tama06

Ransomware'd

57 posts in this topic

ID: 1   Posted (edited)

My laptop is suffering from a malware program requesting my to send $100 to a yahoo email address for the decryption key to access my files.

I have not tried to open any files since I got the message, though I did back up all my important data to my portable HD (though I am worried now that I thereby infected my portable HD)...

The malware has populated all of the folders on my computer with a WARNING.txt file.

A blue dialogue box that I cannot remove, move, or minimize has popped up in the middle of the screen with the same text from the WARNING.txt file (transcribed below).

The pop-up window is called "vsdsrv32" on my taskbar.

Also, when I try to open Task Manager, I can do so, but it immediately closes--I do not have time to do or see anything on it, just that the window ghosts open for a second.

I have wifi turned off on my laptop, so that whomever did that cannot communicate with my laptop...

I downloaded MBAM on my desktop and transfered it to the laptop on a stick drive I don't need to keep.

I ran MBAM quick scan and it found 2 pieces of malware, but neither of them was apparently the ransomware. When I restarted the computer, the pop-up is still there.

I'm running the deep scan, now, and it's found at least 1 piece of malware so far.

Any help would be appreciated!

Here is the text from the WARNING.txt file:

WARNING! YOU WCAP ID: 3356

If you see this screen or read warning.txt.

It means you IP address: 67.164.131.123 was included in WCAP Black List.

From your PC was infringement one or more of the following items:

1. Viewing, listening, downloading or distributing audio or video files protected Copyright Law.

2. Spam or Ddos attack.

3. Downloading or distributing illegal content (child porno, phishing, etc.)

4. Downloading or distributing Software protected Copyright Law.

The result of these infringement you PC and file was blocked. The decision was made about blocking on the basis of Digital Millennium Copyright Act (DMCA) amendment 1272 of 06/10/2011

You can remove you IP from black list and unblock PC and files paying money penalty 100$.

STEP 1: Buy a MoneyPak in amount of $100 at the nearest store.

STEP 2: Fill in the fields on the screen, and click Make Payment. Alternate send as an e-mail at WCAPLLC@yahoo.com . Indicate your WCAP ID in the message title and provide MoneyPak number.

STEP 3: Check your e-mail. We will send you Unblock code once payment is verified. Your computer will roll back to the ordinary state.

Q: Where can I purchase MoneyPak?

A: MonekPak can be purchased at thousands of stores nationwide, including major retailers such as Wal-Mart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger and Meijer. Click here to find a store near.

Q: How do I buy a MoneyPak at the store?

A: Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak.

Q: How I can make sure that you can really decipher my files?

A: You can send ONE any ciphered file on email WCAPLLC@yahoo.com (Indicate your IS and /test decrypt/ phrase in the message title), in the response message you receive the deciphered file.

WARNING!!!: If you don't pay money penalty 100$ within 72 HOURS, all your computer data will be deleted.

WARNING!!! Dont remove this screen this may complicate or make impossible the decryption. Even after removing the screen, files will remain encrypted. You can confirm this moving crypt file to another PC.

MONEYPAK _______________ EMAIL _______________ [Make Payment]

Please contact us if you have any questions wcapllc@yahoo.com.

Well, I ran the long scan, restarted, activated wifi long enough to update MBAM, and then ran the quick scan again. MBAM found the fiel that makes the popup and got rid of it (I'm doing another long scan, now). However, all of my files have been affected. They all have a .CRYPT extension after them and are inaccessible.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Hello tama06,

Keep this pc disconnected from the internet. Use a clean USB-flash or CD to shuttle tools to it.

Use another (but clean) pc to do downloads of tools, and then shuttle back & copy the tools to the Desktop (as much as possible).

Knowing your Windows version sure would help. Please advise.

Let me know if you have the Windows operating system CD/DVD (that would help, and may be necessary).

Do as much as possible of the following.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

NEXT

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

NEXT

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder

http://support.kaspe.../tdsskiller.exe

and be sure to SAVE it in this folder --> C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4

Please read carefully and follow these steps.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Also, attach a copy of the last MBAM scan log.

Share this post


Link to post
Share on other sites

Thank you fo the reply. I truly appreciate it...

I will not be able to follow these steps for about two weeks, as I am leaving the country tomorrow morning for a vacation, and I have to pack and get ready today--I spent all day yesterday messing with the laptop and am now behind on packing/cleaning for the trip. =(

My laptop is running Vista. It's three years old, but was completely reformatted to factory issue last year due to some other malware that was making it act wonky. I've had no issues since the reformat--until yesterday, when I got the ransomware.

I've run MBAM quick scan and full scan several times since the infection.

I turned wifi on long enough to update mbam, since it was claiming to be outdated, and then ran it again.

On one of those run-throughs (after I let mbam update), it found the vsdsrv32 file and quarantine/deleted it.

The last quick-scan I did found no questionable objects.

Since I am leaving that computer offline, when I get back to the country to work on it, should I transcribe program logs, or can I copy them into text files and ferry them over to the clean computer to post here? Is ferrying safe?

Can I use the same USB drive over and over, going back and forth between the sick machine and the clean one?

I copied a bunch of files from the laptop to my portable HD yesterday when I noticed my computer was acting funny, but before I saw the WARNING.txt file.

I cannot recall if they were encrypted or not when I copied them-- I was mostly copying folders, not looking at individual files.

I want to say that I think they hadn't been hit, yet, but I'm not sure.

I have not connected the drive to anything since then, because I'm worried that the virus may have infected all the files on the portable drive.

Honestly, I'm not sure I want to know, yet, because if I can't decrypt the files, I've just lost everything...

My desktop PC is brand new and I hadn't put any of my files on it, yet, so everything was either on the laptop or the portable HD.

Anyways, I hope the additional info helps.

Like I said, I'll be unavailable for about two weeks.

I'll post logs as soon as I'm back in the country and can run the programs.

Thank you.

Share this post


Link to post
Share on other sites

Thanks for letting me know that you'll be out for an extended period. I'll keep this Open till you get back.

On the "ferrying" (shuttle) of reports and tools: I would say, scan the USB-flash with antivirus program on a clean system. That way you have a check on it.

If the flash-drive is not infected, you will be ok. So scan it with antivirus first.

Then consider running (1 time) this utility.

Download and run "Flash Drive Disinfector" by sUBs. It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

There is no GUI interface or log file produced.

Share this post


Link to post
Share on other sites

FYI for any casual readers: This topic is for member tama06 only!! Any other members posting here will have their post deleted without notice.

Share this post


Link to post
Share on other sites

Thank you for your patience.

I'm back from overseas and have downloaded the utilities. I am starting to run them on my laptop.

I will post logs as soon as I have them.

Related issue:

How do I determine if my portible hard drive was infected when I had it connected to the laptop?

I don't want to reconnect it to my laptop or connect it to my clean PC, in case it is infected.

My husband recommended taking it to a public computer (library, local copy-center)... Should I do that? Or will we reconnect it at the end of this laptop cleaning process?

Share this post


Link to post
Share on other sites

No, do not take your external drive elsewhere. Certainly not to any public pc.

Keep it disconnected from "this" system. Later, we can run 1 or 2 scans with an online scan & with your updated antivirus.

Do as much as you can of the steps I outlined. You can post each log as you finish a particular run.

Share this post


Link to post
Share on other sites

I've run all the utilities. Everything apparently came back clear.

TDSSKiller's Report:

08:00:38.0658 3696 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

08:00:38.0751 3696 ============================================================

08:00:38.0751 3696 Current date / time: 2012/07/12 08:00:38.0751

08:00:38.0751 3696 SystemInfo:

08:00:38.0751 3696

08:00:38.0751 3696 OS Version: 6.1.7601 ServicePack: 1.0

08:00:38.0751 3696 Product type: Workstation

08:00:38.0751 3696 ComputerName: UTANO2

08:00:38.0751 3696 UserName: Tama06

08:00:38.0751 3696 Windows directory: C:\Windows

08:00:38.0751 3696 System windows directory: C:\Windows

08:00:38.0751 3696 Running under WOW64

08:00:38.0751 3696 Processor architecture: Intel x64

08:00:38.0751 3696 Number of processors: 1

08:00:38.0751 3696 Page size: 0x1000

08:00:38.0751 3696 Boot type: Normal boot

08:00:38.0751 3696 ============================================================

08:00:39.0999 3696 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x4BB4D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x19, Type 'K0', Flags 0x00000040

08:00:39.0999 3696 Drive \Device\Harddisk1\DR2 - Size: 0xEE680000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

08:00:40.0015 3696 ============================================================

08:00:40.0015 3696 \Device\Harddisk0\DR0:

08:00:40.0015 3696 MBR partitions:

08:00:40.0015 3696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

08:00:40.0015 3696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B992800

08:00:40.0015 3696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B9F6800, BlocksNum 0x17CE800

08:00:40.0015 3696 \Device\Harddisk1\DR2:

08:00:40.0015 3696 MBR partitions:

08:00:40.0015 3696 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x771480

08:00:40.0015 3696 ============================================================

08:00:40.0031 3696 C: <-> \Device\Harddisk0\DR0\Partition1

08:00:40.0077 3696 D: <-> \Device\Harddisk0\DR0\Partition2

08:00:40.0077 3696 ============================================================

08:00:40.0077 3696 Initialize success

08:00:40.0077 3696 ============================================================

08:00:42.0168 4056 ============================================================

08:00:42.0168 4056 Scan started

08:00:42.0168 4056 Mode: Manual;

08:00:42.0168 4056 ============================================================

08:00:43.0447 4056 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

08:00:43.0447 4056 1394ohci - ok

08:00:43.0494 4056 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:00:43.0509 4056 ACPI - ok

08:00:43.0541 4056 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:00:43.0541 4056 AcpiPmi - ok

08:00:43.0665 4056 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:00:43.0681 4056 AdobeFlashPlayerUpdateSvc - ok

08:00:43.0743 4056 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

08:00:43.0759 4056 adp94xx - ok

08:00:43.0806 4056 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

08:00:43.0821 4056 adpahci - ok

08:00:43.0853 4056 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

08:00:43.0853 4056 adpu320 - ok

08:00:43.0899 4056 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

08:00:43.0899 4056 AeLookupSvc - ok

08:00:43.0993 4056 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

08:00:44.0009 4056 AFD - ok

08:00:44.0071 4056 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:00:44.0071 4056 agp440 - ok

08:00:44.0102 4056 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

08:00:44.0102 4056 ALG - ok

08:00:44.0133 4056 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:00:44.0133 4056 aliide - ok

08:00:44.0149 4056 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:00:44.0165 4056 amdide - ok

08:00:44.0227 4056 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

08:00:44.0227 4056 AmdK8 - ok

08:00:44.0243 4056 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

08:00:44.0243 4056 AmdPPM - ok

08:00:44.0274 4056 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:00:44.0289 4056 amdsata - ok

08:00:44.0321 4056 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

08:00:44.0321 4056 amdsbs - ok

08:00:44.0336 4056 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:00:44.0352 4056 amdxata - ok

08:00:44.0399 4056 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:00:44.0414 4056 AppID - ok

08:00:44.0430 4056 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

08:00:44.0445 4056 AppIDSvc - ok

08:00:44.0492 4056 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

08:00:44.0492 4056 Appinfo - ok

08:00:45.0038 4056 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:00:45.0038 4056 Apple Mobile Device - ok

08:00:45.0085 4056 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

08:00:45.0085 4056 arc - ok

08:00:45.0116 4056 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

08:00:45.0116 4056 arcsas - ok

08:00:45.0147 4056 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

08:00:45.0163 4056 AsyncMac - ok

08:00:45.0194 4056 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

08:00:45.0194 4056 atapi - ok

08:00:45.0303 4056 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys

08:00:45.0335 4056 athr - ok

08:00:45.0491 4056 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:00:45.0506 4056 AudioEndpointBuilder - ok

08:00:45.0522 4056 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:00:45.0537 4056 AudioSrv - ok

08:00:45.0600 4056 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

08:00:45.0600 4056 AxInstSV - ok

08:00:45.0678 4056 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

08:00:45.0693 4056 b06bdrv - ok

08:00:45.0740 4056 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

08:00:45.0756 4056 b57nd60a - ok

08:00:45.0834 4056 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

08:00:45.0834 4056 BBSvc - ok

08:00:45.0881 4056 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

08:00:45.0896 4056 BBUpdate - ok

08:00:45.0927 4056 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

08:00:45.0927 4056 BDESVC - ok

08:00:45.0959 4056 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

08:00:45.0959 4056 Beep - ok

08:00:46.0037 4056 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

08:00:46.0052 4056 BFE - ok

08:00:46.0146 4056 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

08:00:46.0161 4056 BITS - ok

08:00:46.0193 4056 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

08:00:46.0208 4056 blbdrive - ok

08:00:46.0286 4056 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

08:00:46.0302 4056 Bonjour Service - ok

08:00:46.0333 4056 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

08:00:46.0349 4056 bowser - ok

08:00:46.0364 4056 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:00:46.0364 4056 BrFiltLo - ok

08:00:46.0380 4056 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:00:46.0380 4056 BrFiltUp - ok

08:00:46.0427 4056 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

08:00:46.0427 4056 Browser - ok

08:00:46.0458 4056 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

08:00:46.0473 4056 Brserid - ok

08:00:46.0489 4056 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

08:00:46.0489 4056 BrSerWdm - ok

08:00:46.0489 4056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:00:46.0505 4056 BrUsbMdm - ok

08:00:46.0505 4056 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

08:00:46.0505 4056 BrUsbSer - ok

08:00:46.0520 4056 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

08:00:46.0520 4056 BTHMODEM - ok

08:00:46.0551 4056 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

08:00:46.0551 4056 bthserv - ok

08:00:46.0598 4056 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

08:00:46.0614 4056 CAXHWAZL - ok

08:00:46.0629 4056 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

08:00:46.0629 4056 cdfs - ok

08:00:46.0676 4056 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

08:00:46.0676 4056 cdrom - ok

08:00:46.0739 4056 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:00:46.0739 4056 CertPropSvc - ok

08:00:46.0770 4056 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

08:00:46.0770 4056 circlass - ok

08:00:47.0425 4056 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

08:00:47.0441 4056 CLFS - ok

08:00:47.0519 4056 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:00:47.0519 4056 clr_optimization_v2.0.50727_32 - ok

08:00:47.0581 4056 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:00:47.0581 4056 clr_optimization_v2.0.50727_64 - ok

08:00:47.0643 4056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:00:47.0643 4056 clr_optimization_v4.0.30319_32 - ok

08:00:47.0690 4056 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:00:47.0690 4056 clr_optimization_v4.0.30319_64 - ok

08:00:47.0721 4056 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

08:00:47.0721 4056 CmBatt - ok

08:00:47.0737 4056 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

08:00:47.0737 4056 cmdide - ok

08:00:47.0799 4056 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

08:00:47.0831 4056 CNG - ok

08:00:47.0894 4056 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys

08:00:47.0925 4056 CnxtHdAudService - ok

08:00:48.0019 4056 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

08:00:48.0034 4056 Com4QLBEx - ok

08:00:48.0050 4056 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

08:00:48.0066 4056 Compbatt - ok

08:00:48.0081 4056 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

08:00:48.0097 4056 CompositeBus - ok

08:00:48.0112 4056 COMSysApp - ok

08:00:48.0128 4056 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

08:00:48.0128 4056 crcdisk - ok

08:00:48.0190 4056 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

08:00:48.0190 4056 CryptSvc - ok

08:00:48.0268 4056 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:00:48.0284 4056 DcomLaunch - ok

08:00:48.0315 4056 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

08:00:48.0331 4056 defragsvc - ok

08:00:48.0378 4056 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

08:00:48.0378 4056 DfsC - ok

08:00:48.0456 4056 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

08:00:48.0471 4056 Dhcp - ok

08:00:48.0487 4056 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

08:00:48.0487 4056 discache - ok

08:00:48.0518 4056 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

08:00:48.0518 4056 Disk - ok

08:00:48.0549 4056 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

08:00:48.0565 4056 Dnscache - ok

08:00:48.0612 4056 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

08:00:48.0612 4056 dot3svc - ok

08:00:48.0658 4056 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

08:00:48.0658 4056 DPS - ok

08:00:48.0690 4056 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

08:00:48.0690 4056 drmkaud - ok

08:00:48.0768 4056 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

08:00:48.0799 4056 DXGKrnl - ok

08:00:48.0830 4056 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

08:00:48.0846 4056 EapHost - ok

08:00:48.0986 4056 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

08:00:49.0064 4056 ebdrv - ok

08:00:49.0594 4056 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

08:00:49.0594 4056 EFS - ok

08:00:49.0719 4056 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

08:00:49.0735 4056 ehRecvr - ok

08:00:49.0782 4056 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

08:00:49.0782 4056 ehSched - ok

08:00:49.0860 4056 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

08:00:49.0875 4056 elxstor - ok

08:00:49.0906 4056 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

08:00:49.0922 4056 ErrDev - ok

08:00:49.0984 4056 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

08:00:50.0000 4056 EventSystem - ok

08:00:50.0047 4056 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

08:00:50.0047 4056 exfat - ok

08:00:50.0078 4056 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

08:00:50.0078 4056 fastfat - ok

08:00:50.0172 4056 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

08:00:50.0187 4056 Fax - ok

08:00:50.0218 4056 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

08:00:50.0218 4056 fdc - ok

08:00:50.0265 4056 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

08:00:50.0265 4056 fdPHost - ok

08:00:50.0296 4056 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

08:00:50.0296 4056 FDResPub - ok

08:00:50.0312 4056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

08:00:50.0328 4056 FileInfo - ok

08:00:50.0343 4056 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

08:00:50.0343 4056 Filetrace - ok

08:00:50.0359 4056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

08:00:50.0359 4056 flpydisk - ok

08:00:50.0421 4056 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

08:00:50.0437 4056 FltMgr - ok

08:00:50.0515 4056 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

08:00:50.0562 4056 FontCache - ok

08:00:50.0640 4056 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:00:50.0655 4056 FontCache3.0.0.0 - ok

08:00:50.0702 4056 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

08:00:50.0702 4056 FsDepends - ok

08:00:50.0749 4056 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

08:00:50.0749 4056 Fs_Rec - ok

08:00:50.0827 4056 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

08:00:50.0827 4056 fvevol - ok

08:00:50.0858 4056 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

08:00:50.0858 4056 gagp30kx - ok

08:00:50.0967 4056 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

08:00:50.0967 4056 GameConsoleService - ok

08:00:51.0014 4056 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:00:51.0014 4056 GEARAspiWDM - ok

08:00:51.0092 4056 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

08:00:51.0123 4056 gpsvc - ok

08:00:51.0154 4056 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

08:00:51.0154 4056 hcw85cir - ok

08:00:51.0232 4056 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

08:00:51.0248 4056 HdAudAddService - ok

08:00:51.0279 4056 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

08:00:51.0279 4056 HDAudBus - ok

08:00:51.0326 4056 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

08:00:51.0326 4056 HidBatt - ok

08:00:51.0778 4056 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

08:00:51.0778 4056 HidBth - ok

08:00:51.0810 4056 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

08:00:51.0841 4056 HidIr - ok

08:00:51.0872 4056 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

08:00:51.0872 4056 hidserv - ok

08:00:51.0934 4056 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

08:00:51.0934 4056 HidUsb - ok

08:00:51.0981 4056 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

08:00:51.0997 4056 hkmsvc - ok

08:00:52.0044 4056 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

08:00:52.0059 4056 HomeGroupListener - ok

08:00:52.0106 4056 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

08:00:52.0122 4056 HomeGroupProvider - ok

08:00:52.0215 4056 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

08:00:52.0215 4056 HP Health Check Service - ok

08:00:52.0246 4056 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

08:00:52.0246 4056 HpqKbFiltr - ok

08:00:52.0324 4056 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

08:00:52.0324 4056 hpqwmiex - ok

08:00:52.0371 4056 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

08:00:52.0371 4056 HpSAMD - ok

08:00:52.0480 4056 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll

08:00:52.0512 4056 HsfXAudioService - ok

08:00:52.0590 4056 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys

08:00:52.0621 4056 HSF_DPV - ok

08:00:52.0792 4056 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

08:00:52.0808 4056 HTTP - ok

08:00:52.0855 4056 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

08:00:52.0855 4056 hwpolicy - ok

08:00:52.0902 4056 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

08:00:52.0902 4056 i8042prt - ok

08:00:52.0964 4056 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

08:00:52.0980 4056 iaStorV - ok

08:00:53.0104 4056 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:00:53.0136 4056 idsvc - ok

08:00:53.0604 4056 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys

08:00:53.0822 4056 igfx - ok

08:00:54.0274 4056 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

08:00:54.0274 4056 iirsp - ok

08:00:54.0352 4056 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

08:00:54.0384 4056 IKEEXT - ok

08:00:54.0415 4056 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

08:00:54.0415 4056 intelide - ok

08:00:54.0446 4056 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

08:00:54.0446 4056 intelppm - ok

08:00:54.0493 4056 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

08:00:54.0493 4056 IPBusEnum - ok

08:00:54.0555 4056 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:00:54.0555 4056 IpFilterDriver - ok

08:00:54.0602 4056 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

08:00:54.0618 4056 iphlpsvc - ok

08:00:54.0664 4056 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

08:00:54.0664 4056 IPMIDRV - ok

08:00:54.0711 4056 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

08:00:54.0711 4056 IPNAT - ok

08:00:54.0852 4056 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

08:00:54.0898 4056 iPod Service - ok

08:00:54.0961 4056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

08:00:54.0961 4056 IRENUM - ok

08:00:54.0992 4056 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

08:00:54.0992 4056 isapnp - ok

08:00:55.0023 4056 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

08:00:55.0023 4056 iScsiPrt - ok

08:00:55.0070 4056 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

08:00:55.0070 4056 kbdclass - ok

08:00:55.0117 4056 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

08:00:55.0117 4056 kbdhid - ok

08:00:55.0164 4056 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:00:55.0164 4056 KeyIso - ok

08:00:55.0195 4056 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

08:00:55.0195 4056 KSecDD - ok

08:00:55.0226 4056 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

08:00:55.0226 4056 KSecPkg - ok

08:00:55.0273 4056 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

08:00:55.0273 4056 ksthunk - ok

08:00:55.0320 4056 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

08:00:55.0335 4056 KtmRm - ok

08:00:55.0398 4056 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

08:00:55.0413 4056 LanmanServer - ok

08:00:55.0460 4056 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

08:00:55.0460 4056 LanmanWorkstation - ok

08:00:55.0554 4056 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

08:00:55.0554 4056 LightScribeService - ok

08:00:55.0616 4056 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

08:00:55.0616 4056 lltdio - ok

08:00:55.0647 4056 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

08:00:55.0663 4056 lltdsvc - ok

08:00:55.0678 4056 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

08:00:55.0678 4056 lmhosts - ok

08:00:55.0725 4056 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

08:00:55.0725 4056 LSI_FC - ok

08:00:55.0741 4056 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

08:00:55.0756 4056 LSI_SAS - ok

08:00:55.0772 4056 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:00:55.0788 4056 LSI_SAS2 - ok

08:00:55.0803 4056 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:00:55.0803 4056 LSI_SCSI - ok

08:00:55.0834 4056 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

08:00:55.0834 4056 luafv - ok

08:00:55.0897 4056 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys

08:00:55.0897 4056 mbamchameleon - ok

08:00:55.0959 4056 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

08:00:55.0959 4056 MBAMProtector - ok

08:00:56.0022 4056 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

08:00:56.0053 4056 MBAMService - ok

08:00:56.0568 4056 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

08:00:56.0583 4056 Mcx2Svc - ok

08:00:56.0614 4056 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

08:00:56.0614 4056 mdmxsdk - ok

08:00:56.0630 4056 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

08:00:56.0630 4056 megasas - ok

08:00:56.0677 4056 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

08:00:56.0692 4056 MegaSR - ok

08:00:56.0739 4056 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:00:56.0739 4056 MMCSS - ok

08:00:56.0755 4056 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

08:00:56.0755 4056 Modem - ok

08:00:56.0802 4056 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

08:00:56.0802 4056 monitor - ok

08:00:56.0848 4056 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

08:00:56.0848 4056 mouclass - ok

08:00:56.0880 4056 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

08:00:56.0880 4056 mouhid - ok

08:00:56.0942 4056 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

08:00:56.0942 4056 mountmgr - ok

08:00:56.0973 4056 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

08:00:56.0973 4056 mpio - ok

08:00:57.0004 4056 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

08:00:57.0004 4056 mpsdrv - ok

08:00:57.0098 4056 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

08:00:57.0129 4056 MpsSvc - ok

08:00:57.0192 4056 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

08:00:57.0192 4056 MRxDAV - ok

08:00:57.0223 4056 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:00:57.0223 4056 mrxsmb - ok

08:00:57.0270 4056 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:00:57.0285 4056 mrxsmb10 - ok

08:00:57.0301 4056 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:00:57.0301 4056 mrxsmb20 - ok

08:00:57.0348 4056 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

08:00:57.0348 4056 msahci - ok

08:00:57.0379 4056 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

08:00:57.0379 4056 msdsm - ok

08:00:57.0426 4056 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

08:00:57.0426 4056 MSDTC - ok

08:00:57.0472 4056 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

08:00:57.0472 4056 Msfs - ok

08:00:57.0504 4056 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

08:00:57.0504 4056 mshidkmdf - ok

08:00:57.0550 4056 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

08:00:57.0550 4056 msisadrv - ok

08:00:57.0582 4056 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

08:00:57.0597 4056 MSiSCSI - ok

08:00:57.0613 4056 msiserver - ok

08:00:57.0644 4056 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

08:00:57.0644 4056 MSKSSRV - ok

08:00:57.0660 4056 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

08:00:57.0660 4056 MSPCLOCK - ok

08:00:57.0675 4056 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

08:00:57.0675 4056 MSPQM - ok

08:00:57.0753 4056 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

08:00:57.0769 4056 MsRPC - ok

08:00:57.0800 4056 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

08:00:57.0800 4056 mssmbios - ok

08:00:57.0831 4056 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

08:00:57.0831 4056 MSTEE - ok

08:00:57.0847 4056 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

08:00:57.0847 4056 MTConfig - ok

08:00:57.0878 4056 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

08:00:57.0878 4056 Mup - ok

08:00:57.0940 4056 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

08:00:57.0972 4056 napagent - ok

08:00:58.0018 4056 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

08:00:58.0034 4056 NativeWifiP - ok

08:00:58.0096 4056 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

08:00:58.0128 4056 NDIS - ok

08:00:58.0159 4056 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

08:00:58.0159 4056 NdisCap - ok

08:00:58.0190 4056 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

08:00:58.0190 4056 NdisTapi - ok

08:00:58.0252 4056 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

08:00:58.0252 4056 Ndisuio - ok

08:00:58.0315 4056 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

08:00:58.0315 4056 NdisWan - ok

08:00:58.0377 4056 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

08:00:58.0377 4056 NDProxy - ok

08:00:58.0798 4056 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

08:00:58.0814 4056 NetBIOS - ok

08:00:58.0861 4056 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

08:00:58.0876 4056 NetBT - ok

08:00:58.0923 4056 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:00:58.0923 4056 Netlogon - ok

08:00:58.0986 4056 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

08:00:59.0001 4056 Netman - ok

08:00:59.0032 4056 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

08:00:59.0032 4056 netprofm - ok

08:00:59.0110 4056 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:00:59.0110 4056 NetTcpPortSharing - ok

08:00:59.0376 4056 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

08:00:59.0485 4056 netw5v64 - ok

08:00:59.0594 4056 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

08:00:59.0594 4056 nfrd960 - ok

08:00:59.0672 4056 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

08:00:59.0688 4056 NlaSvc - ok

08:00:59.0703 4056 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

08:00:59.0719 4056 Npfs - ok

08:00:59.0750 4056 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

08:00:59.0750 4056 nsi - ok

08:00:59.0781 4056 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

08:00:59.0781 4056 nsiproxy - ok

08:00:59.0875 4056 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

08:00:59.0922 4056 Ntfs - ok

08:01:00.0031 4056 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

08:01:00.0031 4056 Null - ok

08:01:00.0062 4056 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

08:01:00.0078 4056 nvraid - ok

08:01:00.0109 4056 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

08:01:00.0109 4056 nvstor - ok

08:01:00.0140 4056 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

08:01:00.0156 4056 nv_agp - ok

08:01:00.0265 4056 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:01:00.0280 4056 odserv - ok

08:01:00.0312 4056 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

08:01:00.0327 4056 ohci1394 - ok

08:01:00.0358 4056 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:01:00.0358 4056 ose - ok

08:01:00.0421 4056 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:01:00.0436 4056 p2pimsvc - ok

08:01:00.0483 4056 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

08:01:00.0514 4056 p2psvc - ok

08:01:00.0546 4056 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

08:01:00.0546 4056 Parport - ok

08:01:00.0577 4056 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

08:01:00.0577 4056 partmgr - ok

08:01:00.0608 4056 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

08:01:00.0608 4056 PcaSvc - ok

08:01:00.0639 4056 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

08:01:00.0655 4056 pci - ok

08:01:01.0107 4056 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

08:01:01.0107 4056 pciide - ok

08:01:01.0154 4056 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

08:01:01.0170 4056 pcmcia - ok

08:01:01.0185 4056 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

08:01:01.0185 4056 pcw - ok

08:01:01.0248 4056 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

08:01:01.0263 4056 PEAUTH - ok

08:01:01.0341 4056 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

08:01:01.0341 4056 PerfHost - ok

08:01:01.0466 4056 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

08:01:01.0497 4056 pla - ok

08:01:01.0560 4056 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

08:01:01.0591 4056 PlugPlay - ok

08:01:01.0606 4056 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

08:01:01.0606 4056 PNRPAutoReg - ok

08:01:01.0653 4056 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:01:01.0653 4056 PNRPsvc - ok

08:01:01.0716 4056 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

08:01:01.0747 4056 PolicyAgent - ok

08:01:01.0794 4056 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

08:01:01.0794 4056 Power - ok

08:01:01.0887 4056 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

08:01:01.0887 4056 PptpMiniport - ok

08:01:01.0934 4056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

08:01:01.0934 4056 Processor - ok

08:01:01.0996 4056 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

08:01:01.0996 4056 ProfSvc - ok

08:01:02.0059 4056 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:01:02.0059 4056 ProtectedStorage - ok

08:01:02.0121 4056 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

08:01:02.0137 4056 Psched - ok

08:01:02.0215 4056 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

08:01:02.0262 4056 ql2300 - ok

08:01:02.0355 4056 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

08:01:02.0355 4056 ql40xx - ok

08:01:02.0402 4056 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

08:01:02.0418 4056 QWAVE - ok

08:01:02.0449 4056 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

08:01:02.0449 4056 QWAVEdrv - ok

08:01:02.0480 4056 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

08:01:02.0480 4056 RasAcd - ok

08:01:02.0527 4056 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:01:02.0527 4056 RasAgileVpn - ok

08:01:02.0574 4056 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

08:01:02.0574 4056 RasAuto - ok

08:01:02.0620 4056 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:01:02.0620 4056 Rasl2tp - ok

08:01:02.0683 4056 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

08:01:02.0698 4056 RasMan - ok

08:01:02.0745 4056 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

08:01:02.0745 4056 RasPppoe - ok

08:01:02.0776 4056 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

08:01:02.0776 4056 RasSstp - ok

08:01:02.0808 4056 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

08:01:02.0823 4056 rdbss - ok

08:01:02.0839 4056 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

08:01:02.0839 4056 rdpbus - ok

08:01:02.0870 4056 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:01:02.0870 4056 RDPCDD - ok

08:01:02.0917 4056 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

08:01:02.0917 4056 RDPENCDD - ok

08:01:02.0932 4056 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

08:01:02.0932 4056 RDPREFMP - ok

08:01:02.0995 4056 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

08:01:02.0995 4056 RDPWD - ok

08:01:03.0525 4056 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

08:01:03.0525 4056 rdyboost - ok

08:01:03.0556 4056 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

08:01:03.0572 4056 RemoteAccess - ok

08:01:03.0603 4056 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

08:01:03.0603 4056 RemoteRegistry - ok

08:01:03.0697 4056 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

08:01:03.0697 4056 RichVideo - ok

08:01:03.0744 4056 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

08:01:03.0744 4056 RpcEptMapper - ok

08:01:03.0775 4056 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

08:01:03.0775 4056 RpcLocator - ok

08:01:03.0837 4056 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:01:03.0853 4056 RpcSs - ok

08:01:03.0915 4056 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

08:01:03.0915 4056 rspndr - ok

08:01:03.0946 4056 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys

08:01:03.0962 4056 RSUSBSTOR - ok

08:01:04.0009 4056 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

08:01:04.0009 4056 RTL8167 - ok

08:01:04.0024 4056 RtsUIR - ok

08:01:04.0071 4056 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:01:04.0087 4056 SamSs - ok

08:01:04.0118 4056 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

08:01:04.0118 4056 sbp2port - ok

08:01:04.0149 4056 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

08:01:04.0165 4056 SCardSvr - ok

08:01:04.0212 4056 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

08:01:04.0212 4056 scfilter - ok

08:01:04.0305 4056 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

08:01:04.0336 4056 Schedule - ok

08:01:04.0383 4056 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:01:04.0383 4056 SCPolicySvc - ok

08:01:04.0446 4056 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

08:01:04.0446 4056 sdbus - ok

08:01:04.0477 4056 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

08:01:04.0477 4056 SDRSVC - ok

08:01:04.0570 4056 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

08:01:04.0570 4056 SeagateDashboardService - ok

08:01:04.0617 4056 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:01:04.0617 4056 secdrv - ok

08:01:04.0664 4056 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

08:01:04.0680 4056 seclogon - ok

08:01:04.0711 4056 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

08:01:04.0711 4056 SENS - ok

08:01:04.0758 4056 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

08:01:04.0773 4056 SensrSvc - ok

08:01:04.0789 4056 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

08:01:04.0804 4056 Serenum - ok

08:01:04.0820 4056 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

08:01:04.0836 4056 Serial - ok

08:01:04.0867 4056 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

08:01:04.0867 4056 sermouse - ok

08:01:04.0929 4056 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

08:01:04.0929 4056 SessionEnv - ok

08:01:04.0960 4056 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

08:01:04.0960 4056 sffdisk - ok

08:01:04.0976 4056 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

08:01:04.0976 4056 sffp_mmc - ok

08:01:05.0007 4056 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

08:01:05.0007 4056 sffp_sd - ok

08:01:05.0038 4056 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

08:01:05.0038 4056 sfloppy - ok

08:01:05.0101 4056 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

08:01:05.0116 4056 SharedAccess - ok

08:01:05.0179 4056 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

08:01:05.0194 4056 ShellHWDetection - ok

08:01:05.0226 4056 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:01:05.0226 4056 SiSRaid2 - ok

08:01:05.0272 4056 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

08:01:05.0272 4056 SiSRaid4 - ok

08:01:05.0818 4056 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

08:01:05.0834 4056 Smb - ok

08:01:05.0881 4056 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

08:01:05.0881 4056 SNMPTRAP - ok

08:01:05.0896 4056 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

08:01:05.0896 4056 spldr - ok

08:01:05.0974 4056 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

08:01:05.0990 4056 Spooler - ok

08:01:06.0177 4056 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

08:01:06.0271 4056 sppsvc - ok

08:01:06.0364 4056 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

08:01:06.0364 4056 sppuinotify - ok

08:01:06.0442 4056 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

08:01:06.0458 4056 srv - ok

08:01:06.0489 4056 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

08:01:06.0505 4056 srv2 - ok

08:01:06.0567 4056 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

08:01:06.0583 4056 SrvHsfHDA - ok

08:01:06.0661 4056 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

08:01:06.0708 4056 SrvHsfV92 - ok

08:01:06.0864 4056 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

08:01:06.0895 4056 SrvHsfWinac - ok

08:01:06.0926 4056 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

08:01:06.0926 4056 srvnet - ok

08:01:06.0973 4056 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

08:01:06.0988 4056 SSDPSRV - ok

08:01:07.0004 4056 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

08:01:07.0020 4056 SstpSvc - ok

08:01:07.0051 4056 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

08:01:07.0051 4056 stexstor - ok

08:01:07.0129 4056 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

08:01:07.0144 4056 stisvc - ok

08:01:07.0191 4056 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

08:01:07.0191 4056 swenum - ok

08:01:07.0300 4056 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

08:01:07.0332 4056 SwitchBoard - ok

08:01:07.0378 4056 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

08:01:07.0394 4056 swprv - ok

08:01:07.0456 4056 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys

08:01:07.0472 4056 SynTP - ok

08:01:07.0800 4056 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

08:01:07.0846 4056 SysMain - ok

08:01:08.0190 4056 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

08:01:08.0190 4056 TabletInputService - ok

08:01:08.0221 4056 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

08:01:08.0236 4056 TapiSrv - ok

08:01:08.0283 4056 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

08:01:08.0283 4056 TBS - ok

08:01:08.0470 4056 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

08:01:08.0533 4056 Tcpip - ok

08:01:08.0689 4056 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

08:01:08.0704 4056 TCPIP6 - ok

08:01:08.0798 4056 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

08:01:08.0798 4056 tcpipreg - ok

08:01:08.0860 4056 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

08:01:08.0860 4056 TDPIPE - ok

08:01:08.0907 4056 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

08:01:08.0907 4056 TDTCP - ok

08:01:08.0985 4056 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

08:01:08.0985 4056 tdx - ok

08:01:09.0016 4056 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

08:01:09.0032 4056 TermDD - ok

08:01:09.0079 4056 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

08:01:09.0110 4056 TermService - ok

08:01:09.0126 4056 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

08:01:09.0141 4056 Themes - ok

08:01:09.0172 4056 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:01:09.0172 4056 THREADORDER - ok

08:01:09.0204 4056 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

08:01:09.0204 4056 TrkWks - ok

08:01:09.0282 4056 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

08:01:09.0282 4056 TrustedInstaller - ok

08:01:09.0344 4056 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:01:09.0344 4056 tssecsrv - ok

08:01:09.0391 4056 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

08:01:09.0391 4056 TsUsbFlt - ok

08:01:09.0469 4056 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

08:01:09.0469 4056 tunnel - ok

08:01:09.0516 4056 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

08:01:09.0516 4056 uagp35 - ok

08:01:09.0578 4056 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

08:01:09.0594 4056 udfs - ok

08:01:09.0625 4056 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

08:01:09.0640 4056 UI0Detect - ok

08:01:09.0672 4056 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

08:01:09.0672 4056 uliagpkx - ok

08:01:09.0718 4056 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

08:01:09.0718 4056 umbus - ok

08:01:09.0750 4056 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

08:01:09.0750 4056 UmPass - ok

08:01:09.0781 4056 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

08:01:09.0812 4056 upnphost - ok

08:01:10.0093 4056 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

08:01:10.0093 4056 USBAAPL64 - ok

08:01:10.0420 4056 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys

08:01:10.0436 4056 usbccgp - ok

08:01:10.0452 4056 USBCCID - ok

08:01:10.0498 4056 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

08:01:10.0498 4056 usbcir - ok

08:01:10.0530 4056 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

08:01:10.0530 4056 usbehci - ok

08:01:10.0576 4056 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

08:01:10.0592 4056 usbhub - ok

08:01:10.0623 4056 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

08:01:10.0623 4056 usbohci - ok

08:01:10.0670 4056 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

08:01:10.0670 4056 usbprint - ok

08:01:10.0701 4056 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:01:10.0701 4056 USBSTOR - ok

08:01:10.0717 4056 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

08:01:10.0732 4056 usbuhci - ok

08:01:10.0764 4056 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

08:01:10.0764 4056 UxSms - ok

08:01:10.0810 4056 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:01:10.0810 4056 VaultSvc - ok

08:01:10.0842 4056 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

08:01:10.0842 4056 vdrvroot - ok

08:01:10.0920 4056 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

08:01:10.0935 4056 vds - ok

08:01:10.0966 4056 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

08:01:10.0966 4056 vga - ok

08:01:10.0998 4056 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

08:01:11.0013 4056 VgaSave - ok

08:01:11.0044 4056 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

08:01:11.0060 4056 vhdmp - ok

08:01:11.0076 4056 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

08:01:11.0076 4056 viaide - ok

08:01:11.0107 4056 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

08:01:11.0107 4056 volmgr - ok

08:01:11.0169 4056 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

08:01:11.0185 4056 volmgrx - ok

08:01:11.0216 4056 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

08:01:11.0232 4056 volsnap - ok

08:01:11.0263 4056 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

08:01:11.0278 4056 vsmraid - ok

08:01:11.0388 4056 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

08:01:11.0434 4056 VSS - ok

08:01:11.0544 4056 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

08:01:11.0544 4056 vwifibus - ok

08:01:11.0590 4056 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

08:01:11.0590 4056 vwififlt - ok

08:01:11.0622 4056 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

08:01:11.0622 4056 vwifimp - ok

08:01:11.0668 4056 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

08:01:11.0684 4056 W32Time - ok

08:01:11.0715 4056 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

08:01:11.0715 4056 WacomPen - ok

08:01:11.0793 4056 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:01:11.0793 4056 WANARP - ok

08:01:11.0809 4056 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:01:11.0809 4056 Wanarpv6 - ok

08:01:11.0902 4056 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

08:01:11.0934 4056 WatAdminSvc - ok

08:01:12.0027 4056 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

08:01:12.0074 4056 wbengine - ok

08:01:12.0636 4056 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

08:01:12.0636 4056 WbioSrvc - ok

08:01:12.0714 4056 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

08:01:12.0729 4056 wcncsvc - ok

08:01:12.0745 4056 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

08:01:12.0745 4056 WcsPlugInService - ok

08:01:12.0807 4056 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

08:01:12.0807 4056 Wd - ok

08:01:12.0854 4056 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:01:12.0870 4056 Wdf01000 - ok

08:01:12.0901 4056 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:01:12.0901 4056 WdiServiceHost - ok

08:01:12.0916 4056 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:01:12.0916 4056 WdiSystemHost - ok

08:01:12.0979 4056 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

08:01:12.0994 4056 WebClient - ok

08:01:13.0026 4056 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

08:01:13.0041 4056 Wecsvc - ok

08:01:13.0057 4056 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

08:01:13.0072 4056 wercplsupport - ok

08:01:13.0104 4056 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

08:01:13.0119 4056 WerSvc - ok

08:01:13.0182 4056 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

08:01:13.0182 4056 WfpLwf - ok

08:01:13.0213 4056 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

08:01:13.0213 4056 WIMMount - ok

08:01:13.0291 4056 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

08:01:13.0306 4056 winachsf - ok

08:01:13.0353 4056 WinDefend - ok

08:01:13.0369 4056 WinHttpAutoProxySvc - ok

08:01:13.0431 4056 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

08:01:13.0431 4056 Winmgmt - ok

08:01:13.0572 4056 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

08:01:13.0618 4056 WinRM - ok

08:01:13.0759 4056 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

08:01:13.0759 4056 WinUsb - ok

08:01:13.0837 4056 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

08:01:13.0868 4056 Wlansvc - ok

08:01:13.0899 4056 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

08:01:13.0915 4056 WmiAcpi - ok

08:01:13.0977 4056 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

08:01:13.0993 4056 wmiApSrv - ok

08:01:14.0040 4056 WMPNetworkSvc - ok

08:01:14.0071 4056 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

08:01:14.0086 4056 WPCSvc - ok

08:01:14.0133 4056 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

08:01:14.0133 4056 WPDBusEnum - ok

08:01:14.0180 4056 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

08:01:14.0180 4056 ws2ifsl - ok

08:01:14.0196 4056 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

08:01:14.0211 4056 wscsvc - ok

08:01:14.0242 4056 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

08:01:14.0242 4056 WSDPrintDevice - ok

08:01:14.0258 4056 WSearch - ok

08:01:14.0913 4056 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

08:01:14.0929 4056 wuauserv - ok

08:01:15.0069 4056 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

08:01:15.0085 4056 WudfPf - ok

08:01:15.0147 4056 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:01:15.0163 4056 WUDFRd - ok

08:01:15.0210 4056 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

08:01:15.0210 4056 wudfsvc - ok

08:01:15.0241 4056 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

08:01:15.0256 4056 WwanSvc - ok

08:01:15.0303 4056 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys

08:01:15.0303 4056 XAudio - ok

08:01:15.0366 4056 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

08:01:15.0381 4056 yukonw7 - ok

08:01:15.0444 4056 MBR (0x1B8) (efc2eced49282702db0b737570780fb0) \Device\Harddisk0\DR0

08:01:15.0646 4056 \Device\Harddisk0\DR0 - ok

08:01:15.0662 4056 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2

08:01:16.0177 4056 \Device\Harddisk1\DR2 - ok

08:01:16.0192 4056 Boot (0x1200) (eeb21de342fbc056de682cc90ab12256) \Device\Harddisk0\DR0\Partition0

08:01:16.0192 4056 \Device\Harddisk0\DR0\Partition0 - ok

08:01:16.0208 4056 Boot (0x1200) (659d390d60c15ac371319de8e71f0e1a) \Device\Harddisk0\DR0\Partition1

08:01:16.0208 4056 \Device\Harddisk0\DR0\Partition1 - ok

08:01:16.0255 4056 Boot (0x1200) (d02a354d4338c2c6d3bd13a989e477c0) \Device\Harddisk0\DR0\Partition2

08:01:16.0255 4056 \Device\Harddisk0\DR0\Partition2 - ok

08:01:16.0270 4056 Boot (0x1200) (cd5ac8129cf73e35797eed8e777e414b) \Device\Harddisk1\DR2\Partition0

08:01:16.0270 4056 \Device\Harddisk1\DR2\Partition0 - ok

08:01:16.0270 4056 ============================================================

08:01:16.0270 4056 Scan finished

08:01:16.0270 4056 ============================================================

08:01:16.0286 3988 Detected object count: 0

08:01:16.0286 3988 Actual detected object count: 0

Share this post


Link to post
Share on other sites

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Tama06 at 8:03:46 on 2012-07-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1871 [GMT -6:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\HP\QuickPlay\QPService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [muimsc] rundll32.exe "C:\Users\Tama06\AppData\Roaming\muimsc.dll",PszDupW

uRun: [ohevts] "C:\Windows\System32\rundll32.exe" "C:\Users\Tama06\AppData\Roaming\ohevts.dll",CreateClassDefinition

mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Tama06\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tama06\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

uPolicies-system: WallpaperStyle = 2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6D3FE038-DF9A-4E3D-B6AF-6141A54E2E51}\25166756E6723702E4563747 : DhcpNameServer = 192.168.1.1

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO-X64: HelloWorldBHO - No File

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-27 654408]

R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]

R3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-5 257696]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-07-12 14:00:21 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-06-27 18:23:04 -------- d-----w- C:\Users\Tama06\AppData\Roaming\Malwarebytes

2012-06-27 18:22:57 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-27 18:22:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-27 18:22:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-27 14:03:41 411648 ----a-w- C:\Users\Tama06\AppData\Roaming\ohevts.dll

2012-06-27 14:02:49 -------- d-----w- C:\ProgramData\529C50D800046EF3000161F1B4EB2367

2012-06-27 14:02:45 -------- d-----w- C:\Users\Tama06\AppData\Local\About

2012-06-27 14:02:43 138752 --sha-w- C:\Users\Tama06\AppData\Roaming\muimsc.dll

2012-06-26 15:10:59 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7B44993E-8E8F-446E-ADE8-79861E4F56EA}\mpengine.dll

2012-06-21 13:38:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 13:37:51 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 13:37:24 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 13:37:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-17 06:19:09 -------- d-----w- C:\Program Files\iPod

2012-06-17 06:19:08 -------- d-----w- C:\Program Files\iTunes

2012-06-17 06:19:08 -------- d-----w- C:\Program Files (x86)\iTunes

2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-17 06:13:13 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-13 18:04:36 209920 ----a-w- C:\Windows\System32\profsvc.dll

.

==================== Find3M ====================

.

2012-06-06 00:52:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-06 00:52:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 02:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 02:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

.

============= FINISH: 8:04:47.08 ===============

Share this post


Link to post
Share on other sites

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/2/2011 3:35:56 PM

System Uptime: 7/12/2012 7:42:33 AM (1 hours ago)

.

Motherboard: Wistron | | 3612

Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 103.432 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 2.006 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP81: 6/12/2012 9:30:31 AM - Windows Update

RP82: 6/14/2012 9:28:44 AM - Windows Update

RP83: 6/19/2012 9:24:05 AM - Windows Update

RP84: 6/21/2012 7:36:29 AM - Windows Update

RP85: 6/26/2012 9:09:52 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

Acrobat.com

Activate Norton Online Backup

ActiveCheck component for HP Active Support Library

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe Creative Suite 5.5 Design Premium

Adobe Download Assistant

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.4.6

Adobe Widget Browser

Amazon Add to Wish List IE Extension 1.2

Amazon MP3 Downloader 1.0.12

Apple Application Support

Apple Software Update

Atheros Driver Installation Program

Audacity 1.3.13 (Unicode)

Bing Bar

calibre

Choice Guard

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite

Dropbox

GIMP 2.6.11

Homepage Protection

HP Advisor

HP Customer Experience Enhancements

HP DVD Play 3.7

HP Games

HP Quick Launch Buttons

HP Setup

HP Smart Web Printing

HP Support Assistant

HP Update

HP User Guides 0156

HP Wireless Assistant

HPAsset component for HP Active Support Library

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

LabelPrint

LAME v3.98.3 for Audacity

LightScribe System Software

LIMBO

Magic Set Editor 2.0.0

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

PDF Settings CS5

pdfsam

PictureMover

Power2Go

PowerDirector

PowerRecover

QLBCASL

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Realtek USB 2.0 Card Reader

Seagate Dashboard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Yahoo! Messenger

YouTube Downloader 3.4

.

==== Event Viewer Messages From Past Week ========

.

7/12/2012 7:58:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

7/12/2012 7:43:59 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

MBAM's latest log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.27.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Tama06 :: UTANO2 [administrator]

Protection: Enabled

6/27/2012 4:37:06 PM

mbam-log-2012-06-27 (16-37-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209583

Time elapsed: 12 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Also, as to Antivirus software...

I just downloaded Avast, but I think that's the only anti-virus I currently have.

I believe that my laptop has an expired version of McAfee on it (possibly uninstalled).

Will Avast do?

Share this post


Link to post
Share on other sites

Also, I've read on other forums that finding the encryption key is an important step in saving the files affected by the ransomware.

I have not been able to locate (or recognise) such a file. This may simply be due to ignorance on my part...

Share this post


Link to post
Share on other sites

It's sad to know you had no antivirus on this system. That is highly risky. If it turns out your Windows has been severely damaged, the only resort would be to flatten/wipe the disk and put on the factory-state Windows as a new setup.

IF you did not buy Avast and if you did not install it, hold off a bit until after we have run a couple of utilities.

I am not aware of ransomware that truly encrypts a system. So we will proceed to attempt to locate & remove the ransomware.

Please do NOT do any websurfing. No online shopping, banking, nor online transactions. Only go to this forum and the sites I guide you to.

btw, the DDS report says this laptop has Windows 7 .....not Vista, as you had indicated early on.

These steps are for tama06 only. If you are a casual viewer, do NOT try this on your system!

If you are not tama06 and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Please follow my guidance

eusa_hand.gif If you are a casual viewer, do NOT try this on your system!

If you are not the originating-member-poster and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gifDo NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

Close any of your open programs while you run these tools.

Since this is a laptop pc, be sure it is connected to electrical-power or a UPS system ! We dont want the battery to go low & the system to auto-shutdown during tasks.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by Right-clicking on it and selecting Run as Administartor.

When prompted to allow run, choose YES. Then take the defaults offered by ERUNT and allow it to backup.

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

These steps are for tama06 only. If you are a casual viewer, do NOT try this on your system!

If you are not tama06 and have a similar problem, do NOT post here; start your own topic

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

If you have a prior copy of Combofix, delete it now :excl:

Download Combofix from any of the links below, and SAVE it to the Desktop.

>> Link 1 <<

>> Link 2 <<

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

2. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=111745
KILLALL::

Suspect::[4]
uRun: [muimsc] rundll32.exe "C:\Users\Tama06\AppData\Roaming\muimsc.dll",PszDupW
uRun: [ohevts] "C:\Windows\System32\rundll32.exe" "C:\Users\Tama06\AppData\Roaming\ohevts.dll",CreateClassDefinition

Driver::
muimsc
ohevts

Save this as CFScript.txt, in the same location as ComboFix.exe

Close/exit Notepad

3. Close any (all) open browsers. :excl:

4:

CFScriptB-4.gif

Refering to the picture above, drag & drop CFScript into ComboFix.exe

That will start a scripted run of Combofix.

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

When CF finishes running, it pops out with the CF log and this message box:

autosubmit.png

Clicking OK will begin the auto-upload of the zipped file.

CF_UploadSuccessful.gif

When Combofix restarts the system, do NOT touch it and allow it to load Windows by itself, into normal mode.

If there's a login-user-password needed, then use the same user/login as when you first started.

Let Combofix finish on it's own.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 4

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into a reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Share this post


Link to post
Share on other sites

Sorry about the Windows version mix-up...

We've got 3 laptops and 4 desktops in the house at the moment, and it's sometimes hard to keep them straight. I'd already shut the infected one down and stowed it away (since we were leaving the country) when you asked about the OS.

I am currently running ComboFix. I will post again as soon as it is finished.

Share this post


Link to post
Share on other sites

Finished with those steps. Posting logs.

ComboFixLog:

ComboFix 12-07-12.02 - Tama06 07/12/2012 10:37:43.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1552 [GMT -6:00]

Running from: c:\users\Tama06\Desktop\ComboFix.exe

Command switches used :: c:\users\Tama06\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Tama06\AppData\Roaming\muimsc.dll

c:\users\Tama06\AppData\Roaming\ohevts.dll

c:\users\Tama06\AppData\Roaming\uplog.txt.crypt

c:\users\Tama06\YouTubeDownloaderSetup34.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))

.

.

2012-07-12 16:50 . 2012-07-12 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-12 16:28 . 2012-07-12 16:28 -------- d-----w- c:\program files (x86)\ERUNT

2012-07-12 14:00 . 2012-07-12 14:00 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-06-27 18:23 . 2012-06-27 18:23 -------- d-----w- c:\users\Tama06\AppData\Roaming\Malwarebytes

2012-06-27 18:22 . 2012-06-27 18:22 -------- d-----w- c:\programdata\Malwarebytes

2012-06-27 18:22 . 2012-06-27 18:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-27 18:22 . 2012-04-04 21:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-27 14:02 . 2012-06-27 14:09 -------- d-----w- c:\programdata\529C50D800046EF3000161F1B4EB2367

2012-06-27 14:02 . 2012-06-27 20:41 -------- d-----w- c:\users\Tama06\AppData\Local\About

2012-06-26 15:10 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B44993E-8E8F-446E-ADE8-79861E4F56EA}\mpengine.dll

2012-06-21 13:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 13:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 13:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 13:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 13:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 13:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 13:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 13:37 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 13:37 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-17 06:19 . 2012-06-17 06:19 -------- d-----w- c:\program files\iPod

2012-06-17 06:19 . 2012-06-17 06:19 -------- d-----w- c:\program files\iTunes

2012-06-17 06:19 . 2012-06-17 06:19 -------- d-----w- c:\program files (x86)\iTunes

2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-17 06:13 . 2012-06-17 06:13 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-17 06:12 . 2012-06-17 06:13 -------- d-----w- c:\program files (x86)\QuickTime

2012-06-13 18:04 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-06 00:52 . 2012-06-06 00:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-06 00:52 . 2011-10-04 22:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-19 02:56 . 2012-04-19 02:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 02:56 . 2012-04-19 02:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Tama06\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Tama06\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-5-24 430080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 257696]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-12 33096]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-05 216064]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-03 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-24 292864]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 00:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 97792 ----a-w- c:\users\Tama06\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-muimsc - c:\users\Tama06\AppData\Roaming\muimsc.dll

Wow6432Node-HKCU-Run-ohevts - c:\users\Tama06\AppData\Roaming\ohevts.dll

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

.

**************************************************************************

.

Completion time: 2012-07-12 11:01:53 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-12 17:01

.

Pre-Run: 114,145,607,680 bytes free

Post-Run: 114,261,032,960 bytes free

.

- - End Of File - - 9677AF4641E4D155A7CB3FB822414766

Share this post


Link to post
Share on other sites

RogueKiller Report:

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Tama06 [Admin rights]

Mode: Scan -- Date: 07/12/2012 11:08:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] {8269C180-C8B6-4486-8AEE-CAEC83FDF84B}.job @ : C:\Users\Tama06\Desktop\Gampad_Pro.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250315AS ATA Device +++++

--- User ---

[MBR] a8881ba5916fc08d980df47ee42eb746

[bSP] 476df2a6a58edcea29ab582f9f1820f3 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 226085 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463431680 | Size: 12189 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

I have not quit/exitted RogueKiller yet, because when I try to, it says that elements have not been deleted...

Do I quit anyway? Or do something else?

Share this post


Link to post
Share on other sites

Locate this file C:\qoobox\ComboFix-quarantined-files.txt

Copy its contents and Paste into a reply, for my review.

Roguekiller

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator. (if it is not already running)
  • Wait until Prescan finishes.
  • Select (check) these items if shown
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [ZeroAccess][FILE] @ : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\@
    [ZeroAccess][FOLDER] U : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\U
    [ZeroAccess][FOLDER] L : c:\users\tama06\appdata\local\{5d861a4e-0316-e371-745a-fd8d0486dd3e}\L
  • Then press the Delete button.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

NEXT:

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

We will have a lot more to do after this.

Share this post


Link to post
Share on other sites

Thanks for sticking with me!

Rogue Killer did not have all five of those items. I deleted the two HJ items. the only other item was something called "task" and I deleted that, too.

ComboFix-quarantined-files.txt:

2012-07-12 17:00:45 . 2012-07-12 17:00:45 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat

2012-07-12 17:00:42 . 2012-07-12 17:00:42 376 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat

2012-07-12 17:00:28 . 2012-07-12 17:00:29 205 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-ohevts.reg.dat

2012-07-12 17:00:28 . 2012-07-12 17:00:28 164 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-muimsc.reg.dat

2012-07-12 16:46:06 . 2012-07-12 16:46:06 7,591 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-07-12 16:37:35 . 2012-07-12 16:37:35 58 ----a-w- C:\Qoobox\Quarantine\catchme.txt

2012-07-12 16:33:53 . 2012-07-12 16:33:53 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-06-27 17:01:44 . 2012-06-27 17:01:44 30 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming\uplog.txt.crypt.vir

2012-06-27 14:03:41 . 2012-06-27 14:03:43 411,648 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming\ohevts.dll.vir

2012-06-27 14:02:43 . 2012-06-27 14:02:31 138,752 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\AppData\Roaming\muimsc.dll.vir

2011-10-21 00:44:41 . 2011-10-21 00:44:53 5,342,064 ----a-w- C:\Qoobox\Quarantine\C\Users\Tama06\YouTubeDownloaderSetup34.exe.vir

Share this post


Link to post
Share on other sites

I started the Dr.Web program before grabbing the RKreport and cannot access it right now, while Dr.Web is in "Enhanced Protection Mode."

I will post it ASAP.

Share this post


Link to post
Share on other sites

ok. I hope you have started the DrWeb Cure-it scan.

Have plenty of patience (infinite patience) since it may take some hours for the scan to finish.

Share this post


Link to post
Share on other sites

I accidentally sat through the express scan (which found nothing) first. I am now sitting through the Complete Scan, which looks to be less than 10% done.

It has found some stuff. I said "Yes to All" and am letting it do its thing.

Share this post


Link to post
Share on other sites

I'm guesstimating that the scan is about 30% complete, now. So, it looks like 10% per hour.

I'm not sure I'll still be awake in 7 hours (I'm jet-lagging from my trip), so I'll most likely post the remaining logs and reports tomorrow morning.

Thank you again for your continued help!

Share this post


Link to post
Share on other sites

Get your rest. Let it run on it's own. I believe, iirc, I advised you to have this laptop plugged in to standard power source.

Anyhow, I'd expect the system will eventually go to hibernation or sleep mode (well after the run is finished).

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.