Running I E causes a crash, and when restore defaults, get a (rundll32) error. (Vista Home Basic)/Zwinky Funweb adwares + NO AV

Jaldy · April 4, 2013

Greetings,

A friend was hoping I could fix his laptop, but the amount of information Vista gives me is very vague. i'm hoping for a solution, and you guys are the best folks to help! I have had experience with ComboFix in the past, but I am not very familiar with the other programs that help experts here use (TDSkiller, Roguekiller, etc.), and would love it if one of you fine folks could assist me!

I already took the necessary steps of backing up my friend's important files, and despite what I'm NOT supposed to do, I did anyway and ran ComboFix...It found a TCP/IP rootkit, and I have rebooted several times. Running Chrome or other browsers does not cause a crash...I have a feeling that attempting to run Internet Explorer re-propogates whatever rootkit or virus he has on his computer.

I have tried everything I can think of and cannot continue without your help. I will follow your instructions to the T if you are willing.

Thank you in advance!

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.9.2

Run by Owner at 13:28:03 on 2013-04-04

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1708 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe

C:\Program Files\MyFunCards_5m\bar\1.bin\5mbrmon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - c:\program files\dogpile bundle toolbar\Toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - c:\program files\dogpile bundle toolbar\Toolbar.dll

TB: SmileBox EN Toolbar: {F897EB0E-A3A4-46C3-80EB-2729699D8892} - c:\program files\smilebox_en\prxtbSmil.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - c:\program files\dogpile bundle toolbar\Toolbar.dll

TB: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll

uRun: [rmacping] c:\windows\system32\findwwiz.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Zwinky_5q Browser Plugin Loader] c:\progra~1\zwinky~2\bar\1.bin\5qbrmon.exe

mRun: [MyFunCards_5m Browser Plugin Loader] c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab

TCP: NameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{4DB117E4-1745-416B-B220-B5CCC9AEF855} : DHCPNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{9896D096-C676-4F33-B4A4-412A0318471B} : DHCPNameServer = 208.180.83.133 208.180.42.68

TCP: Interfaces\{D00B9979-42B9-4910-94EB-250C116767D1} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-3 24576]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-30 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-23 682344]

R2 MyFunCards_5mService;MyFunCardsService;c:\progra~1\myfunc~2\bar\1.bin\5mbarsvc.exe [2012-9-3 42528]

R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-9-3 185856]

R2 Zwinky_5qService;ZwinkyService;c:\progra~1\zwinky~2\bar\1.bin\5qbarsvc.exe [2012-4-1 42528]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-23 21104]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-04-04 18:26:29 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{498f07f7-5731-489b-95e6-cb6a851e00de}\mpengine.dll

2013-04-03 02:52:38 -------- d-sh--w- C:\$RECYCLE.BIN

2013-04-02 22:03:42 -------- d-----w- c:\users\owner\appdata\local\temp

2013-04-02 07:15:46 -------- d-----w- C:\found.000

2013-03-28 20:37:07 212992 ---ha-w- c:\windows\system32\findwwiz.exe

2013-03-26 02:14:20 212992 ---ha-w- c:\windows\system32\105815

2013-03-25 20:39:46 4546560 ----a-w- c:\windows\system32\GPhotos.scr

2013-03-20 22:09:50 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-16 18:10:04 -------- d-----w- c:\users\owner\appdata\local\Apple Computer

2013-03-16 18:06:15 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2013-03-16 18:04:57 -------- d-----w- c:\program files\iPod

2013-03-16 18:04:52 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-03-16 18:04:52 -------- d-----w- c:\program files\iTunes

2013-03-16 18:02:16 -------- d-----w- c:\users\owner\appdata\local\Apple

2013-03-16 17:57:53 -------- d-----w- c:\program files\Bonjour

2013-03-08 02:10:16 -------- d-----w- c:\users\owner\appdata\roaming\OpenCandy

2013-03-08 02:10:16 -------- d-----w- c:\program files\SMPlayer

.

==================== Find3M ====================

.

2013-04-02 07:05:07 72192 ----a-w- c:\windows\system32\drivers\tdx.sys

2013-03-13 01:54:26 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-13 01:54:26 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-05 05:26:01 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:26:01 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe

.

============= FINISH: 13:28:26.20 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 1/3/2009 8:21:54 PM

System Uptime: 4/4/2013 11:53:42 AM (2 hours ago)

.

Motherboard: Acer | | Nile

Processor: AMD Athlon Processor 2650e | Socket M2/S1G1 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 1.117 GiB free.

D: is FIXED (NTFS) - 70 GiB total, 69.363 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP674: 4/2/2013 1:52:02 AM - Windows Update

RP675: 4/2/2013 4:11:18 PM - Scheduled Checkpoint

RP676: 4/4/2013 12:57:50 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Acer Assist

Acer Empowering Technology

Acer Mobility Center Plug-In

Acer Registration

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.5.4

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Bonjour

BufferChm

Casino Poker

CasinoBJ

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

DJ_AIO_06_F4500_SW_MIN

Dogpile Bundle Toolbar

F4500

Google Chrome

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6

HPPhotoGadget

iMesh

InterVideo WinDVD 8

iTunes

Java 7 Update 9

Java Auto Updater

Java 6 Update 34

Launch Manager

LightScribe 1.4.142.1

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

Picasa 3

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

Scan

Search Results Toolbar

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Skins

Skype web features

Skype™ 5.10

Smilebox

SmileBox EN Toolbar

SMPlayer 0.6.9

Synaptics Pointing Device Driver

The Sims™ 2 Double Deluxe

Toolbox

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Web Assistant 2.0.0.469

WebReg

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

4/4/2013 12:54:56 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

4/4/2013 1:20:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.147.868.0).

4/4/2013 1:13:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

4/4/2013 1:13:04 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/4/2013 1:13:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/4/2013 1:13:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/4/2013 1:11:40 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2505189 (Update) into Resolved(Resolved) state

4/2/2013 5:03:46 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

4/2/2013 4:54:15 PM, Error: Service Control Manager [7034] - The Web Assistant Updater service terminated unexpectedly. It has done this 1 time(s).

4/2/2013 4:54:15 PM, Error: Service Control Manager [7034] - The NTI Backup Now 5 Scheduler Service service terminated unexpectedly. It has done this 1 time(s).

4/2/2013 10:03:55 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/1/2013 9:32:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

4/1/2013 5:21:14 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume ACER.

4/1/2013 5:16:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.

4/1/2013 5:14:56 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.

4/1/2013 5:07:49 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00242B5048AC has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

4/1/2013 1:49:44 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.J&threatid=167505 Scan ID: {ABA5EE6F-4034-4C46-BD22-AB66D6B363BA} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:WinNT/Sirefef.J ID: 167505 Severity ID: 5 Category ID: 8 Path: driver:tdx;file:\\?\C:\Windows\system32\DRIVERS\tdx.sys->[Obfuscator.PN] Action: Remove Error Code: 0x80508026 Error description: This program can't remove a potentially harmful item from the contents of an archived file. To remove the item, you need to delete the archive. For more information, search for removing spyware in Help and Support.

3/31/2013 9:48:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 00242B5048AC has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

3/31/2013 2:21:18 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.J&threatid=167505 Scan ID: {6C80ED6F-874C-49B1-B140-4C3DCE36E892} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:WinNT/Sirefef.J ID: 167505 Severity ID: 5 Category ID: 8 Path: driver:tdx;file:\\?\C:\Windows\system32\DRIVERS\tdx.sys->[Obfuscator.PN] Action: Remove Error Code: 0x80508026 Error description: This program can't remove a potentially harmful item from the contents of an archived file. To remove the item, you need to delete the archive. For more information, search for removing spyware in Help and Support.

3/30/2013 2:19:34 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.J&threatid=167505 Scan ID: {381F78B6-63CC-4AD8-A3B9-1C26CFCDC88F} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:WinNT/Sirefef.J ID: 167505 Severity ID: 5 Category ID: 8 Path: driver:tdx;file:\\?\C:\Windows\system32\DRIVERS\tdx.sys->[Obfuscator.PN] Action: Remove Error Code: 0x80508026 Error description: This program can't remove a potentially harmful item from the contents of an archived file. To remove the item, you need to delete the archive. For more information, search for removing spyware in Help and Support.

3/29/2013 3:54:48 AM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.J&threatid=167505 Scan ID: {AF7DF1A0-CC1E-4CC5-BD06-CA166C77A07D} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:WinNT/Sirefef.J ID: 167505 Severity ID: 5 Category ID: 8 Path: driver:tdx;file:\\?\C:\Windows\system32\DRIVERS\tdx.sys->[Obfuscator.PN] Action: Remove Error Code: 0x80508026 Error description: This program can't remove a potentially harmful item from the contents of an archived file. To remove the item, you need to delete the archive. For more information, search for removing spyware in Help and Support.

.

==== End Of File ===========================

Edited April 13, 2013 by Maurice Naggar

Maurice Naggar · April 13, 2013

Hello jaldy,

Has this been resolved already?

It is truly best practice that your friend join the forum so that he can be provided one on one help, rather than going thru a middleman, granted well-intentioned.

Jaldy · April 13, 2013

Oh, I have his computer with me and am able to work on it simultaneously. I guess the ownership thing was moot.

Unfortunately, I never received any help. I just assumed that the people that downloaded the logs did not find anything alarming, but the issue is still not resolved.

Maurice Naggar · April 13, 2013

Please follow my guidance and do not run any other tools on your own. Also, do not use Quote or Code blocks for any report you post.

Just do a simple Copy & Paste. That way it is cleaner & easier for me to read.

Do not use the attach option for posting your logs, unless a particular report is way too huge to fit.

You may put each report in a separate reply.

Please start with the following, doing as much as you can.

Task 1

Now, turn OFF your antivirus program so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

On the following screen:

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

Task 2

Download & SAVE to your Desktop Tigzy's RogueKiller >> from here << or

>> from here <<

Quit all programs that you may have started.
Please disconnect any USB or external storage drives from the computer before you run this scan!
For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on Scan button at upper right of screen.
Wait until the Status box shows "Scan Finished"
Click on Report and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Do NOT press any Fix button.
Exit/Close RogueKiller

Jaldy · April 13, 2013

FIX was NOT available to click.

Run date: 2013-04-13 09:55:19

-----------------------------

09:55:19.835 OS Version: Windows 6.0.6002 Service Pack 2

09:55:19.835 Number of processors: 1 586 0x7F02

09:55:19.835 ComputerName: COMPUTER UserName: Owner

09:55:20.896 Initialize success

09:55:35.784 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b

09:55:35.784 Disk 0 Vendor: WDC_WD16 1.10 Size: 152627MB BusType: 6

09:55:36.081 Disk 0 MBR read successfully

09:55:36.081 Disk 0 MBR scan

09:55:36.096 Disk 0 unknown MBR code

09:55:36.096 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63

09:55:36.112 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71192 MB offset 20981760

09:55:36.143 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71189 MB offset 166782976

09:55:36.174 Disk 0 scanning sectors +312578048

09:55:36.268 Disk 0 scanning C:\Windows\system32\drivers

09:55:43.865 Service scanning

09:56:00.900 Modules scanning

09:56:10.229 Scan finished successfully

09:57:49.944 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"

09:57:49.944 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Jaldy · April 13, 2013

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Scan -- Date : 04/13/2013 10:04:15

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD16 00BEVT-22ZCT0 SCSI Disk Device +++++

--- User ---

[MBR] 683cbe3062c5bae5f34940638e523a6c

[bSP] 3a6b45d653fbf18a806a5dc581f7047a : Acer MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10244 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20981760 | Size: 71192 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166782976 | Size: 71189 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_04132013_02d1004.txt >>

RKreport[1]_S_04132013_02d1004.txt

Maurice Naggar · April 13, 2013

Have you noticed that this system has NO antivirus program installed ??

At some point later, (but not now) I will recommend you install Avira antivirus.

There are a number of other issues here, some being adwares & bogus browser helpers, plus, 3 out of date utilities.

I need a copy of C:\Combofix.txt for review (it appears you ran that at some earlier time)

reminder, do NOT run any tools on your own.

I also need for you to do this:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Maurice Naggar · April 13, 2013

Backdoor trojan warning:ZeroAccess / Sirefef
This system has some serious backdoor trojans. ZeroAccess / Sirefef
This is a point where the system-owner needs to decide about whether to make a clean start.
According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.
You are strongly advised to do the following immediately.
1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx
* Take any other steps you think appropriate for an attempted identity theft.
You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.
While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.
Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan
Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx
Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html
When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451
Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx
Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx
Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx
Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

I must insist you check with the computer owner immediately. And let's have his/her decision.

The DDS log showed that Windows Defender was complaining about a ZeroAccess infection since (at least) March 29th.

It is exactly because of infections like this, that it is best if the computer-owner was working directly with us :excl:

Jaldy · April 13, 2013

ComboFix 13-04-02.01 - Owner 04/02/2013 16:54:17.4.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.2070 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\$NtUninstallKB32993$

.

((((((((((((((((((((((((( Files Created from 2013-03-03 to 2013-04-03 )))))))))))))))))))))))))))))))

.

2013-04-02 22:03 . 2013-04-03 02:51 -------- d-----w- c:\users\Owner\AppData\Local\temp

2013-04-02 22:03 . 2013-04-02 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-02 22:03 . 2013-04-02 22:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-04-02 22:03 . 2013-04-02 22:03 -------- d-----w- c:\users\mine\AppData\Local\temp

2013-04-02 07:15 . 2013-04-02 07:15 -------- d-----w- C:\found.000

2013-03-29 08:45 . 2013-03-15 07:21 7108640 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8962CF0F-27C6-4DBC-B6DA-E010A29F38EE}\mpengine.dll

2013-03-28 20:37 . 2013-03-28 20:37 212992 ---ha-w- c:\windows\system32\findwwiz.exe

2013-03-26 02:14 . 2013-03-26 02:14 212992 ---ha-w- c:\windows\system32\105815

2013-03-25 20:39 . 2013-03-25 20:39 4546560 ----a-w- c:\windows\system32\GPhotos.scr

2013-03-20 22:09 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-16 18:10 . 2013-03-16 18:15 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer

2013-03-16 18:10 . 2013-03-16 18:10 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer

2013-03-16 18:06 . 2012-08-21 18:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2013-03-16 18:06 . 2013-03-16 18:06 -------- dc----w- c:\windows\system32\DRVSTORE

2013-03-16 18:04 . 2013-03-16 18:04 -------- d-----w- c:\program files\iPod

2013-03-16 18:04 . 2013-03-16 18:06 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-03-16 18:04 . 2013-03-16 18:06 -------- d-----w- c:\program files\iTunes

2013-03-16 18:04 . 2013-03-16 18:04 -------- d-----w- c:\programdata\Apple Computer

2013-03-16 18:02 . 2013-03-16 18:02 -------- d-----w- c:\users\Owner\AppData\Local\Apple

2013-03-16 18:02 . 2013-03-16 18:02 -------- d-----w- c:\program files\Apple Software Update

2013-03-16 17:57 . 2013-03-16 17:57 -------- d-----w- c:\program files\Bonjour

2013-03-16 17:57 . 2013-03-16 18:04 -------- d-----w- c:\program files\Common Files\Apple

2013-03-16 17:57 . 2013-03-16 18:01 -------- d-----w- c:\programdata\Apple

2013-03-08 02:10 . 2013-03-08 02:10 -------- d-----w- c:\program files\SMPlayer

2013-03-08 02:10 . 2013-03-08 02:10 -------- d-----w- c:\users\Owner\AppData\Roaming\OpenCandy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-02 07:05 . 2009-08-07 20:50 72192 ----a-w- c:\windows\system32\drivers\tdx.sys

2013-03-13 01:54 . 2012-09-11 01:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 01:54 . 2011-08-12 00:34 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-17 06:28 . 2011-11-27 01:28 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-05 05:26 . 2013-02-12 22:58 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:26 . 2013-02-12 22:58 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 11:28 . 2013-02-12 22:59 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-04 01:38 . 2013-02-12 22:59 2048512 ----a-w- c:\windows\system32\win32k.sys

2009-12-16 19:33 . 2009-12-16 19:33 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]

2012-08-05 02:38 1624576 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

2011-05-09 08:49 176936 ----a-w- c:\program files\SmileBox_EN\prxtbSmil.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2012-08-05 1624576]

"{f897eb0e-a3a4-46c3-80eb-2729699d8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]

[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]

[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]

.

[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2012-08-05 1624576]

"{F897EB0E-A3A4-46C3-80EB-2729699D8892}"= "c:\program files\SmileBox_EN\prxtbSmil.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]

[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]

[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]

.

[HKEY_CLASSES_ROOT\clsid\{f897eb0e-a3a4-46c3-80eb-2729699d8892}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"rmacping"="c:\windows\system32\findwwiz.exe" [2013-03-28 212992]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"Zwinky_5q Browser Plugin Loader"="c:\progra~1\ZWINKY~2\bar\1.bin\5qbrmon.exe" [2012-04-01 30096]

"MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-09-04 30096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 01:54]

.

2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 00:53]

.

2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 00:53]

.

2013-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321771671-1741791935-1590848369-1001Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 22:58]

.

2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321771671-1741791935-1590848369-1001UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 22:58]

.

2013-04-03 c:\windows\Tasks\User_Feed_Synchronization-{8E1895AE-6174-4013-8965-F23294416845}.job

- c:\windows\system32\msfeedssync.exe [2012-02-24 03:14]

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 24.116.2.50 24.116.2.34

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-04-02 21:51

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-321771671-1741791935-1590848369-1001\*& À*t*]

@Allowed: (Read) (RestrictedCode)

"MachineID"=hex:b6,aa,58,4d,50,48,ac,00

.

[HKEY_USERS\S-1-5-21-321771671-1741791935-1590848369-1001\*& 0 t*]

@Allowed: (Read) (RestrictedCode)

"MachineID"=hex:b6,aa,58,4d,50,48,ac,00

.

[HKEY_USERS\S-1-5-21-321771671-1741791935-1590848369-1001\2*¬ & w*]

@Allowed: (Read) (RestrictedCode)

"MachineID"=hex:b6,aa,58,4d,50,48,ac,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(728)

c:\program files\MyFunCards_5m\bar\1.bin\5mbrstub.dll

c:\program files\Zwinky_5q\bar\1.bin\5qbrstub.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

c:\program files\Acer\Empowering Technology\Service\ETService.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\acer\Mobility Center\MobilityService.exe

c:\progra~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe

c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

c:\program files\Web Assistant\ExtensionUpdaterService.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\progra~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\Zwinky_5q\bar\1.bin\5qbrmon.exe

c:\program files\MyFunCards_5m\bar\1.bin\5mbrmon.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wlrmdr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2013-04-02 21:54:07 - machine was rebooted

ComboFix-quarantined-files.txt 2013-04-03 02:54

ComboFix2.txt 2013-04-02 20:00

ComboFix3.txt 2013-04-02 06:38

.

Pre-Run: 1,683,111,936 bytes free

Post-Run: 1,147,236,352 bytes free

.

- - End Of File - - 412B07A89991DF99C724B6AE32F53A43

Jaldy · April 13, 2013

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/13/2013 10:33:21 AM in x86 mode.

Windows Version: Windows Vista Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Owner\Desktop\RogueKiller.exe (PID: 4504) [uP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* msiserver => %systemroot%\system32\msiexec.exe /V [incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 04/13/2013 10:33:48 AM

Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)

Jaldy · April 13, 2013

The computer owner is a very basic user. He uses his computer for radio show contests and playing around on Yahoo games. i called him a moment ago to tell him about the infection, and he says that he does not do any online banking or anything regarding his personal credentials, and to do whatever is necessary to take care of the issue. I assure you that you would be having a much harder time getting him to follow your directions. :lol:

Maurice Naggar · April 13, 2013

See my posted reply in # 8

You must advise the owner. And I must have his/her input on what they decide.

Maurice Naggar · April 13, 2013

We're criss-crossing posts.

IF & only if you had run TDSSKILLER before, get me a copy of that log so I can review, and delete any prior copy of tdsskiller.exe

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Jaldy · April 13, 2013

I need to step out for a few hours. Thank you for your attention!

Jaldy · April 13, 2013

15:39:27.0000 5352 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:39:27.0515 5352 ============================================================

15:39:27.0515 5352 Current date / time: 2013/04/13 15:39:27.0515

15:39:27.0515 5352 SystemInfo:

15:39:27.0515 5352

15:39:27.0515 5352 OS Version: 6.0.6002 ServicePack: 2.0

15:39:27.0515 5352 Product type: Workstation

15:39:27.0515 5352 ComputerName: COMPUTER

15:39:27.0515 5352 UserName: Owner

15:39:27.0515 5352 Windows directory: C:\Windows

15:39:27.0515 5352 System windows directory: C:\Windows

15:39:27.0515 5352 Processor architecture: Intel x86

15:39:27.0515 5352 Number of processors: 1

15:39:27.0515 5352 Page size: 0x1000

15:39:27.0515 5352 Boot type: Normal boot

15:39:27.0515 5352 ============================================================

15:39:28.0825 5352 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:39:28.0825 5352 ============================================================

15:39:28.0825 5352 \Device\Harddisk0\DR0:

15:39:28.0825 5352 MBR partitions:

15:39:28.0825 5352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x8B0C000

15:39:28.0825 5352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9F0E800, BlocksNum 0x8B0A800

15:39:28.0825 5352 ============================================================

15:39:28.0872 5352 C: <-> \Device\Harddisk0\DR0\Partition1

15:39:28.0903 5352 D: <-> \Device\Harddisk0\DR0\Partition2

15:39:28.0903 5352 ============================================================

15:39:28.0919 5352 Initialize success

15:39:28.0919 5352 ============================================================

15:39:33.0287 5956 ============================================================

15:39:33.0287 5956 Scan started

15:39:33.0287 5956 Mode: Manual;

15:39:33.0287 5956 ============================================================

15:39:34.0379 5956 ================ Scan system memory ========================

15:39:34.0379 5956 System memory - ok

15:39:34.0379 5956 ================ Scan services =============================

15:39:34.0582 5956 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

15:39:34.0582 5956 ACPI - ok

15:39:34.0722 5956 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:39:34.0738 5956 AdobeFlashPlayerUpdateSvc - ok

15:39:34.0800 5956 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

15:39:34.0800 5956 adp94xx - ok

15:39:34.0831 5956 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

15:39:34.0847 5956 adpahci - ok

15:39:34.0863 5956 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

15:39:34.0878 5956 adpu160m - ok

15:39:34.0894 5956 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

15:39:34.0894 5956 adpu320 - ok

15:39:34.0941 5956 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

15:39:34.0941 5956 AeLookupSvc - ok

15:39:35.0034 5956 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

15:39:35.0034 5956 AFD - ok

15:39:35.0065 5956 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

15:39:35.0065 5956 agp440 - ok

15:39:35.0081 5956 [ 4FA58A158C9D3769FF9248675B53D6A7 ] ahcix86s C:\Windows\system32\DRIVERS\ahcix86s.sys

15:39:35.0081 5956 ahcix86s - ok

15:39:35.0112 5956 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

15:39:35.0112 5956 aic78xx - ok

15:39:35.0128 5956 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

15:39:35.0128 5956 ALG - ok

15:39:35.0159 5956 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys

15:39:35.0159 5956 aliide - ok

15:39:35.0190 5956 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

15:39:35.0190 5956 amdagp - ok

15:39:35.0221 5956 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys

15:39:35.0221 5956 amdide - ok

15:39:35.0284 5956 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

15:39:35.0284 5956 AmdK7 - ok

15:39:35.0299 5956 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

15:39:35.0299 5956 AmdK8 - ok

15:39:35.0346 5956 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

15:39:35.0346 5956 Appinfo - ok

15:39:35.0565 5956 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:39:35.0565 5956 Apple Mobile Device - ok

15:39:35.0627 5956 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

15:39:35.0627 5956 arc - ok

15:39:35.0674 5956 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

15:39:35.0674 5956 arcsas - ok

15:39:35.0705 5956 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

15:39:35.0705 5956 AsyncMac - ok

15:39:35.0752 5956 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

15:39:35.0752 5956 atapi - ok

15:39:35.0814 5956 [ 8BE56F8300E1C37B578DA23C71816B7A ] athr C:\Windows\system32\DRIVERS\athr.sys

15:39:35.0830 5956 athr - ok

15:39:35.0908 5956 [ 4604DB6D5ECA6362873CC3A76D2204BA ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

15:39:35.0908 5956 Ati External Event Utility - ok

15:39:36.0079 5956 [ 47DCF5D78C395159D72C65C25129FC44 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

15:39:36.0111 5956 atikmdag - ok

15:39:36.0157 5956 [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

15:39:36.0157 5956 AtiPcie - ok

15:39:36.0220 5956 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:39:36.0220 5956 AudioEndpointBuilder - ok

15:39:36.0267 5956 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

15:39:36.0267 5956 Audiosrv - ok

15:39:36.0345 5956 [ C38077D14ADF896EE1E1DBBCBCF77E14 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys

15:39:36.0345 5956 BCM43XX - ok

15:39:36.0391 5956 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

15:39:36.0391 5956 Beep - ok

15:39:36.0469 5956 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

15:39:36.0469 5956 BFE - ok

15:39:36.0547 5956 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll

15:39:36.0563 5956 BITS - ok

15:39:36.0594 5956 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

15:39:36.0594 5956 blbdrive - ok

15:39:36.0703 5956 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:39:36.0703 5956 Bonjour Service - ok

15:39:36.0766 5956 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

15:39:36.0766 5956 bowser - ok

15:39:36.0797 5956 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

15:39:36.0797 5956 BrFiltLo - ok

15:39:36.0828 5956 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

15:39:36.0828 5956 BrFiltUp - ok

15:39:36.0875 5956 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

15:39:36.0875 5956 Browser - ok

15:39:36.0891 5956 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

15:39:36.0891 5956 Brserid - ok

15:39:36.0922 5956 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

15:39:36.0922 5956 BrSerWdm - ok

15:39:36.0953 5956 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

15:39:36.0953 5956 BrUsbMdm - ok

15:39:36.0969 5956 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

15:39:36.0969 5956 BrUsbSer - ok

15:39:37.0000 5956 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

15:39:37.0000 5956 BTHMODEM - ok

15:39:37.0078 5956 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

15:39:37.0078 5956 BUNAgentSvc - ok

15:39:37.0109 5956 catchme - ok

15:39:37.0140 5956 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

15:39:37.0140 5956 cdfs - ok

15:39:37.0171 5956 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

15:39:37.0187 5956 cdrom - ok

15:39:37.0234 5956 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

15:39:37.0234 5956 CertPropSvc - ok

15:39:37.0265 5956 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

15:39:37.0281 5956 circlass - ok

15:39:37.0343 5956 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

15:39:37.0343 5956 CLFS - ok

15:39:37.0390 5956 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:39:37.0390 5956 clr_optimization_v2.0.50727_32 - ok

15:39:37.0483 5956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:39:37.0483 5956 clr_optimization_v4.0.30319_32 - ok

15:39:37.0530 5956 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

15:39:37.0530 5956 CmBatt - ok

15:39:37.0561 5956 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys

15:39:37.0561 5956 cmdide - ok

15:39:37.0577 5956 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

15:39:37.0577 5956 Compbatt - ok

15:39:37.0593 5956 COMSysApp - ok

15:39:37.0624 5956 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

15:39:37.0624 5956 crcdisk - ok

15:39:37.0655 5956 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

15:39:37.0655 5956 Crusoe - ok

15:39:37.0702 5956 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll

15:39:37.0717 5956 CryptSvc - ok

15:39:37.0795 5956 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

15:39:37.0811 5956 DcomLaunch - ok

15:39:37.0858 5956 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

15:39:37.0858 5956 DfsC - ok

15:39:37.0967 5956 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

15:39:37.0983 5956 DFSR - ok

15:39:38.0076 5956 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

15:39:38.0076 5956 Dhcp - ok

15:39:38.0123 5956 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

15:39:38.0123 5956 disk - ok

15:39:38.0154 5956 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys

15:39:38.0154 5956 DKbFltr - ok

15:39:38.0185 5956 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

15:39:38.0185 5956 Dnscache - ok

15:39:38.0232 5956 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

15:39:38.0232 5956 dot3svc - ok

15:39:38.0295 5956 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

15:39:38.0295 5956 Dot4 - ok

15:39:38.0326 5956 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

15:39:38.0326 5956 Dot4Print - ok

15:39:38.0373 5956 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

15:39:38.0373 5956 dot4usb - ok

15:39:38.0435 5956 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

15:39:38.0435 5956 DPS - ok

15:39:38.0466 5956 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys

15:39:38.0466 5956 DritekPortIO - ok

15:39:38.0513 5956 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

15:39:38.0513 5956 drmkaud - ok

15:39:38.0591 5956 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

15:39:38.0591 5956 DXGKrnl - ok

15:39:38.0638 5956 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

15:39:38.0638 5956 E1G60 - ok

15:39:38.0685 5956 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

15:39:38.0685 5956 EapHost - ok

15:39:38.0747 5956 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

15:39:38.0763 5956 Ecache - ok

15:39:38.0809 5956 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

15:39:38.0809 5956 elxstor - ok

15:39:38.0887 5956 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

15:39:38.0887 5956 EMDMgmt - ok

15:39:38.0919 5956 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

15:39:38.0919 5956 ErrDev - ok

15:39:39.0012 5956 [ F25247D0E011A643EE60052CE23BE05E ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

15:39:39.0012 5956 ETService - ok

15:39:39.0075 5956 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

15:39:39.0075 5956 EventSystem - ok

15:39:39.0137 5956 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

15:39:39.0137 5956 exfat - ok

15:39:39.0184 5956 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

15:39:39.0184 5956 fastfat - ok

15:39:39.0231 5956 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

15:39:39.0246 5956 fdc - ok

15:39:39.0293 5956 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

15:39:39.0293 5956 fdPHost - ok

15:39:39.0309 5956 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

15:39:39.0309 5956 FDResPub - ok

15:39:39.0340 5956 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

15:39:39.0340 5956 FileInfo - ok

15:39:39.0371 5956 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

15:39:39.0371 5956 Filetrace - ok

15:39:39.0402 5956 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

15:39:39.0402 5956 flpydisk - ok

15:39:39.0465 5956 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

15:39:39.0465 5956 FltMgr - ok

15:39:39.0543 5956 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll

15:39:39.0543 5956 FontCache - ok

15:39:39.0621 5956 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

15:39:39.0621 5956 FontCache3.0.0.0 - ok

15:39:39.0652 5956 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

15:39:39.0652 5956 Fs_Rec - ok

15:39:39.0683 5956 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

15:39:39.0699 5956 gagp30kx - ok

15:39:39.0730 5956 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:39:39.0745 5956 GEARAspiWDM - ok

15:39:39.0792 5956 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

15:39:39.0792 5956 gpsvc - ok

15:39:39.0901 5956 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

15:39:39.0901 5956 gupdate - ok

15:39:39.0917 5956 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

15:39:39.0917 5956 gupdatem - ok

15:39:39.0979 5956 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

15:39:39.0979 5956 gusvc - ok

15:39:40.0026 5956 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:39:40.0026 5956 HdAudAddService - ok

15:39:40.0089 5956 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

15:39:40.0104 5956 HDAudBus - ok

15:39:40.0120 5956 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

15:39:40.0120 5956 HidBth - ok

15:39:40.0151 5956 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

15:39:40.0151 5956 HidIr - ok

15:39:40.0213 5956 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

15:39:40.0213 5956 hidserv - ok

15:39:40.0260 5956 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

15:39:40.0260 5956 HidUsb - ok

15:39:40.0323 5956 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

15:39:40.0323 5956 hkmsvc - ok

15:39:40.0354 5956 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

15:39:40.0354 5956 HpCISSs - ok

15:39:40.0510 5956 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

15:39:40.0525 5956 HPSLPSVC - ok

15:39:40.0588 5956 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys

15:39:40.0588 5956 HTTP - ok

15:39:40.0619 5956 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

15:39:40.0619 5956 i2omp - ok

15:39:40.0666 5956 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

15:39:40.0666 5956 i8042prt - ok

15:39:40.0697 5956 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

15:39:40.0697 5956 iaStorV - ok

15:39:40.0791 5956 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:39:40.0791 5956 idsvc - ok

15:39:40.0822 5956 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

15:39:40.0822 5956 iirsp - ok

15:39:40.0884 5956 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

15:39:40.0900 5956 IKEEXT - ok

15:39:40.0962 5956 [ 58FF11C95C3681C9250914521CB9F036 ] int15 C:\Windows\system32\drivers\int15.sys

15:39:40.0962 5956 int15 - ok

15:39:41.0071 5956 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

15:39:41.0087 5956 IntcAzAudAddService - ok

15:39:41.0134 5956 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys

15:39:41.0134 5956 intelide - ok

15:39:41.0149 5956 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

15:39:41.0149 5956 intelppm - ok

15:39:41.0196 5956 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

15:39:41.0196 5956 IPBusEnum - ok

15:39:41.0243 5956 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:39:41.0243 5956 IpFilterDriver - ok

15:39:41.0305 5956 [ 1998BD97F950680BB55F55A7244679C2 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll

15:39:41.0321 5956 IpHlpSvc - ok

15:39:41.0337 5956 IpInIp - ok

15:39:41.0368 5956 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

15:39:41.0383 5956 IPMIDRV - ok

15:39:41.0415 5956 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

15:39:41.0415 5956 IPNAT - ok

15:39:41.0555 5956 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:39:41.0555 5956 iPod Service - ok

15:39:41.0586 5956 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

15:39:41.0586 5956 IRENUM - ok

15:39:41.0633 5956 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

15:39:41.0633 5956 isapnp - ok

15:39:41.0680 5956 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

15:39:41.0680 5956 iScsiPrt - ok

15:39:41.0711 5956 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

15:39:41.0711 5956 iteatapi - ok

15:39:41.0742 5956 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

15:39:41.0742 5956 iteraid - ok

15:39:41.0789 5956 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

15:39:41.0805 5956 IviRegMgr - ok

15:39:41.0820 5956 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

15:39:41.0820 5956 kbdclass - ok

15:39:41.0851 5956 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

15:39:41.0851 5956 kbdhid - ok

15:39:41.0898 5956 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

15:39:41.0898 5956 KeyIso - ok

15:39:41.0961 5956 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

15:39:41.0976 5956 KSecDD - ok

15:39:42.0039 5956 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

15:39:42.0054 5956 KtmRm - ok

15:39:42.0101 5956 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

15:39:42.0101 5956 LanmanServer - ok

15:39:42.0148 5956 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:39:42.0163 5956 LanmanWorkstation - ok

15:39:42.0226 5956 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

15:39:42.0226 5956 LightScribeService - ok

15:39:42.0241 5956 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

15:39:42.0241 5956 lltdio - ok

15:39:42.0288 5956 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

15:39:42.0288 5956 lltdsvc - ok

15:39:42.0335 5956 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

15:39:42.0335 5956 lmhosts - ok

15:39:42.0366 5956 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

15:39:42.0366 5956 LSI_FC - ok

15:39:42.0397 5956 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

15:39:42.0413 5956 LSI_SAS - ok

15:39:42.0429 5956 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

15:39:42.0429 5956 LSI_SCSI - ok

15:39:42.0460 5956 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

15:39:42.0460 5956 luafv - ok

15:39:42.0507 5956 LVUVC - ok

15:39:42.0553 5956 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

15:39:42.0553 5956 MBAMProtector - ok

15:39:42.0631 5956 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

15:39:42.0631 5956 MBAMScheduler - ok

15:39:42.0678 5956 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

15:39:42.0694 5956 MBAMService - ok

15:39:42.0741 5956 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

15:39:42.0741 5956 megasas - ok

15:39:42.0772 5956 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

15:39:42.0787 5956 MegaSR - ok

15:39:42.0819 5956 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

15:39:42.0819 5956 MMCSS - ok

15:39:42.0881 5956 MobilityService - ok

15:39:42.0897 5956 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

15:39:42.0897 5956 Modem - ok

15:39:42.0928 5956 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

15:39:42.0928 5956 monitor - ok

15:39:42.0959 5956 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

15:39:42.0959 5956 mouclass - ok

15:39:42.0990 5956 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

15:39:42.0990 5956 mouhid - ok

15:39:43.0006 5956 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

15:39:43.0006 5956 MountMgr - ok

15:39:43.0037 5956 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

15:39:43.0037 5956 mpio - ok

15:39:43.0068 5956 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

15:39:43.0068 5956 mpsdrv - ok

15:39:43.0162 5956 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

15:39:43.0162 5956 MpsSvc - ok

15:39:43.0209 5956 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

15:39:43.0209 5956 Mraid35x - ok

15:39:43.0255 5956 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

15:39:43.0255 5956 MRxDAV - ok

15:39:43.0302 5956 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

15:39:43.0302 5956 mrxsmb - ok

15:39:43.0349 5956 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:39:43.0349 5956 mrxsmb10 - ok

15:39:43.0411 5956 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:39:43.0411 5956 mrxsmb20 - ok

15:39:43.0443 5956 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys

15:39:43.0443 5956 msahci - ok

15:39:43.0474 5956 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

15:39:43.0474 5956 msdsm - ok

15:39:43.0505 5956 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

15:39:43.0505 5956 MSDTC - ok

15:39:43.0552 5956 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

15:39:43.0552 5956 Msfs - ok

15:39:43.0552 5956 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

15:39:43.0567 5956 msisadrv - ok

15:39:43.0599 5956 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

15:39:43.0614 5956 MSiSCSI - ok

15:39:43.0630 5956 msiserver - ok

15:39:43.0661 5956 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

15:39:43.0661 5956 MSKSSRV - ok

15:39:43.0692 5956 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

15:39:43.0692 5956 MSPCLOCK - ok

15:39:43.0739 5956 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

15:39:43.0739 5956 MSPQM - ok

15:39:43.0786 5956 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

15:39:43.0786 5956 MsRPC - ok

15:39:43.0817 5956 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

15:39:43.0817 5956 mssmbios - ok

15:39:43.0833 5956 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

15:39:43.0833 5956 MSTEE - ok

15:39:43.0864 5956 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

15:39:43.0879 5956 Mup - ok

15:39:43.0973 5956 [ 72F8C1568A56C7059CB1074A7E529DC6 ] MyFunCards_5mService C:\PROGRA~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe

15:39:43.0973 5956 MyFunCards_5mService - ok

15:39:44.0004 5956 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

15:39:44.0004 5956 napagent - ok

15:39:44.0051 5956 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

15:39:44.0051 5956 NativeWifiP - ok

15:39:44.0082 5956 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

15:39:44.0098 5956 NDIS - ok

15:39:44.0113 5956 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

15:39:44.0113 5956 NdisTapi - ok

15:39:44.0145 5956 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

15:39:44.0145 5956 Ndisuio - ok

15:39:44.0191 5956 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

15:39:44.0191 5956 NdisWan - ok

15:39:44.0207 5956 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

15:39:44.0207 5956 NDProxy - ok

15:39:44.0269 5956 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

15:39:44.0269 5956 Net Driver HPZ12 - ok

15:39:44.0285 5956 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

15:39:44.0285 5956 NetBIOS - ok

15:39:44.0347 5956 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

15:39:44.0347 5956 netbt - ok

15:39:44.0379 5956 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

15:39:44.0379 5956 Netlogon - ok

15:39:44.0441 5956 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

15:39:44.0441 5956 Netman - ok

15:39:44.0488 5956 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

15:39:44.0488 5956 netprofm - ok

15:39:44.0519 5956 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:39:44.0519 5956 NetTcpPortSharing - ok

15:39:44.0550 5956 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

15:39:44.0550 5956 nfrd960 - ok

15:39:44.0581 5956 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

15:39:44.0581 5956 NlaSvc - ok

15:39:44.0613 5956 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

15:39:44.0613 5956 Npfs - ok

15:39:44.0659 5956 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

15:39:44.0659 5956 nsi - ok

15:39:44.0691 5956 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

15:39:44.0691 5956 nsiproxy - ok

15:39:44.0769 5956 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

15:39:44.0769 5956 Ntfs - ok

15:39:44.0815 5956 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

15:39:44.0815 5956 NTIBackupSvc - ok

15:39:44.0847 5956 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys

15:39:44.0847 5956 NTIDrvr - ok

15:39:44.0878 5956 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

15:39:44.0878 5956 NTISchedulerSvc - ok

15:39:44.0909 5956 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

15:39:44.0909 5956 ntrigdigi - ok

15:39:44.0940 5956 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

15:39:44.0940 5956 Null - ok

15:39:44.0971 5956 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

15:39:44.0971 5956 nvraid - ok

15:39:45.0003 5956 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

15:39:45.0003 5956 nvstor - ok

15:39:45.0034 5956 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

15:39:45.0034 5956 nv_agp - ok

15:39:45.0049 5956 NwlnkFlt - ok

15:39:45.0065 5956 NwlnkFwd - ok

15:39:45.0174 5956 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:39:45.0174 5956 odserv - ok

15:39:45.0205 5956 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

15:39:45.0205 5956 ohci1394 - ok

15:39:45.0252 5956 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:39:45.0268 5956 ose - ok

15:39:45.0330 5956 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

15:39:45.0330 5956 p2pimsvc - ok

15:39:45.0408 5956 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

15:39:45.0408 5956 p2psvc - ok

15:39:45.0439 5956 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

15:39:45.0439 5956 Parport - ok

15:39:45.0502 5956 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

15:39:45.0502 5956 partmgr - ok

15:39:45.0533 5956 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

15:39:45.0533 5956 Parvdm - ok

15:39:45.0564 5956 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

15:39:45.0564 5956 PcaSvc - ok

15:39:45.0611 5956 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

15:39:45.0627 5956 pci - ok

15:39:45.0658 5956 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys

15:39:45.0658 5956 pciide - ok

15:39:45.0689 5956 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

15:39:45.0705 5956 pcmcia - ok

15:39:45.0751 5956 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

15:39:45.0767 5956 PEAUTH - ok

15:39:45.0861 5956 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

15:39:45.0876 5956 pla - ok

15:39:45.0923 5956 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

15:39:45.0939 5956 PlugPlay - ok

15:39:45.0970 5956 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

15:39:45.0985 5956 Pml Driver HPZ12 - ok

15:39:46.0032 5956 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

15:39:46.0032 5956 PNRPAutoReg - ok

15:39:46.0079 5956 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

15:39:46.0095 5956 PNRPsvc - ok

15:39:46.0141 5956 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

15:39:46.0157 5956 PolicyAgent - ok

15:39:46.0173 5956 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

15:39:46.0188 5956 PptpMiniport - ok

15:39:46.0235 5956 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys

15:39:46.0235 5956 Processor - ok

15:39:46.0282 5956 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

15:39:46.0282 5956 ProfSvc - ok

15:39:46.0313 5956 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

15:39:46.0313 5956 ProtectedStorage - ok

15:39:46.0375 5956 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

15:39:46.0375 5956 PSched - ok

15:39:46.0438 5956 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

15:39:46.0453 5956 ql2300 - ok

15:39:46.0485 5956 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

15:39:46.0485 5956 ql40xx - ok

15:39:46.0531 5956 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

15:39:46.0547 5956 QWAVE - ok

15:39:46.0563 5956 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

15:39:46.0563 5956 QWAVEdrv - ok

15:39:46.0594 5956 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

15:39:46.0594 5956 RasAcd - ok

15:39:46.0641 5956 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

15:39:46.0641 5956 RasAuto - ok

15:39:46.0672 5956 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

15:39:46.0672 5956 Rasl2tp - ok

15:39:46.0734 5956 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

15:39:46.0734 5956 RasMan - ok

15:39:46.0781 5956 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

15:39:46.0781 5956 RasPppoe - ok

15:39:46.0812 5956 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

15:39:46.0812 5956 RasSstp - ok

15:39:46.0875 5956 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

15:39:46.0875 5956 rdbss - ok

15:39:46.0906 5956 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

15:39:46.0906 5956 RDPCDD - ok

15:39:46.0953 5956 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

15:39:46.0953 5956 rdpdr - ok

15:39:46.0968 5956 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

15:39:46.0968 5956 RDPENCDD - ok

15:39:47.0031 5956 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

15:39:47.0031 5956 RDPWD - ok

15:39:47.0109 5956 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys

15:39:47.0109 5956 regi - ok

15:39:47.0155 5956 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

15:39:47.0155 5956 RemoteAccess - ok

15:39:47.0202 5956 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

15:39:47.0202 5956 RemoteRegistry - ok

15:39:47.0233 5956 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

15:39:47.0249 5956 RpcLocator - ok

15:39:47.0280 5956 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

15:39:47.0296 5956 RpcSs - ok

15:39:47.0311 5956 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

15:39:47.0311 5956 rspndr - ok

15:39:47.0358 5956 [ 125C504A34D0A2E152517E342E7E432C ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys

15:39:47.0358 5956 RTL8169 - ok

15:39:47.0389 5956 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

15:39:47.0389 5956 SamSs - ok

15:39:47.0436 5956 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

15:39:47.0436 5956 sbp2port - ok

15:39:47.0499 5956 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

15:39:47.0499 5956 SCardSvr - ok

15:39:47.0545 5956 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

15:39:47.0561 5956 Schedule - ok

15:39:47.0577 5956 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

15:39:47.0577 5956 SCPolicySvc - ok

15:39:47.0623 5956 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

15:39:47.0623 5956 SDRSVC - ok

15:39:47.0639 5956 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

15:39:47.0639 5956 secdrv - ok

15:39:47.0670 5956 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

15:39:47.0670 5956 seclogon - ok

15:39:47.0701 5956 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

15:39:47.0701 5956 SENS - ok

15:39:47.0733 5956 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

15:39:47.0733 5956 Serenum - ok

15:39:47.0748 5956 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

15:39:47.0748 5956 Serial - ok

15:39:47.0779 5956 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

15:39:47.0779 5956 sermouse - ok

15:39:47.0826 5956 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

15:39:47.0826 5956 SessionEnv - ok

15:39:47.0857 5956 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

15:39:47.0857 5956 sffdisk - ok

15:39:47.0873 5956 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

15:39:47.0889 5956 sffp_mmc - ok

15:39:47.0920 5956 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

15:39:47.0920 5956 sffp_sd - ok

15:39:47.0951 5956 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

15:39:47.0951 5956 sfloppy - ok

15:39:47.0982 5956 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

15:39:47.0983 5956 SharedAccess - ok

15:39:48.0046 5956 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:39:48.0061 5956 ShellHWDetection - ok

15:39:48.0092 5956 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

15:39:48.0092 5956 sisagp - ok

15:39:48.0108 5956 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

15:39:48.0124 5956 SiSRaid2 - ok

15:39:48.0155 5956 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

15:39:48.0155 5956 SiSRaid4 - ok

15:39:48.0233 5956 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

15:39:48.0233 5956 SkypeUpdate - ok

15:39:48.0623 5956 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

15:39:48.0654 5956 slsvc - ok

15:39:48.0701 5956 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

15:39:48.0701 5956 SLUINotify - ok

15:39:48.0748 5956 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

15:39:48.0748 5956 Smb - ok

15:39:48.0794 5956 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

15:39:48.0794 5956 SNMPTRAP - ok

15:39:48.0841 5956 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

15:39:48.0841 5956 spldr - ok

15:39:48.0904 5956 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

15:39:48.0904 5956 Spooler - ok

15:39:48.0950 5956 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

15:39:48.0966 5956 srv - ok

15:39:48.0998 5956 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

15:39:48.0998 5956 srv2 - ok

15:39:49.0061 5956 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

15:39:49.0061 5956 srvnet - ok

15:39:49.0107 5956 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

15:39:49.0123 5956 SSDPSRV - ok

15:39:49.0154 5956 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

15:39:49.0170 5956 SstpSvc - ok

15:39:49.0217 5956 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

15:39:49.0263 5956 stisvc - ok

15:39:49.0310 5956 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

15:39:49.0310 5956 swenum - ok

15:39:49.0357 5956 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

15:39:49.0373 5956 swprv - ok

15:39:49.0404 5956 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

15:39:49.0404 5956 Symc8xx - ok

15:39:49.0451 5956 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

15:39:49.0451 5956 Sym_hi - ok

15:39:49.0482 5956 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

15:39:49.0482 5956 Sym_u3 - ok

15:39:49.0529 5956 [ 32E8B307F0E9F72B66B518FD62EAB91E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

15:39:49.0529 5956 SynTP - ok

15:39:49.0591 5956 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

15:39:49.0607 5956 SysMain - ok

15:39:49.0638 5956 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:39:49.0638 5956 TabletInputService - ok

15:39:49.0700 5956 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

15:39:49.0700 5956 TapiSrv - ok

15:39:49.0747 5956 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

15:39:49.0747 5956 TBS - ok

15:39:49.0997 5956 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

15:39:50.0012 5956 Tcpip - ok

15:39:50.0043 5956 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

15:39:50.0059 5956 Tcpip6 - ok

15:39:50.0090 5956 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

15:39:50.0090 5956 tcpipreg - ok

15:39:50.0137 5956 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

15:39:50.0137 5956 TDPIPE - ok

15:39:50.0168 5956 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

15:39:50.0168 5956 TDTCP - ok

15:39:50.0215 5956 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

15:39:50.0215 5956 tdx - ok

15:39:50.0262 5956 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

15:39:50.0262 5956 TermDD - ok

15:39:50.0324 5956 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

15:39:50.0340 5956 TermService - ok

15:39:50.0355 5956 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

15:39:50.0371 5956 Themes - ok

15:39:50.0387 5956 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

15:39:50.0402 5956 THREADORDER - ok

15:39:50.0449 5956 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

15:39:50.0449 5956 TrkWks - ok

15:39:50.0527 5956 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:39:50.0527 5956 TrustedInstaller - ok

15:39:50.0574 5956 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

15:39:50.0574 5956 tssecsrv - ok

15:39:50.0605 5956 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

15:39:50.0605 5956 tunmp - ok

15:39:50.0652 5956 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

15:39:50.0652 5956 tunnel - ok

15:39:50.0683 5956 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

15:39:50.0683 5956 uagp35 - ok

15:39:50.0714 5956 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys

15:39:50.0714 5956 UBHelper - ok

15:39:50.0777 5956 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

15:39:50.0777 5956 udfs - ok

15:39:50.0839 5956 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

15:39:50.0839 5956 UI0Detect - ok

15:39:50.0901 5956 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

15:39:50.0901 5956 uliagpkx - ok

15:39:50.0948 5956 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

15:39:50.0948 5956 uliahci - ok

15:39:51.0011 5956 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

15:39:51.0011 5956 UlSata - ok

15:39:51.0042 5956 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

15:39:51.0042 5956 ulsata2 - ok

15:39:51.0073 5956 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

15:39:51.0073 5956 umbus - ok

15:39:51.0135 5956 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

15:39:51.0151 5956 upnphost - ok

15:39:51.0182 5956 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

15:39:51.0182 5956 usbccgp - ok

15:39:51.0213 5956 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

15:39:51.0213 5956 usbcir - ok

15:39:51.0276 5956 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

15:39:51.0276 5956 usbehci - ok

15:39:51.0307 5956 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

15:39:51.0307 5956 usbhub - ok

15:39:51.0338 5956 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

15:39:51.0338 5956 usbohci - ok

15:39:51.0401 5956 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

15:39:51.0401 5956 usbprint - ok

15:39:51.0463 5956 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

15:39:51.0463 5956 usbscan - ok

15:39:51.0525 5956 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:39:51.0525 5956 USBSTOR - ok

15:39:51.0588 5956 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

15:39:51.0588 5956 usbuhci - ok

15:39:51.0635 5956 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

15:39:51.0650 5956 usbvideo - ok

15:39:51.0697 5956 [ 8D31A140B55021BBD3A608F5A7AA2E18 ] USB_RNDIS C:\Windows\system32\DRIVERS\usb8023.sys

15:39:51.0697 5956 USB_RNDIS - ok

15:39:51.0775 5956 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

15:39:51.0775 5956 UxSms - ok

15:39:51.0822 5956 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

15:39:51.0837 5956 vds - ok

15:39:51.0853 5956 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

15:39:51.0853 5956 vga - ok

15:39:51.0884 5956 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

15:39:51.0884 5956 VgaSave - ok

15:39:51.0915 5956 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

15:39:51.0915 5956 viaagp - ok

15:39:51.0947 5956 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

15:39:51.0947 5956 ViaC7 - ok

15:39:51.0962 5956 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys

15:39:51.0962 5956 viaide - ok

15:39:51.0993 5956 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

15:39:51.0993 5956 volmgr - ok

15:39:52.0071 5956 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

15:39:52.0087 5956 volmgrx - ok

15:39:52.0118 5956 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys

15:39:52.0118 5956 volsnap - ok

15:39:52.0165 5956 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

15:39:52.0165 5956 vsmraid - ok

15:39:52.0227 5956 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

15:39:52.0243 5956 VSS - ok

15:39:52.0305 5956 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

15:39:52.0305 5956 W32Time - ok

15:39:52.0337 5956 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

15:39:52.0337 5956 WacomPen - ok

15:39:52.0368 5956 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

15:39:52.0368 5956 Wanarp - ok

15:39:52.0383 5956 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

15:39:52.0383 5956 Wanarpv6 - ok

15:39:52.0430 5956 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

15:39:52.0430 5956 wcncsvc - ok

15:39:52.0493 5956 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:39:52.0493 5956 WcsPlugInService - ok

15:39:52.0539 5956 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

15:39:52.0539 5956 Wd - ok

15:39:52.0602 5956 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

15:39:52.0617 5956 Wdf01000 - ok

15:39:52.0649 5956 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

15:39:52.0649 5956 WdiServiceHost - ok

15:39:52.0664 5956 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

15:39:52.0664 5956 WdiSystemHost - ok

15:39:52.0742 5956 [ DFE18C278C75525AA00AB0314955F6EF ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

15:39:52.0742 5956 Web Assistant Updater - ok

15:39:52.0805 5956 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

15:39:52.0805 5956 WebClient - ok

15:39:52.0851 5956 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

15:39:52.0851 5956 Wecsvc - ok

15:39:52.0883 5956 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

15:39:52.0898 5956 wercplsupport - ok

15:39:52.0929 5956 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

15:39:52.0945 5956 WerSvc - ok

15:39:53.0007 5956 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

15:39:53.0007 5956 WinDefend - ok

15:39:53.0039 5956 WinHttpAutoProxySvc - ok

15:39:53.0101 5956 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

15:39:53.0101 5956 Winmgmt - ok

15:39:53.0179 5956 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

15:39:53.0195 5956 WinRM - ok

15:39:53.0273 5956 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

15:39:53.0273 5956 Wlansvc - ok

15:39:53.0319 5956 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

15:39:53.0319 5956 WmiAcpi - ok

15:39:53.0382 5956 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

15:39:53.0382 5956 wmiApSrv - ok

15:39:53.0429 5956 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

15:39:53.0444 5956 WMPNetworkSvc - ok

15:39:53.0460 5956 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

15:39:53.0475 5956 WPCSvc - ok

15:39:53.0538 5956 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

15:39:53.0538 5956 WPDBusEnum - ok

15:39:53.0631 5956 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

15:39:53.0631 5956 WpdUsb - ok

15:39:53.0741 5956 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

15:39:53.0741 5956 WPFFontCache_v0400 - ok

15:39:53.0772 5956 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

15:39:53.0772 5956 ws2ifsl - ok

15:39:53.0834 5956 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

15:39:53.0834 5956 wscsvc - ok

15:39:53.0850 5956 WSearch - ok

15:39:54.0177 5956 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

15:39:54.0209 5956 wuauserv - ok

15:39:54.0255 5956 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

15:39:54.0255 5956 WudfPf - ok

15:39:54.0287 5956 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

15:39:54.0287 5956 WUDFRd - ok

15:39:54.0333 5956 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

15:39:54.0349 5956 wudfsvc - ok

15:39:54.0443 5956 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

15:39:54.0458 5956 YahooAUService - ok

15:39:54.0505 5956 [ 72F8C1568A56C7059CB1074A7E529DC6 ] Zwinky_5qService C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe

15:39:54.0505 5956 Zwinky_5qService - ok

15:39:54.0536 5956 ================ Scan global ===============================

15:39:54.0583 5956 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

15:39:54.0645 5956 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

15:39:54.0677 5956 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

15:39:54.0723 5956 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

15:39:54.0739 5956 [Global] - ok

15:39:54.0739 5956 ================ Scan MBR ==================================

15:39:54.0755 5956 [ EF9CDC51B437D322D54016B68F003416 ] \Device\Harddisk0\DR0

15:39:58.0889 5956 \Device\Harddisk0\DR0 - ok

15:39:58.0889 5956 ================ Scan VBR ==================================

15:39:58.0904 5956 [ 63F327A36223D433B39752A6BEED9C0C ] \Device\Harddisk0\DR0\Partition1

15:39:58.0904 5956 \Device\Harddisk0\DR0\Partition1 - ok

15:39:58.0951 5956 [ 03E99715A98C94C0AFD7FCE21E8D3602 ] \Device\Harddisk0\DR0\Partition2

15:39:58.0951 5956 \Device\Harddisk0\DR0\Partition2 - ok

15:39:58.0951 5956 ============================================================

15:39:58.0951 5956 Scan finished

15:39:58.0951 5956 ============================================================

15:39:58.0982 2280 Detected object count: 0

15:39:58.0982 2280 Actual detected object count: 0

Maurice Naggar · April 13, 2013

The Tdsskiller result is good.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Jaldy only. If you are a casual viewer, do NOT try this on your system!

If you are not Jaldy and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines:


DDS::
BHO: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll
TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: SmileBox EN Toolbar: {F897EB0E-A3A4-46C3-80EB-2729699D8892} - c:\program files\smilebox_en\prxtbSmil.dll
TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - c:\program files\smilebox_en\prxtbSmil.dll
mRun: [Zwinky_5q Browser Plugin Loader] c:\progra~1\zwinky~2\bar\1.bin\5qbrmon.exe
mRun: [MyFunCards_5m Browser Plugin Loader] c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown:

:excl: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Please wait for ComboFix to finish running

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

There will be much more to follow, after all this.

Edited April 13, 2013 by Maurice Naggar

Jaldy · April 14, 2013

ComboFix 13-04-12.02 - Owner 04/13/2013 21:53:38.5.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1675 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

Command switches used :: c:\users\Owner\Desktop\CFscript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\progra~1\myfunc~2\bar\1.bin\5mbrmon.exe

c:\progra~1\zwinky~2\bar\1.bin\5qbrmon.exe

c:\program files\dogpile bundle toolbar\Toolbar.dll

c:\program files\smilebox_en\prxtbSmil.dll

.

((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 )))))))))))))))))))))))))))))))

.

2013-04-14 03:03 . 2013-04-14 03:03 -------- d-----w- c:\users\Owner\AppData\Local\temp

2013-04-14 03:03 . 2013-04-14 03:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-04-14 03:03 . 2013-04-14 03:03 -------- d-----w- c:\users\mine\AppData\Local\temp

2013-04-14 03:03 . 2013-04-14 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-13 20:35 . 2013-03-19 10:50 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78D5C0DB-B2CA-468B-AEEE-AE66D81A27D5}\mpengine.dll

2013-04-13 15:33 . 2013-04-13 15:33 -------- d--h--w- c:\windows\PIF