View Full Version : Ransom Virus and many others
Hello,
I have several viruses including the ransom. I have managed to get on the desktop with a lot of use of malwarebytes and Spybot. I also shut down the internet connection and this slows down the regeneration of the virus. I also keep the taskmanager up and kill ipseygu.exe everytime it generates and this appears to slow it down. Appreciate your assistance
IE will not allow mw toi post attachment on to this website. When I hit the button it brings up a browser to a bogus page and will not allow the selection of a file. I can cut and paste the contents of the Attach file if you request.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.7.2
Run by Matt at 20:52:33 on 2013-05-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1381 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Windows\system32\dldocoms.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Matt\AppData\Roaming\Axhaehi\ipseygu.exe
C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
C:\Windows\spoolsvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Users\Matt\AppData\Roaming\Axhaehi\ipseygu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - c:\users\matt\appdata\roaming\qwiklinx\Qwiklinx.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\matt\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Adobe CSx Manager] c:\users\matt\appdata\roaming\d6eca8fa-bdd5-4019-991b-982afaa6a1e0ad\decafabddbafaaaead.exe
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
uRun: [msocpc] "c:\windows\system32\rundll32.exe" "c:\users\matt\appdata\roaming\msocpc.dll",WriteString
uRun: [ashlp] "c:\windows\system32\rundll32.exe" "c:\users\matt\appdata\roaming\ashlp.dll",InPlaceAnd
uRun: [miurtew] rundll32 "c:\users\matt\appdata\local\miurtew.dll",miurtew
uRun: [Soqeaddivii] c:\users\matt\appdata\roaming\axhaehi\ipseygu.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"
mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"
mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\camera~1.lnk - c:\program files\pixela\everio mediabrowser\MBCameraMonitor.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{4EF6EFA6-64CD-49AF-A1CD-823511F6E664} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{64169AB7-D8F3-421A-BBBB-26BFF19CF8A6} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\matt\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-11-6 107520]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-5-14 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-5-14 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-5-14 168384]
R2 SpoolerCache;SpoolerCache;c:\windows\spoolsvc.exe [2013-5-3 229520]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2007-10-5 99568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-8-18 52224]
.
=============== Created Last 30 ================
.
2013-05-16 00:51:01 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{39624408-596e-459a-857a-06483f94b9bd}\offreg.dll
2013-05-16 00:02:46 309760 ----a-w- c:\users\matt\acrobatreader53868.exe
2013-05-16 00:02:46 0 ----a-w- c:\users\matt\acrobatreader55286.exe
2013-05-16 00:02:42 35328 ----a-w- c:\users\matt\alg48478.exe
2013-05-16 00:02:38 24447 ----a-w- c:\users\matt\alg588646.exe
2013-05-15 23:59:56 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{39624408-596e-459a-857a-06483f94b9bd}\mpengine.dll
2013-05-15 23:51:30 -------- d-----w- c:\users\matt\appdata\roaming\Axhaehi
2013-05-15 19:52:39 21317 ----a-w- c:\users\matt\jqs828680.exe
2013-05-15 18:37:40 17920 ----a-w- c:\users\matt\appdata\local\miurtew.dll
2013-05-15 18:37:22 309760 ----a-w- c:\users\matt\acrobat590578.exe
2013-05-15 18:37:22 0 ----a-w- c:\users\matt\acrobat850950.exe
2013-05-15 18:37:19 50688 ----a-w- c:\users\matt\msconfig701709.exe
2013-05-15 18:37:19 35328 ----a-w- c:\users\matt\notepad582814.exe
2013-05-15 07:35:09 405504 ----a-w- c:\users\matt\appdata\roaming\ashlp.dll
2013-05-15 07:35:01 634880 ----a-w- c:\users\matt\appdata\roaming\msocpc.dll
2013-05-15 07:34:21 309760 ----a-w- c:\users\matt\java647518.exe
2013-05-15 07:34:21 0 ----a-w- c:\users\matt\iexplore956429.exe
2013-05-15 07:34:20 50688 ----a-w- c:\users\matt\spoolsv734849.exe
2013-05-15 07:31:44 292613 ----a-w- c:\users\matt\icq442766.exe
2013-05-15 07:31:43 50688 ----a-w- c:\users\matt\rundll32.exe
2013-05-15 07:31:43 193536 ----a-w- c:\users\matt\chrome125524.exe
2013-05-15 07:31:43 0 ----a-w- c:\users\matt\windowsupdate357826.exe
2013-05-15 07:03:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 00:37:54 880128 ----a-w- c:\users\matt\appdata\roaming\F18E.tmp
2013-05-15 00:37:54 880128 ----a-w- c:\users\matt\appdata\roaming\DB51.tmp
2013-05-15 00:36:39 309760 ----a-w- c:\users\matt\csrss.exe
2013-05-15 00:36:38 0 ----a-w- c:\users\matt\firefox.exe
2013-05-15 00:23:48 388096 ----a-r- c:\users\matt\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-05-15 00:23:41 -------- d-----w- c:\program files\Trend Micro
2013-05-15 00:08:12 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 00:08:12 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 00:08:12 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 00:08:06 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 00:08:05 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 00:08:01 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 00:08:01 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 00:08:00 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 00:04:49 -------- d-----w- c:\users\matt\appdata\local\Diagnostics
2013-05-14 22:12:59 0 ----a-w- c:\users\matt\jucheck.exe
2013-05-14 22:12:52 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-05-14 22:12:40 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-14 21:38:17 309760 ----a-w- c:\users\matt\teamviewer.exe
2013-05-14 21:38:16 0 ----a-w- c:\users\matt\icq.exe
2013-05-14 21:21:45 49152 ----a-w- c:\users\matt\googleupdate.exe
2013-05-14 21:20:11 7016152 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-05-14 20:55:47 -------- d-----w- c:\users\matt\appdata\roaming\Fiiwso
2013-05-13 19:22:32 0 ----a-w- c:\users\matt\java.exe
2013-05-13 17:59:27 0 ----a-w- c:\users\matt\opera.exe
2013-05-13 17:58:29 247808 ----a-w- c:\users\matt\alg.exe
2013-05-13 17:58:19 0 ----a-w- c:\users\matt\skype.exe
2013-05-13 17:52:37 0 ----a-w- c:\users\matt\jqs.exe
2013-05-13 17:37:05 247808 ----a-w- c:\users\matt\windowsupdate.exe
2013-05-13 17:37:02 0 ----a-w- c:\users\matt\flashplayer.exe
2013-05-08 18:15:45 -------- d--h--w- c:\programdata\Common Files
2013-05-08 18:15:45 -------- d-----w- c:\users\matt\appdata\local\MFAData
2013-05-08 18:15:45 -------- d-----w- c:\users\matt\appdata\local\Avg2013
2013-05-08 18:15:45 -------- d-----w- c:\programdata\MFAData
2013-05-08 17:48:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-08 11:48:07 -------- d-----w- c:\program files\CCleaner
2013-05-08 10:39:24 -------- d-----w- c:\users\matt\appdata\local\ElevatedDiagnostics
2013-05-07 10:57:15 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2013-05-07 10:56:55 -------- d-----w- c:\programdata\Malwarebytes
2013-05-07 10:56:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-07 10:56:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-07 10:56:35 -------- d-----w- c:\users\matt\appdata\local\Programs
2013-05-06 04:53:46 0 ----a-w- c:\users\matt\mstsc.exe
2013-05-04 17:56:32 -------- d-----w- c:\users\matt\appdata\roaming\Obhobumu
2013-05-03 12:13:46 229520 ----a-w- c:\windows\spoolsvc.exe
2013-05-03 12:11:19 -------- d-----w- c:\users\matt\appdata\roaming\d6eca8fa-bdd5-4019-991b-982afaa6a1e0ad
2013-05-03 12:10:48 0 ----a-w- c:\users\matt\msconfig.exe
2013-05-01 11:42:09 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ba549731-1f90-4c52-89a7-edc1a9bea50f}\gapaengine.dll
2013-05-01 11:18:21 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-20 12:35:53 -------- d-----w- c:\users\matt\appdata\roaming\Xaruocfe
.
==================== Find3M ====================
.
2013-05-09 12:23:07 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2013-05-09 12:21:29 88 --sh--r- c:\windows\system32\E141A877EE.sys
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-03-21 07:20:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-02-15 04:37:10 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- c:\windows\system32\tsgqec.dll
.
============= FINISH: 21:07:03.73 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-15 21:05:35
-----------------------------
21:05:35.769 OS Version: Windows 6.1.7601 Service Pack 1
21:05:35.769 Number of processors: 4 586 0xF0B
21:05:35.770 ComputerName: MATT-DESKTOP UserName: Matt
21:05:56.612 Initialize success
21:28:40.406 AVAST engine defs: 13051501
21:28:47.738 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:28:47.738 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-13 Size: 476940MB BusType: 3
21:28:47.879 Disk 0 MBR read successfully
21:28:47.879 Disk 0 MBR scan
21:28:47.988 Disk 0 Windows 7 default MBR code
21:28:47.988 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
21:28:48.019 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
21:28:48.035 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466644 MB offset 21084160
21:28:48.082 Disk 0 scanning sectors +976771072
21:28:48.191 Disk 0 scanning C:\Windows\system32\drivers
21:29:05.145 Service scanning
21:29:18.465 Service FastUserSwitchingCompatibility C:\Windows\C:\Windows\system32\FastUserSwitchingCompatibilityex.dll **LOCKED** 123
21:29:24.452 Service MpKslc91f6fc3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39624408-596E-459A-857A-06483F94B9BD}\MpKslc91f6fc3.sys **LOCKED** 32
21:29:44.311 Modules scanning
21:29:48.751 Disk 0 trace - called modules:
21:29:48.761
21:29:51.181 AVAST engine scan C:\Windows
21:29:55.393 AVAST engine scan C:\Windows\system32
21:33:40.008 AVAST engine scan C:\Windows\system32\drivers
21:34:05.186 AVAST engine scan C:\Users\Matt
21:40:15.648 File: C:\Users\Matt\msconfig701709.exe **INFECTED** Win32:Dropper-gen [Drp]
21:44:46.424 File: C:\Users\Matt\rundll32.exe **INFECTED** Win32:Dropper-gen [Drp]
21:44:47.173 File: C:\Users\Matt\spoolsv734849.exe **INFECTED** Win32:Dropper-gen [Drp]
21:44:49.794 AVAST engine scan C:\ProgramData
21:45:23.537 Scan finished successfully
21:49:19.635 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
21:49:19.729 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"
Hi fujymo,
Thanks for your patience. :bigthumb:
=========================
1. RogueKiller
Download to your desktop RogueKiller (http://tigzy.geekstogo.com/roguekiller.html) (by tigzy)
Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan, Do Not Fix Anything at this point.
Click the Report button, save the report to your desktop
=========================
In your next post please provide the following:
RKreport[1].txt
OCD,
Thanks for getting back to me. Here is the information you requested. I am coping the information to a data stick and transferring it to another computer. I hope only the information is being transferred. Also, using this other computer I was able to upload the attach file that I ws not able to upload via the infected computer.
Thanks,
Fujymo
10693 10694
Hi fujymo,
1. Logs
Please copy & paste all requested logs directly into your reply, do not attach them unless specifically asked to do so. Doing so requires us to download the file to view it which takes extra time. I appreciate your cooperation. :bigthumb:
=========================
2. TDSSKiller
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
TDSSKiller.exe - Right click and select "Run as Administrator".
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
=========================
3. ComboFix
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from the following location:
Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
=========================
4. Re-run RogueKiller
Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan.
After the scan has completed click on the Registry tab
Wait until the Status box shows "Scan Finished"
Click the Delete button
Wait until the Status box shows "Deleting Finished"
Click the Report button, save the report to your desktop
=========================
In your next post please provide the following:
TDSSKiller log
ComboFix.txt
RKreport.txt
How is the computer running?
OCD,
I performed the scans and restarted the internet on the computer. It was only a few minutes and "Internet Security 2013" started and shut off Internet explorer and all other programs running and gave an error when trying to restart. I did notice on task manager ohmui.exe started to download as soon as the internet was restarted. I turned the internet back off so it could not download anything else. I had to do the files in three post due to length. Here are the files you requested.
Thanks again,
Fujymo
TDSS LOG
19:19:44.0182 4240 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:19:44.0307 4240 ============================================================
19:19:44.0307 4240 Current date / time: 2013/05/22 19:19:44.0307
19:19:44.0307 4240 SystemInfo:
19:19:44.0307 4240
19:19:44.0307 4240 OS Version: 6.1.7601 ServicePack: 1.0
19:19:44.0307 4240 Product type: Workstation
19:19:44.0307 4240 ComputerName: MATT-DESKTOP
19:19:44.0307 4240 UserName: Matt
19:19:44.0307 4240 Windows directory: C:\Windows
19:19:44.0307 4240 System windows directory: C:\Windows
19:19:44.0307 4240 Processor architecture: Intel x86
19:19:44.0307 4240 Number of processors: 4
19:19:44.0307 4240 Page size: 0x1000
19:19:44.0307 4240 Boot type: Normal boot
19:19:44.0307 4240 ============================================================
19:19:46.0054 4240 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:19:48.0191 4240 Drive \Device\Harddisk1\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:19:48.0191 4240 ============================================================
19:19:48.0191 4240 \Device\Harddisk0\DR0:
19:19:48.0207 4240 MBR partitions:
19:19:48.0207 4240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
19:19:48.0207 4240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x38F6A000
19:19:48.0207 4240 \Device\Harddisk1\DR3:
19:19:48.0207 4240 MBR partitions:
19:19:48.0207 4240 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x74705980
19:19:48.0207 4240 ============================================================
19:19:48.0222 4240 C: <-> \Device\Harddisk0\DR0\Partition2
19:19:48.0300 4240 D: <-> \Device\Harddisk0\DR0\Partition1
19:19:48.0363 4240 F: <-> \Device\Harddisk1\DR3\Partition1
19:19:48.0363 4240 ============================================================
19:19:48.0363 4240 Initialize success
19:19:48.0363 4240 ============================================================
19:20:03.0573 5260 ============================================================
19:20:03.0573 5260 Scan started
19:20:03.0573 5260 Mode: Manual;
19:20:03.0573 5260 ============================================================
19:20:03.0947 5260 ================ Scan system memory ========================
19:20:03.0947 5260 System memory - ok
19:20:03.0963 5260 ================ Scan services =============================
19:20:04.0852 5260 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:20:04.0868 5260 1394ohci - ok
19:20:04.0930 5260 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:20:04.0946 5260 ACPI - ok
19:20:04.0977 5260 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:20:04.0977 5260 AcpiPmi - ok
19:20:05.0039 5260 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:20:05.0055 5260 AdobeFlashPlayerUpdateSvc - ok
19:20:05.0117 5260 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:20:05.0117 5260 adp94xx - ok
19:20:05.0148 5260 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:20:05.0164 5260 adpahci - ok
19:20:05.0195 5260 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:20:05.0211 5260 adpu320 - ok
19:20:05.0289 5260 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:20:05.0320 5260 AeLookupSvc - ok
19:20:05.0367 5260 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
19:20:05.0367 5260 AERTFilters - ok
19:20:05.0429 5260 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:20:05.0429 5260 AFD - ok
19:20:05.0476 5260 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:20:05.0507 5260 agp440 - ok
19:20:05.0538 5260 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:20:05.0538 5260 aic78xx - ok
19:20:05.0570 5260 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:20:05.0570 5260 ALG - ok
19:20:05.0601 5260 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:20:05.0601 5260 aliide - ok
19:20:05.0663 5260 [ F970EA885AEFEB1B9EB97CA7F1EB226D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:20:05.0663 5260 AMD External Events Utility - ok
19:20:05.0694 5260 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:20:05.0694 5260 amdagp - ok
19:20:05.0726 5260 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:20:05.0726 5260 amdide - ok
19:20:05.0741 5260 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:20:05.0741 5260 AmdK8 - ok
19:20:06.0755 5260 [ AB70F110143892EB41AA46500AA5CF00 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:20:06.0942 5260 amdkmdag - ok
19:20:07.0083 5260 [ 32D68D05B871EED5572D0C2C764EA4EC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:20:07.0114 5260 amdkmdap - ok
19:20:07.0161 5260 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:20:07.0161 5260 AmdPPM - ok
19:20:07.0192 5260 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:20:07.0192 5260 amdsata - ok
19:20:07.0223 5260 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:20:07.0223 5260 amdsbs - ok
19:20:07.0223 5260 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:20:07.0223 5260 amdxata - ok
19:20:07.0286 5260 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:20:07.0301 5260 AppID - ok
19:20:07.0348 5260 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:20:07.0364 5260 AppIDSvc - ok
19:20:07.0395 5260 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
19:20:07.0410 5260 Appinfo - ok
19:20:07.0551 5260 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:20:07.0566 5260 Apple Mobile Device - ok
19:20:07.0582 5260 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:20:07.0582 5260 arc - ok
19:20:07.0598 5260 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:20:07.0598 5260 arcsas - ok
19:20:07.0629 5260 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:20:07.0629 5260 AsyncMac - ok
19:20:07.0676 5260 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:20:07.0676 5260 atapi - ok
19:20:07.0863 5260 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
19:20:07.0910 5260 athr - ok
19:20:09.0236 5260 [ AB70F110143892EB41AA46500AA5CF00 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:20:09.0282 5260 atikmdag - ok
19:20:09.0501 5260 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:20:09.0532 5260 AudioEndpointBuilder - ok
19:20:09.0548 5260 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:20:09.0548 5260 Audiosrv - ok
19:20:09.0579 5260 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:20:09.0579 5260 AxInstSV - ok
19:20:09.0641 5260 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:20:09.0641 5260 b06bdrv - ok
19:20:09.0672 5260 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:20:09.0672 5260 b57nd60x - ok
19:20:09.0750 5260 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:20:09.0766 5260 BDESVC - ok
19:20:09.0797 5260 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:20:09.0813 5260 Beep - ok
19:20:09.0844 5260 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:20:09.0875 5260 BFE - ok
19:20:09.0922 5260 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:20:09.0938 5260 BITS - ok
19:20:09.0969 5260 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:20:10.0000 5260 blbdrive - ok
19:20:10.0156 5260 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:20:10.0203 5260 Bonjour Service - ok
19:20:10.0218 5260 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:20:10.0265 5260 bowser - ok
19:20:10.0281 5260 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:20:10.0281 5260 BrFiltLo - ok
19:20:10.0296 5260 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:20:10.0296 5260 BrFiltUp - ok
19:20:10.0343 5260 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:20:10.0343 5260 Browser - ok
19:20:10.0359 5260 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:20:10.0374 5260 Brserid - ok
19:20:10.0390 5260 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:20:10.0390 5260 BrSerWdm - ok
19:20:10.0406 5260 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:20:10.0406 5260 BrUsbMdm - ok
19:20:10.0421 5260 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:20:10.0421 5260 BrUsbSer - ok
19:20:10.0421 5260 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:20:10.0437 5260 BTHMODEM - ok
19:20:10.0484 5260 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:20:10.0499 5260 bthserv - ok
19:20:10.0530 5260 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:20:10.0530 5260 cdfs - ok
19:20:10.0593 5260 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:20:10.0593 5260 cdrom - ok
19:20:10.0655 5260 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:20:10.0655 5260 CertPropSvc - ok
19:20:10.0686 5260 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:20:10.0686 5260 circlass - ok
19:20:10.0733 5260 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:20:10.0749 5260 CLFS - ok
19:20:10.0827 5260 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:20:10.0842 5260 clr_optimization_v2.0.50727_32 - ok
19:20:10.0905 5260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:20:10.0920 5260 clr_optimization_v4.0.30319_32 - ok
19:20:10.0936 5260 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:20:10.0952 5260 CmBatt - ok
19:20:10.0967 5260 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:20:10.0967 5260 cmdide - ok
19:20:11.0014 5260 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:20:11.0030 5260 CNG - ok
19:20:11.0061 5260 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:20:11.0061 5260 Compbatt - ok
19:20:11.0108 5260 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:20:11.0108 5260 CompositeBus - ok
19:20:11.0123 5260 COMSysApp - ok
19:20:11.0139 5260 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:20:11.0139 5260 crcdisk - ok
19:20:11.0201 5260 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:20:11.0217 5260 CryptSvc - ok
19:20:11.0279 5260 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:20:11.0326 5260 DcomLaunch - ok
19:20:11.0856 5260 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
19:20:11.0888 5260 DefaultTabUpdate - ok
19:20:11.0934 5260 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:20:11.0934 5260 defragsvc - ok
19:20:11.0981 5260 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:20:11.0997 5260 DfsC - ok
19:20:12.0028 5260 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:20:12.0044 5260 Dhcp - ok
19:20:12.0090 5260 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:20:12.0090 5260 discache - ok
19:20:12.0122 5260 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:20:12.0122 5260 Disk - ok
19:20:12.0278 5260 [ EAF0EEA0687BEB6A6B0287F6E84C5435 ] dldoCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe
19:20:12.0324 5260 dldoCATSCustConnectService - ok
19:20:12.0340 5260 dldo_device - ok
19:20:12.0371 5260 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:20:12.0418 5260 Dnscache - ok
19:20:12.0480 5260 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:20:12.0512 5260 dot3svc - ok
19:20:12.0558 5260 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:20:12.0558 5260 DPS - ok
19:20:12.0605 5260 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:20:12.0605 5260 drmkaud - ok
19:20:12.0652 5260 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:20:12.0668 5260 DXGKrnl - ok
19:20:12.0683 5260 [ CF0A6015F437161698C5B2A0A12CF052 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
19:20:12.0699 5260 e1express - ok
19:20:12.0730 5260 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:20:12.0746 5260 EapHost - ok
19:20:13.0198 5260 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:20:13.0292 5260 ebdrv - ok
19:20:13.0323 5260 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:20:13.0338 5260 EFS - ok
19:20:13.0713 5260 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:20:13.0728 5260 ehRecvr - ok
19:20:13.0775 5260 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:20:13.0791 5260 ehSched - ok
19:20:13.0853 5260 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:20:13.0869 5260 elxstor - ok
19:20:13.0900 5260 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:20:13.0900 5260 ErrDev - ok
19:20:13.0962 5260 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:20:13.0978 5260 EventSystem - ok
19:20:13.0994 5260 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:20:13.0994 5260 exfat - ok
19:20:14.0009 5260 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:20:14.0025 5260 fastfat - ok
19:20:14.0040 5260 FastUserSwitchingCompatibility - ok
19:20:14.0087 5260 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:20:14.0103 5260 Fax - ok
19:20:14.0118 5260 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:20:14.0118 5260 fdc - ok
19:20:14.0134 5260 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:20:14.0150 5260 fdPHost - ok
19:20:14.0181 5260 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:20:14.0181 5260 FDResPub - ok
19:20:14.0196 5260 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:20:14.0196 5260 FileInfo - ok
19:20:14.0212 5260 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:20:14.0212 5260 Filetrace - ok
19:20:14.0212 5260 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:20:14.0228 5260 flpydisk - ok
19:20:14.0243 5260 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:20:14.0243 5260 FltMgr - ok
19:20:14.0337 5260 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:20:14.0368 5260 FontCache - ok
19:20:14.0555 5260 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:20:14.0555 5260 FontCache3.0.0.0 - ok
19:20:14.0586 5260 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:20:14.0586 5260 FsDepends - ok
19:20:14.0618 5260 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:20:14.0618 5260 Fs_Rec - ok
19:20:14.0664 5260 [ 5502FF5AE50FDFA3D37367418D9E0EF9 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
19:20:14.0664 5260 FTDIBUS - ok
19:20:14.0680 5260 [ 8086BE20DB3D4EF8638A7A9983D30F9E ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
19:20:14.0680 5260 FTSER2K - ok
19:20:14.0774 5260 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:20:14.0789 5260 fvevol - ok
19:20:14.0836 5260 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:20:14.0852 5260 gagp30kx - ok
19:20:14.0883 5260 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:20:14.0898 5260 GEARAspiWDM - ok
19:20:14.0945 5260 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:20:14.0976 5260 gpsvc - ok
19:20:14.0992 5260 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:20:14.0992 5260 hcw85cir - ok
19:20:15.0054 5260 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:20:15.0054 5260 HdAudAddService - ok
19:20:15.0117 5260 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:20:15.0117 5260 HDAudBus - ok
19:20:15.0132 5260 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:20:15.0132 5260 HidBatt - ok
19:20:15.0164 5260 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:20:15.0164 5260 HidBth - ok
19:20:15.0179 5260 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:20:15.0195 5260 HidIr - ok
19:20:15.0226 5260 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:20:15.0257 5260 hidserv - ok
19:20:15.0304 5260 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:20:15.0320 5260 HidUsb - ok
19:20:15.0366 5260 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:20:15.0382 5260 hkmsvc - ok
19:20:15.0444 5260 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:20:15.0460 5260 HomeGroupListener - ok
19:20:15.0491 5260 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:20:15.0491 5260 HomeGroupProvider - ok
19:20:15.0538 5260 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:20:15.0554 5260 HpSAMD - ok
19:20:15.0616 5260 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:20:15.0632 5260 HTTP - ok
19:20:15.0663 5260 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:20:15.0663 5260 hwpolicy - ok
19:20:15.0710 5260 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:20:15.0710 5260 i8042prt - ok
19:20:15.0725 5260 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:20:15.0725 5260 iaStorV - ok
19:20:15.0959 5260 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:20:15.0990 5260 idsvc - ok
19:20:16.0037 5260 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:20:16.0053 5260 iirsp - ok
19:20:16.0084 5260 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:20:16.0115 5260 IKEEXT - ok
19:20:16.0630 5260 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:20:16.0677 5260 IntcAzAudAddService - ok
19:20:16.0724 5260 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:20:16.0739 5260 intelide - ok
19:20:16.0802 5260 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:20:16.0802 5260 intelppm - ok
19:20:16.0864 5260 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:20:16.0880 5260 IPBusEnum - ok
19:20:16.0895 5260 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:20:16.0895 5260 IpFilterDriver - ok
19:20:17.0004 5260 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:20:17.0036 5260 iphlpsvc - ok
19:20:17.0082 5260 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:20:17.0098 5260 IPMIDRV - ok
19:20:17.0129 5260 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:20:17.0129 5260 IPNAT - ok
19:20:17.0223 5260 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:20:17.0254 5260 iPod Service - ok
19:20:17.0270 5260 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:20:17.0285 5260 IRENUM - ok
19:20:17.0301 5260 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:20:17.0301 5260 isapnp - ok
19:20:17.0363 5260 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:20:17.0379 5260 iScsiPrt - ok
19:20:17.0394 5260 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:20:17.0394 5260 kbdclass - ok
19:20:17.0426 5260 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:20:17.0426 5260 kbdhid - ok
19:20:17.0441 5260 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:20:17.0441 5260 KeyIso - ok
19:20:17.0488 5260 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:20:17.0519 5260 KSecDD - ok
19:20:17.0550 5260 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:20:17.0582 5260 KSecPkg - ok
19:20:17.0644 5260 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:20:17.0644 5260 KtmRm - ok
19:20:17.0675 5260 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:20:17.0675 5260 LanmanServer - ok
19:20:17.0691 5260 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:20:17.0722 5260 LanmanWorkstation - ok
19:20:17.0784 5260 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:20:17.0784 5260 lltdio - ok
19:20:17.0847 5260 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:20:17.0862 5260 lltdsvc - ok
19:20:17.0894 5260 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:20:17.0894 5260 lmhosts - ok
19:20:17.0909 5260 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:20:17.0909 5260 LSI_FC - ok
19:20:17.0940 5260 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:20:17.0940 5260 LSI_SAS - ok
19:20:17.0956 5260 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:20:17.0956 5260 LSI_SAS2 - ok
19:20:17.0972 5260 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:20:17.0972 5260 LSI_SCSI - ok
19:20:18.0003 5260 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:20:18.0003 5260 luafv - ok
19:20:18.0050 5260 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:20:18.0065 5260 Mcx2Svc - ok
19:20:18.0081 5260 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:20:18.0096 5260 megasas - ok
19:20:18.0112 5260 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:20:18.0128 5260 MegaSR - ok
19:20:18.0143 5260 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:20:18.0143 5260 MMCSS - ok
19:20:18.0174 5260 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:20:18.0174 5260 Modem - ok
19:20:18.0206 5260 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:20:18.0221 5260 monitor - ok
19:20:18.0252 5260 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:20:18.0252 5260 mouclass - ok
19:20:18.0252 5260 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:20:18.0252 5260 mouhid - ok
19:20:18.0299 5260 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:20:18.0299 5260 mountmgr - ok
19:20:18.0377 5260 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:20:18.0393 5260 MpFilter - ok
19:20:18.0440 5260 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:20:18.0471 5260 mpio - ok
19:20:18.0798 5260 [ A69630D039C38018689190234F866D77 ] MpKslc832e0a3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\MpKslc832e0a3.sys
19:20:18.0830 5260 MpKslc832e0a3 - ok
19:20:18.0876 5260 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:20:18.0892 5260 mpsdrv - ok
19:20:18.0923 5260 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:20:18.0954 5260 MpsSvc - ok
19:20:19.0001 5260 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:20:19.0017 5260 MRxDAV - ok
19:20:19.0064 5260 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:20:19.0064 5260 mrxsmb - ok
19:20:19.0079 5260 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:20:19.0079 5260 mrxsmb10 - ok
19:20:19.0095 5260 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:20:19.0095 5260 mrxsmb20 - ok
19:20:19.0110 5260 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:20:19.0110 5260 msahci - ok
19:20:19.0157 5260 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:20:19.0157 5260 msdsm - ok
19:20:19.0173 5260 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:20:19.0204 5260 MSDTC - ok
19:20:19.0220 5260 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:20:19.0220 5260 Msfs - ok
19:20:19.0235 5260 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:20:19.0235 5260 mshidkmdf - ok
19:20:19.0282 5260 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:20:19.0298 5260 msisadrv - ok
19:20:19.0344 5260 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:20:19.0360 5260 MSiSCSI - ok
19:20:19.0360 5260 msiserver - ok
19:20:19.0376 5260 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:20:19.0376 5260 MSKSSRV - ok
19:20:19.0469 5260 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:20:19.0469 5260 MsMpSvc - ok
19:20:19.0500 5260 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:20:19.0516 5260 MSPCLOCK - ok
19:20:19.0532 5260 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:20:19.0532 5260 MSPQM - ok
19:20:19.0547 5260 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:20:19.0547 5260 MsRPC - ok
19:20:19.0563 5260 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:20:19.0578 5260 mssmbios - ok
19:20:19.0578 5260 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:20:19.0578 5260 MSTEE - ok
19:20:19.0594 5260 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:20:19.0594 5260 MTConfig - ok
19:20:19.0610 5260 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:20:19.0610 5260 Mup - ok
19:20:19.0672 5260 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:20:19.0672 5260 napagent - ok
19:20:19.0750 5260 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:20:19.0766 5260 NativeWifiP - ok
19:20:19.0812 5260 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:20:19.0828 5260 NDIS - ok
19:20:19.0844 5260 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:20:19.0844 5260 NdisCap - ok
19:20:19.0875 5260 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:20:19.0875 5260 NdisTapi - ok
19:20:19.0906 5260 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:20:19.0906 5260 Ndisuio - ok
19:20:19.0953 5260 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:20:19.0968 5260 NdisWan - ok
19:20:20.0015 5260 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:20:20.0031 5260 NDProxy - ok
19:20:20.0046 5260 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:20:20.0046 5260 NetBIOS - ok
19:20:20.0078 5260 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:20:20.0078 5260 NetBT - ok
19:20:20.0109 5260 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:20:20.0109 5260 Netlogon - ok
19:20:20.0171 5260 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:20:20.0187 5260 Netman - ok
19:20:20.0202 5260 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:20:20.0218 5260 netprofm - ok
19:20:20.0312 5260 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:20:20.0327 5260 NetTcpPortSharing - ok
19:20:20.0358 5260 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:20:20.0358 5260 nfrd960 - ok
19:20:20.0405 5260 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:20:20.0405 5260 NisDrv - ok
19:20:20.0499 5260 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:20:20.0514 5260 NisSrv - ok
19:20:20.0546 5260 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:20:20.0561 5260 NlaSvc - ok
19:20:20.0577 5260 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:20:20.0577 5260 Npfs - ok
19:20:20.0608 5260 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:20:20.0624 5260 nsi - ok
19:20:20.0655 5260 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:20:20.0655 5260 nsiproxy - ok
19:20:20.0702 5260 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:20:20.0733 5260 Ntfs - ok
19:20:20.0748 5260 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:20:20.0748 5260 Null - ok
19:20:20.0811 5260 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:20:20.0811 5260 nvraid - ok
19:20:20.0826 5260 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:20:20.0826 5260 nvstor - ok
19:20:20.0842 5260 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:20:20.0842 5260 nv_agp - ok
19:20:20.0920 5260 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:20:20.0936 5260 odserv - ok
19:20:20.0967 5260 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:20:20.0982 5260 ohci1394 - ok
19:20:21.0045 5260 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:20:21.0076 5260 ose - ok
19:20:21.0138 5260 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:20:21.0154 5260 p2pimsvc - ok
19:20:21.0201 5260 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:20:21.0216 5260 p2psvc - ok
19:20:21.0248 5260 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:20:21.0248 5260 Parport - ok
19:20:21.0294 5260 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:20:21.0310 5260 partmgr - ok
19:20:21.0326 5260 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:20:21.0326 5260 Parvdm - ok
19:20:21.0372 5260 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:20:21.0388 5260 PcaSvc - ok
19:20:21.0404 5260 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:20:21.0404 5260 pci - ok
19:20:21.0450 5260 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:20:21.0450 5260 pciide - ok
19:20:21.0482 5260 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:20:21.0482 5260 pcmcia - ok
19:20:21.0497 5260 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:20:21.0497 5260 pcw - ok
19:20:21.0528 5260 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:20:21.0544 5260 PEAUTH - ok
19:20:21.0622 5260 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:20:21.0653 5260 pla - ok
19:20:21.0731 5260 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:20:21.0762 5260 PlugPlay - ok
19:20:21.0809 5260 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:20:21.0825 5260 PNRPAutoReg - ok
19:20:21.0856 5260 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:20:21.0856 5260 PNRPsvc - ok
19:20:21.0872 5260 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:20:21.0903 5260 PolicyAgent - ok
19:20:21.0918 5260 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:20:21.0934 5260 Power - ok
19:20:21.0981 5260 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:20:21.0996 5260 PptpMiniport - ok
19:20:22.0012 5260 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:20:22.0012 5260 Processor - ok
19:20:22.0059 5260 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:20:22.0059 5260 ProfSvc - ok
19:20:22.0074 5260 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:20:22.0074 5260 ProtectedStorage - ok
19:20:22.0137 5260 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\system32\PSIService.exe
19:20:22.0168 5260 ProtexisLicensing - ok
19:20:22.0184 5260 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:20:22.0184 5260 Psched - ok
19:20:22.0340 5260 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:20:22.0386 5260 ql2300 - ok
19:20:22.0402 5260 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:20:22.0402 5260 ql40xx - ok
19:20:22.0449 5260 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:20:22.0496 5260 QWAVE - ok
19:20:22.0511 5260 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:20:22.0511 5260 QWAVEdrv - ok
19:20:22.0527 5260 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:20:22.0527 5260 RasAcd - ok
19:20:22.0589 5260 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:20:22.0605 5260 RasAgileVpn - ok
19:20:22.0620 5260 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:20:22.0620 5260 RasAuto - ok
19:20:22.0636 5260 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:20:22.0652 5260 Rasl2tp - ok
19:20:22.0714 5260 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:20:22.0714 5260 RasMan - ok
19:20:22.0745 5260 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:20:22.0745 5260 RasPppoe - ok
19:20:22.0745 5260 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:20:22.0761 5260 RasSstp - ok
19:20:22.0839 5260 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:20:22.0901 5260 rdbss - ok
19:20:22.0948 5260 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:20:22.0948 5260 rdpbus - ok
19:20:22.0995 5260 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:20:22.0995 5260 RDPCDD - ok
19:20:23.0026 5260 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:20:23.0026 5260 RDPENCDD - ok
19:20:23.0042 5260 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:20:23.0042 5260 RDPREFMP - ok
19:20:23.0104 5260 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:20:23.0104 5260 RDPWD - ok
19:20:23.0151 5260 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:20:23.0166 5260 rdyboost - ok
19:20:23.0198 5260 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:20:23.0244 5260 RemoteAccess - ok
19:20:23.0276 5260 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:20:23.0291 5260 RemoteRegistry - ok
19:20:23.0322 5260 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:20:23.0338 5260 RpcEptMapper - ok
19:20:23.0369 5260 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:20:23.0369 5260 RpcLocator - ok
19:20:23.0385 5260 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:20:23.0400 5260 RpcSs - ok
19:20:23.0416 5260 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:20:23.0432 5260 rspndr - ok
19:20:23.0463 5260 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:20:23.0463 5260 SamSs - ok
19:20:23.0494 5260 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:20:23.0494 5260 sbp2port - ok
19:20:23.0541 5260 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:20:23.0556 5260 SCardSvr - ok
19:20:23.0588 5260 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:20:23.0588 5260 scfilter - ok
19:20:23.0790 5260 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:20:23.0822 5260 Schedule - ok
19:20:23.0837 5260 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:20:23.0837 5260 SCPolicySvc - ok
19:20:23.0900 5260 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:20:23.0931 5260 SDRSVC - ok
19:20:24.0118 5260 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
19:20:24.0165 5260 SDScannerService - ok
19:20:24.0212 5260 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:20:24.0227 5260 SDUpdateService - ok
19:20:24.0258 5260 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:20:24.0258 5260 SDWSCService - ok
19:20:24.0321 5260 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:20:24.0336 5260 secdrv - ok
19:20:24.0368 5260 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:20:24.0383 5260 seclogon - ok
19:20:24.0414 5260 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:20:24.0414 5260 SENS - ok
19:20:24.0446 5260 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:20:24.0477 5260 SensrSvc - ok
19:20:24.0508 5260 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:20:24.0508 5260 Serenum - ok
19:20:24.0524 5260 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:20:24.0524 5260 Serial - ok
19:20:24.0555 5260 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:20:24.0555 5260 sermouse - ok
19:20:24.0602 5260 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:20:24.0617 5260 SessionEnv - ok
19:20:24.0664 5260 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:20:24.0680 5260 sffdisk - ok
19:20:24.0695 5260 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:20:24.0695 5260 sffp_mmc - ok
19:20:24.0711 5260 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:20:24.0711 5260 sffp_sd - ok
19:20:24.0726 5260 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:20:24.0726 5260 sfloppy - ok
19:20:24.0820 5260 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:20:24.0836 5260 SharedAccess - ok
19:20:24.0867 5260 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:20:24.0882 5260 ShellHWDetection - ok
19:20:24.0898 5260 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:20:24.0898 5260 sisagp - ok
19:20:24.0929 5260 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:20:24.0929 5260 SiSRaid2 - ok
19:20:24.0945 5260 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:20:24.0945 5260 SiSRaid4 - ok
19:20:24.0976 5260 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:20:24.0992 5260 Smb - ok
19:20:25.0038 5260 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:20:25.0038 5260 SNMPTRAP - ok
19:20:25.0054 5260 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:20:25.0054 5260 spldr - ok
19:20:25.0116 5260 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:20:25.0116 5260 Spooler - ok
19:20:25.0179 5260 [ B6EEE5B77579BD2C6F847CF807821B47 ] SpoolerCache C:\Windows\spoolsvc.exe
19:20:25.0194 5260 SpoolerCache - ok
19:20:25.0943 5260 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:20:26.0006 5260 sppsvc - ok
19:20:26.0084 5260 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:20:26.0099 5260 sppuinotify - ok
19:20:26.0208 5260 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:20:26.0224 5260 srv - ok
19:20:26.0255 5260 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:20:26.0271 5260 srv2 - ok
19:20:26.0286 5260 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:20:26.0286 5260 srvnet - ok
19:20:26.0333 5260 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:20:26.0333 5260 SSDPSRV - ok
19:20:26.0364 5260 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:20:26.0364 5260 SstpSvc - ok
19:20:26.0396 5260 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:20:26.0396 5260 stexstor - ok
19:20:26.0458 5260 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:20:26.0474 5260 StiSvc - ok
19:20:26.0520 5260 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:20:26.0520 5260 swenum - ok
19:20:26.0552 5260 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:20:26.0552 5260 swprv - ok
19:20:26.0645 5260 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:20:26.0676 5260 SysMain - ok
19:20:26.0708 5260 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:20:26.0723 5260 TabletInputService - ok
19:20:26.0770 5260 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:20:26.0770 5260 TapiSrv - ok
19:20:26.0817 5260 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:20:26.0848 5260 TBS - ok
19:20:27.0066 5260 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:20:27.0113 5260 Tcpip - ok
19:20:27.0160 5260 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:20:27.0160 5260 TCPIP6 - ok
19:20:27.0207 5260 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:20:27.0207 5260 tcpipreg - ok
19:20:27.0269 5260 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:20:27.0285 5260 TDPIPE - ok
19:20:27.0300 5260 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:20:27.0300 5260 TDTCP - ok
19:20:27.0332 5260 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:20:27.0332 5260 tdx - ok
19:20:27.0363 5260 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:20:27.0378 5260 TermDD - ok
19:20:27.0425 5260 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:20:27.0441 5260 TermService - ok
19:20:27.0472 5260 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:20:27.0488 5260 Themes - ok
19:20:27.0503 5260 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:20:27.0519 5260 THREADORDER - ok
19:20:27.0519 5260 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:20:27.0550 5260 TrkWks - ok
19:20:27.0628 5260 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:20:27.0644 5260 TrustedInstaller - ok
19:20:27.0659 5260 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:20:27.0675 5260 tssecsrv - ok
19:20:27.0722 5260 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:20:27.0722 5260 TsUsbFlt - ok
19:20:27.0784 5260 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:20:27.0784 5260 tunnel - ok
19:20:27.0831 5260 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:20:27.0831 5260 uagp35 - ok
19:20:27.0846 5260 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:20:27.0846 5260 udfs - ok
19:20:27.0893 5260 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:20:27.0893 5260 UI0Detect - ok
19:20:27.0924 5260 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:20:27.0924 5260 uliagpkx - ok
19:20:27.0971 5260 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:20:27.0987 5260 umbus - ok
19:20:28.0002 5260 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:20:28.0002 5260 UmPass - ok
19:20:28.0034 5260 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:20:28.0034 5260 upnphost - ok
19:20:28.0080 5260 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:20:28.0080 5260 USBAAPL - ok
19:20:28.0143 5260 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:20:28.0158 5260 usbccgp - ok
19:20:28.0174 5260 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:20:28.0174 5260 usbcir - ok
19:20:28.0221 5260 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:20:28.0236 5260 usbehci - ok
19:20:28.0314 5260 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:20:28.0314 5260 usbhub - ok
19:20:28.0346 5260 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:20:28.0346 5260 usbohci - ok
19:20:28.0377 5260 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:20:28.0377 5260 usbprint - ok
19:20:28.0408 5260 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:20:28.0408 5260 usbscan - ok
19:20:28.0455 5260 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:20:28.0470 5260 USBSTOR - ok
19:20:28.0517 5260 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:20:28.0517 5260 usbuhci - ok
19:20:28.0564 5260 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:20:28.0580 5260 UxSms - ok
19:20:28.0595 5260 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:20:28.0595 5260 VaultSvc - ok
19:20:28.0626 5260 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:20:28.0626 5260 vdrvroot - ok
19:20:28.0689 5260 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:20:28.0704 5260 vds - ok
19:20:28.0704 5260 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:20:28.0720 5260 vga - ok
19:20:28.0736 5260 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:20:28.0736 5260 VgaSave - ok
19:20:28.0767 5260 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:20:28.0782 5260 vhdmp - ok
19:20:28.0814 5260 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:20:28.0814 5260 viaagp - ok
19:20:28.0829 5260 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:20:28.0829 5260 ViaC7 - ok
19:20:28.0845 5260 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:20:28.0845 5260 viaide - ok
19:20:28.0860 5260 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:20:28.0860 5260 volmgr - ok
19:20:28.0876 5260 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:20:28.0892 5260 volmgrx - ok
19:20:28.0907 5260 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:20:28.0907 5260 volsnap - ok
19:20:28.0938 5260 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:20:28.0954 5260 vsmraid - ok
19:20:29.0110 5260 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:20:29.0126 5260 VSS - ok
19:20:29.0141 5260 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:20:29.0157 5260 vwifibus - ok
19:20:29.0172 5260 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:20:29.0172 5260 vwififlt - ok
19:20:29.0219 5260 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:20:29.0235 5260 W32Time - ok
19:20:29.0266 5260 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:20:29.0282 5260 WacomPen - ok
19:20:29.0344 5260 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:20:29.0344 5260 WANARP - ok
19:20:29.0344 5260 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:20:29.0344 5260 Wanarpv6 - ok
19:20:29.0672 5260 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:20:29.0734 5260 WatAdminSvc - ok
19:20:29.0796 5260 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:20:29.0843 5260 wbengine - ok
19:20:29.0874 5260 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:20:29.0890 5260 WbioSrvc - ok
19:20:29.0937 5260 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:20:29.0937 5260 wcncsvc - ok
19:20:29.0952 5260 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:20:29.0968 5260 WcsPlugInService - ok
19:20:29.0999 5260 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:20:30.0015 5260 Wd - ok
19:20:30.0062 5260 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:20:30.0077 5260 Wdf01000 - ok
19:20:30.0093 5260 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:20:30.0108 5260 WdiServiceHost - ok
19:20:30.0108 5260 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:20:30.0108 5260 WdiSystemHost - ok
19:20:30.0155 5260 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:20:30.0171 5260 WebClient - ok
19:20:30.0186 5260 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:20:30.0202 5260 Wecsvc - ok
19:20:30.0218 5260 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:20:30.0218 5260 wercplsupport - ok
19:20:30.0264 5260 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:20:30.0264 5260 WerSvc - ok
19:20:30.0296 5260 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:20:30.0296 5260 WfpLwf - ok
19:20:30.0311 5260 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:20:30.0311 5260 WIMMount - ok
19:20:30.0561 5260 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:20:30.0592 5260 WinDefend - ok
19:20:30.0608 5260 WinHttpAutoProxySvc - ok
19:20:31.0154 5260 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:20:31.0154 5260 Winmgmt - ok
19:20:31.0310 5260 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:20:31.0356 5260 WinRM - ok
19:20:31.0434 5260 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:20:31.0450 5260 WinUsb - ok
19:20:31.0668 5260 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:20:31.0700 5260 Wlansvc - ok
19:20:31.0715 5260 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:20:31.0731 5260 WmiAcpi - ok
19:20:31.0762 5260 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:20:31.0778 5260 wmiApSrv - ok
19:20:31.0934 5260 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:20:31.0949 5260 WMPNetworkSvc - ok
19:20:31.0965 5260 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:20:31.0965 5260 WPCSvc - ok
19:20:32.0012 5260 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:20:32.0027 5260 WPDBusEnum - ok
19:20:32.0074 5260 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:20:32.0090 5260 ws2ifsl - ok
19:20:32.0105 5260 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:20:32.0105 5260 wscsvc - ok
19:20:32.0121 5260 WSearch - ok
19:20:32.0433 5260 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:20:32.0495 5260 wuauserv - ok
19:20:32.0542 5260 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:20:32.0542 5260 WudfPf - ok
19:20:32.0573 5260 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:20:32.0573 5260 WUDFRd - ok
19:20:32.0636 5260 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:20:32.0636 5260 wudfsvc - ok
19:20:32.0667 5260 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:20:32.0667 5260 WwanSvc - ok
19:20:32.0682 5260 ================ Scan global ===============================
19:20:32.0729 5260 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:20:32.0792 5260 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:20:32.0823 5260 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:20:32.0870 5260 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:20:32.0901 5260 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:20:32.0901 5260 [Global] - ok
==========
19:20:32.0901 5260 ================ Scan MBR ==================================
19:20:32.0916 5260 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:20:33.0962 5260 \Device\Harddisk0\DR0 - ok
19:20:33.0977 5260 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
19:20:36.0785 5260 \Device\Harddisk1\DR3 - ok
19:20:36.0785 5260 ================ Scan VBR ==================================
19:20:36.0816 5260 [ 0F55955A99EF05C41DE3A32B028D09D3 ] \Device\Harddisk0\DR0\Partition1
19:20:36.0879 5260 \Device\Harddisk0\DR0\Partition1 - ok
19:20:36.0894 5260 [ 382441C2B244C2123777C9FE494FD3EB ] \Device\Harddisk0\DR0\Partition2
19:20:36.0894 5260 \Device\Harddisk0\DR0\Partition2 - ok
19:20:36.0910 5260 [ C7A1B840C0D38A721C442B35EFA1895A ] \Device\Harddisk1\DR3\Partition1
19:20:36.0910 5260 \Device\Harddisk1\DR3\Partition1 - ok
19:20:36.0910 5260 ============================================================
19:20:36.0910 5260 Scan finished
19:20:36.0910 5260 ============================================================
19:20:36.0926 5324 Detected object count: 0
19:20:36.0926 5324 Actual detected object count: 0
19:21:19.0202 4224 ============================================================
19:21:19.0202 4224 Scan started
19:21:19.0202 4224 Mode: Manual;
19:21:19.0202 4224 ============================================================
19:21:20.0231 4224 ================ Scan system memory ========================
19:21:20.0231 4224 System memory - ok
19:21:20.0231 4224 ================ Scan services =============================
19:21:20.0481 4224 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:21:20.0481 4224 1394ohci - ok
19:21:20.0543 4224 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:21:20.0543 4224 ACPI - ok
19:21:20.0590 4224 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:21:20.0590 4224 AcpiPmi - ok
19:21:20.0699 4224 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:21:20.0699 4224 AdobeFlashPlayerUpdateSvc - ok
19:21:20.0762 4224 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:21:20.0777 4224 adp94xx - ok
19:21:20.0824 4224 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:21:20.0824 4224 adpahci - ok
19:21:20.0840 4224 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:21:20.0840 4224 adpu320 - ok
19:21:20.0902 4224 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:21:20.0902 4224 AeLookupSvc - ok
19:21:20.0949 4224 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
19:21:20.0949 4224 AERTFilters - ok
19:21:21.0011 4224 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:21:21.0011 4224 AFD - ok
19:21:21.0042 4224 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:21:21.0042 4224 agp440 - ok
19:21:21.0074 4224 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:21:21.0074 4224 aic78xx - ok
19:21:21.0120 4224 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:21:21.0120 4224 ALG - ok
19:21:21.0136 4224 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:21:21.0136 4224 aliide - ok
19:21:21.0198 4224 [ F970EA885AEFEB1B9EB97CA7F1EB226D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:21:21.0198 4224 AMD External Events Utility - ok
19:21:21.0245 4224 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:21:21.0245 4224 amdagp - ok
19:21:21.0292 4224 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:21:21.0292 4224 amdide - ok
19:21:21.0339 4224 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:21:21.0339 4224 AmdK8 - ok
19:21:22.0041 4224 [ AB70F110143892EB41AA46500AA5CF00 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:21:22.0088 4224 amdkmdag - ok
19:21:22.0134 4224 [ 32D68D05B871EED5572D0C2C764EA4EC ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:21:22.0134 4224 amdkmdap - ok
19:21:22.0181 4224 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:21:22.0181 4224 AmdPPM - ok
19:21:22.0228 4224 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:21:22.0228 4224 amdsata - ok
19:21:22.0275 4224 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:21:22.0275 4224 amdsbs - ok
19:21:22.0306 4224 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:21:22.0322 4224 amdxata - ok
19:21:22.0368 4224 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:21:22.0368 4224 AppID - ok
19:21:22.0431 4224 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:21:22.0431 4224 AppIDSvc - ok
19:21:22.0478 4224 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
19:21:22.0509 4224 Appinfo - ok
19:21:22.0758 4224 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:21:22.0758 4224 Apple Mobile Device - ok
19:21:22.0805 4224 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:21:22.0805 4224 arc - ok
19:21:22.0836 4224 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:21:22.0836 4224 arcsas - ok
19:21:22.0883 4224 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:21:22.0883 4224 AsyncMac - ok
19:21:22.0946 4224 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:21:22.0946 4224 atapi - ok
19:21:23.0039 4224 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
19:21:23.0055 4224 athr - ok
19:21:24.0209 4224 [ AB70F110143892EB41AA46500AA5CF00 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:21:24.0256 4224 atikmdag - ok
19:21:24.0412 4224 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:21:24.0412 4224 AudioEndpointBuilder - ok
19:21:24.0428 4224 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:21:24.0443 4224 Audiosrv - ok
19:21:24.0474 4224 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:21:24.0474 4224 AxInstSV - ok
19:21:24.0599 4224 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:21:24.0599 4224 b06bdrv - ok
19:21:24.0646 4224 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:21:24.0646 4224 b57nd60x - ok
19:21:24.0693 4224 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:21:24.0708 4224 BDESVC - ok
19:21:24.0708 4224 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:21:24.0708 4224 Beep - ok
19:21:24.0818 4224 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:21:24.0818 4224 BFE - ok
19:21:24.0896 4224 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:21:24.0896 4224 BITS - ok
19:21:24.0927 4224 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:21:24.0927 4224 blbdrive - ok
19:21:25.0083 4224 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:21:25.0083 4224 Bonjour Service - ok
19:21:25.0130 4224 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:21:25.0130 4224 bowser - ok
19:21:25.0161 4224 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:21:25.0161 4224 BrFiltLo - ok
19:21:25.0192 4224 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:21:25.0192 4224 BrFiltUp - ok
19:21:25.0254 4224 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:21:25.0254 4224 Browser - ok
19:21:25.0348 4224 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:21:25.0364 4224 Brserid - ok
19:21:25.0379 4224 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:21:25.0395 4224 BrSerWdm - ok
19:21:25.0426 4224 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:21:25.0426 4224 BrUsbMdm - ok
19:21:25.0457 4224 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:21:25.0457 4224 BrUsbSer - ok
19:21:25.0504 4224 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:21:25.0504 4224 BTHMODEM - ok
19:21:25.0535 4224 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:21:25.0535 4224 bthserv - ok
19:21:25.0582 4224 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:21:25.0582 4224 cdfs - ok
19:21:25.0629 4224 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:21:25.0629 4224 cdrom - ok
19:21:25.0676 4224 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:21:25.0676 4224 CertPropSvc - ok
19:21:25.0707 4224 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:21:25.0707 4224 circlass - ok
19:21:25.0785 4224 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:21:25.0785 4224 CLFS - ok
19:21:25.0941 4224 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:21:25.0941 4224 clr_optimization_v2.0.50727_32 - ok
19:21:26.0066 4224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:21:26.0066 4224 clr_optimization_v4.0.30319_32 - ok
19:21:26.0112 4224 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:21:26.0112 4224 CmBatt - ok
19:21:26.0144 4224 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:21:26.0144 4224 cmdide - ok
19:21:26.0253 4224 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:21:26.0253 4224 CNG - ok
19:21:26.0300 4224 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:21:26.0300 4224 Compbatt - ok
19:21:26.0362 4224 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:21:26.0362 4224 CompositeBus - ok
19:21:26.0362 4224 COMSysApp - ok
19:21:26.0393 4224 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:21:26.0393 4224 crcdisk - ok
19:21:26.0456 4224 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:21:26.0456 4224 CryptSvc - ok
19:21:26.0549 4224 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:21:26.0549 4224 DcomLaunch - ok
19:21:26.0768 4224 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
19:21:26.0768 4224 DefaultTabUpdate - ok
19:21:26.0846 4224 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:21:26.0861 4224 defragsvc - ok
19:21:26.0908 4224 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:21:26.0908 4224 DfsC - ok
19:21:26.0939 4224 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:21:26.0939 4224 Dhcp - ok
19:21:26.0986 4224 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:21:26.0986 4224 discache - ok
19:21:27.0017 4224 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:21:27.0017 4224 Disk - ok
19:21:27.0204 4224 [ EAF0EEA0687BEB6A6B0287F6E84C5435 ] dldoCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe
19:21:27.0204 4224 dldoCATSCustConnectService - ok
19:21:27.0204 4224 dldo_device - ok
19:21:27.0267 4224 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:21:27.0267 4224 Dnscache - ok
19:21:27.0314 4224 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:21:27.0314 4224 dot3svc - ok
19:21:27.0376 4224 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:21:27.0376 4224 DPS - ok
19:21:27.0407 4224 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:21:27.0407 4224 drmkaud - ok
19:21:27.0563 4224 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:21:27.0563 4224 DXGKrnl - ok
19:21:27.0657 4224 [ CF0A6015F437161698C5B2A0A12CF052 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
19:21:27.0657 4224 e1express - ok
19:21:27.0704 4224 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:21:27.0704 4224 EapHost - ok
19:21:27.0969 4224 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:21:27.0984 4224 ebdrv - ok
19:21:28.0031 4224 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:21:28.0031 4224 EFS - ok
19:21:28.0265 4224 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:21:28.0265 4224 ehRecvr - ok
19:21:28.0296 4224 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:21:28.0296 4224 ehSched - ok
19:21:28.0406 4224 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:21:28.0406 4224 elxstor - ok
19:21:28.0452 4224 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:21:28.0452 4224 ErrDev - ok
19:21:28.0562 4224 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:21:28.0562 4224 EventSystem - ok
19:21:28.0608 4224 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:21:28.0608 4224 exfat - ok
19:21:28.0655 4224 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:21:28.0671 4224 fastfat - ok
19:21:28.0671 4224 FastUserSwitchingCompatibility - ok
19:21:28.0811 4224 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:21:28.0811 4224 Fax - ok
19:21:28.0842 4224 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:21:28.0842 4224 fdc - ok
19:21:28.0889 4224 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:21:28.0889 4224 fdPHost - ok
19:21:28.0920 4224 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:21:28.0920 4224 FDResPub - ok
19:21:28.0967 4224 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:21:28.0967 4224 FileInfo - ok
19:21:28.0998 4224 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:21:28.0998 4224 Filetrace - ok
19:21:29.0030 4224 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:21:29.0030 4224 flpydisk - ok
19:21:29.0108 4224 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:21:29.0108 4224 FltMgr - ok
19:21:29.0295 4224 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:21:29.0295 4224 FontCache - ok
19:21:29.0420 4224 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:21:29.0420 4224 FontCache3.0.0.0 - ok
19:21:29.0451 4224 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:21:29.0451 4224 FsDepends - ok
19:21:29.0513 4224 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:21:29.0513 4224 Fs_Rec - ok
19:21:29.0560 4224 [ 5502FF5AE50FDFA3D37367418D9E0EF9 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
19:21:29.0560 4224 FTDIBUS - ok
19:21:29.0591 4224 [ 8086BE20DB3D4EF8638A7A9983D30F9E ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
19:21:29.0591 4224 FTSER2K - ok
19:21:29.0638 4224 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:21:29.0638 4224 fvevol - ok
19:21:29.0685 4224 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:21:29.0685 4224 gagp30kx - ok
19:21:29.0716 4224 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:21:29.0716 4224 GEARAspiWDM - ok
19:21:29.0919 4224 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:21:29.0934 4224 gpsvc - ok
19:21:29.0950 4224 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:21:29.0950 4224 hcw85cir - ok
19:21:29.0997 4224 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:21:29.0997 4224 HdAudAddService - ok
19:21:30.0044 4224 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:21:30.0044 4224 HDAudBus - ok
19:21:30.0075 4224 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:21:30.0075 4224 HidBatt - ok
19:21:30.0106 4224 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:21:30.0106 4224 HidBth - ok
19:21:30.0137 4224 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:21:30.0137 4224 HidIr - ok
19:21:30.0168 4224 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:21:30.0168 4224 hidserv - ok
19:21:30.0215 4224 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:21:30.0215 4224 HidUsb - ok
19:21:30.0246 4224 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:21:30.0262 4224 hkmsvc - ok
19:21:30.0324 4224 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:21:30.0340 4224 HomeGroupListener - ok
19:21:30.0402 4224 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:21:30.0418 4224 HomeGroupProvider - ok
19:21:30.0465 4224 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:21:30.0465 4224 HpSAMD - ok
19:21:30.0652 4224 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:21:30.0652 4224 HTTP - ok
19:21:30.0699 4224 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:21:30.0699 4224 hwpolicy - ok
19:21:30.0730 4224 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:21:30.0730 4224 i8042prt - ok
19:21:30.0792 4224 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:21:30.0792 4224 iaStorV - ok
19:21:30.0980 4224 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:21:30.0980 4224 idsvc - ok
19:21:31.0011 4224 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:21:31.0011 4224 iirsp - ok
19:21:31.0089 4224 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:21:31.0089 4224 IKEEXT - ok
19:21:31.0588 4224 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:21:31.0604 4224 IntcAzAudAddService - ok
19:21:31.0635 4224 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:21:31.0635 4224 intelide - ok
19:21:31.0682 4224 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:21:31.0682 4224 intelppm - ok
19:21:31.0728 4224 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:21:31.0728 4224 IPBusEnum - ok
19:21:31.0760 4224 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:21:31.0775 4224 IpFilterDriver - ok
19:21:31.0900 4224 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:21:31.0931 4224 iphlpsvc - ok
19:21:31.0978 4224 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:21:31.0978 4224 IPMIDRV - ok
19:21:31.0994 4224 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:21:31.0994 4224 IPNAT - ok
19:21:32.0087 4224 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:21:32.0087 4224 iPod Service - ok
19:21:32.0118 4224 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:21:32.0118 4224 IRENUM - ok
19:21:32.0150 4224 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:21:32.0150 4224 isapnp - ok
19:21:32.0181 4224 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:21:32.0181 4224 iScsiPrt - ok
19:21:32.0196 4224 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:21:32.0196 4224 kbdclass - ok
19:21:32.0228 4224 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:21:32.0228 4224 kbdhid - ok
19:21:32.0243 4224 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:21:32.0243 4224 KeyIso - ok
19:21:32.0321 4224 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:21:32.0321 4224 KSecDD - ok
19:21:32.0352 4224 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:21:32.0352 4224 KSecPkg - ok
19:21:32.0446 4224 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:21:32.0446 4224 KtmRm - ok
19:21:32.0508 4224 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:21:32.0508 4224 LanmanServer - ok
19:21:32.0555 4224 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:21:32.0555 4224 LanmanWorkstation - ok
19:21:32.0602 4224 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:21:32.0602 4224 lltdio - ok
19:21:32.0664 4224 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:21:32.0680 4224 lltdsvc - ok
19:21:32.0696 4224 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:21:32.0696 4224 lmhosts - ok
19:21:32.0711 4224 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:21:32.0711 4224 LSI_FC - ok
19:21:32.0727 4224 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:21:32.0727 4224 LSI_SAS - ok
19:21:32.0774 4224 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:21:32.0774 4224 LSI_SAS2 - ok
19:21:32.0805 4224 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:21:32.0805 4224 LSI_SCSI - ok
19:21:32.0836 4224 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:21:32.0836 4224 luafv - ok
19:21:32.0883 4224 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:21:32.0883 4224 Mcx2Svc - ok
19:21:32.0930 4224 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:21:32.0930 4224 megasas - ok
19:21:33.0008 4224 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:21:33.0008 4224 MegaSR - ok
19:21:33.0054 4224 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:21:33.0054 4224 MMCSS - ok
19:21:33.0086 4224 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:21:33.0086 4224 Modem - ok
19:21:33.0132 4224 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:21:33.0132 4224 monitor - ok
19:21:33.0179 4224 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:21:33.0179 4224 mouclass - ok
19:21:33.0195 4224 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:21:33.0195 4224 mouhid - ok
19:21:33.0242 4224 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:21:33.0242 4224 mountmgr - ok
19:21:33.0320 4224 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:21:33.0320 4224 MpFilter - ok
19:21:33.0382 4224 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:21:33.0382 4224 mpio - ok
19:21:33.0647 4224 [ A69630D039C38018689190234F866D77 ] MpKslc832e0a3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\MpKslc832e0a3.sys
19:21:33.0647 4224 MpKslc832e0a3 - ok
19:21:33.0725 4224 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:21:33.0725 4224 mpsdrv - ok
19:21:33.0912 4224 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:21:33.0928 4224 MpsSvc - ok
19:21:33.0990 4224 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:21:33.0990 4224 MRxDAV - ok
19:21:34.0022 4224 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:21:34.0022 4224 mrxsmb - ok
19:21:34.0115 4224 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:21:34.0115 4224 mrxsmb10 - ok
19:21:34.0146 4224 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:21:34.0146 4224 mrxsmb20 - ok
19:21:34.0178 4224 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:21:34.0178 4224 msahci - ok
19:21:34.0224 4224 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:21:34.0224 4224 msdsm - ok
19:21:34.0271 4224 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:21:34.0287 4224 MSDTC - ok
19:21:34.0302 4224 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:21:34.0302 4224 Msfs - ok
19:21:34.0349 4224 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:21:34.0349 4224 mshidkmdf - ok
19:21:34.0396 4224 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:21:34.0396 4224 msisadrv - ok
19:21:34.0443 4224 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:21:34.0458 4224 MSiSCSI - ok
19:21:34.0458 4224 msiserver - ok
19:21:34.0490 4224 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:21:34.0490 4224 MSKSSRV - ok
19:21:34.0599 4224 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:21:34.0599 4224 MsMpSvc - ok
19:21:34.0630 4224 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:34.0630 4224 MSPCLOCK - ok
19:21:34.0661 4224 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:21:34.0661 4224 MSPQM - ok
19:21:34.0739 4224 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:21:34.0739 4224 MsRPC - ok
19:21:34.0770 4224 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:21:34.0770 4224 mssmbios - ok
19:21:34.0817 4224 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:21:34.0817 4224 MSTEE - ok
19:21:34.0848 4224 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:21:34.0848 4224 MTConfig - ok
19:21:34.0895 4224 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:21:34.0895 4224 Mup - ok
19:21:34.0989 4224 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:21:34.0989 4224 napagent - ok
19:21:35.0082 4224 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:21:35.0082 4224 NativeWifiP - ok
19:21:35.0332 4224 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:21:35.0332 4224 NDIS - ok
19:21:35.0363 4224 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:21:35.0379 4224 NdisCap - ok
19:21:35.0410 4224 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:21:35.0410 4224 NdisTapi - ok
19:21:35.0457 4224 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:21:35.0457 4224 Ndisuio - ok
19:21:35.0504 4224 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:21:35.0504 4224 NdisWan - ok
19:21:35.0550 4224 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:21:35.0550 4224 NDProxy - ok
19:21:35.0582 4224 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:21:35.0582 4224 NetBIOS - ok
19:21:35.0660 4224 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:21:35.0675 4224 NetBT - ok
19:21:35.0706 4224 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:21:35.0706 4224 Netlogon - ok
19:21:35.0816 4224 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:21:35.0816 4224 Netman - ok
19:21:35.0878 4224 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:21:35.0894 4224 netprofm - ok
19:21:35.0925 4224 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:21:35.0925 4224 NetTcpPortSharing - ok
19:21:35.0956 4224 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:21:35.0956 4224 nfrd960 - ok
19:21:36.0003 4224 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:21:36.0003 4224 NisDrv - ok
19:21:36.0112 4224 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:21:36.0112 4224 NisSrv - ok
19:21:36.0206 4224 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:21:36.0206 4224 NlaSvc - ok
19:21:36.0252 4224 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:21:36.0252 4224 Npfs - ok
19:21:36.0299 4224 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:21:36.0299 4224 nsi - ok
19:21:36.0330 4224 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:21:36.0346 4224 nsiproxy - ok
19:21:36.0674 4224 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:21:36.0689 4224 Ntfs - ok
19:21:36.0705 4224 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:21:36.0705 4224 Null - ok
19:21:36.0752 4224 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:21:36.0752 4224 nvraid - ok
19:21:36.0752 4224 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:21:36.0752 4224 nvstor - ok
19:21:36.0767 4224 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:21:36.0767 4224 nv_agp - ok
19:21:36.0830 4224 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:21:36.0830 4224 odserv - ok
19:21:36.0892 4224 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:21:36.0892 4224 ohci1394 - ok
19:21:36.0954 4224 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:21:36.0954 4224 ose - ok
19:21:37.0048 4224 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:21:37.0048 4224 p2pimsvc - ok
19:21:37.0157 4224 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:21:37.0173 4224 p2psvc - ok
19:21:37.0204 4224 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:21:37.0204 4224 Parport - ok
19:21:37.0251 4224 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:21:37.0251 4224 partmgr - ok
19:21:37.0282 4224 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:21:37.0282 4224 Parvdm - ok
19:21:37.0360 4224 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:21:37.0360 4224 PcaSvc - ok
19:21:37.0391 4224 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:21:37.0391 4224 pci - ok
19:21:37.0454 4224 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:21:37.0454 4224 pciide - ok
19:21:37.0516 4224 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:21:37.0516 4224 pcmcia - ok
19:21:37.0532 4224 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:21:37.0532 4224 pcw - ok
19:21:37.0734 4224 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:21:37.0734 4224 PEAUTH - ok
19:21:37.0812 4224 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:21:37.0828 4224 pla - ok
19:21:37.0937 4224 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:21:37.0937 4224 PlugPlay - ok
19:21:37.0984 4224 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:21:37.0984 4224 PNRPAutoReg - ok
19:21:38.0078 4224 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:21:38.0078 4224 PNRPsvc - ok
19:21:38.0156 4224 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:21:38.0171 4224 PolicyAgent - ok
19:21:38.0203 4224 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:21:38.0203 4224 Power - ok
19:21:38.0234 4224 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:21:38.0234 4224 PptpMiniport - ok
19:21:38.0281 4224 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:21:38.0281 4224 Processor - ok
19:21:38.0359 4224 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:21:38.0359 4224 ProfSvc - ok
19:21:38.0390 4224 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:21:38.0390 4224 ProtectedStorage - ok
19:21:38.0437 4224 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\system32\PSIService.exe
19:21:38.0452 4224 ProtexisLicensing - ok
19:21:38.0483 4224 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:21:38.0483 4224 Psched - ok
19:21:38.0780 4224 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:21:38.0780 4224 ql2300 - ok
19:21:38.0811 4224 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:21:38.0811 4224 ql40xx - ok
19:21:38.0858 4224 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:21:38.0858 4224 QWAVE - ok
19:21:38.0889 4224 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:21:38.0889 4224 QWAVEdrv - ok
19:21:38.0920 4224 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:21:38.0920 4224 RasAcd - ok
19:21:38.0983 4224 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:21:38.0983 4224 RasAgileVpn - ok
19:21:39.0014 4224 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:21:39.0014 4224 RasAuto - ok
19:21:39.0045 4224 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:21:39.0045 4224 Rasl2tp - ok
19:21:39.0139 4224 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:21:39.0139 4224 RasMan - ok
19:21:39.0185 4224 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:21:39.0185 4224 RasPppoe - ok
19:21:39.0217 4224 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:21:39.0217 4224 RasSstp - ok
19:21:39.0295 4224 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:21:39.0295 4224 rdbss - ok
19:21:39.0341 4224 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:21:39.0341 4224 rdpbus - ok
19:21:39.0388 4224 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:21:39.0388 4224 RDPCDD - ok
19:21:39.0435 4224 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:21:39.0435 4224 RDPENCDD - ok
19:21:39.0466 4224 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:21:39.0466 4224 RDPREFMP - ok
19:21:39.0560 4224 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:21:39.0560 4224 RDPWD - ok
19:21:39.0638 4224 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:21:39.0638 4224 rdyboost - ok
19:21:39.0716 4224 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:21:39.0716 4224 RemoteAccess - ok
19:21:39.0747 4224 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:21:39.0747 4224 RemoteRegistry - ok
19:21:39.0778 4224 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:21:39.0778 4224 RpcEptMapper - ok
19:21:39.0825 4224 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:21:39.0825 4224 RpcLocator - ok
19:21:39.0950 4224 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:21:39.0950 4224 RpcSs - ok
19:21:39.0997 4224 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:21:39.0997 4224 rspndr - ok
19:21:40.0012 4224 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:21:40.0012 4224 SamSs - ok
19:21:40.0043 4224 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:21:40.0043 4224 sbp2port - ok
19:21:40.0090 4224 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:21:40.0090 4224 SCardSvr - ok
19:21:40.0121 4224 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:21:40.0121 4224 scfilter - ok
19:21:40.0340 4224 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:21:40.0340 4224 Schedule - ok
19:21:40.0371 4224 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:21:40.0371 4224 SCPolicySvc - ok
19:21:40.0433 4224 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:21:40.0433 4224 SDRSVC - ok
19:21:40.0917 4224 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
19:21:40.0917 4224 SDScannerService - ok
19:21:41.0323 4224 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:21:41.0323 4224 SDUpdateService - ok
19:21:41.0385 4224 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:21:41.0385 4224 SDWSCService - ok
19:21:41.0447 4224 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:21:41.0447 4224 secdrv - ok
19:21:41.0494 4224 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:21:41.0494 4224 seclogon - ok
19:21:41.0541 4224 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:21:41.0541 4224 SENS - ok
19:21:41.0572 4224 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:21:41.0572 4224 SensrSvc - ok
19:21:41.0619 4224 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:21:41.0619 4224 Serenum - ok
19:21:41.0666 4224 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:21:41.0666 4224 Serial - ok
19:21:41.0713 4224 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:21:41.0713 4224 sermouse - ok
19:21:41.0759 4224 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:21:41.0759 4224 SessionEnv - ok
19:21:41.0791 4224 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:21:41.0791 4224 sffdisk - ok
19:21:41.0837 4224 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:21:41.0837 4224 sffp_mmc - ok
19:21:41.0869 4224 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:21:41.0869 4224 sffp_sd - ok
19:21:41.0900 4224 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:21:41.0915 4224 sfloppy - ok
19:21:41.0962 4224 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:21:41.0962 4224 SharedAccess - ok
19:21:41.0978 4224 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:21:41.0993 4224 ShellHWDetection - ok
19:21:42.0025 4224 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:21:42.0025 4224 sisagp - ok
19:21:42.0056 4224 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:21:42.0056 4224 SiSRaid2 - ok
19:21:42.0087 4224 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:21:42.0087 4224 SiSRaid4 - ok
19:21:42.0134 4224 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:21:42.0134 4224 Smb - ok
19:21:42.0165 4224 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:21:42.0165 4224 SNMPTRAP - ok
19:21:42.0212 4224 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:21:42.0212 4224 spldr - ok
19:21:42.0321 4224 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:21:42.0337 4224 Spooler - ok
19:21:42.0383 4224 [ B6EEE5B77579BD2C6F847CF807821B47 ] SpoolerCache C:\Windows\spoolsvc.exe
19:21:42.0383 4224 SpoolerCache - ok
19:21:42.0727 4224 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:21:42.0742 4224 sppsvc - ok
19:21:42.0789 4224 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:21:42.0789 4224 sppuinotify - ok
19:21:42.0867 4224 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:21:42.0883 4224 srv - ok
19:21:42.0898 4224 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:21:42.0898 4224 srv2 - ok
19:21:42.0929 4224 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:21:42.0929 4224 srvnet - ok
19:21:42.0961 4224 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:21:42.0976 4224 SSDPSRV - ok
19:21:43.0023 4224 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:21:43.0023 4224 SstpSvc - ok
19:21:43.0070 4224 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:21:43.0070 4224 stexstor - ok
19:21:43.0195 4224 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:21:43.0195 4224 StiSvc - ok
19:21:43.0241 4224 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:21:43.0241 4224 swenum - ok
19:21:43.0351 4224 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:21:43.0351 4224 swprv - ok
19:21:43.0663 4224 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:21:43.0678 4224 SysMain - ok
19:21:43.0725 4224 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:21:43.0725 4224 TabletInputService - ok
19:21:43.0819 4224 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:21:43.0819 4224 TapiSrv - ok
19:21:43.0881 4224 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:21:43.0881 4224 TBS - ok
19:21:43.0943 4224 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:21:43.0959 4224 Tcpip - ok
19:21:44.0006 4224 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:21:44.0021 4224 TCPIP6 - ok
19:21:44.0053 4224 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:21:44.0053 4224 tcpipreg - ok
19:21:44.0099 4224 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:21:44.0099 4224 TDPIPE - ok
19:21:44.0146 4224 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:21:44.0146 4224 TDTCP - ok
19:21:44.0177 4224 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:21:44.0177 4224 tdx - ok
19:21:44.0224 4224 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:21:44.0224 4224 TermDD - ok
19:21:44.0396 4224 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:21:44.0396 4224 TermService - ok
19:21:44.0443 4224 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:21:44.0458 4224 Themes - ok
19:21:44.0489 4224 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:21:44.0489 4224 THREADORDER - ok
19:21:44.0521 4224 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:21:44.0536 4224 TrkWks - ok
19:21:44.0677 4224 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:21:44.0677 4224 TrustedInstaller - ok
19:21:44.0723 4224 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:21:44.0723 4224 tssecsrv - ok
19:21:44.0770 4224 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:21:44.0770 4224 TsUsbFlt - ok
19:21:44.0833 4224 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:21:44.0833 4224 tunnel - ok
19:21:44.0879 4224 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:21:44.0879 4224 uagp35 - ok
19:21:44.0957 4224 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:21:44.0957 4224 udfs - ok
19:21:44.0989 4224 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:21:44.0989 4224 UI0Detect - ok
19:21:45.0020 4224 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:21:45.0020 4224 uliagpkx - ok
19:21:45.0082 4224 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:21:45.0082 4224 umbus - ok
19:21:45.0113 4224 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:21:45.0113 4224 UmPass - ok
19:21:45.0223 4224 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:21:45.0223 4224 upnphost - ok
19:21:45.0269 4224 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:21:45.0269 4224 USBAAPL - ok
19:21:45.0316 4224 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:21:45.0316 4224 usbccgp - ok
19:21:45.0363 4224 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:21:45.0363 4224 usbcir - ok
19:21:45.0410 4224 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:21:45.0410 4224 usbehci - ok
19:21:45.0441 4224 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:21:45.0441 4224 usbhub - ok
19:21:45.0472 4224 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:21:45.0472 4224 usbohci - ok
19:21:45.0519 4224 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:21:45.0519 4224 usbprint - ok
19:21:45.0566 4224 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:21:45.0581 4224 usbscan - ok
19:21:45.0628 4224 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:21:45.0628 4224 USBSTOR - ok
19:21:45.0659 4224 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:21:45.0659 4224 usbuhci - ok
19:21:45.0691 4224 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:21:45.0706 4224 UxSms - ok
19:21:45.0706 4224 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:21:45.0706 4224 VaultSvc - ok
19:21:45.0737 4224 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:21:45.0737 4224 vdrvroot - ok
19:21:45.0909 4224 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:21:45.0909 4224 vds - ok
19:21:45.0956 4224 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:21:45.0956 4224 vga - ok
19:21:45.0987 4224 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:21:45.0987 4224 VgaSave - ok
19:21:46.0034 4224 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:21:46.0034 4224 vhdmp - ok
19:21:46.0065 4224 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:21:46.0065 4224 viaagp - ok
19:21:46.0096 4224 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:21:46.0096 4224 ViaC7 - ok
19:21:46.0127 4224 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:21:46.0127 4224 viaide - ok
19:21:46.0159 4224 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:21:46.0159 4224 volmgr - ok
19:21:46.0237 4224 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:21:46.0237 4224 volmgrx - ok
19:21:46.0299 4224 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:21:46.0299 4224 volsnap - ok
19:21:46.0346 4224 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:21:46.0346 4224 vsmraid - ok
19:21:46.0642 4224 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:21:46.0658 4224 VSS - ok
19:21:46.0673 4224 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:21:46.0673 4224 vwifibus - ok
19:21:46.0720 4224 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:21:46.0720 4224 vwififlt - ok
19:21:46.0845 4224 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:21:46.0861 4224 W32Time - ok
19:21:46.0892 4224 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:21:46.0892 4224 WacomPen - ok
19:21:46.0939 4224 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:21:46.0939 4224 WANARP - ok
19:21:46.0954 4224 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:21:46.0954 4224 Wanarpv6 - ok
19:21:47.0235 4224 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:21:47.0235 4224 WatAdminSvc - ok
19:21:47.0531 4224 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:21:47.0547 4224 wbengine - ok
19:21:47.0625 4224 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:21:47.0641 4224 WbioSrvc - ok
19:21:47.0703 4224 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:21:47.0703 4224 wcncsvc - ok
19:21:47.0734 4224 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:21:47.0734 4224 WcsPlugInService - ok
19:21:47.0765 4224 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:21:47.0765 4224 Wd - ok
19:21:47.0921 4224 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:21:47.0937 4224 Wdf01000 - ok
19:21:47.0953 4224 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:21:47.0953 4224 WdiServiceHost - ok
19:21:47.0953 4224 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:21:47.0953 4224 WdiSystemHost - ok
19:21:48.0031 4224 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:21:48.0031 4224 WebClient - ok
19:21:48.0062 4224 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:21:48.0077 4224 Wecsvc - ok
19:21:48.0109 4224 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:21:48.0109 4224 wercplsupport - ok
19:21:48.0140 4224 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:21:48.0140 4224 WerSvc - ok
19:21:48.0187 4224 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:21:48.0187 4224 WfpLwf - ok
19:21:48.0218 4224 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:21:48.0218 4224 WIMMount - ok
19:21:48.0467 4224 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:21:48.0467 4224 WinDefend - ok
19:21:48.0483 4224 WinHttpAutoProxySvc - ok
19:21:48.0686 4224 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:21:48.0686 4224 Winmgmt - ok
19:21:48.0889 4224 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:21:48.0904 4224 WinRM - ok
19:21:48.0951 4224 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:21:48.0951 4224 WinUsb - ok
19:21:49.0169 4224 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:21:49.0169 4224 Wlansvc - ok
19:21:49.0201 4224 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:21:49.0216 4224 WmiAcpi - ok
19:21:49.0263 4224 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:21:49.0263 4224 wmiApSrv - ok
19:21:49.0637 4224 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:21:49.0637 4224 WMPNetworkSvc - ok
19:21:49.0669 4224 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:21:49.0669 4224 WPCSvc - ok
19:21:49.0715 4224 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:21:49.0715 4224 WPDBusEnum - ok
19:21:49.0762 4224 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:21:49.0762 4224 ws2ifsl - ok
19:21:49.0793 4224 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:21:49.0793 4224 wscsvc - ok
19:21:49.0793 4224 WSearch - ok
19:21:49.0918 4224 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:21:49.0934 4224 wuauserv - ok
19:21:49.0996 4224 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:21:49.0996 4224 WudfPf - ok
19:21:50.0043 4224 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:21:50.0043 4224 WUDFRd - ok
19:21:50.0090 4224 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:21:50.0090 4224 wudfsvc - ok
19:21:50.0183 4224 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:21:50.0183 4224 WwanSvc - ok
19:21:50.0199 4224 ================ Scan global ===============================
19:21:50.0246 4224 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:21:50.0324 4224 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:21:50.0371 4224 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
19:21:50.0417 4224 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:21:50.0464 4224 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:21:50.0464 4224 [Global] - ok
19:21:50.0464 4224 ================ Scan MBR ==================================
19:21:50.0495 4224 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:21:51.0712 4224 \Device\Harddisk0\DR0 - ok
19:21:51.0728 4224 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
19:21:54.0177 4224 \Device\Harddisk1\DR3 - ok
19:21:54.0177 4224 ================ Scan VBR ==================================
19:21:54.0193 4224 [ 0F55955A99EF05C41DE3A32B028D09D3 ] \Device\Harddisk0\DR0\Partition1
19:21:54.0224 4224 \Device\Harddisk0\DR0\Partition1 - ok
19:21:54.0239 4224 [ 382441C2B244C2123777C9FE494FD3EB ] \Device\Harddisk0\DR0\Partition2
19:21:54.0271 4224 \Device\Harddisk0\DR0\Partition2 - ok
19:21:54.0271 4224 [ C7A1B840C0D38A721C442B35EFA1895A ] \Device\Harddisk1\DR3\Partition1
19:21:54.0271 4224 \Device\Harddisk1\DR3\Partition1 - ok
19:21:54.0271 4224 ============================================================
19:21:54.0271 4224 Scan finished
19:21:54.0271 4224 ============================================================
19:21:54.0286 4864 Detected object count: 0
19:21:54.0286 4864 Actual detected object count: 0
19:22:47.0272 5332 Deinitialize success
ComboFix 13-05-22.01 - Matt 05/22/2013 19:34:58.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.2343 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL7B88.tmp
c:\users\Matt\acrobat850950.exe
c:\users\Matt\acrobatreader53868.exe
c:\users\Matt\acrobatreader55286.exe
c:\users\Matt\alg.exe
c:\users\Matt\alg48478.exe
c:\users\Matt\AppData\Local\miurtew.dll
c:\users\Matt\AppData\Roaming\ashlp.dll
c:\users\Matt\AppData\Roaming\d6eca8fa-bdd5-4019-991b-982afaa6a1e0ad
c:\users\Matt\AppData\Roaming\d6eca8fa-bdd5-4019-991b-982afaa6a1e0ad\decafabddbafaaaead.exe
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\imdb_ie.ico
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
c:\users\Matt\AppData\Roaming\msocpc.dll
c:\users\Matt\chrome125524.exe
c:\users\Matt\firefox.exe
c:\users\Matt\flashplayer.exe
c:\users\Matt\googleupdate.exe
c:\users\Matt\icq.exe
c:\users\Matt\icq442766.exe
c:\users\Matt\iexplore956429.exe
c:\users\Matt\java.exe
c:\users\Matt\java647518.exe
c:\users\Matt\jqs.exe
c:\users\Matt\jqs828680.exe
c:\users\Matt\jucheck.exe
c:\users\Matt\msconfig.exe
c:\users\Matt\mstsc.exe
c:\users\Matt\notepad582814.exe
c:\users\Matt\opera.exe
c:\users\Matt\skype.exe
c:\users\Matt\teamviewer.exe
c:\users\Matt\windowsupdate.exe
c:\users\Matt\windowsupdate357826.exe
c:\windows\spoolsvc.exe
c:\windows\system32\FastUserSwitchingCompatibilityex.dll
F:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_SpoolerCache
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-04-22 to 2013-05-22 )))))))))))))))))))))))))))))))
.
.
2013-05-22 23:44 . 2013-05-22 23:47 -------- d-----w- c:\users\Matt\AppData\Local\temp
2013-05-22 23:44 . 2013-05-22 23:44 -------- d-----w- c:\users\Mcx1-MATT-DESKTOP\AppData\Local\temp
2013-05-22 23:44 . 2013-05-22 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-22 23:20 . 2013-05-22 23:20 -------- d-----w- c:\users\Matt\AppData\Roaming\Vihuovx
2013-05-22 21:00 . 2013-05-22 21:00 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\MpKslc832e0a3.sys
2013-05-22 20:26 . 2013-05-22 20:37 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\offreg.dll
2013-05-22 20:20 . 2013-05-22 20:19 724464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74858603-C52E-42A1-9794-CAE5797B6404}\gapaengine.dll
2013-05-22 20:19 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\mpengine.dll
2013-05-15 23:59 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 07:03 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 00:23 . 2013-05-15 00:23 388096 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-15 00:23 . 2013-05-15 00:23 -------- d-----w- c:\program files\Trend Micro
2013-05-15 00:08 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 00:08 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 00:08 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 00:08 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 00:08 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 00:08 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 00:08 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 00:08 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 00:04 . 2013-05-15 00:04 -------- d-----w- c:\users\Matt\AppData\Local\Diagnostics
2013-05-14 22:12 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-05-14 22:12 . 2013-05-14 22:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-14 20:55 . 2013-05-14 20:55 -------- d-----w- c:\users\Matt\AppData\Roaming\Fiiwso
2013-05-08 18:15 . 2013-05-08 18:16 -------- d-----w- c:\programdata\MFAData
2013-05-08 18:15 . 2013-05-08 18:15 -------- d--h--w- c:\programdata\Common Files
2013-05-08 18:15 . 2013-05-08 18:15 -------- d-----w- c:\users\Matt\AppData\Local\MFAData
2013-05-08 18:15 . 2013-05-08 18:15 -------- d-----w- c:\users\Matt\AppData\Local\Avg2013
2013-05-08 17:48 . 2013-05-22 23:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-08 11:48 . 2013-05-08 11:48 -------- d-----w- c:\program files\CCleaner
2013-05-08 10:39 . 2013-05-15 00:05 -------- d-----w- c:\users\Matt\AppData\Local\ElevatedDiagnostics
2013-05-07 10:57 . 2013-05-07 10:57 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2013-05-07 10:56 . 2013-05-07 10:56 -------- d-----w- c:\programdata\Malwarebytes
2013-05-07 10:56 . 2013-05-07 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-07 10:56 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-07 10:56 . 2013-05-07 10:56 -------- d-----w- c:\users\Matt\AppData\Local\Programs
2013-05-04 17:56 . 2013-05-14 21:06 -------- d-----w- c:\users\Matt\AppData\Roaming\Obhobumu
2013-05-01 11:18 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:28 . 2012-08-17 03:03 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 11:29 . 2012-10-03 11:45 706640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 04:45 . 2013-05-15 00:08 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 00:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-21 07:20 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 05:04 . 2013-04-10 09:29 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 09:29 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 09:29 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 09:29 69632 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"Vanifiibaw"="c:\users\Matt\AppData\Roaming\Vihuovx\ohmui.exe" [2012-11-08 223453]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"MRT"="c:\windows\system32\MRT.exe" [2013-05-15 72607752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-21 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Camera Monitor SD.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2012-8-17 541976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKslc832e0a3;MpKslc832e0a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFCD9E9D-55A8-410D-AA1E-0EC1A02B4CAB}\MpKslc832e0a3.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 13:37]
.
2013-05-22 c:\windows\Tasks\Security Center Update - 2458005175.job
- c:\users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [2012-11-08 14:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Adobe CSx Manager - c:\users\Matt\AppData\Roaming\d6eca8fa-bdd5-4019-991b-982afaa6a1e0ad\decafabddbafaaaead.exe
HKCU-Run-msocpc - c:\users\Matt\AppData\Roaming\msocpc.dll
HKCU-Run-ashlp - c:\users\Matt\AppData\Roaming\ashlp.dll
HKCU-Run-miurtew - c:\users\Matt\AppData\Local\miurtew.dll
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-DefaultTab - c:\users\Matt\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3936)
c:\program files\Spybot - Search & Destroy 2\SDHelper.dll
c:\program files\Spybot - Search & Destroy 2\snlBase150.bpl
c:\program files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
c:\program files\Spybot - Search & Destroy 2\DEC150.bpl
c:\program files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
c:\program files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
c:\program files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
c:\program files\Common Files\Apple\Internet Services\ShellStreams.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\RtHDVCpl.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-05-22 19:50:21 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-22 23:50
.
Pre-Run: 324,436,500,480 bytes free
Post-Run: 324,721,852,416 bytes free
.
- - End Of File - - 0A0DEDA635DA6F5439444105AC6DBDD1
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Remove -- Date : 05/22/2013 19:58:45
| ARK || FAK || MBR |
¤¤¤ Bad processes : 5 ¤¤¤
[SUSP PATH] ohmui.exe -- C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> KILLED [TermProc]
[RESIDUE] ohmui.exe -- C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> KILLED [TermProc]
[RESIDUE] ohmui.exe -- C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> KILLED [TermProc]
[RESIDUE] ohmui.exe -- C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> KILLED [TermProc]
[RESIDUE] ohmui.exe -- C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Vanifiibaw (C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe) [-] -> DELETED
[TASK][SUSP PATH] Security Center Update - 2458005175.job : C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> DELETED
[TASK][SUSP PATH] Security Center Update - 2458005175 : C:\Users\Matt\AppData\Roaming\Vihuovx\ohmui.exe [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++
--- User ---
[MBR] b375475226487e8ce2d997a212d681f1
[BSP] e597a974ea790eba1f4c1e16a34192c0 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 466644 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Toshiba Ext HDD USB Device +++++
--- User ---
[MBR] 36975d8c628c480db24a99c327662fd9
[BSP] 42fb20df9705a1a62caf1866578b27ae : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[3]_D_05222013_02d1958.txt >>
RKreport[1]_S_05222013_02d1701.txt ; RKreport[2]_S_05222013_02d1957.txt ; RKreport[3]_D_05222013_02d1958.txt
Hi fujymo,
1. ComboFix Script
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the code-box below into it:
Folder::
c:\users\Matt\AppData\Roaming\Fiiwso
c:\users\Matt\AppData\Roaming\Obhobumu
C:\Users\Matt\AppData\Roaming\Vihuovx
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vanifiibaw"=-
ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, please post the C:\ComboFix.txt for further review.
=========================
In your next post please provide the following:
ComboFix.txt
How's the computer running?
OCD,
I performed the requested task and the computer appears to be running just fine. The task manager is not showing nay unusual activity and the harddrive is not working as fast as it can.
Fujymo
ComboFix 13-05-22.01 - Matt 05/23/2013 15:19:12.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.2281 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matt\acrobatreader.exe
c:\users\Matt\AppData\Roaming\amsecure.exe
c:\users\Matt\AppData\Roaming\Fiiwso
c:\users\Matt\AppData\Roaming\Fiiwso\qyrygyy.exe
c:\users\Matt\AppData\Roaming\Obhobumu
c:\users\Matt\AppData\Roaming\Vihuovx
c:\users\Matt\AppData\Roaming\Vihuovx\ohmui.exe
c:\users\Matt\iexplore.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-23 to 2013-05-23 )))))))))))))))))))))))))))))))
.
.
2013-05-23 19:28 . 2013-05-23 19:28 -------- d-----w- c:\users\Matt\AppData\Local\temp
2013-05-23 19:28 . 2013-05-23 19:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-05-23 19:28 . 2013-05-23 19:28 -------- d-----w- c:\users\Mcx1-MATT-DESKTOP\AppData\Local\temp
2013-05-23 19:28 . 2013-05-23 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-23 00:48 . 2013-05-23 00:48 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5561925C-EB9B-4686-A433-A5F78E776AF1}\MpKsled1a8c0f.sys
2013-05-23 00:10 . 2013-05-23 00:10 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5561925C-EB9B-4686-A433-A5F78E776AF1}\offreg.dll
2013-05-23 00:01 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5561925C-EB9B-4686-A433-A5F78E776AF1}\mpengine.dll
2013-05-22 20:20 . 2013-05-22 20:19 724464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74858603-C52E-42A1-9794-CAE5797B6404}\gapaengine.dll
2013-05-15 23:59 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-15 07:03 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 00:23 . 2013-05-15 00:23 388096 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-15 00:23 . 2013-05-15 00:23 -------- d-----w- c:\program files\Trend Micro
2013-05-15 00:08 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 00:08 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 00:08 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 00:08 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 00:08 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 00:08 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 00:08 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 00:08 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 00:04 . 2013-05-15 00:04 -------- d-----w- c:\users\Matt\AppData\Local\Diagnostics
2013-05-14 22:12 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-05-14 22:12 . 2013-05-14 22:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-08 18:15 . 2013-05-08 18:16 -------- d-----w- c:\programdata\MFAData
2013-05-08 18:15 . 2013-05-08 18:15 -------- d--h--w- c:\programdata\Common Files
2013-05-08 18:15 . 2013-05-08 18:15 -------- d-----w- c:\users\Matt\AppData\Local\MFAData
2013-05-08 18:15 . 2013-05-08 18:15 -------- d-----w- c:\users\Matt\AppData\Local\Avg2013
2013-05-08 17:48 . 2013-05-22 23:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-08 11:48 . 2013-05-08 11:48 -------- d-----w- c:\program files\CCleaner
2013-05-08 10:39 . 2013-05-15 00:05 -------- d-----w- c:\users\Matt\AppData\Local\ElevatedDiagnostics
2013-05-07 10:57 . 2013-05-07 10:57 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2013-05-07 10:56 . 2013-05-07 10:56 -------- d-----w- c:\programdata\Malwarebytes
2013-05-07 10:56 . 2013-05-07 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-07 10:56 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-07 10:56 . 2013-05-07 10:56 -------- d-----w- c:\users\Matt\AppData\Local\Programs
2013-05-01 11:18 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:28 . 2012-08-17 03:03 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 11:29 . 2012-10-03 11:45 706640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 04:45 . 2013-05-15 00:08 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 00:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-21 07:20 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 05:04 . 2013-04-10 09:29 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 09:29 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 09:29 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 09:29 69632 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-21 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Camera Monitor SD.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2012-8-17 541976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKsled1a8c0f;MpKsled1a8c0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5561925C-EB9B-4686-A433-A5F78E776AF1}\MpKsled1a8c0f.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 82857404
*NewlyCreated* - MPKSLED1A8C0F
*Deregistered* - 82857404
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 13:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Internet Security - c:\users\Matt\AppData\Roaming\amsecure.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-23 15:31:11
ComboFix-quarantined-files.txt 2013-05-23 19:31
ComboFix2.txt 2013-05-22 23:50
.
Pre-Run: 322,267,201,536 bytes free
Post-Run: 322,364,616,704 bytes free
.
- - End Of File - - E0D6B836D5574018165CC295F1F51790
Hi fujymo,
1. Malwarebytes' Anti-Malware
Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here (http://www.malwarebytes.org/mbam-download.php)
Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample: and click Remove Selected .
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAM_SR_zpsed09246e.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAM_SR_zpsed09246e.png.html)
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
2. ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
In your next post please provide the following:
MBAM log
ESET's log.txt
What issues still remain?
OCD,
Malwarebytes came up clean, but ESET showed a few threats. All listed below. The computer in runnung great.
Fujymo
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.23.12
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Matt :: MATT-DESKTOP [administrator]
5/23/2013 7:50:54 PM
mbam-log-2013-05-23 (19-50-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238833
Time elapsed: 4 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
C:\Qoobox\Quarantine\C\Users\Matt\acrobatreader53868.exe.vir a variant of Win32/Kryptik.BBLX trojan
C:\Qoobox\Quarantine\C\Users\Matt\alg.exe.vir a variant of Win32/Kryptik.BBRA trojan
C:\Qoobox\Quarantine\C\Users\Matt\alg48478.exe.vir Win32/TrojanProxy.Agent.NMP trojan
C:\Qoobox\Quarantine\C\Users\Matt\chrome125524.exe.vir a variant of Win32/Medfos.PO trojan
C:\Qoobox\Quarantine\C\Users\Matt\icq442766.exe.vir a variant of Win32/Kryptik.BBRA trojan
C:\Qoobox\Quarantine\C\Users\Matt\java647518.exe.vir a variant of Win32/Kryptik.BBLX trojan
C:\Qoobox\Quarantine\C\Users\Matt\notepad582814.exe.vir a variant of Win32/TrojanProxy.Agent.NMP trojan
C:\Qoobox\Quarantine\C\Users\Matt\teamviewer.exe.vir a variant of Win32/Kryptik.BBLX trojan
C:\Qoobox\Quarantine\C\Users\Matt\windowsupdate.exe.vir a variant of Win32/Kryptik.BBRA trojan
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Local\miurtew.dll.vir a variant of Win32/TrojanProxy.Agent.NMV trojan
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\amsecure.exe.vir a variant of Win32/Kryptik.BBSL trojan
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\ashlp.dll.vir a variant of Win32/Medfos.PN trojan
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\msocpc.dll.vir a variant of Win32/Medfos.PN trojan
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir Win32/Toolbar.DefaultTab.A application
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir Win64/Toolbar.DefaultTab.A application
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir Win32/Toolbar.DefaultTab.A application
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\DefaultTab\DefaultTab\update.exe.vir multiple threats
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\Fiiwso\qyrygyy.exe.vir Win32/Spy.Zbot.ABA trojan
C:\Qoobox\Quarantine\C\Windows\spoolsvc.exe.vir a variant of Win32/Spy.Wagiclas.AB trojan
C:\Users\Public\Downloads\5thGrader_AOL-dm.exe a variant of Win32/Adware.Trymedia.A application
Hi fujymo,
Most of those are in a quarantine folder that we will take care of shortly. But we still have one to address now.
=========================
1. ComboFix Script
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the code-box below into it:
File::
C:\Users\Public\Downloads\5thGrader_AOL-dm.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, please post the C:\ComboFix.txt for further review.
=========================
In your next post please provide the following:
ComboFix.txt
Requested file posted.
ComboFix 13-05-22.01 - Matt 05/24/2013 16:52:45.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.2235 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Public\Downloads\5thGrader_AOL-dm.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Downloads\5thGrader_AOL-dm.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))
.
.
2013-05-24 21:01 . 2013-05-24 21:02 -------- d-----w- c:\users\Matt\AppData\Local\temp
2013-05-24 21:01 . 2013-05-24 21:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-05-24 21:01 . 2013-05-24 21:01 -------- d-----w- c:\users\Mcx1-MATT-DESKTOP\AppData\Local\temp
2013-05-24 21:01 . 2013-05-24 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-24 20:49 . 2013-05-24 20:49 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70CFCD90-BC56-4D3C-B3A7-16DE8727FA94}\MpKsle7e40471.sys
2013-05-24 01:22 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70CFCD90-BC56-4D3C-B3A7-16DE8727FA94}\mpengine.dll
2013-05-23 23:57 . 2013-05-23 23:57 -------- d-----w- c:\program files\ESET
2013-05-23 19:37 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-22 20:20 . 2013-05-22 20:19 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74858603-C52E-42A1-9794-CAE5797B6404}\gapaengine.dll
2013-05-15 07:03 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 00:23 . 2013-05-15 00:23 388096 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-15 00:23 . 2013-05-15 00:23 -------- d-----w- c:\program files\Trend Micro
2013-05-15 00:08 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 00:08 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 00:08 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 00:08 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 00:08 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 00:08 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 00:08 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 00:08 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 00:04 . 2013-05-15 00:04 -------- d-----w- c:\users\Matt\AppData\Local\Diagnostics
2013-05-14 22:12 . 2009-01-25 16:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-05-14 22:12 . 2013-05-14 22:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-08 18:15 . 2013-05-08 18:16 -------- d-----w- c:\programdata\MFAData
2013-05-08 18:15 . 2013-05-08 18:15 -------- d--h--w- c:\programdata\Common Files
2013-05-08 18:15 . 2013-05-08 18:15 -------- d-----w- c:\users\Matt\AppData\Local\MFAData
2013-05-08 18:15 . 2013-05-08 18:15 -------- d-----w- c:\users\Matt\AppData\Local\Avg2013
2013-05-08 17:48 . 2013-05-22 23:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-08 11:48 . 2013-05-08 11:48 -------- d-----w- c:\program files\CCleaner
2013-05-08 10:39 . 2013-05-23 22:36 -------- d-----w- c:\users\Matt\AppData\Local\ElevatedDiagnostics
2013-05-07 10:57 . 2013-05-07 10:57 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2013-05-07 10:56 . 2013-05-07 10:56 -------- d-----w- c:\programdata\Malwarebytes
2013-05-07 10:56 . 2013-05-07 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-07 10:56 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-07 10:56 . 2013-05-07 10:56 -------- d-----w- c:\users\Matt\AppData\Local\Programs
2013-05-01 11:18 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:28 . 2012-08-17 03:03 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 11:29 . 2012-10-03 11:45 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 04:45 . 2013-05-15 00:08 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 00:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-21 07:20 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-03-19 05:04 . 2013-04-10 09:29 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 09:29 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 09:29 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 09:29 69632 ----a-w- c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-21 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Camera Monitor SD.lnk - c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2012-8-17 541976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKsle7e40471;MpKsle7e40471;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70CFCD90-BC56-4D3C-B3A7-16DE8727FA94}\MpKsle7e40471.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE7E40471
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 13:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-24 17:06:28
ComboFix-quarantined-files.txt 2013-05-24 21:06
ComboFix2.txt 2013-05-23 19:31
ComboFix3.txt 2013-05-22 23:50
.
Pre-Run: 322,030,878,720 bytes free
Post-Run: 324,091,920,384 bytes free
.
- - End Of File - - B396803EA6F1234B6F0B1E98AF06D77D
Hi fujymo,
A few last scans to be sure nothing has slipped by. :bigthumb:
=========================
1. Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
2. Re-run OTL (it should be located on your desktop).
Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================
In your next post please provide the following:
checkup.txt
OTL.txt
Any outstanding issues we haven't addressed?
OCD,
The computer is running great and here are the logs you requested:
Thanks,
Fujymo
Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.3.300.271
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
OTL logfile created on: 5/25/2013 8:59:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 80.18% Memory free
5.99 Gb Paging File | 4.91 Gb Available in Paging File | 81.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 301.49 Gb Free Space | 66.16% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.50 Gb Free Space | 55.00% Space Free | Partition Type: NTFS
Drive E: | 513.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 931.51 Gb Total Space | 895.27 Gb Free Space | 96.11% Space Free | Partition Type: NTFS
Computer Name: MATT-DESKTOP | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\dldocoms.exe ( )
PRC - C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
PRC - C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
PRC - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldoscw.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldocfg.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldodatr.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\DLDOptp.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldocats.dll ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (dldoCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe ()
SRV - (dldo_device) -- C:\Windows\System32\dldocoms.exe ( )
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (FastUserSwitchingCompatibility) -- C:\Windows\system32\FastUserSwitchingCompatibilityex.dll File not found
DRV - (catchme) -- C:\Users\Matt\AppData\Local\Temp\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Matt\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 EC F9 57 39 BC CD 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {08F727FD-82AA-44B9-B329-0582C526FEF6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{08F727FD-82AA-44B9-B329-0582C526FEF6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{449557DB-175E-49CB-B8E6-2CAD5F2B1A34}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20121145,17118,0,18,0
IE - HKCU\..\SearchScopes\{898F1C31-C646-4836-B7E4-C9068F2BF0BB}: "URL" = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
IE - HKCU\..\SearchScopes\{A90FF914-FAF9-4116-93F9-FEA9BB38677F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=8F01DA46-A859-4625-B783-4D9361447BD4&apn_sauid=72AC7A36-71E8-4FF8-84C2-913E758320F7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: ""
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/08/17 12:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/04/30 09:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\extensions
[2012/11/06 12:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\extensions\staged
[2009/07/13 19:11:12 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\extensions\ojacgfbroj@ojacgfbroj.org.xpi
[2012/11/06 12:30:53 | 000,022,425 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\extensions\staged\addon@defaulttab.com.xpi
[2012/09/16 16:12:07 | 000,002,299 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\searchplugins\askcom.xml
O1 HOSTS File: ([2013/05/24 17:02:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF6EFA6-64CD-49AF-A1CD-823511F6E664}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64169AB7-D8F3-421A-BBBB-26BFF19CF8A6}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/10 15:11:17 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/06/15 17:12:01 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/25 08:56:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/05/24 17:06:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/24 17:06:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\temp
[2013/05/23 19:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/23 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\deans
[2013/05/23 15:31:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/22 19:33:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/22 19:33:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/22 19:33:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/22 19:25:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/22 19:24:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/22 19:19:40 | 005,069,782 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2013/05/15 03:07:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 03:07:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/15 03:07:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 03:07:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/15 03:07:45 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 03:07:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/15 03:07:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/15 03:03:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/14 20:23:49 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/05/14 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/05/14 20:08:12 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/14 20:08:12 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/14 20:08:05 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/14 20:08:01 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/14 20:08:01 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/14 20:04:49 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Diagnostics
[2013/05/14 18:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/14 18:12:52 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/05/14 18:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/05/08 14:15:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/05/08 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\MFAData
[2013/05/08 14:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/05/08 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Avg2013
[2013/05/08 13:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/08 13:48:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\ProcAlyzer Dumps
[2013/05/08 07:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/08 07:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/05/08 06:39:24 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\ElevatedDiagnostics
[2013/05/07 06:57:15 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2013/05/07 06:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/07 06:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/07 06:56:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/07 06:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/07 06:56:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Programs
========== Files - Modified Within 30 Days ==========
[2013/05/25 08:56:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/05/25 08:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/25 08:48:08 | 000,890,854 | ---- | M] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/05/25 08:42:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/24 17:02:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/23 16:51:03 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 16:51:03 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 15:32:46 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/22 19:12:41 | 005,069,782 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2013/05/15 03:26:02 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/15 03:05:36 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/15 03:05:36 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/15 03:03:45 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013/05/14 18:45:22 | 000,000,104 | ---- | M] () -- C:\Users\Matt\Desktop\Control Panel - Shortcut.lnk
[2013/05/14 18:12:59 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/13 13:12:24 | 000,011,083 | ---- | M] () -- C:\ProgramData\dldo
[2013/05/09 08:23:07 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2013/05/09 08:21:29 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\E141A877EE.sys
[2013/05/08 14:30:14 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/08 13:17:19 | 000,056,532 | ---- | M] () -- C:\Users\Matt\Documents\cc_20130508_131709.reg
[2013/05/08 07:48:09 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/07 06:57:02 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/02 11:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
========== Files Created - No Company Name ==========
[2013/05/25 08:48:08 | 000,890,854 | ---- | C] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/05/22 19:33:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/22 19:33:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/22 19:33:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/22 19:33:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/22 19:33:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/15 03:03:45 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013/05/14 18:45:21 | 000,000,104 | ---- | C] () -- C:\Users\Matt\Desktop\Control Panel - Shortcut.lnk
[2013/05/14 18:12:59 | 000,002,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/14 18:12:59 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/08 13:17:15 | 000,056,532 | ---- | C] () -- C:\Users\Matt\Documents\cc_20130508_131709.reg
[2013/05/08 07:48:09 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/07 06:57:02 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/20 17:40:56 | 000,005,632 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/17 16:13:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/17 15:01:29 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012/08/17 15:01:29 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\E141A877EE.sys
[2012/08/17 12:46:10 | 000,011,083 | ---- | C] () -- C:\ProgramData\dldo
[2012/08/17 12:45:11 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2012/08/17 12:41:39 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2012/08/17 12:41:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2012/08/17 12:41:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2012/08/17 12:41:39 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2012/08/17 12:38:53 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll
[2012/08/17 12:38:53 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2012/08/17 12:38:52 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2012/08/17 12:38:52 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2012/08/17 12:38:52 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll
[2012/08/17 12:38:52 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2012/08/17 12:38:51 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2012/08/17 12:38:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2012/08/17 12:38:51 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2012/08/17 12:38:50 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2012/08/17 12:38:50 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2012/08/17 12:38:50 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2012/08/17 12:38:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2012/08/17 12:38:50 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2012/08/17 12:38:49 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2012/08/17 12:38:49 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldoih.exe
[2012/08/17 12:38:49 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2012/08/17 12:38:48 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldocoms.exe
[2012/08/17 12:38:48 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2012/08/17 12:38:48 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2012/08/17 12:38:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2012/08/17 12:38:47 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2012/08/17 12:38:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[2012/08/17 12:38:46 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldocfg.exe
[2012/08/17 12:38:46 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2012/08/17 09:38:10 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/08/17 01:47:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/10 02:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/11/10 02:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/10/21 19:30:16 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
========== ZeroAccess Check ==========
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
By the way I have restarted MSSECES and it has updated.
Hi fujymo,
Good thing we ran that last scan, something did slip by.
=========================
1. Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Ask
Ask.com
=========================
2. Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKCU\..\SearchScopes\{898F1C31-C646-4836-B7E4-C9068F2BF0BB}: "URL" = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
IE - HKCU\..\SearchScopes\{A90FF914-FAF9-4116-93F9-FEA9BB38677F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com
[2012/09/16 16:12:07 | 000,002,299 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\searchplugins\askcom.xml
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================
If this doesn't remove those entries we will remove them manually.
=========================
In your next post please provide the following:
OTL fix log
Fresh OTL.txt
OCD,
The ASK and ASK.Com was not listed under the program and features. When I originally ran the code I missed the last two commands [emptytemp] [Reboot]. After I ran OTL and rebooted I noticed the emptytemp. I copied the commands section of the code and reran OTL with the commands only. Hopefully this was ok. The computer seems to be running great. Here are the OTL logs you requested:
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{898F1C31-C646-4836-B7E4-C9068F2BF0BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898F1C31-C646-4836-B7E4-C9068F2BF0BB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A90FF914-FAF9-4116-93F9-FEA9BB38677F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A90FF914-FAF9-4116-93F9-FEA9BB38677F}\ not found.
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "Ask.com removed from browser.search.order.1
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\searchplugins\askcom.xml moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 05252013_115334
AFTER THIS POINT I REBOOTED AND NOTICED REST OF THE COMMANDS AND RERAN ALL OF THE COMMANDS
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Matt
->Temp folder emptied: 1049489 bytes
->Temporary Internet Files folder emptied: 43307852 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22290890 bytes
->Flash cache emptied: 16037 bytes
User: Mcx1-MATT-DESKTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104056 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 64.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05252013_120001
Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R7PJ9KEC\showthread[4].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL logfile created on: 5/25/2013 12:07:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 63.46% Memory free
5.99 Gb Paging File | 4.92 Gb Available in Paging File | 82.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 301.17 Gb Free Space | 66.09% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.50 Gb Free Space | 55.00% Space Free | Partition Type: NTFS
Drive E: | 513.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 931.51 Gb Total Space | 895.27 Gb Free Space | 96.11% Space Free | Partition Type: NTFS
Computer Name: MATT-DESKTOP | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\dldocoms.exe ( )
PRC - C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
PRC - C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
PRC - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldoscw.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldocfg.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldodatr.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\DLDOptp.dll ()
MOD - C:\Program Files\Dell 968 AIO Printer\dldocats.dll ()
MOD - C:\Program Files\PIXELA\Everio MediaBrowser\pxl_m17n_tool.dll ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (dldoCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe ()
SRV - (dldo_device) -- C:\Windows\System32\dldocoms.exe ( )
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV - (FastUserSwitchingCompatibility) -- C:\Windows\system32\FastUserSwitchingCompatibilityex.dll File not found
DRV - (catchme) -- C:\Users\Matt\AppData\Local\Temp\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Matt\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 EC F9 57 39 BC CD 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {08F727FD-82AA-44B9-B329-0582C526FEF6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{08F727FD-82AA-44B9-B329-0582C526FEF6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{449557DB-175E-49CB-B8E6-2CAD5F2B1A34}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20121145,17118,0,18,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.order.1: """
FF - prefs.js..keyword.URL: ""
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/08/17 12:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/04/30 09:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\extensions
[2012/11/06 12:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\extensions\staged
[2009/07/13 19:11:12 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\extensions\ojacgfbroj@ojacgfbroj.org.xpi
[2012/11/06 12:30:53 | 000,022,425 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\703d1z1b.default\extensions\staged\addon@defaulttab.com.xpi
O1 HOSTS File: ([2013/05/24 17:02:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF6EFA6-64CD-49AF-A1CD-823511F6E664}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64169AB7-D8F3-421A-BBBB-26BFF19CF8A6}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/10 15:11:17 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012/06/15 17:12:01 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/25 11:53:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/25 08:56:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/05/24 17:06:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/24 17:06:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\temp
[2013/05/23 19:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/23 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\deans
[2013/05/23 15:31:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/22 19:33:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/22 19:33:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/22 19:33:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/22 19:25:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/22 19:24:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/22 19:19:40 | 005,069,782 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2013/05/15 03:07:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 03:07:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/15 03:07:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 03:07:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/15 03:07:45 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 03:07:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/15 03:07:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/15 03:03:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/14 20:23:49 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/05/14 20:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/05/14 20:08:12 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/14 20:08:12 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/05/14 20:08:05 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/14 20:08:01 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/14 20:08:01 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/14 20:04:49 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Diagnostics
[2013/05/14 18:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/14 18:12:52 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/05/14 18:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/05/08 14:15:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/05/08 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\MFAData
[2013/05/08 14:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/05/08 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Avg2013
[2013/05/08 13:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/08 13:48:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\ProcAlyzer Dumps
[2013/05/08 07:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/08 07:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/05/08 06:39:24 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\ElevatedDiagnostics
[2013/05/07 06:57:15 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2013/05/07 06:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/07 06:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/07 06:56:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/07 06:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/07 06:56:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Programs
========== Files - Modified Within 30 Days ==========
[2013/05/25 12:02:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/25 12:02:15 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/25 12:01:30 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 12:01:30 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 11:47:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/25 08:56:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/05/25 08:48:08 | 000,890,854 | ---- | M] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/05/24 17:02:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/22 19:12:41 | 005,069,782 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2013/05/15 03:26:02 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/15 03:05:36 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/15 03:05:36 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/15 03:03:45 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013/05/14 18:45:22 | 000,000,104 | ---- | M] () -- C:\Users\Matt\Desktop\Control Panel - Shortcut.lnk
[2013/05/14 18:12:59 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/13 13:12:24 | 000,011,083 | ---- | M] () -- C:\ProgramData\dldo
[2013/05/09 08:23:07 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2013/05/09 08:21:29 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\E141A877EE.sys
[2013/05/08 14:30:14 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/08 13:17:19 | 000,056,532 | ---- | M] () -- C:\Users\Matt\Documents\cc_20130508_131709.reg
[2013/05/08 07:48:09 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/07 06:57:02 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/05 15:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/02 11:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
========== Files Created - No Company Name ==========
[2013/05/25 08:48:08 | 000,890,854 | ---- | C] () -- C:\Users\Matt\Desktop\SecurityCheck.exe
[2013/05/22 19:33:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/22 19:33:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/22 19:33:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/22 19:33:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/22 19:33:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/15 03:03:45 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013/05/14 18:45:21 | 000,000,104 | ---- | C] () -- C:\Users\Matt\Desktop\Control Panel - Shortcut.lnk
[2013/05/14 18:12:59 | 000,002,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/14 18:12:59 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/08 13:17:15 | 000,056,532 | ---- | C] () -- C:\Users\Matt\Documents\cc_20130508_131709.reg
[2013/05/08 07:48:09 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/07 06:57:02 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/20 17:40:56 | 000,005,632 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/17 16:13:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/17 15:01:29 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012/08/17 15:01:29 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\E141A877EE.sys
[2012/08/17 12:46:10 | 000,011,083 | ---- | C] () -- C:\ProgramData\dldo
[2012/08/17 12:45:11 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2012/08/17 12:41:39 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2012/08/17 12:41:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2012/08/17 12:41:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2012/08/17 12:41:39 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2012/08/17 12:38:53 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll
[2012/08/17 12:38:53 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2012/08/17 12:38:52 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2012/08/17 12:38:52 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2012/08/17 12:38:52 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll
[2012/08/17 12:38:52 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2012/08/17 12:38:51 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2012/08/17 12:38:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2012/08/17 12:38:51 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2012/08/17 12:38:50 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2012/08/17 12:38:50 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2012/08/17 12:38:50 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2012/08/17 12:38:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2012/08/17 12:38:50 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2012/08/17 12:38:49 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2012/08/17 12:38:49 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldoih.exe
[2012/08/17 12:38:49 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2012/08/17 12:38:48 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldocoms.exe
[2012/08/17 12:38:48 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2012/08/17 12:38:48 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2012/08/17 12:38:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2012/08/17 12:38:47 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2012/08/17 12:38:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[2012/08/17 12:38:46 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldocfg.exe
[2012/08/17 12:38:46 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2012/08/17 09:38:10 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/08/17 01:47:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/10 02:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/11/10 02:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/10/21 19:30:16 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
========== ZeroAccess Check ==========
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Hi fujymo,
Your log appears to be clean. :bigthumb:
We have a few items to take care of before we get to the All Clean Speech.
=========================
You appear to have used AVG2013 at on time. Let's remove this remnant before we continue.
=========================
1. Delete a File/Folder
Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
c:\users\Matt\AppData\Local\Avg2013 <-- delete the folder
Exit Explorer
=========================
2. Microsoft Security Essentials
Caution: On Access scanning disabled!
Access the Settings portion in Microsoft Security Essentials
Open M.S.E. > Settings > Real Time Protection > Make sure the box is ticked
=========================
3 Uninstall Combofix
The following will implement important cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bold text into the Run box and click OK:
ComboFix /Uninstall
(Note the space between the ..X and the /U, it needs to be there.)
http://i1269.photobucket.com/albums/jj590/OCD-WTT/Combofix_uninstall_image.jpg
=========================
4. Clean up with OTL:
Right-click OTL.exe select "Run as Administrator" to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
=========================
5. You can now delete any tools and/or logs remaining on your desktop.
=========================
6. Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Java 7 Update 7
=========================
7. Update Java
Get the current version of Java (Version 7 Update 21) by going to http://java.com/en/download/installed.jsp
Select the Verify Java Version button and follow the onscreen instructions to update if necessary.
=========================
8. Disable Java in Web Browsers
Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsupportforum.com/forums/f50/disable-java-in-browsers-683721.html
Click on the Start button and then click on the Control Panel option.
In the Control Panel Search enter Java Control Panel.
Click on the Java icon to open the Java Control Panel.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/javadisable1_zps19e32961.jpg
Disable Java through the Java Control Panel
In the Java Control Panel, click on the Security tab.
Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
Click OK in the Java Plug-in confirmation window.
Restart the browser for changes to take effect.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/javadisable2_zps5a2f5c6d.jpg
=========================
6. Spybot - Search & Destroy's Tea Timer
We need to Enable Spybot - Search & Destroy's Tea Timer. Please follow the instruction below.
Locate your copy of Spybot - Search & Destroy's and open it.
In the menu bar at the top select "Mode", then select "Advanced".
In the left hand menu expand the "Tools" menu.
Select "Resident", then place a check mark for "Resident Tea Timer"
Then exit the program by clicking "File" then select "Exit"
=========================
With the above items taken care of let's move on to the All Clean part of the process.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)
Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
OCD,
I am very satisfied and everything appears to be working great.
Thanks,
Fujymo
Hi fujymo,
You're very welcome. Glad I was able to help. :bigthumb: Have a great day.
OCD