 3864 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys14:58:00.0626 3864 Fs_Rec - ok14:58:00.0672 3864 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys14:58:00.0735 3864 fvevol - ok14:58:00.0782 3864 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys14:58:00.0797 3864 gagp30kx - ok14:58:00.0844 3864 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe14:58:00.0875 3864 GamesAppService - ok14:58:00.0922 3864 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys14:58:00.0953 3864 GEARAspiWDM - ok14:58:01.0000 3864 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll14:58:01.0047 3864 gpsvc - ok14:58:01.0156 3864 [ c1b577b2169900f4cf7190c39f085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe14:58:01.0187 3864 gusvc - ok14:58:01.0203 3864 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys14:58:01.0234 3864 hcw85cir - ok14:58:01.0265 3864 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys14:58:01.0296 3864 HdAudAddService - ok14:58:01.0312 3864 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys14:58:01.0328 3864 HDAudBus - ok14:58:01.0359 3864 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys14:58:01.0390 3864 HidBatt - ok14:58:01.0406 3864 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys14:58:01.0437 3864 HidBth - ok14:58:01.0437 3864 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys14:58:01.0452 3864 HidIr - ok14:58:01.0484 3864 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll14:58:01.0515 3864 hidserv - ok14:58:01.0593 3864 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys14:58:01.0624 3864 HidUsb - ok14:58:01.0671 3864 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll14:58:01.0749 3864 hkmsvc - ok14:58:01.0764 3864 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll14:58:01.0796 3864 HomeGroupListener - ok14:58:01.0811 3864 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll14:58:01.0842 3864 HomeGroupProvider - ok14:58:01.0936 3864 [ 170233b8d743efe35f462a5d516b93e3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe14:58:01.0952 3864 HP Support Assistant Service - ok14:58:01.0998 3864 [ 6a181452d4e240b8ecc7614b9a19bde9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe14:58:02.0030 3864 HPClientSvc - ok14:58:02.0092 3864 [ bcc4a8b2e2e902f52e7f2e7d8e125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe14:58:02.0123 3864 HPDrvMntSvc.exe - ok14:58:02.0170 3864 [ ec9739a46f1f83c6e52a7a4697f44a65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe14:58:02.0186 3864 hpqwmiex - ok14:58:02.0232 3864 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys14:58:02.0264 3864 HpSAMD - ok14:58:02.0295 3864 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys14:58:02.0342 3864 HTTP - ok14:58:02.0388 3864 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys14:58:02.0420 3864 hwpolicy - ok14:58:02.0466 3864 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys14:58:02.0482 3864 i8042prt - ok14:58:02.0544 3864 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys14:58:02.0576 3864 iaStorV - ok14:58:02.0669 3864 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe14:58:02.0685 3864 IDriverT ( UnsignedFile.Multi.Generic ) - warning14:58:02.0685 3864 IDriverT - detected UnsignedFile.Multi.Generic (1)14:58:02.0747 3864 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe14:58:02.0778 3864 idsvc - ok14:58:02.0903 3864 [ a87261ef1546325b559374f5689cf5bc ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys14:58:03.0012 3864 igfx - ok14:58:03.0075 3864 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys14:58:03.0106 3864 iirsp - ok14:58:03.0184 3864 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll14:58:03.0278 3864 IKEEXT - ok14:58:03.0387 3864 [ 589b94a9b73a0e819ff873743a480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys14:58:03.0480 3864 IntcAzAudAddService - ok14:58:03.0496 3864 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys14:58:03.0512 3864 intelide - ok14:58:03.0558 3864 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys14:58:03.0605 3864 intelppm - ok14:58:03.0652 3864 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll14:58:03.0730 3864 IPBusEnum - ok14:58:03.0746 3864 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys14:58:03.0808 3864 IpFilterDriver - ok14:58:03.0808 3864 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll14:58:03.0839 3864 iphlpsvc - ok14:58:03.0870 3864 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys14:58:03.0886 3864 IPMIDRV - ok14:58:03.0902 3864 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys14:58:03.0933 3864 IPNAT - ok14:58:03.0995 3864 [ b7cb0b121962cd89f98c0dd89331b0c0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe14:58:04.0026 3864 iPod Service - ok14:58:04.0026 3864 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys14:58:04.0042 3864 IRENUM - ok14:58:04.0058 3864 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys14:58:04.0058 3864 isapnp - ok14:58:04.0073 3864 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys14:58:04.0089 3864 iScsiPrt - ok14:58:04.0104 3864 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys14:58:04.0120 3864 kbdclass - ok14:58:04.0136 3864 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys14:58:04.0167 3864 kbdhid - ok14:58:04.0214 3864 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe14:58:04.0245 3864 KeyIso - ok14:58:04.0276 3864 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys14:58:04.0292 3864 KSecDD - ok14:58:04.0292 3864 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys14:58:04.0307 3864 KSecPkg - ok14:58:04.0338 3864 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys14:58:04.0416 3864 ksthunk - ok14:58:04.0448 3864 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll14:58:04.0494 3864 KtmRm - ok14:58:04.0557 3864 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll14:58:04.0619 3864 LanmanServer - ok14:58:04.0697 3864 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll14:58:04.0760 3864 LanmanWorkstation - ok14:58:04.0806 3864 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys14:58:04.0869 3864 lltdio - ok14:58:04.0916 3864 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll14:58:05.0009 3864 lltdsvc - ok14:58:05.0009 3864 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll14:58:05.0040 3864 lmhosts - ok14:58:05.0087 3864 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys14:58:05.0118 3864 LSI_FC - ok14:58:05.0134 3864 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys14:58:05.0150 3864 LSI_SAS - ok14:58:05.0165 3864 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys14:58:05.0181 3864 LSI_SAS2 - ok14:58:05.0212 3864 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys14:58:05.0212 3864 LSI_SCSI - ok14:58:05.0274 3864 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys14:58:05.0321 3864 luafv - ok14:58:05.0384 3864 [ 2757f2e17c452e24682eb0ccea74997d ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys14:58:05.0415 3864 mcdbus - ok14:58:05.0446 3864 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll14:58:05.0462 3864 Mcx2Svc - ok14:58:05.0477 3864 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys14:58:05.0493 3864 megasas - ok14:58:05.0540 3864 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys14:58:05.0571 3864 MegaSR - ok14:58:05.0649 3864 [ fafe367d032ed82e9332b4c741a20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe14:58:05.0680 3864 Microsoft Office Groove Audit Service - ok14:58:05.0727 3864 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll14:58:05.0852 3864 MMCSS - ok14:58:05.0914 3864 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys14:58:06.0039 3864 Modem - ok14:58:06.0086 3864 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys14:58:06.0132 3864 monitor - ok14:58:06.0164 3864 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys14:58:06.0179 3864 mouclass - ok14:58:06.0242 3864 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys14:58:06.0288 3864 mouhid - ok14:58:06.0288 3864 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys14:58:06.0304 3864 mountmgr - ok14:58:06.0382 3864 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe14:58:06.0413 3864 MozillaMaintenance - ok14:58:06.0429 3864 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys14:58:06.0444 3864 mpio - ok14:58:06.0460 3864 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys14:58:06.0491 3864 mpsdrv - ok14:58:06.0569 3864 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll14:58:06.0632 3864 MpsSvc - ok14:58:06.0647 3864 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys14:58:06.0663 3864 MRxDAV - ok14:58:06.0694 3864 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys14:58:06.0725 3864 mrxsmb - ok14:58:06.0741 3864 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys14:58:06.0756 3864 mrxsmb10 - ok14:58:06.0772 3864 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys14:58:06.0788 3864 mrxsmb20 - ok14:58:06.0803 3864 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys14:58:06.0803 3864 msahci - ok14:58:06.0819 3864 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys14:58:06.0834 3864 msdsm - ok14:58:06.0866 3864 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe14:58:06.0881 3864 MSDTC - ok14:58:06.0897 3864 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys14:58:06.0928 3864 Msfs - ok14:58:06.0944 3864 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys14:58:07.0022 3864 mshidkmdf - ok14:58:07.0037 3864 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys14:58:07.0037 3864 msisadrv - ok14:58:07.0068 3864 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll14:58:07.0100 3864 MSiSCSI - ok14:58:07.0100 3864 msiserver - ok14:58:07.0115 3864 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys14:58:07.0146 3864 MSKSSRV - ok14:58:07.0146 3864 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys14:58:07.0193 3864 MSPCLOCK - ok14:58:07.0193 3864 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys14:58:07.0224 3864 MSPQM - ok14:58:07.0256 3864 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys14:58:07.0271 3864 MsRPC - ok14:58:07.0287 3864 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys14:58:07.0302 3864 mssmbios - ok14:58:07.0302 3864 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys14:58:07.0334 3864 MSTEE - ok14:58:07.0349 3864 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys14:58:07.0365 3864 MTConfig - ok14:58:07.0365 3864 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys14:58:07.0365 3864 Mup - ok14:58:07.0396 3864 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll14:58:07.0443 3864 napagent - ok14:58:07.0490 3864 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys14:58:07.0536 3864 NativeWifiP - ok14:58:07.0599 3864 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys14:58:07.0630 3864 NDIS - ok14:58:07.0646 3864 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys14:58:07.0661 3864 NdisCap - ok14:58:07.0708 3864 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys14:58:07.0770 3864 NdisTapi - ok14:58:07.0770 3864 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys14:58:07.0802 3864 Ndisuio - ok14:58:07.0802 3864 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys14:58:07.0833 3864 NdisWan - ok14:58:07.0848 3864 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys14:58:07.0864 3864 NDProxy - ok14:58:07.0895 3864 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys14:58:07.0926 3864 NetBIOS - ok14:58:07.0942 3864 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys14:58:07.0958 3864 NetBT - ok14:58:07.0973 3864 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe14:58:07.0989 3864 Netlogon - ok14:58:08.0051 3864 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll14:58:08.0145 3864 Netman - ok14:58:08.0176 3864 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:58:08.0192 3864 NetMsmqActivator - ok14:58:08.0192 3864 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:58:08.0207 3864 NetPipeActivator - ok14:58:08.0207 3864 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll14:58:08.0254 3864 netprofm - ok14:58:08.0332 3864 [ 24cf1304d899124336f67f88f3c15e21 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys14:58:08.0394 3864 netr28x - ok14:58:08.0394 3864 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:58:08.0426 3864 NetTcpActivator - ok14:58:08.0426 3864 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:58:08.0441 3864 NetTcpPortSharing - ok14:58:08.0472 3864 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys14:58:08.0488 3864 nfrd960 - ok14:58:08.0550 3864 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll14:58:08.0644 3864 NlaSvc - ok14:58:08.0660 3864 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys14:58:08.0675 3864 Npfs - ok14:58:08.0691 3864 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll14:58:08.0722 3864 nsi - ok14:58:08.0722 3864 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys14:58:08.0738 3864 nsiproxy - ok14:58:08.0800 3864 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys14:58:08.0831 3864 Ntfs - ok14:58:08.0847 3864 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys14:58:08.0862 3864 Null - ok14:58:08.0909 3864 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys14:58:08.0956 3864 nvraid - ok14:58:08.0972 3864 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys14:58:08.0987 3864 nvstor - ok14:58:08.0987 3864 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys14:58:09.0003 3864 nv_agp - ok14:58:09.0065 3864 [ 84de1dd996b48b05ace31ad015fa108a ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE14:58:09.0096 3864 odserv - ok14:58:09.0112 3864 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys14:58:09.0128 3864 ohci1394 - ok14:58:09.0190 3864 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE14:58:09.0221 3864 ose - ok14:58:09.0252 3864 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll14:58:09.0284 3864 p2pimsvc - ok14:58:09.0299 3864 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll14:58:09.0315 3864 p2psvc - ok14:58:09.0377 3864 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys14:58:09.0408 3864 Parport - ok14:58:09.0424 3864 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys14:58:09.0440 3864 partmgr - ok14:58:09.0455 3864 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll14:58:09.0471 3864 PcaSvc - ok14:58:09.0486 3864 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys14:58:09.0502 3864 pci - ok14:58:09.0518 3864 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys14:58:09.0518 3864 pciide - ok14:58:09.0549 3864 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys14:58:09.0564 3864 pcmcia - ok14:58:09.0580 3864 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys14:58:09.0596 3864 pcw - ok14:58:09.0642 3864 pdfcDispatcher - ok14:58:09.0674 3864 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys14:58:09.0736 3864 PEAUTH - ok14:58:09.0845 3864 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe14:58:09.0892 3864 PerfHost - ok14:58:09.0939 3864 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll14:58:09.0986 3864 pla - ok14:58:10.0064 3864 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll14:58:10.0126 3864 PlugPlay - ok14:58:10.0157 3864 PnkBstrA - ok14:58:10.0188 3864 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll14:58:10.0235 3864 PNRPAutoReg - ok14:58:10.0251 3864 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll14:58:10.0266 3864 PNRPsvc - ok14:58:10.0298 3864 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll14:58:10.0344 3864 PolicyAgent - ok14:58:10.0360 3864 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll14:58:10.0407 3864 Power - ok14:58:10.0469 3864 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys14:58:10.0532 3864 PptpMiniport - ok14:58:10.0547 3864 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys14:58:10.0563 3864 Processor - ok14:58:10.0594 3864 [ 5c78838b4d166d1a27db3a8a820c799a ] ProfSvc C:\Windows\system32\profsvc.dll14:58:10.0625 3864 ProfSvc - ok14:58:10.0641 3864 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe14:58:10.0641 3864 ProtectedStorage - ok14:58:10.0688 3864 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys14:58:10.0703 3864 Psched - ok14:58:10.0781 3864 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys14:58:10.0844 3864 ql2300 - ok14:58:10.0859 3864 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys14:58:10.0859 3864 ql40xx - ok14:58:10.0875 3864 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll14:58:10.0890 3864 QWAVE - ok14:58:10.0922 3864 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys14:58:10.0937 3864 QWAVEdrv - ok14:58:10.0937 3864 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys14:58:10.0968 3864 RasAcd - ok14:58:11.0015 3864 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys14:58:11.0031 3864 RasAgileVpn - ok14:58:11.0062 3864 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll14:58:11.0140 3864 RasAuto - ok14:58:11.0218 3864 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys14:58:11.0280 3864 Rasl2tp - ok14:58:11.0327 3864 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll14:58:11.0390 3864 RasMan - ok14:58:11.0390 3864 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys14:58:11.0421 3864 RasPppoe - ok14:58:11.0436 3864 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys14:58:11.0452 3864 RasSstp - ok14:58:11.0468 3864 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys14:58:11.0499 3864 rdbss - ok14:58:11.0499 3864 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys14:58:11.0514 3864 rdpbus - ok14:58:11.0514 3864 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys14:58:11.0546 3864 RDPCDD - ok14:58:11.0577 3864 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys14:58:11.0592 3864 RDPENCDD - ok14:58:11.0608 3864 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys14:58:11.0639 3864 RDPREFMP - ok14:58:11.0670 3864 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys14:58:11.0717 3864 RDPWD - ok14:58:11.0717 3864 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys14:58:11.0733 3864 rdyboost - ok14:58:11.0780 3864 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll14:58:11.0858 3864 RemoteAccess - ok14:58:11.0873 3864 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll14:58:11.0904 3864 RemoteRegistry - ok14:58:11.0951 3864 [ 085d18c71ab2611a3d61528132b6501e ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe14:58:11.0998 3864 RoxioNow Service - ok14:58:12.0014 3864 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll14:58:12.0045 3864 RpcEptMapper - ok14:58:12.0060 3864 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe14:58:12.0060 3864 RpcLocator - ok14:58:12.0092 3864 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\System32\rpcss.dll14:58:12.0107 3864 RpcSs - ok14:58:12.0170 3864 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys14:58:12.0216 3864 rspndr - ok14:58:12.0279 3864 [ afc12dfa4c7b089673ad67402ca19edb ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys14:58:12.0326 3864 RTL8167 - ok14:58:12.0341 3864 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe14:58:12.0341 3864 SamSs - ok14:58:12.0357 3864 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys14:58:12.0372 3864 sbp2port - ok14:58:12.0404 3864 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll14:58:12.0435 3864 SCardSvr - ok14:58:12.0466 3864 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys14:58:12.0497 3864 scfilter - ok14:58:12.0513 3864 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll14:58:12.0544 3864 Schedule - ok14:58:12.0575 3864 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll14:58:12.0606 3864 SCPolicySvc - ok14:58:12.0606 3864 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll14:58:12.0638 3864 SDRSVC - ok14:58:12.0653 3864 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys14:58:12.0731 3864 secdrv - ok14:58:12.0747 3864 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll14:58:12.0762 3864 seclogon - ok14:58:12.0825 3864 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll14:58:12.0872 3864 SENS - ok14:58:12.0887 3864 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll14:58:12.0903 3864 SensrSvc - ok14:58:12.0965 3864 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys14:58:13.0012 3864 Serenum - ok14:58:13.0059 3864 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys14:58:13.0090 3864 Serial - ok14:58:13.0137 3864 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys14:58:13.0184 3864 sermouse - ok14:58:13.0215 3864 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll14:58:13.0277 3864 SessionEnv - ok14:58:13.0277 3864 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys14:58:13.0293 3864 sffdisk - ok14:58:13.0308 3864 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys14:58:13.0308 3864 sffp_mmc - ok14:58:13.0324 3864 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys14:58:13.0340 3864 sffp_sd - ok14:58:13.0355 3864 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys14:58:13.0371 3864 sfloppy - ok14:58:13.0449 3864 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll14:58:13.0511 3864 SharedAccess - ok14:58:13.0527 3864 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll14:58:13.0558 3864 ShellHWDetection - ok14:58:13.0589 3864 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys14:58:13.0636 3864 SiSRaid2 - ok14:58:13.0652 3864 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys14:58:13.0667 3864 SiSRaid4 - ok14:58:13.0745 3864 [ 6128e98eaaed364ed1a32708d2fd22cb ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe14:58:13.0776 3864 SkypeUpdate - ok14:58:13.0808 3864 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys14:58:13.0870 3864 Smb - ok14:58:13.0964 3864 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe14:58:14.0010 3864 SNMPTRAP - ok14:58:14.0026 3864 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys14:58:14.0026 3864 spldr - ok14:58:14.0057 3864 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe14:58:14.0073 3864 Spooler - ok14:58:14.0151 3864 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe14:58:14.0260 3864 sppsvc - ok14:58:14.0260 3864 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll14:58:14.0291 3864 sppuinotify - ok14:58:14.0322 3864 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys14:58:14.0354 3864 srv - ok14:58:14.0369 3864 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys14:58:14.0385 3864 srv2 - ok14:58:14.0400 3864 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys14:58:14.0416 3864 srvnet - ok14:58:14.0463 3864 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll14:58:14.0525 3864 SSDPSRV - ok14:58:14.0525 3864 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll14:58:14.0556 3864 SstpSvc - ok14:58:14.0572 3864 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys14:58:14.0588 3864 stexstor - ok14:58:14.0634 3864 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll14:58:14.0666 3864 stisvc - ok14:58:14.0681 3864 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys14:58:14.0697 3864 swenum - ok14:58:14.0712 3864 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll14:58:14.0744 3864 swprv - ok14:58:14.0775 3864 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll14:58:14.0822 3864 SysMain - ok14:58:14.0837 3864 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll14:58:14.0853 3864 TabletInputService - ok14:58:14.0868 3864 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll14:58:14.0884 3864 TapiSrv - ok14:58:14.0900 3864 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll14:58:14.0915 3864 TBS - ok14:58:15.0024 3864 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys14:58:15.0056 3864 Tcpip - ok14:58:15.0102 3864 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys14:58:15.0118 3864 TCPIP6 - ok14:58:15.0165 3864 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys14:58:15.0243 3864 tcpipreg - ok14:58:15.0243 3864 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys14:58:15.0274 3864 TDPIPE - ok14:58:15.0321 3864 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys14:58:15.0383 3864 TDTCP - ok14:58:15.0383 3864 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys14:58:15.0430 3864 tdx - ok14:58:15.0446 3864 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys14:58:15.0461 3864 TermDD - ok14:58:15.0492 3864 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll14:58:15.0524 3864 TermService - ok14:58:15.0524 3864 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll14:58:15.0539 3864 Themes - ok14:58:15.0555 3864 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll14:58:15.0586 3864 THREADORDER - ok14:58:15.0586 3864 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll14:58:15.0617 3864 TrkWks - ok14:58:15.0648 3864 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe14:58:15.0680 3864 TrustedInstaller - ok14:58:15.0695 3864 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys14:58:15.0726 3864 tssecsrv - ok14:58:15.0773 3864 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys14:58:15.0804 3864 TsUsbFlt - ok14:58:15.0820 3864 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys14:58:15.0836 3864 TsUsbGD - ok14:58:15.0836 3864 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys14:58:15.0867 3864 tunnel - ok14:58:15.0882 3864 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys14:58:15.0898 3864 uagp35 - ok14:58:15.0914 3864 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys14:58:15.0945 3864 udfs - ok14:58:15.0960 3864 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe14:58:15.0992 3864 UI0Detect - ok14:58:16.0007 3864 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys14:58:16.0023 3864 uliagpkx - ok14:58:16.0054 3864 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys14:58:16.0101 3864 umbus - ok14:58:16.0132 3864 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys14:58:16.0163 3864 UmPass - ok14:58:16.0179 3864 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll14:58:16.0226 3864 upnphost - ok14:58:16.0319 3864 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys14:58:16.0366 3864 usbaudio - ok14:58:16.0382 3864 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys14:58:16.0413 3864 usbccgp - ok14:58:16.0475 3864 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys14:58:16.0506 3864 usbcir - ok14:58:16.0522 3864 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys14:58:16.0538 3864 usbehci - ok14:58:16.0553 3864 [ 2c780746dc44a28fe67004dc58173f05 ] usbfilter C:\Windows\system32\drivers\usbfilter.sys14:58:16.0553 3864 usbfilter - ok14:58:16.0600 3864 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys14:58:16.0616 3864 usbhub - ok14:58:16.0616 3864 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys14:58:16.0647 3864 usbohci - ok14:58:16.0678 3864 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys14:58:16.0756 3864 usbprint - ok14:58:16.0803 3864 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys14:58:16.0850 3864 usbscan - ok14:58:16.0881 3864 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS14:58:16.0912 3864 USBSTOR - ok14:58:16.0928 3864 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys14:58:16.0928 3864 usbuhci - ok14:58:17.0006 3864 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys14:58:17.0052 3864 usbvideo - ok14:58:17.0068 3864 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll14:58:17.0115 3864 UxSms - ok14:58:17.0130 3864 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe14:58:17.0130 3864 VaultSvc - ok14:58:17.0177 3864 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys14:58:17.0208 3864 vdrvroot - ok14:58:17.0240 3864 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe14:58:17.0318 3864 vds - ok14:58:17.0364 3864 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys14:58:17.0411 3864 vga - ok14:58:17.0411 3864 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys14:58:17.0458 3864 VgaSave - ok14:58:17.0474 3864 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys14:58:17.0489 3864 vhdmp - ok14:58:17.0505 3864 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys14:58:17.0505 3864 viaide - ok14:58:17.0520 3864 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys14:58:17.0536 3864 volmgr - ok14:58:17.0536 3864 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys14:58:17.0552 3864 volmgrx - ok14:58:17.0567 3864 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys14:58:17.0583 3864 volsnap - ok14:58:17.0645 3864 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys14:58:17.0676 3864 vsmraid - ok14:58:17.0739 3864 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe14:58:17.0801 3864 VSS - ok14:58:17.0817 3864 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys14:58:17.0832 3864 vwifibus - ok14:58:17.0832 3864 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys14:58:17.0864 3864 vwififlt - ok14:58:17.0879 3864 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys14:58:17.0895 3864 vwifimp - ok14:58:17.0926 3864 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll14:58:17.0942 3864 W32Time - ok14:58:17.0957 3864 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys14:58:17.0973 3864 WacomPen - ok14:58:18.0004 3864 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys14:58:18.0051 3864 WANARP - ok14:58:18.0051 3864 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys14:58:18.0082 3864 Wanarpv6 - ok14:58:18.0160 3864 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe14:58:18.0207 3864 WatAdminSvc - ok14:58:18.0269 3864 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe14:58:18.0316 3864 wbengine - ok14:58:18.0332 3864 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll14:58:18.0363 3864 WbioSrvc - ok14:58:18.0363 3864 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll14:58:18.0394 3864 wcncsvc - ok14:58:18.0394 3864 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll14:58:18.0425 3864 WcsPlugInService - ok14:58:18.0441 3864 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys14:58:18.0456 3864 Wd - ok14:58:18.0488 3864 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys14:58:18.0503 3864 Wdf01000 - ok14:58:18.0519 3864 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll14:58:18.0566 3864 WdiServiceHost - ok14:58:18.0566 3864 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll14:58:18.0581 3864 WdiSystemHost - ok14:58:18.0612 3864 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll14:58:18.0628 3864 WebClient - ok14:58:18.0644 3864 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll14:58:18.0675 3864 Wecsvc - ok14:58:18.0690 3864 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll14:58:18.0706 3864 wercplsupport - ok14:58:18.0737 3864 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll14:58:18.0753 3864 WerSvc - ok14:58:18.0784 3864 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys14:58:18.0846 3864 WfpLwf - ok14:58:18.0846 3864 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys14:58:18.0862 3864 WIMMount - ok14:58:18.0909 3864 WinDefend - ok14:58:18.0909 3864 WinHttpAutoProxySvc - ok14:58:18.0956 3864 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll14:58:18.0971 3864 Winmgmt - ok14:58:19.0018 3864 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll14:58:19.0080 3864 WinRM - ok14:58:19.0143 3864 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys14:58:19.0143 3864 WinUsb - ok14:58:19.0158 3864 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll14:58:19.0205 3864 Wlansvc - ok14:58:19.0236 3864 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe14:58:19.0268 3864 wlcrasvc - ok14:58:19.0361 3864 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE14:58:19.0408 3864 wlidsvc - ok14:58:19.0455 3864 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys14:58:19.0517 3864 WmiAcpi - ok14:58:19.0533 3864 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe14:58:19.0564 3864 wmiApSrv - ok14:58:19.0564 3864 WMPNetworkSvc - ok14:58:19.0595 3864 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll14:58:19.0626 3864 WPCSvc - ok14:58:19.0626 3864 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll14:58:19.0642 3864 WPDBusEnum - ok14:58:19.0673 3864 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys14:58:19.0689 3864 ws2ifsl - ok14:58:19.0767 3864 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll14:58:19.0829 3864 wscsvc - ok14:58:19.0845 3864 WSearch - ok14:58:19.0892 3864 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll14:58:19.0954 3864 wuauserv - ok14:58:19.0954 3864 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys14:58:19.0985 3864 WudfPf - ok14:58:20.0032 3864 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys14:58:20.0110 3864 WUDFRd - ok14:58:20.0126 3864 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll14:58:20.0157 3864 wudfsvc - ok14:58:20.0157 3864 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll14:58:20.0188 3864 WwanSvc - ok14:58:20.0219 3864 ================ Scan global ===============================14:58:20.0250 3864 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll14:58:20.0266 3864 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll14:58:20.0297 3864 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll14:58:20.0313 3864 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll14:58:20.0328 3864 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe14:58:20.0344 3864 [Global] - ok14:58:20.0344 3864 ================ Scan MBR ==================================14:58:20.0344 3864 MBR (0x1B8) (ef4cc5431b415cbc9823d00f44dc8304) \Device\Harddisk0\DR014:58:20.0344 3864 Suspicious mbr (Forged): \Device\Harddisk0\DR014:58:20.0406 3864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected14:58:20.0406 3864 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)14:58:20.0469 3864 \Device\Harddisk0\DR0 ( TDSS File System ) - warning14:58:20.0469 3864 \Device\Harddisk0\DR0 - detected TDSS File System (1)14:58:20.0469 3864 ================ Scan VBR ==================================14:58:20.0469 3864 Boot (0x1200) (5d4c211e225dbafe7a1f9a3864cf1f75) \Device\Harddisk0\DR0\Partition114:58:20.0469 3864 \Device\Harddisk0\DR0\Partition1 - ok14:58:20.0516 3864 Boot (0x1200) (cd17b5bf115d7c8127248151775a5ec9) \Device\Harddisk0\DR0\Partition214:58:20.0516 3864 \Device\Harddisk0\DR0\Partition2 - ok14:58:20.0547 3864 Boot (0x1200) (3599d8080490f4da2a307d5378d6efda) \Device\Harddisk0\DR0\Partition314:58:20.0547 3864 \Device\Harddisk0\DR0\Partition3 - ok14:58:20.0547 3864 ============================================================14:58:20.0547 3864 Scan finished14:58:20.0547 3864 ============================================================14:58:20.0578 3396 Detected object count: 414:58:20.0578 3396 Actual detected object count: 414:58:50.0327 3396 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user14:58:50.0327 3396 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip14:58:50.0327 3396 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user14:58:50.0327 3396 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip14:58:50.0936 3396 \Device\Harddisk0\DR0\# - copied to quarantine14:58:50.0951 3396 \Device\Harddisk0\DR0 - copied to quarantine14:58:51.0014 3396 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine14:58:51.0014 3396 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine14:58:51.0014 3396 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine14:58:51.0014 3396 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine14:58:51.0045 3396 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine14:58:51.0045 3396 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine14:58:51.0045 3396 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine14:58:51.0045 3396 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine14:58:51.0045 3396 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine14:58:51.0060 3396 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine14:58:51.0060 3396 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine14:58:51.0060 3396 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine14:58:51.0060 3396 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine14:58:51.0060 3396 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine14:58:51.0123 3396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot14:58:51.0154 3396 \Device\Harddisk0\DR0 - ok14:58:51.0482 3396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure14:58:51.0482 3396 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user14:58:51.0482 3396 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip14:58:56.0864 4860 Deinitialize success Link to post Share on other sites More sharing options...
MrCharlie Posted August 19, 2012 ID:587437 Share Posted August 19, 2012 Run TDSSKiller again and choose Delete for this one only: (no need to post the log)14:58:51.0482 3396 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user14:58:51.0482 3396 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip~~~~~~~~~~~~~~~~~~~Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
Komodo Posted August 20, 2012 Author ID:587491 Share Posted August 20, 2012 The computer is running fine. I'm not being redirected anymore while on the internet. There was still one item that came up on the scan. Here is the latest mbam log:Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.19.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Tice :: TICE-HP [administrator]8/19/2012 5:52:10 PMmbam-log-2012-08-19 (17-52-10).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 202151Time elapsed: 2 minute(s), 26 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
MrCharlie Posted August 20, 2012 ID:587493 Share Posted August 20, 2012 That's OK, run another quick scan and it should come up clean, MrC Link to post Share on other sites More sharing options...
Komodo Posted August 20, 2012 Author ID:587537 Share Posted August 20, 2012 Yes, the scan came up clean. Thank you MrC!! Link to post Share on other sites More sharing options...
MrCharlie Posted August 20, 2012 ID:587569 Share Posted August 20, 2012 Great A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassociates.com/OT-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 20, 2012 ID:587593 Share Posted August 20, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts