tama06 Posted June 27, 2012 ID:564878 Share Posted June 27, 2012 (edited) My laptop is suffering from a malware program requesting my to send $100 to a yahoo email address for the decryption key to access my files.I have not tried to open any files since I got the message, though I did back up all my important data to my portable HD (though I am worried now that I thereby infected my portable HD)...The malware has populated all of the folders on my computer with a WARNING.txt file.A blue dialogue box that I cannot remove, move, or minimize has popped up in the middle of the screen with the same text from the WARNING.txt file (transcribed below).The pop-up window is called "vsdsrv32" on my taskbar.Also, when I try to open Task Manager, I can do so, but it immediately closes--I do not have time to do or see anything on it, just that the window ghosts open for a second.I have wifi turned off on my laptop, so that whomever did that cannot communicate with my laptop...I downloaded MBAM on my desktop and transfered it to the laptop on a stick drive I don't need to keep.I ran MBAM quick scan and it found 2 pieces of malware, but neither of them was apparently the ransomware. When I restarted the computer, the pop-up is still there.I'm running the deep scan, now, and it's found at least 1 piece of malware so far.Any help would be appreciated!Here is the text from the WARNING.txt file:WARNING! YOU WCAP ID: 3356If you see this screen or read warning.txt.It means you IP address: 67.164.131.123 was included in WCAP Black List.From your PC was infringement one or more of the following items:1. Viewing, listening, downloading or distributing audio or video files protected Copyright Law.2. Spam or Ddos attack.3. Downloading or distributing illegal content (child porno, phishing, etc.)4. Downloading or distributing Software protected Copyright Law.The result of these infringement you PC and file was blocked. The decision was made about blocking on the basis of Digital Millennium Copyright Act (DMCA) amendment 1272 of 06/10/2011You can remove you IP from black list and unblock PC and files paying money penalty 100$.STEP 1: Buy a MoneyPak in amount of $100 at the nearest store.STEP 2: Fill in the fields on the screen, and click Make Payment. Alternate send as an e-mail at WCAPLLC@yahoo.com . Indicate your WCAP ID in the message title and provide MoneyPak number.STEP 3: Check your e-mail. We will send you Unblock code once payment is verified. Your computer will roll back to the ordinary state.Q: Where can I purchase MoneyPak?A: MonekPak can be purchased at thousands of stores nationwide, including major retailers such as Wal-Mart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger and Meijer. Click here to find a store near.Q: How do I buy a MoneyPak at the store?A: Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak.Q: How I can make sure that you can really decipher my files?A: You can send ONE any ciphered file on email WCAPLLC@yahoo.com (Indicate your IS and /test decrypt/ phrase in the message title), in the response message you receive the deciphered file.WARNING!!!: If you don't pay money penalty 100$ within 72 HOURS, all your computer data will be deleted.WARNING!!! Dont remove this screen this may complicate or make impossible the decryption. Even after removing the screen, files will remain encrypted. You can confirm this moving crypt file to another PC.MONEYPAK _______________ EMAIL _______________ [Make Payment]Please contact us if you have any questions wcapllc@yahoo.com.Well, I ran the long scan, restarted, activated wifi long enough to update MBAM, and then ran the quick scan again. MBAM found the fiel that makes the popup and got rid of it (I'm doing another long scan, now). However, all of my files have been affected. They all have a .CRYPT extension after them and are inaccessible. Edited June 28, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 28, 2012 ID:565074 Share Posted June 28, 2012 Hello tama06,Keep this pc disconnected from the internet. Use a clean USB-flash or CD to shuttle tools to it.Use another (but clean) pc to do downloads of tools, and then shuttle back & copy the tools to the Desktop (as much as possible).Knowing your Windows version sure would help. Please advise.Let me know if you have the Windows operating system CD/DVD (that would help, and may be necessary).Do as much as possible of the following.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista or Windows 7, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.If your antivirus program gives a prompt message, respond positive to allow RKILL to run.If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILLIF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.NEXTDownload to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from >>> here <<< Double-click FixPolicies.exe. Click the "Install" button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd. A black box will briefly appear and then close. This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again. NEXTPlease follow my guidance. Ask if you have questions.I am going to ask you to read very carefully. I am asking you to download to unique folder !!Step 1. Close and save any open documents, and exit programs that you started.Step 2. Download TDSSKiller.exe and SAVE it to a special folderhttp://support.kaspe.../tdsskiller.exeand be sure to SAVE it in this folder --> C:\Program Files\Malwarebytes' Anti-Malware\ChameleonStep 3. Install the Chameleon driver by doing the following:Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /oA black DOS prompt will appear with a prompt to press any key to continue, please do.Step 4Please read carefully and follow these steps.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Please Copy & Paste that log in reply.Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or http://www.forospyware.com/sUBs/ddsDisable any script blocker if your antivirus/antimalware has it.Then double click dds.scr to run the tool.DDS will run in a command prompt window and will take 3 to 4 minutes or so.When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Please Copy & Paste contents of the following logs in your next reply:DDS.txtAttach.txtAlso, attach a copy of the last MBAM scan log. Link to post Share on other sites More sharing options...
tama06 Posted June 28, 2012 Author ID:565091 Share Posted June 28, 2012 Thank you fo the reply. I truly appreciate it...I will not be able to follow these steps for about two weeks, as I am leaving the country tomorrow morning for a vacation, and I have to pack and get ready today--I spent all day yesterday messing with the laptop and am now behind on packing/cleaning for the trip. =( My laptop is running Vista. It's three years old, but was completely reformatted to factory issue last year due to some other malware that was making it act wonky. I've had no issues since the reformat--until yesterday, when I got the ransomware.I've run MBAM quick scan and full scan several times since the infection. I turned wifi on long enough to update mbam, since it was claiming to be outdated, and then ran it again.On one of those run-throughs (after I let mbam update), it found the vsdsrv32 file and quarantine/deleted it.The last quick-scan I did found no questionable objects.Since I am leaving that computer offline, when I get back to the country to work on it, should I transcribe program logs, or can I copy them into text files and ferry them over to the clean computer to post here? Is ferrying safe?Can I use the same USB drive over and over, going back and forth between the sick machine and the clean one? I copied a bunch of files from the laptop to my portable HD yesterday when I noticed my computer was acting funny, but before I saw the WARNING.txt file.I cannot recall if they were encrypted or not when I copied them-- I was mostly copying folders, not looking at individual files. I want to say that I think they hadn't been hit, yet, but I'm not sure. I have not connected the drive to anything since then, because I'm worried that the virus may have infected all the files on the portable drive. Honestly, I'm not sure I want to know, yet, because if I can't decrypt the files, I've just lost everything...My desktop PC is brand new and I hadn't put any of my files on it, yet, so everything was either on the laptop or the portable HD.Anyways, I hope the additional info helps. Like I said, I'll be unavailable for about two weeks.I'll post logs as soon as I'm back in the country and can run the programs.Thank you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 28, 2012 ID:565096 Share Posted June 28, 2012 Thanks for letting me know that you'll be out for an extended period. I'll keep this Open till you get back.On the "ferrying" (shuttle) of reports and tools: I would say, scan the USB-flash with antivirus program on a clean system. That way you have a check on it.If the flash-drive is not infected, you will be ok. So scan it with antivirus first.Then consider running (1 time) this utility.Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exeThere is no GUI interface or log file produced. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 2, 2012 ID:566072 Share Posted July 2, 2012 FYI for any casual readers: This topic is for member tama06 only!! Any other members posting here will have their post deleted without notice. Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569717 Share Posted July 12, 2012 Thank you for your patience.I'm back from overseas and have downloaded the utilities. I am starting to run them on my laptop.I will post logs as soon as I have them.Related issue: How do I determine if my portible hard drive was infected when I had it connected to the laptop? I don't want to reconnect it to my laptop or connect it to my clean PC, in case it is infected.My husband recommended taking it to a public computer (library, local copy-center)... Should I do that? Or will we reconnect it at the end of this laptop cleaning process? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 12, 2012 ID:569729 Share Posted July 12, 2012 No, do not take your external drive elsewhere. Certainly not to any public pc.Keep it disconnected from "this" system. Later, we can run 1 or 2 scans with an online scan & with your updated antivirus.Do as much as you can of the steps I outlined. You can post each log as you finish a particular run. Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569736 Share Posted July 12, 2012 I've run all the utilities. Everything apparently came back clear.TDSSKiller's Report:08:00:38.0658 3696 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:3508:00:38.0751 3696 ============================================================08:00:38.0751 3696 Current date / time: 2012/07/12 08:00:38.075108:00:38.0751 3696 SystemInfo:08:00:38.0751 3696 08:00:38.0751 3696 OS Version: 6.1.7601 ServicePack: 1.008:00:38.0751 3696 Product type: Workstation08:00:38.0751 3696 ComputerName: UTANO208:00:38.0751 3696 UserName: Tama0608:00:38.0751 3696 Windows directory: C:\Windows08:00:38.0751 3696 System windows directory: C:\Windows08:00:38.0751 3696 Running under WOW6408:00:38.0751 3696 Processor architecture: Intel x6408:00:38.0751 3696 Number of processors: 108:00:38.0751 3696 Page size: 0x100008:00:38.0751 3696 Boot type: Normal boot08:00:38.0751 3696 ============================================================08:00:39.0999 3696 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x4BB4D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x19, Type 'K0', Flags 0x0000004008:00:39.0999 3696 Drive \Device\Harddisk1\DR2 - Size: 0xEE680000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'08:00:40.0015 3696 ============================================================08:00:40.0015 3696 \Device\Harddisk0\DR0:08:00:40.0015 3696 MBR partitions:08:00:40.0015 3696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6380008:00:40.0015 3696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B99280008:00:40.0015 3696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B9F6800, BlocksNum 0x17CE80008:00:40.0015 3696 \Device\Harddisk1\DR2:08:00:40.0015 3696 MBR partitions:08:00:40.0015 3696 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x77148008:00:40.0015 3696 ============================================================08:00:40.0031 3696 C: <-> \Device\Harddisk0\DR0\Partition108:00:40.0077 3696 D: <-> \Device\Harddisk0\DR0\Partition208:00:40.0077 3696 ============================================================08:00:40.0077 3696 Initialize success08:00:40.0077 3696 ============================================================08:00:42.0168 4056 ============================================================08:00:42.0168 4056 Scan started08:00:42.0168 4056 Mode: Manual;08:00:42.0168 4056 ============================================================08:00:43.0447 4056 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys08:00:43.0447 4056 1394ohci - ok08:00:43.0494 4056 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys08:00:43.0509 4056 ACPI - ok08:00:43.0541 4056 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys08:00:43.0541 4056 AcpiPmi - ok08:00:43.0665 4056 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe08:00:43.0681 4056 AdobeFlashPlayerUpdateSvc - ok08:00:43.0743 4056 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys08:00:43.0759 4056 adp94xx - ok08:00:43.0806 4056 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys08:00:43.0821 4056 adpahci - ok08:00:43.0853 4056 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys08:00:43.0853 4056 adpu320 - ok08:00:43.0899 4056 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll08:00:43.0899 4056 AeLookupSvc - ok08:00:43.0993 4056 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys08:00:44.0009 4056 AFD - ok08:00:44.0071 4056 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys08:00:44.0071 4056 agp440 - ok08:00:44.0102 4056 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe08:00:44.0102 4056 ALG - ok08:00:44.0133 4056 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys08:00:44.0133 4056 aliide - ok08:00:44.0149 4056 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys08:00:44.0165 4056 amdide - ok08:00:44.0227 4056 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys08:00:44.0227 4056 AmdK8 - ok08:00:44.0243 4056 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys08:00:44.0243 4056 AmdPPM - ok08:00:44.0274 4056 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys08:00:44.0289 4056 amdsata - ok08:00:44.0321 4056 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys08:00:44.0321 4056 amdsbs - ok08:00:44.0336 4056 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys08:00:44.0352 4056 amdxata - ok08:00:44.0399 4056 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys08:00:44.0414 4056 AppID - ok08:00:44.0430 4056 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll08:00:44.0445 4056 AppIDSvc - ok08:00:44.0492 4056 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll08:00:44.0492 4056 Appinfo - ok08:00:45.0038 4056 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe08:00:45.0038 4056 Apple Mobile Device - ok08:00:45.0085 4056 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys08:00:45.0085 4056 arc - ok08:00:45.0116 4056 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys08:00:45.0116 4056 arcsas - ok08:00:45.0147 4056 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys08:00:45.0163 4056 AsyncMac - ok08:00:45.0194 4056 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys08:00:45.0194 4056 atapi - ok08:00:45.0303 4056 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys08:00:45.0335 4056 athr - ok08:00:45.0491 4056 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll08:00:45.0506 4056 AudioEndpointBuilder - ok08:00:45.0522 4056 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll08:00:45.0537 4056 AudioSrv - ok08:00:45.0600 4056 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll08:00:45.0600 4056 AxInstSV - ok08:00:45.0678 4056 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys08:00:45.0693 4056 b06bdrv - ok08:00:45.0740 4056 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys08:00:45.0756 4056 b57nd60a - ok08:00:45.0834 4056 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE08:00:45.0834 4056 BBSvc - ok08:00:45.0881 4056 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE08:00:45.0896 4056 BBUpdate - ok08:00:45.0927 4056 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll08:00:45.0927 4056 BDESVC - ok08:00:45.0959 4056 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys08:00:45.0959 4056 Beep - ok08:00:46.0037 4056 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll08:00:46.0052 4056 BFE - ok08:00:46.0146 4056 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll08:00:46.0161 4056 BITS - ok08:00:46.0193 4056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys08:00:46.0208 4056 blbdrive - ok08:00:46.0286 4056 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe08:00:46.0302 4056 Bonjour Service - ok08:00:46.0333 4056 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys08:00:46.0349 4056 bowser - ok08:00:46.0364 4056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys08:00:46.0364 4056 BrFiltLo - ok08:00:46.0380 4056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys08:00:46.0380 4056 BrFiltUp - ok08:00:46.0427 4056 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll08:00:46.0427 4056 Browser - ok08:00:46.0458 4056 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys08:00:46.0473 4056 Brserid - ok08:00:46.0489 4056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys08:00:46.0489 4056 BrSerWdm - ok08:00:46.0489 4056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys08:00:46.0505 4056 BrUsbMdm - ok08:00:46.0505 4056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys08:00:46.0505 4056 BrUsbSer - ok08:00:46.0520 4056 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys08:00:46.0520 4056 BTHMODEM - ok08:00:46.0551 4056 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll08:00:46.0551 4056 bthserv - ok08:00:46.0598 4056 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys08:00:46.0614 4056 CAXHWAZL - ok08:00:46.0629 4056 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys08:00:46.0629 4056 cdfs - ok08:00:46.0676 4056 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys08:00:46.0676 4056 cdrom - ok08:00:46.0739 4056 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll08:00:46.0739 4056 CertPropSvc - ok08:00:46.0770 4056 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys08:00:46.0770 4056 circlass - ok08:00:47.0425 4056 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys08:00:47.0441 4056 CLFS - ok08:00:47.0519 4056 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe08:00:47.0519 4056 clr_optimization_v2.0.50727_32 - ok08:00:47.0581 4056 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe08:00:47.0581 4056 clr_optimization_v2.0.50727_64 - ok08:00:47.0643 4056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe08:00:47.0643 4056 clr_optimization_v4.0.30319_32 - ok08:00:47.0690 4056 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe08:00:47.0690 4056 clr_optimization_v4.0.30319_64 - ok08:00:47.0721 4056 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys08:00:47.0721 4056 CmBatt - ok08:00:47.0737 4056 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys08:00:47.0737 4056 cmdide - ok08:00:47.0799 4056 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys08:00:47.0831 4056 CNG - ok08:00:47.0894 4056 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys08:00:47.0925 4056 CnxtHdAudService - ok08:00:48.0019 4056 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe08:00:48.0034 4056 Com4QLBEx - ok08:00:48.0050 4056 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys08:00:48.0066 4056 Compbatt - ok08:00:48.0081 4056 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys08:00:48.0097 4056 CompositeBus - ok08:00:48.0112 4056 COMSysApp - ok08:00:48.0128 4056 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys08:00:48.0128 4056 crcdisk - ok08:00:48.0190 4056 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll08:00:48.0190 4056 CryptSvc - ok08:00:48.0268 4056 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll08:00:48.0284 4056 DcomLaunch - ok08:00:48.0315 4056 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll08:00:48.0331 4056 defragsvc - ok08:00:48.0378 4056 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys08:00:48.0378 4056 DfsC - ok08:00:48.0456 4056 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll08:00:48.0471 4056 Dhcp - ok08:00:48.0487 4056 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys08:00:48.0487 4056 discache - ok08:00:48.0518 4056 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys08:00:48.0518 4056 Disk - ok08:00:48.0549 4056 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll08:00:48.0565 4056 Dnscache - ok08:00:48.0612 4056 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll08:00:48.0612 4056 dot3svc - ok08:00:48.0658 4056 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll08:00:48.0658 4056 DPS - ok08:00:48.0690 4056 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys08:00:48.0690 4056 drmkaud - ok08:00:48.0768 4056 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys08:00:48.0799 4056 DXGKrnl - ok08:00:48.0830 4056 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll08:00:48.0846 4056 EapHost - ok08:00:48.0986 4056 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys08:00:49.0064 4056 ebdrv - ok08:00:49.0594 4056 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe08:00:49.0594 4056 EFS - ok08:00:49.0719 4056 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe08:00:49.0735 4056 ehRecvr - ok08:00:49.0782 4056 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe08:00:49.0782 4056 ehSched - ok08:00:49.0860 4056 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys08:00:49.0875 4056 elxstor - ok08:00:49.0906 4056 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys08:00:49.0922 4056 ErrDev - ok08:00:49.0984 4056 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll08:00:50.0000 4056 EventSystem - ok08:00:50.0047 4056 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys08:00:50.0047 4056 exfat - ok08:00:50.0078 4056 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys08:00:50.0078 4056 fastfat - ok08:00:50.0172 4056 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe08:00:50.0187 4056 Fax - ok08:00:50.0218 4056 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys08:00:50.0218 4056 fdc - ok08:00:50.0265 4056 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll08:00:50.0265 4056 fdPHost - ok08:00:50.0296 4056 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll08:00:50.0296 4056 FDResPub - ok08:00:50.0312 4056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys08:00:50.0328 4056 FileInfo - ok08:00:50.0343 4056 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys08:00:50.0343 4056 Filetrace - ok08:00:50.0359 4056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys08:00:50.0359 4056 flpydisk - ok08:00:50.0421 4056 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys08:00:50.0437 4056 FltMgr - ok08:00:50.0515 4056 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll08:00:50.0562 4056 FontCache - ok08:00:50.0640 4056 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe08:00:50.0655 4056 FontCache3.0.0.0 - ok08:00:50.0702 4056 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys08:00:50.0702 4056 FsDepends - ok08:00:50.0749 4056 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys08:00:50.0749 4056 Fs_Rec - ok08:00:50.0827 4056 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys08:00:50.0827 4056 fvevol - ok08:00:50.0858 4056 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys08:00:50.0858 4056 gagp30kx - ok08:00:50.0967 4056 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe08:00:50.0967 4056 GameConsoleService - ok08:00:51.0014 4056 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys08:00:51.0014 4056 GEARAspiWDM - ok08:00:51.0092 4056 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll08:00:51.0123 4056 gpsvc - ok08:00:51.0154 4056 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys08:00:51.0154 4056 hcw85cir - ok08:00:51.0232 4056 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys08:00:51.0248 4056 HdAudAddService - ok08:00:51.0279 4056 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys08:00:51.0279 4056 HDAudBus - ok08:00:51.0326 4056 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys08:00:51.0326 4056 HidBatt - ok08:00:51.0778 4056 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys08:00:51.0778 4056 HidBth - ok08:00:51.0810 4056 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys08:00:51.0841 4056 HidIr - ok08:00:51.0872 4056 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll08:00:51.0872 4056 hidserv - ok08:00:51.0934 4056 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys08:00:51.0934 4056 HidUsb - ok08:00:51.0981 4056 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll08:00:51.0997 4056 hkmsvc - ok08:00:52.0044 4056 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll08:00:52.0059 4056 HomeGroupListener - ok08:00:52.0106 4056 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll08:00:52.0122 4056 HomeGroupProvider - ok08:00:52.0215 4056 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe08:00:52.0215 4056 HP Health Check Service - ok08:00:52.0246 4056 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys08:00:52.0246 4056 HpqKbFiltr - ok08:00:52.0324 4056 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe08:00:52.0324 4056 hpqwmiex - ok08:00:52.0371 4056 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys08:00:52.0371 4056 HpSAMD - ok08:00:52.0480 4056 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll08:00:52.0512 4056 HsfXAudioService - ok08:00:52.0590 4056 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys08:00:52.0621 4056 HSF_DPV - ok08:00:52.0792 4056 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys08:00:52.0808 4056 HTTP - ok08:00:52.0855 4056 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys08:00:52.0855 4056 hwpolicy - ok08:00:52.0902 4056 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys08:00:52.0902 4056 i8042prt - ok08:00:52.0964 4056 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys08:00:52.0980 4056 iaStorV - ok08:00:53.0104 4056 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe08:00:53.0136 4056 idsvc - ok08:00:53.0604 4056 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys08:00:53.0822 4056 igfx - ok08:00:54.0274 4056 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys08:00:54.0274 4056 iirsp - ok08:00:54.0352 4056 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll08:00:54.0384 4056 IKEEXT - ok08:00:54.0415 4056 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys08:00:54.0415 4056 intelide - ok08:00:54.0446 4056 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys08:00:54.0446 4056 intelppm - ok08:00:54.0493 4056 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll08:00:54.0493 4056 IPBusEnum - ok08:00:54.0555 4056 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys08:00:54.0555 4056 IpFilterDriver - ok08:00:54.0602 4056 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll08:00:54.0618 4056 iphlpsvc - ok08:00:54.0664 4056 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys08:00:54.0664 4056 IPMIDRV - ok08:00:54.0711 4056 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys08:00:54.0711 4056 IPNAT - ok08:00:54.0852 4056 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe08:00:54.0898 4056 iPod Service - ok08:00:54.0961 4056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys08:00:54.0961 4056 IRENUM - ok08:00:54.0992 4056 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys08:00:54.0992 4056 isapnp - ok08:00:55.0023 4056 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys08:00:55.0023 4056 iScsiPrt - ok08:00:55.0070 4056 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys08:00:55.0070 4056 kbdclass - ok08:00:55.0117 4056 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys08:00:55.0117 4056 kbdhid - ok08:00:55.0164 4056 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe08:00:55.0164 4056 KeyIso - ok08:00:55.0195 4056 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys08:00:55.0195 4056 KSecDD - ok08:00:55.0226 4056 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys08:00:55.0226 4056 KSecPkg - ok08:00:55.0273 4056 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys08:00:55.0273 4056 ksthunk - ok08:00:55.0320 4056 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll08:00:55.0335 4056 KtmRm - ok08:00:55.0398 4056 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll08:00:55.0413 4056 LanmanServer - ok08:00:55.0460 4056 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll08:00:55.0460 4056 LanmanWorkstation - ok08:00:55.0554 4056 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe08:00:55.0554 4056 LightScribeService - ok08:00:55.0616 4056 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys08:00:55.0616 4056 lltdio - ok08:00:55.0647 4056 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll08:00:55.0663 4056 lltdsvc - ok08:00:55.0678 4056 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll08:00:55.0678 4056 lmhosts - ok08:00:55.0725 4056 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys08:00:55.0725 4056 LSI_FC - ok08:00:55.0741 4056 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys08:00:55.0756 4056 LSI_SAS - ok08:00:55.0772 4056 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys08:00:55.0788 4056 LSI_SAS2 - ok08:00:55.0803 4056 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys08:00:55.0803 4056 LSI_SCSI - ok08:00:55.0834 4056 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys08:00:55.0834 4056 luafv - ok08:00:55.0897 4056 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys08:00:55.0897 4056 mbamchameleon - ok08:00:55.0959 4056 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys08:00:55.0959 4056 MBAMProtector - ok08:00:56.0022 4056 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe08:00:56.0053 4056 MBAMService - ok08:00:56.0568 4056 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll08:00:56.0583 4056 Mcx2Svc - ok08:00:56.0614 4056 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys08:00:56.0614 4056 mdmxsdk - ok08:00:56.0630 4056 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys08:00:56.0630 4056 megasas - ok08:00:56.0677 4056 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys08:00:56.0692 4056 MegaSR - ok08:00:56.0739 4056 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll08:00:56.0739 4056 MMCSS - ok08:00:56.0755 4056 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys08:00:56.0755 4056 Modem - ok08:00:56.0802 4056 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys08:00:56.0802 4056 monitor - ok08:00:56.0848 4056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys08:00:56.0848 4056 mouclass - ok08:00:56.0880 4056 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys08:00:56.0880 4056 mouhid - ok08:00:56.0942 4056 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys08:00:56.0942 4056 mountmgr - ok08:00:56.0973 4056 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys08:00:56.0973 4056 mpio - ok08:00:57.0004 4056 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys08:00:57.0004 4056 mpsdrv - ok08:00:57.0098 4056 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll08:00:57.0129 4056 MpsSvc - ok08:00:57.0192 4056 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys08:00:57.0192 4056 MRxDAV - ok08:00:57.0223 4056 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys08:00:57.0223 4056 mrxsmb - ok08:00:57.0270 4056 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys08:00:57.0285 4056 mrxsmb10 - ok08:00:57.0301 4056 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys08:00:57.0301 4056 mrxsmb20 - ok08:00:57.0348 4056 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys08:00:57.0348 4056 msahci - ok08:00:57.0379 4056 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys08:00:57.0379 4056 msdsm - ok08:00:57.0426 4056 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe08:00:57.0426 4056 MSDTC - ok08:00:57.0472 4056 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys08:00:57.0472 4056 Msfs - ok08:00:57.0504 4056 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys08:00:57.0504 4056 mshidkmdf - ok08:00:57.0550 4056 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys08:00:57.0550 4056 msisadrv - ok08:00:57.0582 4056 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll08:00:57.0597 4056 MSiSCSI - ok08:00:57.0613 4056 msiserver - ok08:00:57.0644 4056 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys08:00:57.0644 4056 MSKSSRV - ok08:00:57.0660 4056 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys08:00:57.0660 4056 MSPCLOCK - ok08:00:57.0675 4056 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys08:00:57.0675 4056 MSPQM - ok08:00:57.0753 4056 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys08:00:57.0769 4056 MsRPC - ok08:00:57.0800 4056 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys08:00:57.0800 4056 mssmbios - ok08:00:57.0831 4056 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys08:00:57.0831 4056 MSTEE - ok08:00:57.0847 4056 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys08:00:57.0847 4056 MTConfig - ok08:00:57.0878 4056 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys08:00:57.0878 4056 Mup - ok08:00:57.0940 4056 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll08:00:57.0972 4056 napagent - ok08:00:58.0018 4056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys08:00:58.0034 4056 NativeWifiP - ok08:00:58.0096 4056 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys08:00:58.0128 4056 NDIS - ok08:00:58.0159 4056 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys08:00:58.0159 4056 NdisCap - ok08:00:58.0190 4056 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys08:00:58.0190 4056 NdisTapi - ok08:00:58.0252 4056 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys08:00:58.0252 4056 Ndisuio - ok08:00:58.0315 4056 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys08:00:58.0315 4056 NdisWan - ok08:00:58.0377 4056 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys08:00:58.0377 4056 NDProxy - ok08:00:58.0798 4056 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys08:00:58.0814 4056 NetBIOS - ok08:00:58.0861 4056 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys08:00:58.0876 4056 NetBT - ok08:00:58.0923 4056 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe08:00:58.0923 4056 Netlogon - ok08:00:58.0986 4056 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll08:00:59.0001 4056 Netman - ok08:00:59.0032 4056 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll08:00:59.0032 4056 netprofm - ok08:00:59.0110 4056 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe08:00:59.0110 4056 NetTcpPortSharing - ok08:00:59.0376 4056 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys08:00:59.0485 4056 netw5v64 - ok08:00:59.0594 4056 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys08:00:59.0594 4056 nfrd960 - ok08:00:59.0672 4056 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll08:00:59.0688 4056 NlaSvc - ok08:00:59.0703 4056 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys08:00:59.0719 4056 Npfs - ok08:00:59.0750 4056 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll08:00:59.0750 4056 nsi - ok08:00:59.0781 4056 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys08:00:59.0781 4056 nsiproxy - ok08:00:59.0875 4056 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys08:00:59.0922 4056 Ntfs - ok08:01:00.0031 4056 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys08:01:00.0031 4056 Null - ok08:01:00.0062 4056 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys08:01:00.0078 4056 nvraid - ok08:01:00.0109 4056 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys08:01:00.0109 4056 nvstor - ok08:01:00.0140 4056 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys08:01:00.0156 4056 nv_agp - ok08:01:00.0265 4056 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE08:01:00.0280 4056 odserv - ok08:01:00.0312 4056 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys08:01:00.0327 4056 ohci1394 - ok08:01:00.0358 4056 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE08:01:00.0358 4056 ose - ok08:01:00.0421 4056 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll08:01:00.0436 4056 p2pimsvc - ok08:01:00.0483 4056 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll08:01:00.0514 4056 p2psvc - ok08:01:00.0546 4056 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys08:01:00.0546 4056 Parport - ok08:01:00.0577 4056 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys08:01:00.0577 4056 partmgr - ok08:01:00.0608 4056 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll08:01:00.0608 4056 PcaSvc - ok08:01:00.0639 4056 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys08:01:00.0655 4056 pci - ok08:01:01.0107 4056 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys08:01:01.0107 4056 pciide - ok08:01:01.0154 4056 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys08:01:01.0170 4056 pcmcia - ok08:01:01.0185 4056 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys08:01:01.0185 4056 pcw - ok08:01:01.0248 4056 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys08:01:01.0263 4056 PEAUTH - ok08:01:01.0341 4056 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe08:01:01.0341 4056 PerfHost - ok08:01:01.0466 4056 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll08:01:01.0497 4056 pla - ok08:01:01.0560 4056 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll08:01:01.0591 4056 PlugPlay - ok08:01:01.0606 4056 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll08:01:01.0606 4056 PNRPAutoReg - ok08:01:01.0653 4056 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll08:01:01.0653 4056 PNRPsvc - ok08:01:01.0716 4056 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll08:01:01.0747 4056 PolicyAgent - ok08:01:01.0794 4056 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll08:01:01.0794 4056 Power - ok08:01:01.0887 4056 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys08:01:01.0887 4056 PptpMiniport - ok08:01:01.0934 4056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys08:01:01.0934 4056 Processor - ok08:01:01.0996 4056 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll08:01:01.0996 4056 ProfSvc - ok08:01:02.0059 4056 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe08:01:02.0059 4056 ProtectedStorage - ok08:01:02.0121 4056 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys08:01:02.0137 4056 Psched - ok08:01:02.0215 4056 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys08:01:02.0262 4056 ql2300 - ok08:01:02.0355 4056 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys08:01:02.0355 4056 ql40xx - ok08:01:02.0402 4056 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll08:01:02.0418 4056 QWAVE - ok08:01:02.0449 4056 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys08:01:02.0449 4056 QWAVEdrv - ok08:01:02.0480 4056 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys08:01:02.0480 4056 RasAcd - ok08:01:02.0527 4056 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys08:01:02.0527 4056 RasAgileVpn - ok08:01:02.0574 4056 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll08:01:02.0574 4056 RasAuto - ok08:01:02.0620 4056 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys08:01:02.0620 4056 Rasl2tp - ok08:01:02.0683 4056 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll08:01:02.0698 4056 RasMan - ok08:01:02.0745 4056 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys08:01:02.0745 4056 RasPppoe - ok08:01:02.0776 4056 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys08:01:02.0776 4056 RasSstp - ok08:01:02.0808 4056 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys08:01:02.0823 4056 rdbss - ok08:01:02.0839 4056 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys08:01:02.0839 4056 rdpbus - ok08:01:02.0870 4056 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys08:01:02.0870 4056 RDPCDD - ok08:01:02.0917 4056 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys08:01:02.0917 4056 RDPENCDD - ok08:01:02.0932 4056 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys08:01:02.0932 4056 RDPREFMP - ok08:01:02.0995 4056 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys08:01:02.0995 4056 RDPWD - ok08:01:03.0525 4056 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys08:01:03.0525 4056 rdyboost - ok08:01:03.0556 4056 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll08:01:03.0572 4056 RemoteAccess - ok08:01:03.0603 4056 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll08:01:03.0603 4056 RemoteRegistry - ok08:01:03.0697 4056 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe08:01:03.0697 4056 RichVideo - ok08:01:03.0744 4056 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll08:01:03.0744 4056 RpcEptMapper - ok08:01:03.0775 4056 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe08:01:03.0775 4056 RpcLocator - ok08:01:03.0837 4056 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll08:01:03.0853 4056 RpcSs - ok08:01:03.0915 4056 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys08:01:03.0915 4056 rspndr - ok08:01:03.0946 4056 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys08:01:03.0962 4056 RSUSBSTOR - ok08:01:04.0009 4056 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys08:01:04.0009 4056 RTL8167 - ok08:01:04.0024 4056 RtsUIR - ok08:01:04.0071 4056 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe08:01:04.0087 4056 SamSs - ok08:01:04.0118 4056 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys08:01:04.0118 4056 sbp2port - ok08:01:04.0149 4056 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll08:01:04.0165 4056 SCardSvr - ok08:01:04.0212 4056 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys08:01:04.0212 4056 scfilter - ok08:01:04.0305 4056 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll08:01:04.0336 4056 Schedule - ok08:01:04.0383 4056 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll08:01:04.0383 4056 SCPolicySvc - ok08:01:04.0446 4056 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys08:01:04.0446 4056 sdbus - ok08:01:04.0477 4056 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll08:01:04.0477 4056 SDRSVC - ok08:01:04.0570 4056 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe08:01:04.0570 4056 SeagateDashboardService - ok08:01:04.0617 4056 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys08:01:04.0617 4056 secdrv - ok08:01:04.0664 4056 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll08:01:04.0680 4056 seclogon - ok08:01:04.0711 4056 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll08:01:04.0711 4056 SENS - ok08:01:04.0758 4056 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll08:01:04.0773 4056 SensrSvc - ok08:01:04.0789 4056 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys08:01:04.0804 4056 Serenum - ok08:01:04.0820 4056 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys08:01:04.0836 4056 Serial - ok08:01:04.0867 4056 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys08:01:04.0867 4056 sermouse - ok08:01:04.0929 4056 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll08:01:04.0929 4056 SessionEnv - ok08:01:04.0960 4056 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys08:01:04.0960 4056 sffdisk - ok08:01:04.0976 4056 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys08:01:04.0976 4056 sffp_mmc - ok08:01:05.0007 4056 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys08:01:05.0007 4056 sffp_sd - ok08:01:05.0038 4056 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys08:01:05.0038 4056 sfloppy - ok08:01:05.0101 4056 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll08:01:05.0116 4056 SharedAccess - ok08:01:05.0179 4056 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll08:01:05.0194 4056 ShellHWDetection - ok08:01:05.0226 4056 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys08:01:05.0226 4056 SiSRaid2 - ok08:01:05.0272 4056 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys08:01:05.0272 4056 SiSRaid4 - ok08:01:05.0818 4056 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys08:01:05.0834 4056 Smb - ok08:01:05.0881 4056 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe08:01:05.0881 4056 SNMPTRAP - ok08:01:05.0896 4056 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys08:01:05.0896 4056 spldr - ok08:01:05.0974 4056 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe08:01:05.0990 4056 Spooler - ok08:01:06.0177 4056 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe08:01:06.0271 4056 sppsvc - ok08:01:06.0364 4056 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll08:01:06.0364 4056 sppuinotify - ok08:01:06.0442 4056 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys08:01:06.0458 4056 srv - ok08:01:06.0489 4056 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys08:01:06.0505 4056 srv2 - ok08:01:06.0567 4056 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS08:01:06.0583 4056 SrvHsfHDA - ok08:01:06.0661 4056 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS08:01:06.0708 4056 SrvHsfV92 - ok08:01:06.0864 4056 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS08:01:06.0895 4056 SrvHsfWinac - ok08:01:06.0926 4056 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys08:01:06.0926 4056 srvnet - ok08:01:06.0973 4056 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll08:01:06.0988 4056 SSDPSRV - ok08:01:07.0004 4056 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll08:01:07.0020 4056 SstpSvc - ok08:01:07.0051 4056 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys08:01:07.0051 4056 stexstor - ok08:01:07.0129 4056 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll08:01:07.0144 4056 stisvc - ok08:01:07.0191 4056 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys08:01:07.0191 4056 swenum - ok08:01:07.0300 4056 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe08:01:07.0332 4056 SwitchBoard - ok08:01:07.0378 4056 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll08:01:07.0394 4056 swprv - ok08:01:07.0456 4056 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys08:01:07.0472 4056 SynTP - ok08:01:07.0800 4056 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll08:01:07.0846 4056 SysMain - ok08:01:08.0190 4056 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll08:01:08.0190 4056 TabletInputService - ok08:01:08.0221 4056 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll08:01:08.0236 4056 TapiSrv - ok08:01:08.0283 4056 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll08:01:08.0283 4056 TBS - ok08:01:08.0470 4056 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys08:01:08.0533 4056 Tcpip - ok08:01:08.0689 4056 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys08:01:08.0704 4056 TCPIP6 - ok08:01:08.0798 4056 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys08:01:08.0798 4056 tcpipreg - ok08:01:08.0860 4056 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys08:01:08.0860 4056 TDPIPE - ok08:01:08.0907 4056 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys08:01:08.0907 4056 TDTCP - ok08:01:08.0985 4056 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys08:01:08.0985 4056 tdx - ok08:01:09.0016 4056 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys08:01:09.0032 4056 TermDD - ok08:01:09.0079 4056 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll08:01:09.0110 4056 TermService - ok08:01:09.0126 4056 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll08:01:09.0141 4056 Themes - ok08:01:09.0172 4056 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll08:01:09.0172 4056 THREADORDER - ok08:01:09.0204 4056 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll08:01:09.0204 4056 TrkWks - ok08:01:09.0282 4056 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe08:01:09.0282 4056 TrustedInstaller - ok08:01:09.0344 4056 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys08:01:09.0344 4056 tssecsrv - ok08:01:09.0391 4056 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys08:01:09.0391 4056 TsUsbFlt - ok08:01:09.0469 4056 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys08:01:09.0469 4056 tunnel - ok08:01:09.0516 4056 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys08:01:09.0516 4056 uagp35 - ok08:01:09.0578 4056 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys08:01:09.0594 4056 udfs - ok08:01:09.0625 4056 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe08:01:09.0640 4056 UI0Detect - ok08:01:09.0672 4056 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys08:01:09.0672 4056 uliagpkx - ok08:01:09.0718 4056 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys08:01:09.0718 4056 umbus - ok08:01:09.0750 4056 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys08:01:09.0750 4056 UmPass - ok08:01:09.0781 4056 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll08:01:09.0812 4056 upnphost - ok08:01:10.0093 4056 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys08:01:10.0093 4056 USBAAPL64 - ok08:01:10.0420 4056 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys08:01:10.0436 4056 usbccgp - ok08:01:10.0452 4056 USBCCID - ok08:01:10.0498 4056 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys08:01:10.0498 4056 usbcir - ok08:01:10.0530 4056 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys08:01:10.0530 4056 usbehci - ok08:01:10.0576 4056 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys08:01:10.0592 4056 usbhub - ok08:01:10.0623 4056 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys08:01:10.0623 4056 usbohci - ok08:01:10.0670 4056 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys08:01:10.0670 4056 usbprint - ok08:01:10.0701 4056 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS08:01:10.0701 4056 USBSTOR - ok08:01:10.0717 4056 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys08:01:10.0732 4056 usbuhci - ok08:01:10.0764 4056 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll08:01:10.0764 4056 UxSms - ok08:01:10.0810 4056 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe08:01:10.0810 4056 VaultSvc - ok08:01:10.0842 4056 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys08:01:10.0842 4056 vdrvroot - ok08:01:10.0920 4056 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe08:01:10.0935 4056 vds - ok08:01:10.0966 4056 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys08:01:10.0966 4056 vga - ok08:01:10.0998 4056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys08:01:11.0013 4056 VgaSave - ok08:01:11.0044 4056 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys08:01:11.0060 4056 vhdmp - ok08:01:11.0076 4056 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys08:01:11.0076 4056 viaide - ok08:01:11.0107 4056 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys08:01:11.0107 4056 volmgr - ok08:01:11.0169 4056 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys08:01:11.0185 4056 volmgrx - ok08:01:11.0216 4056 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys08:01:11.0232 4056 volsnap - ok08:01:11.0263 4056 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys08:01:11.0278 4056 vsmraid - ok08:01:11.0388 4056 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe08:01:11.0434 4056 VSS - ok08:01:11.0544 4056 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys08:01:11.0544 4056 vwifibus - ok08:01:11.0590 4056 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys08:01:11.0590 4056 vwififlt - ok08:01:11.0622 4056 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys08:01:11.0622 4056 vwifimp - ok08:01:11.0668 4056 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll08:01:11.0684 4056 W32Time - ok08:01:11.0715 4056 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys08:01:11.0715 4056 WacomPen - ok08:01:11.0793 4056 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys08:01:11.0793 4056 WANARP - ok08:01:11.0809 4056 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys08:01:11.0809 4056 Wanarpv6 - ok08:01:11.0902 4056 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe08:01:11.0934 4056 WatAdminSvc - ok08:01:12.0027 4056 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe08:01:12.0074 4056 wbengine - ok08:01:12.0636 4056 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll08:01:12.0636 4056 WbioSrvc - ok08:01:12.0714 4056 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll08:01:12.0729 4056 wcncsvc - ok08:01:12.0745 4056 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll08:01:12.0745 4056 WcsPlugInService - ok08:01:12.0807 4056 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys08:01:12.0807 4056 Wd - ok08:01:12.0854 4056 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys08:01:12.0870 4056 Wdf01000 - ok08:01:12.0901 4056 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll08:01:12.0901 4056 WdiServiceHost - ok08:01:12.0916 4056 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll08:01:12.0916 4056 WdiSystemHost - ok08:01:12.0979 4056 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll08:01:12.0994 4056 WebClient - ok08:01:13.0026 4056 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll08:01:13.0041 4056 Wecsvc - ok08:01:13.0057 4056 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll08:01:13.0072 4056 wercplsupport - ok08:01:13.0104 4056 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll08:01:13.0119 4056 WerSvc - ok08:01:13.0182 4056 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys08:01:13.0182 4056 WfpLwf - ok08:01:13.0213 4056 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys08:01:13.0213 4056 WIMMount - ok08:01:13.0291 4056 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys08:01:13.0306 4056 winachsf - ok08:01:13.0353 4056 WinDefend - ok08:01:13.0369 4056 WinHttpAutoProxySvc - ok08:01:13.0431 4056 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll08:01:13.0431 4056 Winmgmt - ok08:01:13.0572 4056 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll08:01:13.0618 4056 WinRM - ok08:01:13.0759 4056 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys08:01:13.0759 4056 WinUsb - ok08:01:13.0837 4056 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll08:01:13.0868 4056 Wlansvc - ok08:01:13.0899 4056 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys08:01:13.0915 4056 WmiAcpi - ok08:01:13.0977 4056 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe08:01:13.0993 4056 wmiApSrv - ok08:01:14.0040 4056 WMPNetworkSvc - ok08:01:14.0071 4056 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll08:01:14.0086 4056 WPCSvc - ok08:01:14.0133 4056 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll08:01:14.0133 4056 WPDBusEnum - ok08:01:14.0180 4056 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys08:01:14.0180 4056 ws2ifsl - ok08:01:14.0196 4056 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll08:01:14.0211 4056 wscsvc - ok08:01:14.0242 4056 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys08:01:14.0242 4056 WSDPrintDevice - ok08:01:14.0258 4056 WSearch - ok08:01:14.0913 4056 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll08:01:14.0929 4056 wuauserv - ok08:01:15.0069 4056 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys08:01:15.0085 4056 WudfPf - ok08:01:15.0147 4056 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys08:01:15.0163 4056 WUDFRd - ok08:01:15.0210 4056 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll08:01:15.0210 4056 wudfsvc - ok08:01:15.0241 4056 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll08:01:15.0256 4056 WwanSvc - ok08:01:15.0303 4056 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys08:01:15.0303 4056 XAudio - ok08:01:15.0366 4056 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys08:01:15.0381 4056 yukonw7 - ok08:01:15.0444 4056 MBR (0x1B8) (efc2eced49282702db0b737570780fb0) \Device\Harddisk0\DR008:01:15.0646 4056 \Device\Harddisk0\DR0 - ok08:01:15.0662 4056 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR208:01:16.0177 4056 \Device\Harddisk1\DR2 - ok08:01:16.0192 4056 Boot (0x1200) (eeb21de342fbc056de682cc90ab12256) \Device\Harddisk0\DR0\Partition008:01:16.0192 4056 \Device\Harddisk0\DR0\Partition0 - ok08:01:16.0208 4056 Boot (0x1200) (659d390d60c15ac371319de8e71f0e1a) \Device\Harddisk0\DR0\Partition108:01:16.0208 4056 \Device\Harddisk0\DR0\Partition1 - ok08:01:16.0255 4056 Boot (0x1200) (d02a354d4338c2c6d3bd13a989e477c0) \Device\Harddisk0\DR0\Partition208:01:16.0255 4056 \Device\Harddisk0\DR0\Partition2 - ok08:01:16.0270 4056 Boot (0x1200) (cd5ac8129cf73e35797eed8e777e414b) \Device\Harddisk1\DR2\Partition008:01:16.0270 4056 \Device\Harddisk1\DR2\Partition0 - ok08:01:16.0270 4056 ============================================================08:01:16.0270 4056 Scan finished08:01:16.0270 4056 ============================================================08:01:16.0286 3988 Detected object count: 008:01:16.0286 3988 Actual detected object count: 0 Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569737 Share Posted July 12, 2012 DDS.txt:.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421Run by Tama06 at 8:03:46 on 2012-07-12Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1871 [GMT -6:00].SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k HsfXAudioServiceC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Windows\System32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\HP\QuickPlay\QPService.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exeC:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Windows\system32\taskeng.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankuDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbmDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbmStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbuInternet Settings,ProxyOverride = *.localmWinlogon: Userinit=userinit.exe,BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenuRun: [muimsc] rundll32.exe "C:\Users\Tama06\AppData\Roaming\muimsc.dll",PszDupWuRun: [ohevts] "C:\Windows\System32\rundll32.exe" "C:\Users\Tama06\AppData\Roaming\ohevts.dll",CreateClassDefinitionmRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartmRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDmRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [<NO NAME>]mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayStartupFolder: C:\Users\Tama06\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tama06\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exeuPolicies-system: WallpaperStyle = 2mPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)dPolicies-system: WallpaperStyle = 2IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51}\25166756E6723702E4563747 : DhcpNameServer = 192.168.1.1mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCacheBHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO-X64: HP Print Enhancer - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dllBHO-X64: HelloWorldBHO - No FileBHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO-X64: SmartSelect - No FileBHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllBHO-X64: HP Smart BHO Class - No FileTB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No FileEB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No FilemRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartmRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDmRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun-x64: [(Default)]mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exemRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayIE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm.============= SERVICES / DRIVERS ===============.R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-27 654408]R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]R3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 257696]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?].=============== Created Last 30 ================.2012-07-12 14:00:21 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2012-06-27 18:23:04 -------- d-----w- C:\Users\Tama06\AppData\Roaming\Malwarebytes2012-06-27 18:22:57 -------- d-----w- C:\ProgramData\Malwarebytes2012-06-27 18:22:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-06-27 18:22:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-06-27 14:03:41 411648 ----a-w- C:\Users\Tama06\AppData\Roaming\ohevts.dll2012-06-27 14:02:49 -------- d-----w- C:\ProgramData\529C50D800046EF3000161F1B4EB23672012-06-27 14:02:45 -------- d-----w- C:\Users\Tama06\AppData\Local\About2012-06-27 14:02:43 138752 --sha-w- C:\Users\Tama06\AppData\Roaming\muimsc.dll2012-06-26 15:10:59 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7B44993E-8E8F-446E-ADE8-79861E4F56EA}\mpengine.dll2012-06-21 13:38:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-21 13:37:51 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-21 13:37:24 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-21 13:37:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-17 06:19:09 -------- d-----w- C:\Program Files\iPod2012-06-17 06:19:08 -------- d-----w- C:\Program Files\iTunes2012-06-17 06:19:08 -------- d-----w- C:\Program Files (x86)\iTunes2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll2012-06-13 18:04:36 209920 ----a-w- C:\Windows\System32\profsvc.dll.==================== Find3M ====================.2012-06-06 00:52:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-06-06 00:52:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts.============= FINISH: 8:04:47.08 =============== Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569739 Share Posted July 12, 2012 Attach.txt:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 10/2/2011 3:35:56 PMSystem Uptime: 7/12/2012 7:42:33 AM (1 hours ago).Motherboard: Wistron | | 3612Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 221 GiB total, 103.432 GiB free.D: is FIXED (NTFS) - 12 GiB total, 2.006 GiB free.E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP81: 6/12/2012 9:30:31 AM - Windows UpdateRP82: 6/14/2012 9:28:44 AM - Windows UpdateRP83: 6/19/2012 9:24:05 AM - Windows UpdateRP84: 6/21/2012 7:36:29 AM - Windows UpdateRP85: 6/26/2012 9:09:52 AM - Windows Update.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)7-Zip 9.20Acrobat.comActivate Norton Online BackupActiveCheck component for HP Active Support LibraryAdobe Acrobat X Pro - English, Français, DeutschAdobe AIRAdobe Community HelpAdobe Content ViewerAdobe Creative Suite 5.5 Design PremiumAdobe Download AssistantAdobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdobe Reader 9.4.6Adobe Widget BrowserAmazon Add to Wish List IE Extension 1.2Amazon MP3 Downloader 1.0.12Apple Application SupportApple Software UpdateAtheros Driver Installation ProgramAudacity 1.3.13 (Unicode)Bing BarcalibreChoice GuardCompatibility Pack for the 2007 Office systemCyberLink DVD SuiteDropboxGIMP 2.6.11Homepage ProtectionHP AdvisorHP Customer Experience EnhancementsHP DVD Play 3.7HP GamesHP Quick Launch ButtonsHP SetupHP Smart Web PrintingHP Support AssistantHP UpdateHP User Guides 0156HP Wireless AssistantHPAsset component for HP Active Support LibraryJava Auto UpdaterJava 6 Update 29Junk Mail filter updateLabelPrintLAME v3.98.3 for AudacityLightScribe System SoftwareLIMBOMagic Set Editor 2.0.0Malwarebytes Anti-Malware version 1.61.0.1400Microsoft Live Search ToolbarMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional Plus 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft WorksMicrosoft_VC80_ATL_x86Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_ATL_x86Microsoft_VC90_CRT_x86Microsoft_VC90_MFC_x86Microsoft_VC90_MFCLOC_x86MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)muvee RevealPDF Settings CS5pdfsamPictureMoverPower2GoPowerDirectorPowerRecoverQLBCASLQuickTimeRealtek 8136 8168 8169 Ethernet DriverRealtek USB 2.0 Card ReaderSeagate DashboardSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2598041) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live Upload ToolWindows Live WriterYahoo! MessengerYouTube Downloader 3.4.==== Event Viewer Messages From Past Week ========.7/12/2012 7:58:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.7/12/2012 7:43:59 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool..==== End Of File =========================== Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569740 Share Posted July 12, 2012 MBAM's latest log:Malwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.06.27.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Tama06 :: UTANO2 [administrator]Protection: Enabled6/27/2012 4:37:06 PMmbam-log-2012-06-27 (16-37-06).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 209583Time elapsed: 12 minute(s), 4 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569742 Share Posted July 12, 2012 Also, as to Antivirus software... I just downloaded Avast, but I think that's the only anti-virus I currently have. I believe that my laptop has an expired version of McAfee on it (possibly uninstalled). Will Avast do? Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569758 Share Posted July 12, 2012 Also, I've read on other forums that finding the encryption key is an important step in saving the files affected by the ransomware. I have not been able to locate (or recognise) such a file. This may simply be due to ignorance on my part... Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 12, 2012 ID:569804 Share Posted July 12, 2012 It's sad to know you had no antivirus on this system. That is highly risky. If it turns out your Windows has been severely damaged, the only resort would be to flatten/wipe the disk and put on the factory-state Windows as a new setup.IF you did not buy Avast and if you did not install it, hold off a bit until after we have run a couple of utilities.I am not aware of ransomware that truly encrypts a system. So we will proceed to attempt to locate & remove the ransomware.Please do NOT do any websurfing. No online shopping, banking, nor online transactions. Only go to this forum and the sites I guide you to.btw, the DDS report says this laptop has Windows 7 .....not Vista, as you had indicated early on.These steps are for tama06 only. If you are a casual viewer, do NOT try this on your system!If you are not tama06 and have a similar problem, do NOT post here; start your own topicThe fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!You will want to print out or copy these instructions to Notepad for Safe offline reference!Please follow my guidance If you are a casual viewer, do NOT try this on your system!If you are not the originating-member-poster and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use!Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.Close any of your open programs while you run these tools.Since this is a laptop pc, be sure it is connected to electrical-power or a UPS system ! We dont want the battery to go low & the system to auto-shutdown during tasks.Step 11. Go >> Here << and download ERUNT(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT by Right-clicking on it and selecting Run as Administartor.When prompted to allow run, choose YES. Then take the defaults offered by ERUNT and allow it to backup.4. Choose a location for the backup(the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked6. Press OK7. Press YES to create the folder.Step 2To show all files:Go to your DesktopDouble-Click the Computer icon.From the menu options, Select Tools, then Folder Options.Next click the View tab.Locate and uncheck Hide file extensions for known file types.Locate and uncheck Hide protected operating system files (Recommended).Locate and click Show hidden files and folders and drives.Click Apply > OK.Step 3These steps are for tama06 only. If you are a casual viewer, do NOT try this on your system!If you are not tama06 and have a similar problem, do NOT post here; start your own topicIf this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS systemIf you have a prior copy of Combofix, delete it now Download Combofix from any of the links below, and SAVE it to the Desktop.>> Link 1 <<>> Link 2 <<**Note: It is important that it is saved directly to your Desktop and not run straight away from download **Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs2. Open notepad and copy/paste the text in the quotebox below into it:http://forums.malwarebytes.org/index.php?showtopic=111745KILLALL::Suspect::[4]uRun: [muimsc] rundll32.exe "C:\Users\Tama06\AppData\Roaming\muimsc.dll",PszDupWuRun: [ohevts] "C:\Windows\System32\rundll32.exe" "C:\Users\Tama06\AppData\Roaming\ohevts.dll",CreateClassDefinitionDriver::muimscohevtsSave this as CFScript.txt, in the same location as ComboFix.exeClose/exit Notepad3. Close any (all) open browsers. 4:Refering to the picture above, drag & drop CFScript into ComboFix.exeThat will start a scripted run of Combofix.Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stagesIt will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.When CF finishes running, it pops out with the CF log and this message box:Clicking OK will begin the auto-upload of the zipped file.When Combofix restarts the system, do NOT touch it and allow it to load Windows by itself, into normal mode.If there's a login-user-password needed, then use the same user/login as when you first started.Let Combofix finish on it's own.When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.Step 4Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or>> from here <<Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on Scan button at upper right of screen.Wait until the Status box shows "Scan Finished"Click on Report and copy/paste the content of the Notepad into a reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569815 Share Posted July 12, 2012 Sorry about the Windows version mix-up... We've got 3 laptops and 4 desktops in the house at the moment, and it's sometimes hard to keep them straight. I'd already shut the infected one down and stowed it away (since we were leaving the country) when you asked about the OS.I am currently running ComboFix. I will post again as soon as it is finished. Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569821 Share Posted July 12, 2012 Finished with those steps. Posting logs. ComboFixLog:ComboFix 12-07-12.02 - Tama06 07/12/2012 10:37:43.1.1 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1552 [GMT -6:00]Running from: c:\users\Tama06\Desktop\ComboFix.exeCommand switches used :: c:\users\Tama06\Desktop\CFScript.txtSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Tama06\AppData\Roaming\muimsc.dllc:\users\Tama06\AppData\Roaming\ohevts.dllc:\users\Tama06\AppData\Roaming\uplog.txt.cryptc:\users\Tama06\YouTubeDownloaderSetup34.exe..((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))..2012-07-12 16:50 . 2012-07-12 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp2012-07-12 16:28 . 2012-07-12 16:28 -------- d-----w- c:\program files (x86)\ERUNT2012-07-12 14:00 . 2012-07-12 14:00 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2012-06-27 18:23 . 2012-06-27 18:23 -------- d-----w- c:\users\Tama06\AppData\Roaming\Malwarebytes2012-06-27 18:22 . 2012-06-27 18:22 -------- d-----w- c:\programdata\Malwarebytes2012-06-27 18:22 . 2012-06-27 18:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-06-27 18:22 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-27 14:02 . 2012-06-27 14:09 -------- d-----w- c:\programdata\529C50D800046EF3000161F1B4EB23672012-06-27 14:02 . 2012-06-27 20:41 -------- d-----w- c:\users\Tama06\AppData\Local\About2012-06-26 15:10 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B44993E-8E8F-446E-ADE8-79861E4F56EA}\mpengine.dll2012-06-21 13:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-21 13:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-21 13:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-21 13:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-21 13:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll2012-06-21 13:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-21 13:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-21 13:37 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-21 13:37 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe2012-06-17 06:19 . 2012-06-17 06:19 -------- d-----w- c:\program files\iPod2012-06-17 06:19 . 2012-06-17 06:19 -------- d-----w- c:\program files\iTunes2012-06-17 06:19 . 2012-06-17 06:19 -------- d-----w- c:\program files (x86)\iTunes2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll2012-06-17 06:12 . 2012-06-17 06:13 -------- d-----w- c:\program files (x86)\QuickTime2012-06-13 18:04 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-06 00:52 . 2012-06-06 00:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-06-06 00:52 . 2011-10-04 22:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-04-19 02:56 . 2012-04-19 02:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2012-04-19 02:56 . 2012-04-19 02:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].c:\users\Tama06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Tama06\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-5-24 430080].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]"WallpaperStyle"= 2.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 257696]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-12 33096]R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064]R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-03 1255736]R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 00:52]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uStart Page = about:blankuLocal Page = c:\windows\system32\blank.htmmStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnbmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-muimsc - c:\users\Tama06\AppData\Roaming\muimsc.dllWow6432Node-HKCU-Run-ohevts - c:\users\Tama06\AppData\Roaming\ohevts.dllHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\program files (x86)\CyberLink\Shared files\RichVideo.exe.**************************************************************************.Completion time: 2012-07-12 11:01:53 - machine was rebootedComboFix-quarantined-files.txt 2012-07-12 17:01.Pre-Run: 114,145,607,680 bytes freePost-Run: 114,261,032,960 bytes free.- - End Of File - - 9677AF4641E4D155A7CB3FB822414766 Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569822 Share Posted July 12, 2012 RogueKiller Report:RogueKiller V7.6.3 [07/08/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Tama06 [Admin rights]Mode: Scan -- Date: 07/12/2012 11:08:10¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 3 ¤¤¤[sUSP PATH] {8269C180-C8B6-4486-8AEE-CAEC83FDF84B}.job @ : C:\Users\Tama06\Desktop\Gampad_Pro.exe -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][FILE] @ : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\@ --> FOUND[ZeroAccess][FOLDER] U : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\U --> FOUND[ZeroAccess][FOLDER] L : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\L --> FOUND¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST9250315AS ATA Device +++++--- User ---[MBR] a8881ba5916fc08d980df47ee42eb746[bSP] 476df2a6a58edcea29ab582f9f1820f3 : Windows Vista/7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 226085 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463431680 | Size: 12189 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569824 Share Posted July 12, 2012 I have not quit/exitted RogueKiller yet, because when I try to, it says that elements have not been deleted...Do I quit anyway? Or do something else? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 12, 2012 ID:569842 Share Posted July 12, 2012 Locate this file C:\qoobox\ComboFix-quarantined-files.txtCopy its contents and Paste into a reply, for my review.RoguekillerDisable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsPlease disconnect any USB or external drives from the computer before you run this scan!Right-Click RogueKiller and select Run as Administrator. (if it is not already running)Wait until Prescan finishes.Select (check) these items if shown[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[ZeroAccess][FILE] @ : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\@ [ZeroAccess][FOLDER] U : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\U [ZeroAccess][FOLDER] L : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\LThen press the Delete button.When done, logoff & Restart the system.The log will be found as RKreportCopy & Paste the contents into next reply.NEXT:Download Dr.Web CureIt to the desktop. Turn OFF your antivirus program.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDoubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, chose the Complete Scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look and see if you can click the following icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer to allow files that were in use to be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.Re-Enable your antivirus program when all done.We will have a lot more to do after this. Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569847 Share Posted July 12, 2012 Thanks for sticking with me!Rogue Killer did not have all five of those items. I deleted the two HJ items. the only other item was something called "task" and I deleted that, too.ComboFix-quarantined-files.txt:2012-07-12 17:00:45 . 2012-07-12 17:00:45 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat2012-07-12 17:00:42 . 2012-07-12 17:00:42 376 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat2012-07-12 17:00:28 . 2012-07-12 17:00:29 205 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-ohevts.reg.dat2012-07-12 17:00:28 . 2012-07-12 17:00:28 164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-muimsc.reg.dat2012-07-12 16:46:06 . 2012-07-12 16:46:06 7,591 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg2012-07-12 16:37:35 . 2012-07-12 16:37:35 58 ----a-w- C:\Qoobox\Quarantine\catchme.txt2012-07-12 16:33:53 . 2012-07-12 16:33:53 51 ----a-w- C:\Qoobox\Quarantine\catchme.log2012-06-27 17:01:44 . 2012-06-27 17:01:44 30 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming\uplog.txt.crypt.vir2012-06-27 14:03:41 . 2012-06-27 14:03:43 411,648 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming\ohevts.dll.vir2012-06-27 14:02:43 . 2012-06-27 14:02:31 138,752 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming\muimsc.dll.vir2011-10-21 00:44:41 . 2011-10-21 00:44:53 5,342,064 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\YouTubeDownloaderSetup34.exe.vir Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569849 Share Posted July 12, 2012 I started the Dr.Web program before grabbing the RKreport and cannot access it right now, while Dr.Web is in "Enhanced Protection Mode."I will post it ASAP. Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 12, 2012 ID:569861 Share Posted July 12, 2012 ok. I hope you have started the DrWeb Cure-it scan.Have plenty of patience (infinite patience) since it may take some hours for the scan to finish. Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569898 Share Posted July 12, 2012 I accidentally sat through the express scan (which found nothing) first. I am now sitting through the Complete Scan, which looks to be less than 10% done.It has found some stuff. I said "Yes to All" and am letting it do its thing. Link to post Share on other sites More sharing options...
tama06 Posted July 12, 2012 Author ID:569978 Share Posted July 12, 2012 I'm guesstimating that the scan is about 30% complete, now. So, it looks like 10% per hour. I'm not sure I'll still be awake in 7 hours (I'm jet-lagging from my trip), so I'll most likely post the remaining logs and reports tomorrow morning.Thank you again for your continued help! Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 12, 2012 ID:569981 Share Posted July 12, 2012 Get your rest. Let it run on it's own. I believe, iirc, I advised you to have this laptop plugged in to standard power source.Anyhow, I'd expect the system will eventually go to hibernation or sleep mode (well after the run is finished). Link to post Share on other sites More sharing options...
Recommended Posts