Jump to content

Infected with MRGGen Trojan


Marth9

Recommended Posts

MBAM has identified the MRGGen trojan on my computer, but I am unable to reboot in normal mode without a blue screen error. I have included the dds files below.

DDS (Ver_2012-11-07.01) - NTFS_x86 NETWORK

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2

Run by Martha at 12:25:39 on 2012-11-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2440 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WerFault.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\McAfee\MAT\McPvTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [ASUSGamerOSD] c:\program files\asus\gamerosd\GamerOSD.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee online backup\MOBKstat.exe

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{5C6FCFAE-D2E9-4AB9-955A-E78A514D1D51} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{60960038-A57C-4527-8277-A22BD11ABDEE} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\martha\appdata\roaming\mozilla\firefox\profiles\po1aves9.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=644CEA47-E737-4F6F-8253-1D60D49D15FE&n=77ee403b&ptnrS=Z7xdm051YYus&si=4721

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-9-28 64832]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 554048]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-4-17 206784]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-16 167784]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-4-16 168368]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-4-16 166320]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-4-16 60480]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-4-16 360792]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 335872]

S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2012-4-16 54776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-4-17 21504]

S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-27 399432]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-16 676936]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-16 167784]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-16 167784]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-16 167784]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-4-16 200816]

S2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312]

S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-9-28 146872]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-16 22856]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-18 40776]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-4-16 230224]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-4-16 61912]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-4-16 92192]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-4-16 89792]

.

=============== Created Last 30 ================

.

2012-11-18 17:12:55 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2012-11-18 17:12:55 -------- d-----w- c:\program files\SpywareBlaster

2012-11-18 16:38:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-10-27 20:33:13 175240 ----a-w- c:\program files\gtres.dll

2012-10-27 19:35:07 -------- d-----w- c:\programdata\CAM Development

2012-10-27 19:35:06 -------- d-----w- c:\program files\CAM Development

2012-10-27 19:34:51 -------- d-----w- c:\users\martha\appdata\local\Wajam

.

==================== Find3M ====================

.

2012-10-09 17:03:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 17:03:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-02 22:53:24 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-02 22:53:18 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-02 22:53:18 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-14 20:26:32 64832 ----a-w- c:\windows\system32\drivers\McPvDrv.sys

2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-30 19:13:00 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll

2012-08-30 19:13:00 7626088 ----a-w- c:\windows\system32\nvcuda.dll

2012-08-30 19:13:00 6109032 ----a-w- c:\windows\system32\nvopencl.dll

2012-08-30 19:13:00 2573672 ----a-w- c:\windows\system32\nvcuvid.dll

2012-08-30 19:13:00 2422120 ----a-w- c:\windows\system32\nvapi.dll

2012-08-30 19:13:00 19828584 ----a-w- c:\windows\system32\nvoglv32.dll

2012-08-30 19:13:00 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-08-30 19:13:00 17559912 ----a-w- c:\windows\system32\nvcompiler.dll

2012-08-30 19:13:00 15291752 ----a-w- c:\windows\system32\nvd3dum.dll

2012-08-30 19:13:00 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-08-30 19:13:00 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-08-30 19:13:00 1009512 ----a-w- c:\windows\system32\nvdispco32.dll

2012-08-30 15:57:55 645992 ----a-w- c:\windows\system32\nvvsvc.exe

2012-08-30 15:57:54 62312 ----a-w- c:\windows\system32\nvshext.dll

2012-08-30 15:57:54 108392 ----a-w- c:\windows\system32\nvmctray.dll

2012-08-30 15:57:32 3963240 ----a-w- c:\windows\system32\nvcpl.dll

2012-08-30 15:57:27 2836840 ----a-w- c:\windows\system32\nvsvc.dll

2012-08-30 14:40:14 429416 ----a-w- c:\windows\system32\nvStreaming.exe

2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 12:26:27.32 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 4/16/2012 8:21:30 PM

System Uptime: 11/18/2012 11:35:18 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5K-E

Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | LGA775 | 2671/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 233 GiB total, 132.675 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: Standard PS/2 Keyboard

Device ID: ACPI\PNP0303\4&23F9C1E3&0

Manufacturer: (Standard keyboards)

Name: Standard PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0

Service: i8042prt

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Gamer OSD

ASUS nVidia Driver

ASUS Smart Doctor

ASUS Utilities

ASUS VideoSecurity Online

Bonjour

CAM UnZip 4.5

Cisco Connect

Cool & Quiet

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diablo III

Drivers Install For Linksys Easylink Advisor

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iTunes

Java 7 Update 7

Java Auto Updater

LightScribe System Software

Macromedia Flash Player 8

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee Online Backup

McAfee Total Protection

McAfee Virtual Technician

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

Nero 7 Essentials

NVIDIA 3D Vision Controller Driver 306.23

NVIDIA 3D Vision Driver 306.23

NVIDIA Control Panel 306.23

NVIDIA Graphics Driver 306.23

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

QuickTime

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Shared C Run-time for x86

SpywareBlaster 4.6

System Requirements Lab for Intel

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

World of Warcraft

XviD MPEG-4 Video Codec

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Here are the log results:

Results of screen317's Security Check version 0.99.54

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

SpywareBlaster 4.6

Malwarebytes Anti-Malware version 1.65.1.1000

Java 7 Update 7

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader X (10.1.4)

Mozilla Firefox (16.0.2)

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

# AdwCleaner v2.008 - Logfile created 11/18/2012 at 14:46:15

# Updated 17/11/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : Martha - MARTHA-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Martha\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\po1aves9.default\searchplugins\my-web-search.xml

Folder Deleted : C:\Users\Martha\AppData\Local\Wajam

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\po1aves9.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "My Web Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=644CEA47-E737-4F6[...]

Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{4ED1F68A-5463-4931-9384-8FF[...]

Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");

Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);

Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.yahoo.com/search?fr=mcafee&p=");

Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Secure Search");

Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

*************************

AdwCleaner[s1].txt - [1899 octets] - [18/11/2012 14:46:15]

########## EOF - C:\AdwCleaner[s1].txt - [1959 octets] ##########

RogueKiller V8.3.0 [Nov 18 2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Safe mode with network support

User : Martha [Admin rights]

Mode : Scan -- Date : 11/18/2012 15:19:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 253a96b5ef5277f088013de1200bda5f

[bSP] ea07d25919a260d1176cc15f26600547 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 79bad96e4407744931353f7cdb6bcb37

[bSP] ea07d25919a260d1176cc15f26600547 : Windows Vista MBR Code

Partition table:

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo

Finished : << RKreport[1]_S_11182012_02d1519.txt >>

RKreport[1]_S_11182012_02d1519.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

I ran the program, but I still cannot get my computer to start in normal mode without a blue screen. It seems to work just fine in safe mode, though. Also, during the running of ComboFix, it gave me several messages that access was denied because it did not have administrator priveleges. I clicked run as administrator, so that should not have been an issue. In addition, it gave me the warning that McAfee was not turned off, but I had turned all the processes off in the task manager and shut down the parts of the program. I also removed it as a startup program and reran the scan.

Here is the data:

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2749 [GMT -5:00]

Running from: c:\users\Martha\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))

.

.

2012-11-18 23:01 . 2012-11-18 23:01 -------- d-----w- c:\users\Martha\AppData\Local\temp

2012-11-18 23:01 . 2012-11-18 23:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-18 23:01 . 2012-11-18 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-18 22:52 . 2012-11-18 22:52 -------- d-----w- c:\windows\Sun

2012-11-18 17:12 . 2012-11-18 17:14 -------- d-----w- c:\program files\SpywareBlaster

2012-11-18 17:12 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2012-10-27 20:33 . 2012-10-27 01:10 175240 ----a-w- c:\program files\gtres.dll

2012-10-27 19:35 . 2012-10-27 19:35 -------- d-----w- c:\programdata\CAM Development

2012-10-27 19:35 . 2012-10-27 19:35 -------- d-----w- c:\program files\CAM Development

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 17:03 . 2012-05-28 21:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 17:03 . 2012-05-28 21:27 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-02 22:53 . 2012-10-02 22:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-02 22:53 . 2012-10-02 22:54 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-02 22:53 . 2012-04-17 01:19 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-29 23:54 . 2012-04-17 03:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-29 14:23 . 2012-09-29 14:23 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-09-29 14:23 . 2012-09-29 14:23 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-09-29 14:22 . 2012-09-29 14:22 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll

2012-09-14 20:26 . 2012-09-28 23:32 64832 ----a-w- c:\windows\system32\drivers\McPvDrv.sys

2012-09-13 13:28 . 2012-10-09 23:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-30 19:13 . 2012-09-25 23:21 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll

2012-08-30 19:13 . 2012-09-25 23:21 6109032 ----a-w- c:\windows\system32\nvopencl.dll

2012-08-30 19:13 . 2012-09-25 23:21 19828584 ----a-w- c:\windows\system32\nvoglv32.dll

2012-08-30 19:13 . 2012-09-25 23:21 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-08-30 19:13 . 2012-09-25 23:21 7626088 ----a-w- c:\windows\system32\nvcuda.dll

2012-08-30 19:13 . 2012-09-25 23:21 2573672 ----a-w- c:\windows\system32\nvcuvid.dll

2012-08-30 19:13 . 2012-09-25 23:21 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-08-30 19:13 . 2012-09-25 23:21 17559912 ----a-w- c:\windows\system32\nvcompiler.dll

2012-08-30 19:13 . 2012-02-10 02:43 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-08-30 19:13 . 2012-02-10 02:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll

2012-08-30 19:13 . 2008-01-03 14:26 2422120 ----a-w- c:\windows\system32\nvapi.dll

2012-08-30 19:13 . 2008-01-03 14:26 15291752 ----a-w- c:\windows\system32\nvd3dum.dll

2012-08-30 15:57 . 2012-04-17 02:40 645992 ----a-w- c:\windows\system32\nvvsvc.exe

2012-08-30 15:57 . 2012-04-17 02:40 62312 ----a-w- c:\windows\system32\nvshext.dll

2012-08-30 15:57 . 2008-01-03 14:26 108392 ----a-w- c:\windows\system32\nvmctray.dll

2012-08-30 15:57 . 2008-01-03 14:26 3963240 ----a-w- c:\windows\system32\nvcpl.dll

2012-08-30 15:57 . 2008-01-03 14:26 2836840 ----a-w- c:\windows\system32\nvsvc.dll

2012-08-30 14:40 . 2012-08-30 14:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe

2012-08-29 11:27 . 2012-10-09 23:45 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-29 11:27 . 2012-10-09 23:45 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 15:53 . 2012-10-09 23:45 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 06:59 . 2012-09-24 07:01 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-24 07:01 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-24 07:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-24 07:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-24 07:01 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-24 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-10-27 19:35 . 2012-10-14 20:34 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-11-30 380928]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Online Backup Status.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk

backup=c:\windows\pss\McAfee Online Backup Status.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-05-31 00:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-07-04 18:01 148776 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]

2012-09-12 16:21 1278648 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-07-04 18:20 161064 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-06-20 19:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 17:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

FF - ProfilePath - c:\users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\po1aves9.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-18 18:01

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2340)

c:\program files\McAfee Online Backup\MOBKshell.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll

.

Completion time: 2012-11-18 18:03:25

ComboFix-quarantined-files.txt 2012-11-18 23:03

.

Pre-Run: 142,639,157,248 bytes free

Post-Run: 142,978,048,000 bytes free

.

- - End Of File - - 21119E8C749A7F0E7D54871316D9970D

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Thanks so much for your help so far!! Sorry I didn't say that earlier. Here are the newest logs you requested...

21:20:11.0128 0500 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

21:20:11.0846 0500 ============================================================

21:20:11.0846 0500 Current date / time: 2012/11/18 21:20:11.0846

21:20:11.0846 0500 SystemInfo:

21:20:11.0846 0500

21:20:11.0846 0500 OS Version: 6.0.6002 ServicePack: 2.0

21:20:11.0846 0500 Product type: Workstation

21:20:11.0846 0500 ComputerName: MARTHA-PC

21:20:11.0846 0500 UserName: Martha

21:20:11.0846 0500 Windows directory: C:\Windows

21:20:11.0846 0500 System windows directory: C:\Windows

21:20:11.0846 0500 Processor architecture: Intel x86

21:20:11.0846 0500 Number of processors: 2

21:20:11.0846 0500 Page size: 0x1000

21:20:11.0846 0500 Boot type: Safe boot with network

21:20:11.0846 0500 ============================================================

21:20:12.0626 0500 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:20:12.0626 0500 ============================================================

21:20:12.0626 0500 \Device\Harddisk0\DR0:

21:20:12.0626 0500 MBR partitions:

21:20:12.0626 0500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800

21:20:12.0626 0500 ============================================================

21:20:12.0657 0500 C: <-> \Device\Harddisk0\DR0\Partition1

21:20:12.0657 0500 ============================================================

21:20:12.0657 0500 Initialize success

21:20:12.0657 0500 ============================================================

21:20:18.0429 3744 ============================================================

21:20:18.0429 3744 Scan started

21:20:18.0429 3744 Mode: Manual;

21:20:18.0429 3744 ============================================================

21:20:19.0131 3744 ================ Scan system memory ========================

21:20:19.0131 3744 System memory - ok

21:20:19.0131 3744 ================ Scan services =============================

21:20:19.0287 3744 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

21:20:19.0287 3744 ACPI - ok

21:20:19.0334 3744 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

21:20:19.0334 3744 AdobeARMservice - ok

21:20:19.0381 3744 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:20:19.0381 3744 AdobeFlashPlayerUpdateSvc - ok

21:20:19.0428 3744 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

21:20:19.0428 3744 adp94xx - ok

21:20:19.0474 3744 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys

21:20:19.0474 3744 adpahci - ok

21:20:19.0490 3744 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

21:20:19.0490 3744 adpu160m - ok

21:20:19.0506 3744 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys

21:20:19.0506 3744 adpu320 - ok

21:20:19.0552 3744 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:20:19.0552 3744 AeLookupSvc - ok

21:20:19.0615 3744 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

21:20:19.0615 3744 AFD - ok

21:20:19.0630 3744 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys

21:20:19.0630 3744 agp440 - ok

21:20:19.0662 3744 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

21:20:19.0662 3744 aic78xx - ok

21:20:19.0708 3744 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

21:20:19.0708 3744 ALG - ok

21:20:19.0724 3744 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys

21:20:19.0724 3744 aliide - ok

21:20:19.0740 3744 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys

21:20:19.0740 3744 amdagp - ok

21:20:19.0755 3744 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys

21:20:19.0755 3744 amdide - ok

21:20:19.0771 3744 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

21:20:19.0771 3744 AmdK7 - ok

21:20:19.0802 3744 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

21:20:19.0802 3744 AmdK8 - ok

21:20:19.0864 3744 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

21:20:19.0864 3744 Appinfo - ok

21:20:20.0005 3744 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:20:20.0005 3744 Apple Mobile Device - ok

21:20:20.0067 3744 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys

21:20:20.0067 3744 arc - ok

21:20:20.0098 3744 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys

21:20:20.0098 3744 arcsas - ok

21:20:20.0130 3744 [ F986C42836E3A77F309734F43B653377 ] ASDR C:\Windows\System32\ASDR.exe

21:20:20.0145 3744 ASDR - ok

21:20:20.0161 3744 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\Windows\system32\drivers\AsIO.sys

21:20:20.0161 3744 AsIO - ok

21:20:20.0176 3744 [ B6E6B264E9C4D0AD0E97AF8434C8754D ] asusgsb C:\Windows\system32\drivers\asusgsb.sys

21:20:20.0176 3744 asusgsb - ok

21:20:20.0176 3744 [ 94442E3029FF6C9F08140FE6718AF4FB ] ASUSVRC C:\Windows\system32\DRIVERS\AsusVRC.sys

21:20:20.0176 3744 ASUSVRC - ok

21:20:20.0223 3744 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:20:20.0223 3744 AsyncMac - ok

21:20:20.0270 3744 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

21:20:20.0270 3744 atapi - ok

21:20:20.0270 3744 [ 697339FF5CEA803625BB452EADBD3B2C ] atkdisplf C:\Windows\system32\drivers\ATKDispLowFilter.sys

21:20:20.0270 3744 atkdisplf - ok

21:20:20.0286 3744 [ E436037994EB711DFE53B8E323B3000C ] ATKFUSService C:\Windows\system32\ATKFUSService.exe

21:20:20.0301 3744 ATKFUSService - ok

21:20:20.0364 3744 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:20:20.0364 3744 AudioEndpointBuilder - ok

21:20:20.0379 3744 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

21:20:20.0379 3744 Audiosrv - ok

21:20:20.0395 3744 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

21:20:20.0395 3744 Beep - ok

21:20:20.0426 3744 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

21:20:20.0426 3744 BFE - ok

21:20:20.0488 3744 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll

21:20:20.0488 3744 BITS - ok

21:20:20.0488 3744 blbdrive - ok

21:20:20.0551 3744 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

21:20:20.0551 3744 Bonjour Service - ok

21:20:20.0582 3744 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:20:20.0582 3744 bowser - ok

21:20:20.0613 3744 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

21:20:20.0613 3744 BrFiltLo - ok

21:20:20.0613 3744 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

21:20:20.0613 3744 BrFiltUp - ok

21:20:20.0660 3744 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

21:20:20.0660 3744 Browser - ok

21:20:20.0676 3744 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

21:20:20.0676 3744 Brserid - ok

21:20:20.0691 3744 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

21:20:20.0691 3744 BrSerWdm - ok

21:20:20.0707 3744 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

21:20:20.0707 3744 BrUsbMdm - ok

21:20:20.0722 3744 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

21:20:20.0722 3744 BrUsbSer - ok

21:20:20.0722 3744 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

21:20:20.0722 3744 BTHMODEM - ok

21:20:20.0816 3744 catchme - ok

21:20:20.0847 3744 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:20:20.0847 3744 cdfs - ok

21:20:20.0894 3744 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:20:20.0894 3744 cdrom - ok

21:20:20.0956 3744 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

21:20:20.0956 3744 CertPropSvc - ok

21:20:20.0972 3744 [ 958C33D0715D1496684D2E5E329748E8 ] cfwids C:\Windows\system32\drivers\cfwids.sys

21:20:20.0972 3744 cfwids - ok

21:20:21.0003 3744 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys

21:20:21.0003 3744 circlass - ok

21:20:21.0050 3744 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

21:20:21.0050 3744 CLFS - ok

21:20:21.0097 3744 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:20:21.0097 3744 clr_optimization_v2.0.50727_32 - ok

21:20:21.0144 3744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:20:21.0144 3744 clr_optimization_v4.0.30319_32 - ok

21:20:21.0175 3744 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:20:21.0175 3744 cmdide - ok

21:20:21.0206 3744 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

21:20:21.0206 3744 Compbatt - ok

21:20:21.0206 3744 COMSysApp - ok

21:20:21.0222 3744 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

21:20:21.0222 3744 crcdisk - ok

21:20:21.0237 3744 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys

21:20:21.0237 3744 Crusoe - ok

21:20:21.0315 3744 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:20:21.0315 3744 CryptSvc - ok

21:20:21.0378 3744 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

21:20:21.0378 3744 DcomLaunch - ok

21:20:21.0393 3744 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:20:21.0393 3744 DfsC - ok

21:20:21.0471 3744 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

21:20:21.0471 3744 DFSR - ok

21:20:21.0518 3744 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

21:20:21.0518 3744 Dhcp - ok

21:20:21.0549 3744 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

21:20:21.0549 3744 disk - ok

21:20:21.0565 3744 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:20:21.0565 3744 Dnscache - ok

21:20:21.0612 3744 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

21:20:21.0612 3744 dot3svc - ok

21:20:21.0658 3744 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

21:20:21.0658 3744 DPS - ok

21:20:21.0674 3744 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:20:21.0674 3744 drmkaud - ok

21:20:21.0721 3744 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:20:21.0721 3744 DXGKrnl - ok

21:20:21.0752 3744 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

21:20:21.0752 3744 E1G60 - ok

21:20:21.0799 3744 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

21:20:21.0799 3744 EapHost - ok

21:20:21.0846 3744 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

21:20:21.0846 3744 Ecache - ok

21:20:21.0908 3744 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

21:20:21.0908 3744 ehRecvr - ok

21:20:21.0939 3744 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

21:20:21.0939 3744 ehSched - ok

21:20:21.0955 3744 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

21:20:21.0955 3744 ehstart - ok

21:20:21.0970 3744 [ 02F9D43D038323D88D14BFAB22535A54 ] EIO C:\Windows\system32\DRIVERS\EIO.sys

21:20:21.0970 3744 EIO - ok

21:20:21.0986 3744 [ 7EC42EC12A4BAC14BCCA99FB06F2D125 ] elagopro C:\Windows\system32\DRIVERS\elagopro.sys

21:20:21.0986 3744 elagopro - ok

21:20:22.0002 3744 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] elaunidr C:\Windows\system32\DRIVERS\elaunidr.sys

21:20:22.0002 3744 elaunidr - ok

21:20:22.0033 3744 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys

21:20:22.0033 3744 elxstor - ok

21:20:22.0080 3744 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

21:20:22.0080 3744 EMDMgmt - ok

21:20:22.0126 3744 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

21:20:22.0126 3744 EventSystem - ok

21:20:22.0173 3744 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

21:20:22.0173 3744 exfat - ok

21:20:22.0189 3744 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:20:22.0189 3744 fastfat - ok

21:20:22.0236 3744 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

21:20:22.0236 3744 fdc - ok

21:20:22.0282 3744 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

21:20:22.0282 3744 fdPHost - ok

21:20:22.0298 3744 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

21:20:22.0298 3744 FDResPub - ok

21:20:22.0314 3744 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:20:22.0314 3744 FileInfo - ok

21:20:22.0329 3744 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:20:22.0329 3744 Filetrace - ok

21:20:22.0345 3744 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

21:20:22.0345 3744 flpydisk - ok

21:20:22.0376 3744 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:20:22.0376 3744 FltMgr - ok

21:20:22.0454 3744 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll

21:20:22.0454 3744 FontCache - ok

21:20:22.0501 3744 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

21:20:22.0501 3744 FontCache3.0.0.0 - ok

21:20:22.0516 3744 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:20:22.0516 3744 Fs_Rec - ok

21:20:22.0563 3744 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

21:20:22.0563 3744 gagp30kx - ok

21:20:22.0594 3744 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:20:22.0594 3744 GEARAspiWDM - ok

21:20:22.0657 3744 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

21:20:22.0657 3744 gpsvc - ok

21:20:22.0704 3744 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:20:22.0704 3744 HdAudAddService - ok

21:20:22.0750 3744 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

21:20:22.0766 3744 HDAudBus - ok

21:20:22.0766 3744 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

21:20:22.0766 3744 HidBth - ok

21:20:22.0797 3744 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

21:20:22.0797 3744 HidIr - ok

21:20:22.0813 3744 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

21:20:22.0813 3744 hidserv - ok

21:20:22.0828 3744 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:20:22.0828 3744 HidUsb - ok

21:20:22.0875 3744 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

21:20:22.0875 3744 HipShieldK - ok

21:20:22.0906 3744 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

21:20:22.0906 3744 hkmsvc - ok

21:20:22.0922 3744 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

21:20:22.0938 3744 HpCISSs - ok

21:20:22.0969 3744 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:20:22.0969 3744 HTTP - ok

21:20:23.0000 3744 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys

21:20:23.0000 3744 i2omp - ok

21:20:23.0062 3744 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

21:20:23.0062 3744 i8042prt - ok

21:20:23.0094 3744 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

21:20:23.0094 3744 iaStorV - ok

21:20:23.0187 3744 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

21:20:23.0187 3744 IDriverT - ok

21:20:23.0265 3744 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:20:23.0281 3744 idsvc - ok

21:20:23.0296 3744 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

21:20:23.0296 3744 iirsp - ok

21:20:23.0343 3744 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

21:20:23.0343 3744 IKEEXT - ok

21:20:23.0374 3744 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys

21:20:23.0374 3744 intelide - ok

21:20:23.0406 3744 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

21:20:23.0406 3744 intelppm - ok

21:20:23.0421 3744 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:20:23.0437 3744 IPBusEnum - ok

21:20:23.0452 3744 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:20:23.0452 3744 IpFilterDriver - ok

21:20:23.0499 3744 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:20:23.0499 3744 iphlpsvc - ok

21:20:23.0499 3744 IpInIp - ok

21:20:23.0546 3744 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

21:20:23.0562 3744 IPMIDRV - ok

21:20:23.0577 3744 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

21:20:23.0577 3744 IPNAT - ok

21:20:23.0624 3744 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

21:20:23.0624 3744 iPod Service - ok

21:20:23.0640 3744 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:20:23.0640 3744 IRENUM - ok

21:20:23.0671 3744 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:20:23.0671 3744 isapnp - ok

21:20:23.0718 3744 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

21:20:23.0718 3744 iScsiPrt - ok

21:20:23.0749 3744 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

21:20:23.0749 3744 iteatapi - ok

21:20:23.0749 3744 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

21:20:23.0764 3744 iteraid - ok

21:20:23.0796 3744 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:20:23.0796 3744 kbdclass - ok

21:20:23.0842 3744 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

21:20:23.0842 3744 kbdhid - ok

21:20:23.0874 3744 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

21:20:23.0874 3744 KeyIso - ok

21:20:23.0905 3744 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:20:23.0905 3744 KSecDD - ok

21:20:23.0952 3744 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

21:20:23.0952 3744 KtmRm - ok

21:20:23.0998 3744 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

21:20:23.0998 3744 LanmanServer - ok

21:20:24.0014 3744 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:20:24.0014 3744 LanmanWorkstation - ok

21:20:24.0045 3744 [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

21:20:24.0045 3744 LightScribeService - ok

21:20:24.0092 3744 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:20:24.0092 3744 lltdio - ok

21:20:24.0108 3744 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:20:24.0108 3744 lltdsvc - ok

21:20:24.0154 3744 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:20:24.0154 3744 lmhosts - ok

21:20:24.0186 3744 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

21:20:24.0186 3744 LSI_FC - ok

21:20:24.0201 3744 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

21:20:24.0201 3744 LSI_SAS - ok

21:20:24.0232 3744 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

21:20:24.0232 3744 LSI_SCSI - ok

21:20:24.0264 3744 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

21:20:24.0264 3744 luafv - ok

21:20:24.0295 3744 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

21:20:24.0295 3744 MBAMProtector - ok

21:20:24.0342 3744 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

21:20:24.0342 3744 MBAMScheduler - ok

21:20:24.0373 3744 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

21:20:24.0373 3744 MBAMService - ok

21:20:24.0420 3744 [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

21:20:24.0420 3744 McAfee SiteAdvisor Service - ok

21:20:24.0420 3744 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

21:20:24.0420 3744 McMPFSvc - ok

21:20:24.0435 3744 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

21:20:24.0435 3744 mcmscsvc - ok

21:20:24.0435 3744 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

21:20:24.0435 3744 McNaiAnn - ok

21:20:24.0466 3744 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

21:20:24.0466 3744 McNASvc - ok

21:20:24.0498 3744 [ E63BF12007702D6AC5037AF1E0C6B1C9 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

21:20:24.0498 3744 McODS - ok

21:20:24.0513 3744 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

21:20:24.0513 3744 McProxy - ok

21:20:24.0529 3744 [ E2E5B3BE663570089F352D311B3D335F ] McPvDrv C:\Windows\system32\drivers\McPvDrv.sys

21:20:24.0529 3744 McPvDrv - ok

21:20:24.0560 3744 [ 6A78931E71218F38B2B4665D2BA79789 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

21:20:24.0560 3744 McShield - ok

21:20:24.0591 3744 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

21:20:24.0591 3744 Mcx2Svc - ok

21:20:24.0638 3744 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys

21:20:24.0638 3744 megasas - ok

21:20:24.0669 3744 [ 38995E33939DCA02BEED384C37A0BABB ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

21:20:24.0669 3744 mfeapfk - ok

21:20:24.0700 3744 [ ACB64C134E0FA7124FE67A8CC5F02833 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

21:20:24.0700 3744 mfeavfk - ok

21:20:24.0732 3744 [ FB331E460DBAE41B7CBDD72E690D6DA3 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys

21:20:24.0732 3744 mfebopk - ok

21:20:24.0747 3744 [ 8421EF9F71E0595BE68B5D913ED0FE78 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

21:20:24.0747 3744 mfefire - ok

21:20:24.0763 3744 [ 53891A53ACF0D43088E899DDD7209ACC ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

21:20:24.0763 3744 mfefirek - ok

21:20:24.0794 3744 [ 2F70286021B917F6D69C32C5DB8CD288 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

21:20:24.0794 3744 mfehidk - ok

21:20:24.0794 3744 [ 9171F3CA5DDD1D6A590B295F90E1E3BB ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

21:20:24.0794 3744 mferkdet - ok

21:20:24.0810 3744 [ 922E64CA38E38106498FB3435A8E399D ] mfetdi2k C:\Windows\system32\drivers\mfetdi2k.sys

21:20:24.0810 3744 mfetdi2k - ok

21:20:24.0841 3744 [ 958E4A10C7C2C80714882542934C6912 ] mfevtp C:\Windows\system32\mfevtps.exe

21:20:24.0841 3744 mfevtp - ok

21:20:24.0856 3744 [ 07A474725D2DC08759496F58164795CB ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

21:20:24.0856 3744 mfewfpk - ok

21:20:24.0903 3744 Microsoft SharePoint Workspace Audit Service - ok

21:20:24.0934 3744 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

21:20:24.0934 3744 MMCSS - ok

21:20:24.0981 3744 [ 35176FA09A0FC58DB630991A81A0BA39 ] MOBKbackup C:\Program Files\McAfee Online Backup\MOBKbackup.exe

21:20:24.0981 3744 MOBKbackup - ok

21:20:24.0997 3744 [ E896775837A8BCE436348DF460522394 ] MOBKFilter C:\Windows\system32\DRIVERS\MOBK.sys

21:20:24.0997 3744 MOBKFilter - ok

21:20:25.0012 3744 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

21:20:25.0012 3744 Modem - ok

21:20:25.0044 3744 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:20:25.0044 3744 monitor - ok

21:20:25.0106 3744 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:20:25.0106 3744 mouclass - ok

21:20:25.0106 3744 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:20:25.0106 3744 mouhid - ok

21:20:25.0137 3744 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

21:20:25.0137 3744 MountMgr - ok

21:20:25.0200 3744 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

21:20:25.0200 3744 MozillaMaintenance - ok

21:20:25.0231 3744 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys

21:20:25.0231 3744 mpio - ok

21:20:25.0262 3744 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:20:25.0262 3744 mpsdrv - ok

21:20:25.0309 3744 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

21:20:25.0309 3744 MpsSvc - ok

21:20:25.0340 3744 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

21:20:25.0340 3744 Mraid35x - ok

21:20:25.0356 3744 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:20:25.0356 3744 MRxDAV - ok

21:20:25.0418 3744 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:20:25.0418 3744 mrxsmb - ok

21:20:25.0465 3744 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:20:25.0465 3744 mrxsmb10 - ok

21:20:25.0465 3744 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:20:25.0465 3744 mrxsmb20 - ok

21:20:25.0496 3744 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys

21:20:25.0496 3744 msahci - ok

21:20:25.0512 3744 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:20:25.0512 3744 msdsm - ok

21:20:25.0543 3744 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

21:20:25.0543 3744 MSDTC - ok

21:20:25.0605 3744 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:20:25.0605 3744 Msfs - ok

21:20:25.0621 3744 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:20:25.0621 3744 msisadrv - ok

21:20:25.0652 3744 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:20:25.0652 3744 MSiSCSI - ok

21:20:25.0652 3744 msiserver - ok

21:20:25.0683 3744 [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

21:20:25.0683 3744 MSK80Service - ok

21:20:25.0714 3744 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:20:25.0714 3744 MSKSSRV - ok

21:20:25.0746 3744 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:20:25.0746 3744 MSPCLOCK - ok

21:20:25.0761 3744 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:20:25.0761 3744 MSPQM - ok

21:20:25.0792 3744 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:20:25.0792 3744 MsRPC - ok

21:20:25.0808 3744 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

21:20:25.0808 3744 mssmbios - ok

21:20:25.0855 3744 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:20:25.0855 3744 MSTEE - ok

21:20:25.0886 3744 [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

21:20:25.0886 3744 MTsensor - ok

21:20:25.0917 3744 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

21:20:25.0917 3744 Mup - ok

21:20:25.0980 3744 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

21:20:25.0980 3744 napagent - ok

21:20:26.0042 3744 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:20:26.0042 3744 NativeWifiP - ok

21:20:26.0120 3744 [ D9C2C7AA7D811709E63C7194AD4D345F ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

21:20:26.0120 3744 NBService - ok

21:20:26.0151 3744 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

21:20:26.0151 3744 NDIS - ok

21:20:26.0198 3744 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:20:26.0198 3744 NdisTapi - ok

21:20:26.0214 3744 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:20:26.0214 3744 Ndisuio - ok

21:20:26.0245 3744 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:20:26.0245 3744 NdisWan - ok

21:20:26.0260 3744 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:20:26.0260 3744 NDProxy - ok

21:20:26.0292 3744 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:20:26.0292 3744 NetBIOS - ok

21:20:26.0323 3744 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

21:20:26.0323 3744 netbt - ok

21:20:26.0338 3744 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

21:20:26.0338 3744 Netlogon - ok

21:20:26.0354 3744 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

21:20:26.0354 3744 Netman - ok

21:20:26.0370 3744 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

21:20:26.0370 3744 netprofm - ok

21:20:26.0385 3744 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:20:26.0385 3744 NetTcpPortSharing - ok

21:20:26.0448 3744 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

21:20:26.0448 3744 nfrd960 - ok

21:20:26.0463 3744 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

21:20:26.0463 3744 NlaSvc - ok

21:20:26.0526 3744 [ CB3267C4CEED06A6CB1EF127522D581B ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

21:20:26.0526 3744 NMIndexingService - ok

21:20:26.0557 3744 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:20:26.0557 3744 Npfs - ok

21:20:26.0604 3744 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

21:20:26.0604 3744 nsi - ok

21:20:26.0604 3744 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:20:26.0604 3744 nsiproxy - ok

21:20:26.0666 3744 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:20:26.0682 3744 Ntfs - ok

21:20:26.0697 3744 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

21:20:26.0697 3744 ntrigdigi - ok

21:20:26.0697 3744 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

21:20:26.0697 3744 Null - ok

21:20:26.0900 3744 [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:20:26.0962 3744 nvlddmkm - ok

21:20:26.0978 3744 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:20:26.0978 3744 nvraid - ok

21:20:27.0009 3744 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:20:27.0009 3744 nvstor - ok

21:20:27.0056 3744 [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc C:\Windows\system32\nvvsvc.exe

21:20:27.0056 3744 nvsvc - ok

21:20:27.0103 3744 [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

21:20:27.0118 3744 nvUpdatusService - ok

21:20:27.0134 3744 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:20:27.0134 3744 nv_agp - ok

21:20:27.0134 3744 NwlnkFlt - ok

21:20:27.0134 3744 NwlnkFwd - ok

21:20:27.0181 3744 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

21:20:27.0181 3744 ohci1394 - ok

21:20:27.0228 3744 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:20:27.0228 3744 ose - ok

21:20:27.0384 3744 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:20:27.0399 3744 osppsvc - ok

21:20:27.0446 3744 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

21:20:27.0462 3744 p2pimsvc - ok

21:20:27.0477 3744 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

21:20:27.0477 3744 p2psvc - ok

21:20:27.0508 3744 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

21:20:27.0508 3744 Parport - ok

21:20:27.0555 3744 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:20:27.0555 3744 partmgr - ok

21:20:27.0571 3744 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

21:20:27.0571 3744 Parvdm - ok

21:20:27.0602 3744 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

21:20:27.0602 3744 PcaSvc - ok

21:20:27.0649 3744 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

21:20:27.0649 3744 pci - ok

21:20:27.0649 3744 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys

21:20:27.0649 3744 pciide - ok

21:20:27.0680 3744 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

21:20:27.0680 3744 pcmcia - ok

21:20:27.0727 3744 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:20:27.0727 3744 PEAUTH - ok

21:20:27.0789 3744 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

21:20:27.0789 3744 pla - ok

21:20:27.0852 3744 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:20:27.0852 3744 PlugPlay - ok

21:20:27.0867 3744 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

21:20:27.0867 3744 PNRPAutoReg - ok

21:20:27.0898 3744 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

21:20:27.0898 3744 PNRPsvc - ok

21:20:27.0914 3744 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:20:27.0914 3744 PolicyAgent - ok

21:20:27.0945 3744 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:20:27.0945 3744 PptpMiniport - ok

21:20:27.0976 3744 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys

21:20:27.0976 3744 Processor - ok

21:20:27.0992 3744 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

21:20:27.0992 3744 ProfSvc - ok

21:20:28.0008 3744 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

21:20:28.0008 3744 ProtectedStorage - ok

21:20:28.0039 3744 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

21:20:28.0039 3744 PSched - ok

21:20:28.0070 3744 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys

21:20:28.0070 3744 ql2300 - ok

21:20:28.0101 3744 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

21:20:28.0101 3744 ql40xx - ok

21:20:28.0132 3744 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

21:20:28.0132 3744 QWAVE - ok

21:20:28.0179 3744 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:20:28.0179 3744 QWAVEdrv - ok

21:20:28.0179 3744 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:20:28.0195 3744 RasAcd - ok

21:20:28.0195 3744 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

21:20:28.0195 3744 RasAuto - ok

21:20:28.0210 3744 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:20:28.0210 3744 Rasl2tp - ok

21:20:28.0257 3744 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

21:20:28.0257 3744 RasMan - ok

21:20:28.0288 3744 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:20:28.0288 3744 RasPppoe - ok

21:20:28.0304 3744 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:20:28.0304 3744 RasSstp - ok

21:20:28.0351 3744 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:20:28.0351 3744 rdbss - ok

21:20:28.0351 3744 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:20:28.0351 3744 RDPCDD - ok

21:20:28.0382 3744 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

21:20:28.0382 3744 rdpdr - ok

21:20:28.0382 3744 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:20:28.0382 3744 RDPENCDD - ok

21:20:28.0429 3744 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:20:28.0429 3744 RDPWD - ok

21:20:28.0491 3744 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:20:28.0491 3744 RemoteAccess - ok

21:20:28.0538 3744 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:20:28.0538 3744 RemoteRegistry - ok

21:20:28.0554 3744 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys

21:20:28.0569 3744 RimUsb - ok

21:20:28.0585 3744 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

21:20:28.0585 3744 RpcLocator - ok

21:20:28.0600 3744 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

21:20:28.0600 3744 RpcSs - ok

21:20:28.0647 3744 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:20:28.0647 3744 rspndr - ok

21:20:28.0678 3744 [ 25C91EE1BE0C0CFA79696A2D0B47AA43 ] RTL8187 C:\Windows\system32\DRIVERS\RTL8187.sys

21:20:28.0678 3744 RTL8187 - ok

21:20:28.0694 3744 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

21:20:28.0694 3744 SamSs - ok

21:20:28.0725 3744 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:20:28.0725 3744 sbp2port - ok

21:20:28.0725 3744 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:20:28.0725 3744 SCardSvr - ok

21:20:28.0788 3744 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

21:20:28.0788 3744 Schedule - ok

21:20:28.0819 3744 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

21:20:28.0819 3744 SCPolicySvc - ok

21:20:28.0866 3744 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:20:28.0866 3744 SDRSVC - ok

21:20:28.0881 3744 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:20:28.0881 3744 secdrv - ok

21:20:28.0897 3744 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

21:20:28.0897 3744 seclogon - ok

21:20:28.0928 3744 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

21:20:28.0928 3744 SENS - ok

21:20:28.0959 3744 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

21:20:28.0959 3744 Serenum - ok

21:20:29.0022 3744 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys

21:20:29.0022 3744 Serial - ok

21:20:29.0037 3744 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

21:20:29.0053 3744 sermouse - ok

21:20:29.0084 3744 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

21:20:29.0084 3744 SessionEnv - ok

21:20:29.0100 3744 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:20:29.0100 3744 sffdisk - ok

21:20:29.0131 3744 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:20:29.0131 3744 sffp_mmc - ok

21:20:29.0146 3744 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:20:29.0146 3744 sffp_sd - ok

21:20:29.0162 3744 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

21:20:29.0162 3744 sfloppy - ok

21:20:29.0193 3744 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:20:29.0193 3744 SharedAccess - ok

21:20:29.0240 3744 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:20:29.0240 3744 ShellHWDetection - ok

21:20:29.0271 3744 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys

21:20:29.0271 3744 sisagp - ok

21:20:29.0287 3744 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

21:20:29.0287 3744 SiSRaid2 - ok

21:20:29.0302 3744 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

21:20:29.0302 3744 SiSRaid4 - ok

21:20:29.0412 3744 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

21:20:29.0427 3744 slsvc - ok

21:20:29.0474 3744 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

21:20:29.0474 3744 SLUINotify - ok

21:20:29.0505 3744 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:20:29.0521 3744 Smb - ok

21:20:29.0536 3744 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:20:29.0536 3744 SNMPTRAP - ok

21:20:29.0583 3744 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

21:20:29.0583 3744 spldr - ok

21:20:29.0630 3744 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

21:20:29.0630 3744 Spooler - ok

21:20:29.0646 3744 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

21:20:29.0646 3744 srv - ok

21:20:29.0677 3744 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:20:29.0677 3744 srv2 - ok

21:20:29.0724 3744 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:20:29.0724 3744 srvnet - ok

21:20:29.0770 3744 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:20:29.0770 3744 SSDPSRV - ok

21:20:29.0786 3744 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:20:29.0786 3744 SstpSvc - ok

21:20:29.0817 3744 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

21:20:29.0817 3744 Stereo Service - ok

21:20:29.0848 3744 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

21:20:29.0848 3744 stisvc - ok

21:20:29.0880 3744 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

21:20:29.0880 3744 swenum - ok

21:20:29.0926 3744 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

21:20:29.0926 3744 swprv - ok

21:20:29.0958 3744 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

21:20:29.0958 3744 Symc8xx - ok

21:20:29.0989 3744 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

21:20:29.0989 3744 Sym_hi - ok

21:20:30.0004 3744 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

21:20:30.0004 3744 Sym_u3 - ok

21:20:30.0051 3744 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

21:20:30.0051 3744 SysMain - ok

21:20:30.0067 3744 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:20:30.0067 3744 TabletInputService - ok

21:20:30.0129 3744 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

21:20:30.0129 3744 TapiSrv - ok

21:20:30.0160 3744 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

21:20:30.0160 3744 TBS - ok

21:20:30.0192 3744 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:20:30.0207 3744 Tcpip - ok

21:20:30.0238 3744 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

21:20:30.0238 3744 Tcpip6 - ok

21:20:30.0254 3744 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:20:30.0254 3744 tcpipreg - ok

21:20:30.0254 3744 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:20:30.0254 3744 TDPIPE - ok

21:20:30.0285 3744 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:20:30.0285 3744 TDTCP - ok

21:20:30.0316 3744 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:20:30.0316 3744 tdx - ok

21:20:30.0348 3744 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

21:20:30.0348 3744 TermDD - ok

21:20:30.0394 3744 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

21:20:30.0394 3744 TermService - ok

21:20:30.0426 3744 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

21:20:30.0426 3744 Themes - ok

21:20:30.0441 3744 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

21:20:30.0441 3744 THREADORDER - ok

21:20:30.0457 3744 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

21:20:30.0457 3744 TrkWks - ok

21:20:30.0472 3744 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:20:30.0472 3744 TrustedInstaller - ok

21:20:30.0504 3744 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:20:30.0504 3744 tssecsrv - ok

21:20:30.0535 3744 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

21:20:30.0535 3744 tunmp - ok

21:20:30.0535 3744 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:20:30.0535 3744 tunnel - ok

21:20:30.0582 3744 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

21:20:30.0582 3744 uagp35 - ok

21:20:30.0597 3744 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:20:30.0597 3744 udfs - ok

21:20:30.0628 3744 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:20:30.0628 3744 UI0Detect - ok

21:20:30.0644 3744 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:20:30.0644 3744 uliagpkx - ok

21:20:30.0675 3744 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys

21:20:30.0675 3744 uliahci - ok

21:20:30.0691 3744 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

21:20:30.0691 3744 UlSata - ok

21:20:30.0706 3744 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

21:20:30.0706 3744 ulsata2 - ok

21:20:30.0738 3744 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

21:20:30.0738 3744 umbus - ok

21:20:30.0784 3744 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys

21:20:30.0784 3744 UMPass - ok

21:20:30.0816 3744 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

21:20:30.0831 3744 upnphost - ok

21:20:30.0847 3744 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

21:20:30.0847 3744 USBAAPL - ok

21:20:30.0894 3744 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:20:30.0894 3744 usbccgp - ok

21:20:30.0909 3744 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:20:30.0909 3744 usbcir - ok

21:20:30.0972 3744 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

21:20:30.0972 3744 usbehci - ok

21:20:31.0003 3744 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:20:31.0018 3744 usbhub - ok

21:20:31.0034 3744 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

21:20:31.0034 3744 usbohci - ok

21:20:31.0065 3744 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

21:20:31.0065 3744 usbprint - ok

21:20:31.0065 3744 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

21:20:31.0065 3744 usbscan - ok

21:20:31.0065 3744 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:20:31.0081 3744 USBSTOR - ok

21:20:31.0112 3744 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

21:20:31.0112 3744 usbuhci - ok

21:20:31.0159 3744 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

21:20:31.0159 3744 UxSms - ok

21:20:31.0206 3744 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

21:20:31.0206 3744 vds - ok

21:20:31.0221 3744 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:20:31.0221 3744 vga - ok

21:20:31.0237 3744 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

21:20:31.0237 3744 VgaSave - ok

21:20:31.0252 3744 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys

21:20:31.0252 3744 viaagp - ok

21:20:31.0268 3744 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

21:20:31.0268 3744 ViaC7 - ok

21:20:31.0299 3744 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys

21:20:31.0299 3744 viaide - ok

21:20:31.0315 3744 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:20:31.0315 3744 volmgr - ok

21:20:31.0346 3744 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:20:31.0362 3744 volmgrx - ok

21:20:31.0408 3744 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:20:31.0408 3744 volsnap - ok

21:20:31.0440 3744 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

21:20:31.0440 3744 vsmraid - ok

21:20:31.0486 3744 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

21:20:31.0486 3744 VSS - ok

21:20:31.0502 3744 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

21:20:31.0518 3744 W32Time - ok

21:20:31.0533 3744 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

21:20:31.0533 3744 WacomPen - ok

21:20:31.0564 3744 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

21:20:31.0564 3744 Wanarp - ok

21:20:31.0564 3744 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:20:31.0564 3744 Wanarpv6 - ok

21:20:31.0580 3744 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:20:31.0580 3744 wcncsvc - ok

21:20:31.0596 3744 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:20:31.0596 3744 WcsPlugInService - ok

21:20:31.0627 3744 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys

21:20:31.0627 3744 Wd - ok

21:20:31.0658 3744 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:20:31.0658 3744 Wdf01000 - ok

21:20:31.0658 3744 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:20:31.0674 3744 WdiServiceHost - ok

21:20:31.0674 3744 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:20:31.0674 3744 WdiSystemHost - ok

21:20:31.0720 3744 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

21:20:31.0736 3744 WebClient - ok

21:20:31.0783 3744 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:20:31.0783 3744 Wecsvc - ok

21:20:31.0783 3744 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:20:31.0798 3744 wercplsupport - ok

21:20:31.0845 3744 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

21:20:31.0845 3744 WerSvc - ok

21:20:31.0908 3744 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

21:20:31.0908 3744 WinDefend - ok

21:20:31.0908 3744 WinHttpAutoProxySvc - ok

21:20:31.0986 3744 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:20:31.0986 3744 Winmgmt - ok

21:20:32.0017 3744 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

21:20:32.0017 3744 WinRM - ok

21:20:32.0048 3744 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

21:20:32.0048 3744 Wlansvc - ok

21:20:32.0079 3744 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

21:20:32.0079 3744 WmiAcpi - ok

21:20:32.0110 3744 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:20:32.0110 3744 wmiApSrv - ok

21:20:32.0157 3744 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

21:20:32.0173 3744 WMPNetworkSvc - ok

21:20:32.0220 3744 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:20:32.0220 3744 WPCSvc - ok

21:20:32.0251 3744 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:20:32.0251 3744 WPDBusEnum - ok

21:20:32.0298 3744 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

21:20:32.0298 3744 WpdUsb - ok

21:20:32.0376 3744 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

21:20:32.0376 3744 WPFFontCache_v0400 - ok

21:20:32.0422 3744 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:20:32.0422 3744 ws2ifsl - ok

21:20:32.0469 3744 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

21:20:32.0469 3744 wscsvc - ok

21:20:32.0469 3744 WSearch - ok

21:20:32.0547 3744 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

21:20:32.0547 3744 wuauserv - ok

21:20:32.0563 3744 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:20:32.0563 3744 WUDFRd - ok

21:20:32.0610 3744 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:20:32.0610 3744 wudfsvc - ok

21:20:32.0641 3744 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys

21:20:32.0641 3744 yukonwlh - ok

21:20:32.0641 3744 ================ Scan global ===============================

21:20:32.0672 3744 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

21:20:32.0703 3744 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

21:20:32.0719 3744 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

21:20:32.0766 3744 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

21:20:32.0766 3744 [Global] - ok

21:20:32.0766 3744 ================ Scan MBR ==================================

21:20:32.0766 3744 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

21:20:32.0766 3744 Suspicious mbr (Forged): \Device\Harddisk0\DR0

21:20:32.0797 3744 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

21:20:32.0797 3744 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

21:20:32.0797 3744 ================ Scan VBR ==================================

21:20:32.0828 3744 [ 86DCF71A498C285FA60A24F2B1B35297 ] \Device\Harddisk0\DR0\Partition1

21:20:32.0828 3744 \Device\Harddisk0\DR0\Partition1 - ok

21:20:32.0828 3744 ============================================================

21:20:32.0828 3744 Scan finished

21:20:32.0828 3744 ============================================================

21:20:32.0828 2728 Detected object count: 1

21:20:32.0828 2728 Actual detected object count: 1

21:20:52.0032 2728 \Device\Harddisk0\DR0\# - copied to quarantine

21:20:52.0032 2728 \Device\Harddisk0\DR0 - copied to quarantine

21:20:52.0047 2728 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

21:20:52.0063 2728 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

21:20:52.0063 2728 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

21:20:52.0063 2728 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

21:20:52.0063 2728 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

21:20:52.0063 2728 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

21:20:52.0063 2728 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

21:20:52.0078 2728 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

21:20:52.0078 2728 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

21:20:52.0078 2728 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

21:20:52.0078 2728 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

21:20:52.0078 2728 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

21:20:52.0078 2728 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

21:20:52.0078 2728 \Device\Harddisk0\DR0 - ok

21:20:57.0741 2728 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

21:21:09.0488 3280 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-18 21:28:36

-----------------------------

21:28:36.756 OS Version: Windows 6.0.6002 Service Pack 2

21:28:36.756 Number of processors: 2 586 0xF0B

21:28:36.756 ComputerName: MARTHA-PC UserName: Martha

21:28:46.943 Initialize success

21:33:13.157 AVAST engine defs: 12111801

21:33:36.760 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6

21:33:36.776 Disk 0 Vendor: ST3250410AS 3.AAC Size: 238475MB BusType: 3

21:33:36.791 Disk 0 MBR read successfully

21:33:36.791 Disk 0 MBR scan

21:33:36.807 Disk 0 Windows VISTA default MBR code

21:33:36.807 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048

21:33:36.822 Disk 0 scanning sectors +488394752

21:33:36.900 Disk 0 scanning C:\Windows\system32\drivers

21:33:45.449 Service scanning

21:34:06.384 Modules scanning

21:34:09.473 Disk 0 trace - called modules:

21:34:09.489 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

21:34:09.489 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858c2ac8]

21:34:09.988 3 CLASSPNP.SYS[8afbf8b3] -> nt!IofCallDriver -> [0x8575e918]

21:34:09.988 5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-6[0x856e85a8]

21:34:10.550 AVAST engine scan C:\Windows

21:34:13.950 AVAST engine scan C:\Windows\system32

21:36:52.384 AVAST engine scan C:\Windows\system32\drivers

21:37:03.382 AVAST engine scan C:\Users\Martha

21:38:10.618 AVAST engine scan C:\ProgramData

21:38:54.813 Scan finished successfully

21:39:09.383 Disk 0 MBR has been saved successfully to "C:\Users\Martha\Desktop\MBR.dat"

21:39:09.383 The log file has been saved successfully to "C:\Users\Martha\Desktop\aswMBR.txt"

Martha

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Hi,

In safe mode, everything seemed fine. I tried booting in normal mode and the computer seemed slow on startup. When I got past my opening Windows password, I received a message that "20333085A-2D28-4CFD-BC38-3A8F93776C17.exe" could not be found. After that, startup was fine. The internet seems sort of slow as well. Here is the ComboFix log that you requested.

ComboFix 12-11-16.02 - Martha 11/19/2012 6:52.1.2 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2725 [GMT -5:00]

Running from: c:\users\Martha\Desktop\ComboFix.exe

Command switches used :: c:\users\Martha\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))

.

.

2012-11-19 11:56 . 2012-11-19 11:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-11-19 11:56 . 2012-11-19 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-19 02:20 . 2012-11-19 02:20 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-18 23:24 . 2012-11-19 11:56 -------- d-----w- c:\users\Martha\AppData\Local\temp

2012-11-18 22:52 . 2012-11-18 22:52 -------- d-----w- c:\windows\Sun

2012-11-18 17:12 . 2012-11-18 17:14 -------- d-----w- c:\program files\SpywareBlaster

2012-11-18 17:12 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2012-10-27 20:33 . 2012-10-27 01:10 175240 ----a-w- c:\program files\gtres.dll

2012-10-27 19:35 . 2012-10-27 19:35 -------- d-----w- c:\programdata\CAM Development

2012-10-27 19:35 . 2012-10-27 19:35 -------- d-----w- c:\program files\CAM Development

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 17:03 . 2012-05-28 21:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 17:03 . 2012-05-28 21:27 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-02 22:53 . 2012-10-02 22:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-02 22:53 . 2012-10-02 22:54 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-02 22:53 . 2012-04-17 01:19 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-29 23:54 . 2012-04-17 03:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-29 14:23 . 2012-09-29 14:23 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-09-29 14:23 . 2012-09-29 14:23 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-09-29 14:22 . 2012-09-29 14:22 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll

2012-09-14 20:26 . 2012-09-28 23:32 64832 ----a-w- c:\windows\system32\drivers\McPvDrv.sys

2012-09-13 13:28 . 2012-10-09 23:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-30 19:13 . 2012-09-25 23:21 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll

2012-08-30 19:13 . 2012-09-25 23:21 6109032 ----a-w- c:\windows\system32\nvopencl.dll

2012-08-30 19:13 . 2012-09-25 23:21 19828584 ----a-w- c:\windows\system32\nvoglv32.dll

2012-08-30 19:13 . 2012-09-25 23:21 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-08-30 19:13 . 2012-09-25 23:21 7626088 ----a-w- c:\windows\system32\nvcuda.dll

2012-08-30 19:13 . 2012-09-25 23:21 2573672 ----a-w- c:\windows\system32\nvcuvid.dll

2012-08-30 19:13 . 2012-09-25 23:21 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-08-30 19:13 . 2012-09-25 23:21 17559912 ----a-w- c:\windows\system32\nvcompiler.dll

2012-08-30 19:13 . 2012-02-10 02:43 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll

2012-08-30 19:13 . 2012-02-10 02:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll

2012-08-30 19:13 . 2008-01-03 14:26 2422120 ----a-w- c:\windows\system32\nvapi.dll

2012-08-30 19:13 . 2008-01-03 14:26 15291752 ----a-w- c:\windows\system32\nvd3dum.dll

2012-08-30 15:57 . 2012-04-17 02:40 645992 ----a-w- c:\windows\system32\nvvsvc.exe

2012-08-30 15:57 . 2012-04-17 02:40 62312 ----a-w- c:\windows\system32\nvshext.dll

2012-08-30 15:57 . 2008-01-03 14:26 108392 ----a-w- c:\windows\system32\nvmctray.dll

2012-08-30 15:57 . 2008-01-03 14:26 3963240 ----a-w- c:\windows\system32\nvcpl.dll

2012-08-30 15:57 . 2008-01-03 14:26 2836840 ----a-w- c:\windows\system32\nvsvc.dll

2012-08-30 14:40 . 2012-08-30 14:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe

2012-08-29 11:27 . 2012-10-09 23:45 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-29 11:27 . 2012-10-09 23:45 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 15:53 . 2012-10-09 23:45 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 06:59 . 2012-09-24 07:01 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51 . 2012-09-24 07:01 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51 . 2012-09-24 07:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47 . 2012-09-24 07:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47 . 2012-09-24 07:01 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43 . 2012-09-24 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-10-27 19:35 . 2012-10-14 20:34 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-04-14 00:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-11-30 380928]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"2033085A-2D28-4CFD-BC38-3A8F93776C17"="start" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Online Backup Status.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk

backup=c:\windows\pss\McAfee Online Backup Status.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-05-31 00:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-07-04 18:01 148776 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]

2012-09-12 16:21 1278648 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-07-04 18:20 161064 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 41298242

*NewlyCreated* - ASWMBR

*Deregistered* - 41298242

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-06-20 19:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 17:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

FF - ProfilePath - c:\users\Martha\AppData\Roaming\Mozilla\Firefox\Profiles\po1aves9.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-41298242.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-19 06:56

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1356)

c:\program files\McAfee Online Backup\MOBKshell.dll

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll

.

Completion time: 2012-11-19 06:57:43

ComboFix-quarantined-files.txt 2012-11-19 11:57

ComboFix2.txt 2012-11-18 23:24

ComboFix3.txt 2012-11-18 23:03

.

Pre-Run: 142,484,742,144 bytes free

Post-Run: 142,620,033,024 bytes free

.

- - End Of File - - 76A88EE72D70C11B9E187F7474D91A67

Should I run this in safe mode still?

Thanks, Martha

Link to post
Share on other sites

  • Staff

Greetings Marth9

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Gringo,

Here are the logs you requested. My computer also installed a bunch of updates, mostly security updates automatically with a reboot prior to these scans while I was gone.

20:48:29.0314 5956 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

20:48:29.0829 5956 ============================================================

20:48:29.0829 5956 Current date / time: 2012/11/19 20:48:29.0829

20:48:29.0829 5956 SystemInfo:

20:48:29.0829 5956

20:48:29.0829 5956 OS Version: 6.0.6002 ServicePack: 2.0

20:48:29.0829 5956 Product type: Workstation

20:48:29.0829 5956 ComputerName: MARTHA-PC

20:48:29.0829 5956 UserName: Martha

20:48:29.0829 5956 Windows directory: C:\Windows

20:48:29.0829 5956 System windows directory: C:\Windows

20:48:29.0829 5956 Processor architecture: Intel x86

20:48:29.0829 5956 Number of processors: 2

20:48:29.0829 5956 Page size: 0x1000

20:48:29.0829 5956 Boot type: Normal boot

20:48:29.0829 5956 ============================================================

20:48:30.0968 5956 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:48:30.0983 5956 ============================================================

20:48:30.0983 5956 \Device\Harddisk0\DR0:

20:48:30.0983 5956 MBR partitions:

20:48:30.0983 5956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800

20:48:30.0983 5956 ============================================================

20:48:31.0014 5956 C: <-> \Device\Harddisk0\DR0\Partition1

20:48:31.0014 5956 ============================================================

20:48:31.0014 5956 Initialize success

20:48:31.0014 5956 ============================================================

20:48:51.0341 3836 ============================================================

20:48:51.0341 3836 Scan started

20:48:51.0341 3836 Mode: Manual;

20:48:51.0341 3836 ============================================================

20:48:52.0074 3836 ================ Scan system memory ========================

20:48:52.0074 3836 System memory - ok

20:48:52.0074 3836 ================ Scan services =============================

20:48:52.0293 3836 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

20:48:52.0308 3836 ACPI - ok

20:48:52.0371 3836 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

20:48:52.0371 3836 AdobeARMservice - ok

20:48:52.0418 3836 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

20:48:52.0418 3836 AdobeFlashPlayerUpdateSvc - ok

20:48:52.0449 3836 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

20:48:52.0464 3836 adp94xx - ok

20:48:52.0480 3836 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys

20:48:52.0480 3836 adpahci - ok

20:48:52.0496 3836 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

20:48:52.0496 3836 adpu160m - ok

20:48:52.0511 3836 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys

20:48:52.0558 3836 adpu320 - ok

20:48:52.0605 3836 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

20:48:52.0605 3836 AeLookupSvc - ok

20:48:52.0683 3836 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

20:48:52.0698 3836 AFD - ok

20:48:52.0730 3836 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys

20:48:52.0730 3836 agp440 - ok

20:48:52.0776 3836 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

20:48:52.0776 3836 aic78xx - ok

20:48:52.0823 3836 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

20:48:52.0823 3836 ALG - ok

20:48:52.0839 3836 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys

20:48:52.0839 3836 aliide - ok

20:48:52.0870 3836 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys

20:48:52.0870 3836 amdagp - ok

20:48:52.0901 3836 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys

20:48:52.0901 3836 amdide - ok

20:48:52.0917 3836 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

20:48:52.0917 3836 AmdK7 - ok

20:48:52.0932 3836 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

20:48:52.0948 3836 AmdK8 - ok

20:48:53.0010 3836 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

20:48:53.0010 3836 Appinfo - ok

20:48:53.0120 3836 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:48:53.0120 3836 Apple Mobile Device - ok

20:48:53.0166 3836 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys

20:48:53.0182 3836 arc - ok

20:48:53.0213 3836 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys

20:48:53.0213 3836 arcsas - ok

20:48:53.0244 3836 [ F986C42836E3A77F309734F43B653377 ] ASDR C:\Windows\System32\ASDR.exe

20:48:53.0244 3836 ASDR - ok

20:48:53.0260 3836 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\Windows\system32\drivers\AsIO.sys

20:48:53.0260 3836 AsIO - ok

20:48:53.0276 3836 [ B6E6B264E9C4D0AD0E97AF8434C8754D ] asusgsb C:\Windows\system32\drivers\asusgsb.sys

20:48:53.0276 3836 asusgsb - ok

20:48:53.0307 3836 [ 94442E3029FF6C9F08140FE6718AF4FB ] ASUSVRC C:\Windows\system32\DRIVERS\AsusVRC.sys

20:48:53.0322 3836 ASUSVRC - ok

20:48:53.0369 3836 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

20:48:53.0369 3836 AsyncMac - ok

20:48:53.0400 3836 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

20:48:53.0400 3836 atapi - ok

20:48:53.0416 3836 [ 697339FF5CEA803625BB452EADBD3B2C ] atkdisplf C:\Windows\system32\drivers\ATKDispLowFilter.sys

20:48:53.0416 3836 atkdisplf - ok

20:48:53.0432 3836 [ E436037994EB711DFE53B8E323B3000C ] ATKFUSService C:\Windows\system32\ATKFUSService.exe

20:48:53.0432 3836 ATKFUSService - ok

20:48:53.0478 3836 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:48:53.0494 3836 AudioEndpointBuilder - ok

20:48:53.0494 3836 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

20:48:53.0494 3836 Audiosrv - ok

20:48:53.0510 3836 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

20:48:53.0525 3836 Beep - ok

20:48:53.0541 3836 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

20:48:53.0541 3836 BFE - ok

20:48:53.0588 3836 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll

20:48:53.0603 3836 BITS - ok

20:48:53.0603 3836 blbdrive - ok

20:48:53.0697 3836 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

20:48:53.0697 3836 Bonjour Service - ok

20:48:53.0728 3836 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

20:48:53.0744 3836 bowser - ok

20:48:53.0775 3836 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

20:48:53.0775 3836 BrFiltLo - ok

20:48:53.0790 3836 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

20:48:53.0790 3836 BrFiltUp - ok

20:48:53.0822 3836 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

20:48:53.0822 3836 Browser - ok

20:48:53.0853 3836 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

20:48:53.0853 3836 Brserid - ok

20:48:53.0868 3836 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

20:48:53.0868 3836 BrSerWdm - ok

20:48:53.0884 3836 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

20:48:53.0884 3836 BrUsbMdm - ok

20:48:53.0900 3836 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

20:48:53.0900 3836 BrUsbSer - ok

20:48:53.0915 3836 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

20:48:53.0915 3836 BTHMODEM - ok

20:48:54.0040 3836 catchme - ok

20:48:54.0071 3836 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

20:48:54.0071 3836 cdfs - ok

20:48:54.0134 3836 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

20:48:54.0149 3836 cdrom - ok

20:48:54.0196 3836 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

20:48:54.0196 3836 CertPropSvc - ok

20:48:54.0227 3836 [ 958C33D0715D1496684D2E5E329748E8 ] cfwids C:\Windows\system32\drivers\cfwids.sys

20:48:54.0227 3836 cfwids - ok

20:48:54.0258 3836 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys

20:48:54.0258 3836 circlass - ok

20:48:54.0290 3836 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

20:48:54.0290 3836 CLFS - ok

20:48:54.0368 3836 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:48:54.0383 3836 clr_optimization_v2.0.50727_32 - ok

20:48:54.0446 3836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:48:54.0461 3836 clr_optimization_v4.0.30319_32 - ok

20:48:54.0492 3836 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys

20:48:54.0492 3836 cmdide - ok

20:48:54.0508 3836 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

20:48:54.0508 3836 Compbatt - ok

20:48:54.0524 3836 COMSysApp - ok

20:48:54.0555 3836 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

20:48:54.0555 3836 crcdisk - ok

20:48:54.0586 3836 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys

20:48:54.0586 3836 Crusoe - ok

20:48:54.0664 3836 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll

20:48:54.0664 3836 CryptSvc - ok

20:48:54.0773 3836 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

20:48:54.0773 3836 DcomLaunch - ok

20:48:54.0804 3836 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

20:48:54.0820 3836 DfsC - ok

20:48:54.0882 3836 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

20:48:54.0898 3836 DFSR - ok

20:48:54.0976 3836 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

20:48:54.0976 3836 Dhcp - ok

20:48:55.0007 3836 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

20:48:55.0007 3836 disk - ok

20:48:55.0038 3836 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

20:48:55.0038 3836 Dnscache - ok

20:48:55.0132 3836 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

20:48:55.0148 3836 dot3svc - ok

20:48:55.0194 3836 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

20:48:55.0194 3836 DPS - ok

20:48:55.0241 3836 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

20:48:55.0257 3836 drmkaud - ok

20:48:55.0304 3836 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

20:48:55.0319 3836 DXGKrnl - ok

20:48:55.0350 3836 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

20:48:55.0366 3836 E1G60 - ok

20:48:55.0397 3836 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

20:48:55.0397 3836 EapHost - ok

20:48:55.0460 3836 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

20:48:55.0460 3836 Ecache - ok

20:48:55.0569 3836 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

20:48:55.0584 3836 ehRecvr - ok

20:48:55.0616 3836 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

20:48:55.0631 3836 ehSched - ok

20:48:55.0631 3836 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

20:48:55.0631 3836 ehstart - ok

20:48:55.0662 3836 [ 02F9D43D038323D88D14BFAB22535A54 ] EIO C:\Windows\system32\DRIVERS\EIO.sys

20:48:55.0662 3836 EIO - ok

20:48:55.0678 3836 [ 7EC42EC12A4BAC14BCCA99FB06F2D125 ] elagopro C:\Windows\system32\DRIVERS\elagopro.sys

20:48:55.0678 3836 elagopro - ok

20:48:55.0694 3836 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] elaunidr C:\Windows\system32\DRIVERS\elaunidr.sys

20:48:55.0694 3836 elaunidr - ok

20:48:55.0725 3836 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys

20:48:55.0740 3836 elxstor - ok

20:48:55.0803 3836 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

20:48:55.0803 3836 EMDMgmt - ok

20:48:55.0881 3836 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

20:48:55.0881 3836 EventSystem - ok

20:48:55.0928 3836 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

20:48:55.0943 3836 exfat - ok

20:48:55.0959 3836 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

20:48:55.0959 3836 fastfat - ok

20:48:56.0006 3836 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

20:48:56.0021 3836 fdc - ok

20:48:56.0068 3836 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

20:48:56.0068 3836 fdPHost - ok

20:48:56.0084 3836 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

20:48:56.0084 3836 FDResPub - ok

20:48:56.0115 3836 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

20:48:56.0130 3836 FileInfo - ok

20:48:56.0130 3836 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

20:48:56.0130 3836 Filetrace - ok

20:48:56.0146 3836 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

20:48:56.0146 3836 flpydisk - ok

20:48:56.0208 3836 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

20:48:56.0208 3836 FltMgr - ok

20:48:56.0271 3836 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll

20:48:56.0286 3836 FontCache - ok

20:48:56.0396 3836 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

20:48:56.0396 3836 FontCache3.0.0.0 - ok

20:48:56.0442 3836 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

20:48:56.0442 3836 Fs_Rec - ok

20:48:56.0489 3836 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

20:48:56.0505 3836 gagp30kx - ok

20:48:56.0520 3836 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:48:56.0520 3836 GEARAspiWDM - ok

20:48:56.0583 3836 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

20:48:56.0583 3836 gpsvc - ok

20:48:56.0645 3836 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

20:48:56.0645 3836 HdAudAddService - ok

20:48:56.0770 3836 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

20:48:56.0786 3836 HDAudBus - ok

20:48:56.0801 3836 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

20:48:56.0801 3836 HidBth - ok

20:48:56.0832 3836 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

20:48:56.0832 3836 HidIr - ok

20:48:56.0864 3836 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

20:48:56.0864 3836 hidserv - ok

20:48:56.0926 3836 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

20:48:56.0942 3836 HidUsb - ok

20:48:56.0973 3836 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

20:48:56.0988 3836 HipShieldK - ok

20:48:57.0004 3836 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

20:48:57.0020 3836 hkmsvc - ok

20:48:57.0035 3836 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

20:48:57.0051 3836 HpCISSs - ok

20:48:57.0098 3836 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

20:48:57.0098 3836 HTTP - ok

20:48:57.0113 3836 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys

20:48:57.0113 3836 i2omp - ok

20:48:57.0191 3836 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

20:48:57.0191 3836 i8042prt - ok

20:48:57.0222 3836 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

20:48:57.0222 3836 iaStorV - ok

20:48:57.0285 3836 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

20:48:57.0285 3836 IDriverT - ok

20:48:57.0425 3836 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:48:57.0456 3836 idsvc - ok

20:48:57.0488 3836 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

20:48:57.0488 3836 iirsp - ok

20:48:57.0534 3836 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

20:48:57.0534 3836 IKEEXT - ok

20:48:57.0581 3836 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys

20:48:57.0581 3836 intelide - ok

20:48:57.0612 3836 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

20:48:57.0612 3836 intelppm - ok

20:48:57.0659 3836 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

20:48:57.0659 3836 IPBusEnum - ok

20:48:57.0706 3836 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:48:57.0722 3836 IpFilterDriver - ok

20:48:57.0737 3836 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

20:48:57.0753 3836 iphlpsvc - ok

20:48:57.0753 3836 IpInIp - ok

20:48:57.0768 3836 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

20:48:57.0768 3836 IPMIDRV - ok

20:48:57.0800 3836 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

20:48:57.0800 3836 IPNAT - ok

20:48:57.0846 3836 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

20:48:57.0862 3836 iPod Service - ok

20:48:57.0909 3836 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

20:48:57.0924 3836 IRENUM - ok

20:48:57.0956 3836 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys

20:48:57.0956 3836 isapnp - ok

20:48:58.0002 3836 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

20:48:58.0018 3836 iScsiPrt - ok

20:48:58.0034 3836 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

20:48:58.0034 3836 iteatapi - ok

20:48:58.0049 3836 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

20:48:58.0049 3836 iteraid - ok

20:48:58.0080 3836 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

20:48:58.0080 3836 kbdclass - ok

20:48:58.0127 3836 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

20:48:58.0127 3836 kbdhid - ok

20:48:58.0158 3836 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

20:48:58.0158 3836 KeyIso - ok

20:48:58.0190 3836 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

20:48:58.0205 3836 KSecDD - ok

20:48:58.0252 3836 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

20:48:58.0252 3836 KtmRm - ok

20:48:58.0299 3836 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

20:48:58.0299 3836 LanmanServer - ok

20:48:58.0361 3836 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:48:58.0361 3836 LanmanWorkstation - ok

20:48:58.0408 3836 [ 71C6A95A5F0CCC87298C4DD0F2C3635A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

20:48:58.0408 3836 LightScribeService - ok

20:48:58.0439 3836 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

20:48:58.0439 3836 lltdio - ok

20:48:58.0455 3836 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

20:48:58.0455 3836 lltdsvc - ok

20:48:58.0486 3836 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

20:48:58.0486 3836 lmhosts - ok

20:48:58.0517 3836 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

20:48:58.0548 3836 LSI_FC - ok

20:48:58.0564 3836 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

20:48:58.0564 3836 LSI_SAS - ok

20:48:58.0580 3836 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

20:48:58.0580 3836 LSI_SCSI - ok

20:48:58.0611 3836 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

20:48:58.0611 3836 luafv - ok

20:48:58.0658 3836 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

20:48:58.0658 3836 MBAMProtector - ok

20:48:58.0689 3836 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

20:48:58.0689 3836 MBAMScheduler - ok

20:48:58.0736 3836 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

20:48:58.0736 3836 MBAMService - ok

20:48:58.0829 3836 [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

20:48:58.0829 3836 McAfee SiteAdvisor Service - ok

20:48:58.0829 3836 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

20:48:58.0829 3836 McMPFSvc - ok

20:48:58.0892 3836 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

20:48:58.0892 3836 mcmscsvc - ok

20:48:58.0907 3836 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

20:48:58.0907 3836 McNaiAnn - ok

20:48:58.0923 3836 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

20:48:58.0938 3836 McNASvc - ok

20:48:59.0032 3836 [ E63BF12007702D6AC5037AF1E0C6B1C9 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

20:48:59.0032 3836 McODS - ok

20:48:59.0063 3836 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

20:48:59.0063 3836 McProxy - ok

20:48:59.0079 3836 [ E2E5B3BE663570089F352D311B3D335F ] McPvDrv C:\Windows\system32\drivers\McPvDrv.sys

20:48:59.0079 3836 McPvDrv - ok

20:48:59.0141 3836 [ 6A78931E71218F38B2B4665D2BA79789 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

20:48:59.0157 3836 McShield - ok

20:48:59.0188 3836 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

20:48:59.0204 3836 Mcx2Svc - ok

20:48:59.0235 3836 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys

20:48:59.0235 3836 megasas - ok

20:48:59.0266 3836 [ 38995E33939DCA02BEED384C37A0BABB ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

20:48:59.0266 3836 mfeapfk - ok

20:48:59.0297 3836 [ ACB64C134E0FA7124FE67A8CC5F02833 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

20:48:59.0297 3836 mfeavfk - ok

20:48:59.0297 3836 mfeavfk01 - ok

20:48:59.0313 3836 [ FB331E460DBAE41B7CBDD72E690D6DA3 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys

20:48:59.0328 3836 mfebopk - ok

20:48:59.0328 3836 [ 8421EF9F71E0595BE68B5D913ED0FE78 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

20:48:59.0328 3836 mfefire - ok

20:48:59.0360 3836 [ 53891A53ACF0D43088E899DDD7209ACC ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

20:48:59.0375 3836 mfefirek - ok

20:48:59.0391 3836 [ 2F70286021B917F6D69C32C5DB8CD288 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

20:48:59.0406 3836 mfehidk - ok

20:48:59.0422 3836 [ 9171F3CA5DDD1D6A590B295F90E1E3BB ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

20:48:59.0422 3836 mferkdet - ok

20:48:59.0438 3836 [ 922E64CA38E38106498FB3435A8E399D ] mfetdi2k C:\Windows\system32\drivers\mfetdi2k.sys

20:48:59.0438 3836 mfetdi2k - ok

20:48:59.0469 3836 [ 958E4A10C7C2C80714882542934C6912 ] mfevtp C:\Windows\system32\mfevtps.exe

20:48:59.0484 3836 mfevtp - ok

20:48:59.0516 3836 [ 07A474725D2DC08759496F58164795CB ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

20:48:59.0531 3836 mfewfpk - ok

20:48:59.0562 3836 Microsoft SharePoint Workspace Audit Service - ok

20:48:59.0609 3836 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

20:48:59.0609 3836 MMCSS - ok

20:48:59.0672 3836 [ 35176FA09A0FC58DB630991A81A0BA39 ] MOBKbackup C:\Program Files\McAfee Online Backup\MOBKbackup.exe

20:48:59.0672 3836 MOBKbackup - ok

20:48:59.0687 3836 [ E896775837A8BCE436348DF460522394 ] MOBKFilter C:\Windows\system32\DRIVERS\MOBK.sys

20:48:59.0687 3836 MOBKFilter - ok

20:48:59.0703 3836 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

20:48:59.0703 3836 Modem - ok

20:48:59.0718 3836 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

20:48:59.0718 3836 monitor - ok

20:48:59.0765 3836 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

20:48:59.0765 3836 mouclass - ok

20:48:59.0765 3836 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

20:48:59.0765 3836 mouhid - ok

20:48:59.0812 3836 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

20:48:59.0828 3836 MountMgr - ok

20:48:59.0874 3836 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

20:48:59.0874 3836 MozillaMaintenance - ok

20:48:59.0937 3836 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys

20:48:59.0952 3836 mpio - ok

20:48:59.0999 3836 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

20:48:59.0999 3836 mpsdrv - ok

20:49:00.0108 3836 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

20:49:00.0108 3836 MpsSvc - ok

20:49:00.0140 3836 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

20:49:00.0155 3836 Mraid35x - ok

20:49:00.0202 3836 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

20:49:00.0202 3836 MRxDAV - ok

20:49:00.0218 3836 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

20:49:00.0218 3836 mrxsmb - ok

20:49:00.0249 3836 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:49:00.0249 3836 mrxsmb10 - ok

20:49:00.0249 3836 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:49:00.0264 3836 mrxsmb20 - ok

20:49:00.0280 3836 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys

20:49:00.0280 3836 msahci - ok

20:49:00.0296 3836 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys

20:49:00.0296 3836 msdsm - ok

20:49:00.0327 3836 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

20:49:00.0342 3836 MSDTC - ok

20:49:00.0405 3836 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

20:49:00.0405 3836 Msfs - ok

20:49:00.0436 3836 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

20:49:00.0436 3836 msisadrv - ok

20:49:00.0467 3836 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

20:49:00.0467 3836 MSiSCSI - ok

20:49:00.0467 3836 msiserver - ok

20:49:00.0498 3836 [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

20:49:00.0498 3836 MSK80Service - ok

20:49:00.0530 3836 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

20:49:00.0545 3836 MSKSSRV - ok

20:49:00.0576 3836 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

20:49:00.0592 3836 MSPCLOCK - ok

20:49:00.0592 3836 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

20:49:00.0592 3836 MSPQM - ok

20:49:00.0639 3836 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

20:49:00.0639 3836 MsRPC - ok

20:49:00.0670 3836 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

20:49:00.0670 3836 mssmbios - ok

20:49:00.0701 3836 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

20:49:00.0701 3836 MSTEE - ok

20:49:00.0732 3836 [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

20:49:00.0732 3836 MTsensor - ok

20:49:00.0779 3836 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

20:49:00.0779 3836 Mup - ok

20:49:00.0842 3836 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

20:49:00.0842 3836 napagent - ok

20:49:00.0904 3836 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

20:49:00.0904 3836 NativeWifiP - ok

20:49:00.0982 3836 [ D9C2C7AA7D811709E63C7194AD4D345F ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

20:49:01.0029 3836 NBService - ok

20:49:01.0091 3836 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

20:49:01.0107 3836 NDIS - ok

20:49:01.0154 3836 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

20:49:01.0169 3836 NdisTapi - ok

20:49:01.0185 3836 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

20:49:01.0185 3836 Ndisuio - ok

20:49:01.0232 3836 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

20:49:01.0247 3836 NdisWan - ok

20:49:01.0263 3836 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

20:49:01.0263 3836 NDProxy - ok

20:49:01.0310 3836 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

20:49:01.0310 3836 NetBIOS - ok

20:49:01.0356 3836 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

20:49:01.0356 3836 netbt - ok

20:49:01.0372 3836 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

20:49:01.0372 3836 Netlogon - ok

20:49:01.0388 3836 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

20:49:01.0388 3836 Netman - ok

20:49:01.0419 3836 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

20:49:01.0419 3836 netprofm - ok

20:49:01.0466 3836 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:49:01.0481 3836 NetTcpPortSharing - ok

20:49:01.0512 3836 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

20:49:01.0512 3836 nfrd960 - ok

20:49:01.0559 3836 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

20:49:01.0559 3836 NlaSvc - ok

20:49:01.0622 3836 [ CB3267C4CEED06A6CB1EF127522D581B ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

20:49:01.0622 3836 NMIndexingService - ok

20:49:01.0668 3836 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

20:49:01.0684 3836 Npfs - ok

20:49:01.0715 3836 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

20:49:01.0715 3836 nsi - ok

20:49:01.0731 3836 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

20:49:01.0731 3836 nsiproxy - ok

20:49:01.0809 3836 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

20:49:01.0840 3836 Ntfs - ok

20:49:01.0887 3836 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

20:49:01.0902 3836 ntrigdigi - ok

20:49:01.0902 3836 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

20:49:01.0902 3836 Null - ok

20:49:02.0963 3836 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:49:03.0416 3836 nvlddmkm - ok

20:49:03.0447 3836 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys

20:49:03.0462 3836 nvraid - ok

20:49:03.0494 3836 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys

20:49:03.0494 3836 nvstor - ok

20:49:03.0556 3836 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe

20:49:03.0556 3836 nvsvc - ok

20:49:03.0696 3836 [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

20:49:03.0712 3836 nvUpdatusService - ok

20:49:03.0728 3836 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

20:49:03.0743 3836 nv_agp - ok

20:49:03.0743 3836 NwlnkFlt - ok

20:49:03.0743 3836 NwlnkFwd - ok

20:49:03.0806 3836 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

20:49:03.0821 3836 ohci1394 - ok

20:49:03.0868 3836 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:49:03.0868 3836 ose - ok

20:49:04.0508 3836 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:49:04.0554 3836 osppsvc - ok

20:49:04.0726 3836 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

20:49:04.0742 3836 p2pimsvc - ok

20:49:04.0757 3836 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

20:49:04.0773 3836 p2psvc - ok

20:49:04.0804 3836 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

20:49:04.0820 3836 Parport - ok

20:49:04.0835 3836 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

20:49:04.0851 3836 partmgr - ok

20:49:04.0866 3836 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

20:49:04.0866 3836 Parvdm - ok

20:49:04.0898 3836 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

20:49:04.0898 3836 PcaSvc - ok

20:49:04.0944 3836 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

20:49:04.0976 3836 pci - ok

20:49:04.0991 3836 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys

20:49:04.0991 3836 pciide - ok

20:49:05.0007 3836 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

20:49:05.0022 3836 pcmcia - ok

20:49:05.0069 3836 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

20:49:05.0100 3836 PEAUTH - ok

20:49:05.0147 3836 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

20:49:05.0163 3836 pla - ok

20:49:05.0210 3836 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

20:49:05.0210 3836 PlugPlay - ok

20:49:05.0303 3836 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

20:49:05.0319 3836 PNRPAutoReg - ok

20:49:05.0381 3836 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

20:49:05.0381 3836 PNRPsvc - ok

20:49:05.0444 3836 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

20:49:05.0444 3836 PolicyAgent - ok

20:49:05.0490 3836 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

20:49:05.0490 3836 PptpMiniport - ok

20:49:05.0522 3836 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys

20:49:05.0522 3836 Processor - ok

20:49:05.0553 3836 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

20:49:05.0553 3836 ProfSvc - ok

20:49:05.0553 3836 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

20:49:05.0568 3836 ProtectedStorage - ok

20:49:05.0600 3836 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

20:49:05.0615 3836 PSched - ok

20:49:05.0631 3836 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys

20:49:05.0662 3836 ql2300 - ok

20:49:05.0678 3836 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

20:49:05.0693 3836 ql40xx - ok

20:49:05.0724 3836 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

20:49:05.0724 3836 QWAVE - ok

20:49:05.0771 3836 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

20:49:05.0771 3836 QWAVEdrv - ok

20:49:05.0787 3836 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

20:49:05.0802 3836 RasAcd - ok

20:49:05.0818 3836 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

20:49:05.0818 3836 RasAuto - ok

20:49:05.0834 3836 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

20:49:05.0834 3836 Rasl2tp - ok

20:49:05.0849 3836 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

20:49:05.0849 3836 RasMan - ok

20:49:05.0880 3836 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

20:49:05.0880 3836 RasPppoe - ok

20:49:05.0927 3836 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

20:49:05.0927 3836 RasSstp - ok

20:49:05.0974 3836 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

20:49:05.0990 3836 rdbss - ok

20:49:06.0021 3836 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

20:49:06.0021 3836 RDPCDD - ok

20:49:06.0068 3836 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

20:49:06.0068 3836 rdpdr - ok

20:49:06.0068 3836 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

20:49:06.0068 3836 RDPENCDD - ok

20:49:06.0114 3836 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

20:49:06.0130 3836 RDPWD - ok

20:49:06.0161 3836 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

20:49:06.0161 3836 RemoteAccess - ok

20:49:06.0208 3836 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

20:49:06.0208 3836 RemoteRegistry - ok

20:49:06.0239 3836 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys

20:49:06.0239 3836 RimUsb - ok

20:49:06.0270 3836 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

20:49:06.0270 3836 RpcLocator - ok

20:49:06.0286 3836 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

20:49:06.0302 3836 RpcSs - ok

20:49:06.0333 3836 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

20:49:06.0348 3836 rspndr - ok

20:49:06.0395 3836 [ 25C91EE1BE0C0CFA79696A2D0B47AA43 ] RTL8187 C:\Windows\system32\DRIVERS\RTL8187.sys

20:49:06.0395 3836 RTL8187 - ok

20:49:06.0395 3836 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

20:49:06.0395 3836 SamSs - ok

20:49:06.0442 3836 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

20:49:06.0458 3836 sbp2port - ok

20:49:06.0489 3836 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

20:49:06.0504 3836 SCardSvr - ok

20:49:06.0551 3836 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

20:49:06.0567 3836 Schedule - ok

20:49:06.0598 3836 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

20:49:06.0598 3836 SCPolicySvc - ok

20:49:06.0645 3836 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

20:49:06.0660 3836 SDRSVC - ok

20:49:06.0676 3836 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

20:49:06.0676 3836 secdrv - ok

20:49:06.0692 3836 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

20:49:06.0692 3836 seclogon - ok

20:49:06.0723 3836 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

20:49:06.0723 3836 SENS - ok

20:49:06.0770 3836 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

20:49:06.0770 3836 Serenum - ok

20:49:06.0801 3836 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys

20:49:06.0801 3836 Serial - ok

20:49:06.0832 3836 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

20:49:06.0832 3836 sermouse - ok

20:49:06.0863 3836 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

20:49:06.0863 3836 SessionEnv - ok

20:49:06.0894 3836 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

20:49:06.0910 3836 sffdisk - ok

20:49:06.0957 3836 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

20:49:06.0957 3836 sffp_mmc - ok

20:49:06.0972 3836 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

20:49:06.0972 3836 sffp_sd - ok

20:49:06.0972 3836 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

20:49:06.0988 3836 sfloppy - ok

20:49:07.0019 3836 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

20:49:07.0035 3836 SharedAccess - ok

20:49:07.0082 3836 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

20:49:07.0082 3836 ShellHWDetection - ok

20:49:07.0113 3836 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys

20:49:07.0113 3836 sisagp - ok

20:49:07.0113 3836 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

20:49:07.0128 3836 SiSRaid2 - ok

20:49:07.0144 3836 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

20:49:07.0144 3836 SiSRaid4 - ok

20:49:07.0534 3836 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

20:49:07.0550 3836 slsvc - ok

20:49:07.0612 3836 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

20:49:07.0612 3836 SLUINotify - ok

20:49:07.0643 3836 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

20:49:07.0643 3836 Smb - ok

20:49:07.0674 3836 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

20:49:07.0674 3836 SNMPTRAP - ok

20:49:07.0737 3836 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

20:49:07.0752 3836 spldr - ok

20:49:07.0784 3836 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

20:49:07.0799 3836 Spooler - ok

20:49:07.0815 3836 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

20:49:07.0830 3836 srv - ok

20:49:07.0877 3836 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

20:49:07.0877 3836 srv2 - ok

20:49:07.0924 3836 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

20:49:07.0924 3836 srvnet - ok

20:49:07.0955 3836 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

20:49:07.0971 3836 SSDPSRV - ok

20:49:07.0986 3836 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

20:49:07.0986 3836 SstpSvc - ok

20:49:08.0174 3836 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

20:49:08.0174 3836 Stereo Service - ok

20:49:08.0267 3836 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

20:49:08.0283 3836 stisvc - ok

20:49:08.0345 3836 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

20:49:08.0361 3836 swenum - ok

20:49:08.0392 3836 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

20:49:08.0408 3836 swprv - ok

20:49:08.0439 3836 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

20:49:08.0439 3836 Symc8xx - ok

20:49:08.0454 3836 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

20:49:08.0454 3836 Sym_hi - ok

20:49:08.0486 3836 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

20:49:08.0486 3836 Sym_u3 - ok

20:49:08.0532 3836 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

20:49:08.0532 3836 SysMain - ok

20:49:08.0564 3836 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

20:49:08.0564 3836 TabletInputService - ok

20:49:08.0642 3836 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

20:49:08.0642 3836 TapiSrv - ok

20:49:08.0688 3836 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

20:49:08.0688 3836 TBS - ok

20:49:08.0876 3836 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

20:49:08.0922 3836 Tcpip - ok

20:49:08.0954 3836 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

20:49:08.0954 3836 Tcpip6 - ok

20:49:09.0000 3836 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

20:49:09.0000 3836 tcpipreg - ok

20:49:09.0016 3836 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

20:49:09.0016 3836 TDPIPE - ok

20:49:09.0032 3836 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

20:49:09.0032 3836 TDTCP - ok

20:49:09.0063 3836 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

20:49:09.0078 3836 tdx - ok

20:49:09.0110 3836 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

20:49:09.0125 3836 TermDD - ok

20:49:09.0234 3836 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

20:49:09.0234 3836 TermService - ok

20:49:09.0297 3836 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

20:49:09.0297 3836 Themes - ok

20:49:09.0312 3836 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

20:49:09.0312 3836 THREADORDER - ok

20:49:09.0359 3836 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

20:49:09.0375 3836 TrkWks - ok

20:49:09.0422 3836 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

20:49:09.0422 3836 TrustedInstaller - ok

20:49:09.0453 3836 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

20:49:09.0484 3836 tssecsrv - ok

20:49:09.0531 3836 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

20:49:09.0531 3836 tunmp - ok

20:49:09.0546 3836 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

20:49:09.0546 3836 tunnel - ok

20:49:09.0578 3836 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

20:49:09.0578 3836 uagp35 - ok

20:49:09.0609 3836 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

20:49:09.0624 3836 udfs - ok

20:49:09.0671 3836 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

20:49:09.0687 3836 UI0Detect - ok

20:49:09.0702 3836 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

20:49:09.0702 3836 uliagpkx - ok

20:49:09.0734 3836 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys

20:49:09.0734 3836 uliahci - ok

20:49:09.0765 3836 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

20:49:09.0765 3836 UlSata - ok

20:49:09.0796 3836 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

20:49:09.0796 3836 ulsata2 - ok

20:49:09.0827 3836 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

20:49:09.0827 3836 umbus - ok

20:49:09.0874 3836 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys

20:49:09.0874 3836 UMPass - ok

20:49:09.0952 3836 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

20:49:09.0952 3836 upnphost - ok

20:49:09.0983 3836 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

20:49:09.0999 3836 USBAAPL - ok

20:49:10.0030 3836 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

20:49:10.0030 3836 usbccgp - ok

20:49:10.0061 3836 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

20:49:10.0061 3836 usbcir - ok

20:49:10.0124 3836 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

20:49:10.0139 3836 usbehci - ok

20:49:10.0186 3836 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

20:49:10.0217 3836 usbhub - ok

20:49:10.0233 3836 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

20:49:10.0248 3836 usbohci - ok

20:49:10.0280 3836 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

20:49:10.0280 3836 usbprint - ok

20:49:10.0326 3836 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

20:49:10.0342 3836 usbscan - ok

20:49:10.0358 3836 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:49:10.0358 3836 USBSTOR - ok

20:49:10.0420 3836 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

20:49:10.0420 3836 usbuhci - ok

20:49:10.0467 3836 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

20:49:10.0467 3836 UxSms - ok

20:49:10.0576 3836 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

20:49:10.0607 3836 vds - ok

20:49:10.0638 3836 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

20:49:10.0654 3836 vga - ok

20:49:10.0685 3836 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

20:49:10.0701 3836 VgaSave - ok

20:49:10.0716 3836 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys

20:49:10.0716 3836 viaagp - ok

20:49:10.0748 3836 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

20:49:10.0748 3836 ViaC7 - ok

20:49:10.0779 3836 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys

20:49:10.0779 3836 viaide - ok

20:49:10.0826 3836 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

20:49:10.0826 3836 volmgr - ok

20:49:10.0872 3836 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

20:49:10.0872 3836 volmgrx - ok

20:49:10.0919 3836 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

20:49:10.0935 3836 volsnap - ok

20:49:10.0982 3836 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

20:49:10.0982 3836 vsmraid - ok

20:49:11.0075 3836 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

20:49:11.0122 3836 VSS - ok

20:49:11.0138 3836 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

20:49:11.0138 3836 W32Time - ok

20:49:11.0169 3836 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

20:49:11.0169 3836 WacomPen - ok

20:49:11.0200 3836 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

20:49:11.0200 3836 Wanarp - ok

20:49:11.0200 3836 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

20:49:11.0200 3836 Wanarpv6 - ok

20:49:11.0262 3836 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

20:49:11.0387 3836 wcncsvc - ok

20:49:11.0403 3836 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

20:49:11.0418 3836 WcsPlugInService - ok

20:49:11.0450 3836 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys

20:49:11.0450 3836 Wd - ok

20:49:11.0481 3836 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

20:49:11.0512 3836 Wdf01000 - ok

20:49:11.0528 3836 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

20:49:11.0528 3836 WdiServiceHost - ok

20:49:11.0543 3836 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

20:49:11.0543 3836 WdiSystemHost - ok

20:49:11.0590 3836 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

20:49:11.0590 3836 WebClient - ok

20:49:11.0652 3836 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

20:49:11.0668 3836 Wecsvc - ok

20:49:11.0684 3836 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

20:49:11.0684 3836 wercplsupport - ok

20:49:11.0684 3836 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

20:49:11.0699 3836 WerSvc - ok

20:49:11.0762 3836 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

20:49:11.0777 3836 WinDefend - ok

20:49:11.0793 3836 WinHttpAutoProxySvc - ok

20:49:11.0824 3836 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

20:49:11.0824 3836 Winmgmt - ok

20:49:11.0902 3836 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

20:49:11.0949 3836 WinRM - ok

20:49:11.0980 3836 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

20:49:11.0996 3836 Wlansvc - ok

20:49:12.0042 3836 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

20:49:12.0058 3836 WmiAcpi - ok

20:49:12.0105 3836 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

20:49:12.0105 3836 wmiApSrv - ok

20:49:12.0308 3836 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

20:49:12.0308 3836 WMPNetworkSvc - ok

20:49:12.0354 3836 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

20:49:12.0370 3836 WPCSvc - ok

20:49:12.0401 3836 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

20:49:12.0401 3836 WPDBusEnum - ok

20:49:12.0464 3836 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

20:49:12.0495 3836 WpdUsb - ok

20:49:12.0604 3836 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:49:12.0620 3836 WPFFontCache_v0400 - ok

20:49:12.0651 3836 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

20:49:12.0651 3836 ws2ifsl - ok

20:49:12.0698 3836 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

20:49:12.0698 3836 wscsvc - ok

20:49:12.0713 3836 WSearch - ok

20:49:12.0916 3836 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

20:49:12.0994 3836 wuauserv - ok

20:49:13.0041 3836 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

20:49:13.0041 3836 WUDFRd - ok

20:49:13.0088 3836 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

20:49:13.0103 3836 wudfsvc - ok

20:49:13.0181 3836 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys

20:49:13.0197 3836 yukonwlh - ok

20:49:13.0197 3836 ================ Scan global ===============================

20:49:13.0244 3836 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

20:49:13.0290 3836 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

20:49:13.0337 3836 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

20:49:13.0446 3836 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

20:49:13.0446 3836 [Global] - ok

20:49:13.0446 3836 ================ Scan MBR ==================================

20:49:13.0462 3836 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

20:49:14.0164 3836 \Device\Harddisk0\DR0 - ok

20:49:14.0164 3836 ================ Scan VBR ==================================

20:49:14.0180 3836 [ 86DCF71A498C285FA60A24F2B1B35297 ] \Device\Harddisk0\DR0\Partition1

20:49:14.0195 3836 \Device\Harddisk0\DR0\Partition1 - ok

20:49:14.0195 3836 ============================================================

20:49:14.0195 3836 Scan finished

20:49:14.0195 3836 ============================================================

20:49:14.0195 5660 Detected object count: 0

20:49:14.0195 5660 Actual detected object count: 0

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-19 20:52:20

-----------------------------

20:52:20.992 OS Version: Windows 6.0.6002 Service Pack 2

20:52:20.992 Number of processors: 2 586 0xF0B

20:52:20.992 ComputerName: MARTHA-PC UserName: Martha

20:52:22.411 Initialize success

20:53:25.723 AVAST engine defs: 12111901

21:02:12.333 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4

21:02:12.333 Disk 0 Vendor: ST3250410AS 3.AAC Size: 238475MB BusType: 3

21:02:12.333 Disk 0 MBR read successfully

21:02:12.349 Disk 0 MBR scan

21:02:12.364 Disk 0 Windows VISTA default MBR code

21:02:12.396 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048

21:02:12.396 Disk 0 scanning sectors +488394752

21:02:12.474 Disk 0 scanning C:\Windows\system32\drivers

21:02:22.302 Service scanning

21:02:48.120 Modules scanning

21:02:53.018 Disk 0 trace - called modules:

21:02:53.034 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

21:02:53.034 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eabac8]

21:02:53.034 3 CLASSPNP.SYS[8afba8b3] -> nt!IofCallDriver -> [0x8572ea70]

21:02:53.049 5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0x85719030]

21:02:53.704 AVAST engine scan C:\Windows

21:03:01.941 AVAST engine scan C:\Windows\system32

21:07:52.086 AVAST engine scan C:\Windows\system32\drivers

21:08:06.141 AVAST engine scan C:\Users\Martha

21:10:29.318 AVAST engine scan C:\ProgramData

21:11:15.385 Disk 0 MBR has been saved successfully to "C:\Users\Martha\Desktop\MBR.dat"

21:11:15.400 The log file has been saved successfully to "C:\Users\Martha\Desktop\aswMBR2.txt"

It seemed to work just fine. No reboot necessary, though, so I am not sure how it seems on startup.

Marth9

Link to post
Share on other sites

  • Staff

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove

    • Java 7 Update 7

  • Please download and install
Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

So far, it seems to be working much better. There weren't any problems with the programs that I am aware of. Here are the newest logs...

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.19.10

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Martha :: MARTHA-PC [administrator]

11/19/2012 10:43:53 PM

mbam-log-2012-11-19 (22-43-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218378

Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:50:35 PM, on 11/19/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\McAfee\MAT\McPvTray.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Users\Martha\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exe

O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 8563 bytes

Hope this is helpful. Thank you so much!

Marth9

Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    [*] Close all open windows and browsers/email, etc...

    [*] Click on the "Fix Checked" button

    [*] When completed, close the application.

    • NOTE**You can research each of those lines
    >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites

  • Staff

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites

Gringo,

Thank you so so much! My computer is working much better. This has definitely been one of the more pleasant experiences that I've had trying to clean my computer up. Last time I had an issue, I gave up and just wiped it all. =) I appreciate all of the security advice as well and I may be sending some friends your way.

Marth9

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.