Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech Forums - Register now for FREE

We're your place for tech questions. Join 87497 others, and join the conversation. Ask questions. Find answers. Share your ideas and opinions. Browse our community. You'll find experts who enjoy helping others. Who explain technical issues in a non-technical way that anyone can understand. Create an account today (it's 100% free)!

Create an Account Login to Account


Photo

Artemis!1498db62cea7c [Solved]


  • This topic is locked This topic is locked
52 replies to this topic

#16 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,561 posts
  • MVP

Posted 07 April 2013 - 03:17 PM

Hi tortoise,

You have 2 antivirus programs installed. This will not give you more protection but rather less as the 2 will conflict and may cause system slow downs or lockups. Microsoft Security Essentials is pretty good. I suggest you keep it and uninstall Lavasoft Ad-Aware.


You have a very old vulnerable version of java installed.

Click on the Start button > Control Panel

Depending on your setings, either
  • click on the Uninstall a program option under the Programs category.
  • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Uninstall the following program

Java™ 6 Update 7


You can get the newest versions of Java from HERE.

Accept the licencing agreement amd scroll down to the bottom of the list. The file you want is jre-7u17-windows-i586.exe .

Download it to your desktop. Right click and run as Adminstrator to install it. Decline any other install that may be offered.


Next, openOTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Services

:OTL
O4 - HKCU..\Run: [PIXELA] C:\Users\Linda\AppData\Local\PIXELA\ewdamxaw.dll ()

:Files
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
c:\users\Linda\AppData\Local\{9109D45C-21E4-4367-A342-E2B2A824641C}\{216697C5-A77C-43A2-868D-285E6492C602}
c:\users\Linda\AppData\Local\{9109D45C-21E4-4367-A342-E2B2A824641C}

:Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.


Next


Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Please post back with
  • OTL fix log
  • MBAM log
How's the computer?

#17 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 07 April 2013 - 06:07 PM

OK more gray hair. Before I started the scans, my computer shut itself down. When it came back up, I got on the internet to get here, I had the ads that you see play just before a video playing. No video but just the sound. I shut everything off, unplugged the internet and went to task manager but nothing was running. Rebooted and same thing. So I did Java but ad ware wouldn't uninstall. I ran the OTL scan to fix it and I have had no log from it. It didn't save. I have the log from Malwarebytes . It had me reboot and when it did sidebar, Adobe Reader, Adobe Mgr, and cyberlink power stopped working. Stut down for a few minutes and No problem. The music is gone too. Here is the log I have Do you want me to run OTL again and get a log? Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.07.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Linda :: LINDA-PC [administrator] Protection: Enabled 4/7/2013 7:10:39 PM mbam-log-2013-04-07 (19-10-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219689 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected)

#18 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,561 posts
  • MVP

Posted 08 April 2013 - 02:51 AM

Hi tortoise,


The OTL fix log can be found at C:\_OTL\MovedFiles It will have a file name consisting of numbers that reflect the date and time stamp the fix was ran. It will be something similar to 04072013_111009.log . Please copy and paste the contents into your next reply.

The computer still doing ok?

#19 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 08:13 AM

Found it. All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PIXELA deleted successfully. C:\Users\Linda\AppData\Local\PIXELA\ewdamxaw.dll moved successfully. ========== FILES ========== C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully. c:\users\Linda\AppData\Local\{9109D45C-21E4-4367-A342-E2B2A824641C}\{216697C5-A77C-43A2-868D-285E6492C602} folder moved successfully. c:\users\Linda\AppData\Local\{9109D45C-21E4-4367-A342-E2B2A824641C} folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Linda ->Temp folder emptied: 3499855 bytes ->Temporary Internet Files folder emptied: 132810066 bytes ->Java cache emptied: 46456166 bytes ->Google Chrome cache emptied: 18755807 bytes ->Flash cache emptied: 3640 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1906460 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 6656 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4256347 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72239714 bytes RecycleBin emptied: 329148 bytes Total Files Cleaned = 267.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04072013_184227 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\bcm640.tmp scheduled to be moved on reboot. File\Folder C:\Windows\temp\fla2C8C.tmp not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\6644424d616c4668364f6741417a3430[1].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\adholder[1].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\africa[1].js moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\beacon[2].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\cgfutmaxbk-webfont[1].eot moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\cgfutmaxlt-webfont[1].eot moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\cms-2c[1].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\comments[1].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\fastbutton[1].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\follow_button.1363148939[1].htm moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\if[1].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\if[2].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\n6RTCDcIPWSE8UNBa4k-DA8xXkqeKCK1Z-hKQQc_vz4[1].eot moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\oauth[1].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\provider2[1].htm moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\seatbelt3[1].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\seatbelt[1].htm moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\shortcodes[1].css moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\show_content[2].htm moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\show_content[3].htm moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\trailer-661[2].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\xd_arbiter[2].htm moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\210302[1].js not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\button1[2].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\ddc[2].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\hub[1].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\if[2].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\if[3].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\if[4].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\if[5].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH2EFN6Y\LiveLeak-dot-com-6ddea028be53-dtp.mp4.h264_720p_[1].mp4 moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

#20 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,561 posts
  • MVP

Posted 08 April 2013 - 08:45 AM

Hi tortoise, How's the computer?

#21 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 09:54 AM

It seems to be running less hot. When I first came online, I had the ad noise running in the background. but it stopped after the ad finished and I haven't had it play since. Malwarebytes is stopping svchost .exe every 10 seconds so when the 14 days is up, it will 1000 pages in the log. lol

#22 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,561 posts
  • MVP

Posted 08 April 2013 - 11:24 AM

Hi tortoise,



Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

#23 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 12:40 PM

I think this is the log. There was no ensure cure choice 14:14:48.0145 9476 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:14:48.0752 9476 ============================================================ 14:14:48.0752 9476 Current date / time: 2013/04/08 14:14:48.0752 14:14:48.0752 9476 SystemInfo: 14:14:48.0752 9476 14:14:48.0753 9476 OS Version: 6.0.6002 ServicePack: 2.0 14:14:48.0753 9476 Product type: Workstation 14:14:48.0753 9476 ComputerName: LINDA-PC 14:14:48.0753 9476 UserName: Linda 14:14:48.0753 9476 Windows directory: C:\Windows 14:14:48.0753 9476 System windows directory: C:\Windows 14:14:48.0753 9476 Running under WOW64 14:14:48.0753 9476 Processor architecture: Intel x64 14:14:48.0753 9476 Number of processors: 2 14:14:48.0753 9476 Page size: 0x1000 14:14:48.0753 9476 Boot type: Normal boot 14:14:48.0753 9476 ============================================================ 14:14:50.0901 9476 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:14:50.0915 9476 ============================================================ 14:14:50.0915 9476 \Device\Harddisk0\DR0: 14:14:50.0915 9476 MBR partitions: 14:14:50.0915 9476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23B3C000 14:14:50.0915 9476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23B3C800, BlocksNum 0x18F0800 14:14:50.0915 9476 ============================================================ 14:14:50.0933 9476 C: <-> \Device\Harddisk0\DR0\Partition1 14:14:50.0985 9476 D: <-> \Device\Harddisk0\DR0\Partition2 14:14:50.0986 9476 ============================================================ 14:14:50.0986 9476 Initialize success 14:14:50.0986 9476 ============================================================ 14:16:16.0762 8880 ============================================================ 14:16:16.0762 8880 Scan started 14:16:16.0762 8880 Mode: Manual; SigCheck; TDLFS; 14:16:16.0762 8880 ============================================================ 14:16:17.0235 8880 ================ Scan system memory ======================== 14:16:17.0235 8880 System memory - ok 14:16:17.0235 8880 ================ Scan services ============================= 14:16:17.0408 8880 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 14:16:17.0576 8880 Accelerometer - ok 14:16:17.0619 8880 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 14:16:17.0649 8880 ACPI - ok 14:16:17.0824 8880 [ FB182AD520910442ABF146BB325DE79B ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe 14:16:17.0882 8880 Ad-Aware Service - ok 14:16:18.0031 8880 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:16:18.0059 8880 AdobeFlashPlayerUpdateSvc - ok 14:16:18.0126 8880 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:16:18.0173 8880 adp94xx - ok 14:16:18.0211 8880 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:16:18.0245 8880 adpahci - ok 14:16:18.0260 8880 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:16:18.0281 8880 adpu160m - ok 14:16:18.0298 8880 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:16:18.0320 8880 adpu320 - ok 14:16:18.0352 8880 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:16:18.0485 8880 AeLookupSvc - ok 14:16:18.0526 8880 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 14:16:18.0654 8880 AFD - ok 14:16:18.0709 8880 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe 14:16:18.0779 8880 AgereModemAudio - ok 14:16:18.0880 8880 [ 70E15CDA25E151DFC60636EF73F5A7BE ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 14:16:19.0067 8880 AgereSoftModem - ok 14:16:19.0137 8880 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:16:19.0155 8880 agp440 - ok 14:16:19.0226 8880 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:16:19.0248 8880 aic78xx - ok 14:16:19.0263 8880 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 14:16:19.0459 8880 ALG - ok 14:16:19.0500 8880 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys 14:16:19.0517 8880 aliide - ok 14:16:19.0523 8880 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys 14:16:19.0541 8880 amdide - ok 14:16:19.0568 8880 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:16:19.0646 8880 AmdK8 - ok 14:16:19.0707 8880 [ 71AFF825B960731E2AE366467BC0D1F3 ] Amfilter C:\Windows\system32\DRIVERS\Amfltx64.sys 14:16:19.0771 8880 Amfilter - ok 14:16:19.0802 8880 [ 8F1DB3D133197AFFA3A721953EB0988C ] Amusbprt C:\Windows\system32\DRIVERS\Amusbx64.sys 14:16:19.0840 8880 Amusbprt - ok 14:16:19.0939 8880 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe 14:16:19.0998 8880 AntiSpywareService - ok 14:16:20.0061 8880 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 14:16:20.0106 8880 Appinfo - ok 14:16:20.0156 8880 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 14:16:20.0186 8880 arc - ok 14:16:20.0237 8880 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:16:20.0256 8880 arcsas - ok 14:16:20.0299 8880 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:16:20.0381 8880 AsyncMac - ok 14:16:20.0423 8880 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 14:16:20.0442 8880 atapi - ok 14:16:20.0490 8880 [ 6F3F60194F703080E6D20335F284310F ] ATWPKT2 C:\Windows\system32\drivers\ATWPKT264.SYS 14:16:20.0505 8880 ATWPKT2 - ok 14:16:20.0554 8880 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:16:20.0645 8880 AudioEndpointBuilder - ok 14:16:20.0688 8880 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:16:20.0730 8880 AudioSrv - ok 14:16:20.0833 8880 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe 14:16:20.0860 8880 BBSvc - ok 14:16:20.0889 8880 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe 14:16:20.0917 8880 BBUpdate - ok 14:16:21.0026 8880 [ EEF98DDD0FC6A5DA452EB8120D57CE44 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 14:16:21.0232 8880 BCM43XX - ok 14:16:21.0282 8880 Beep - ok 14:16:21.0347 8880 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 14:16:21.0427 8880 BFE - ok 14:16:21.0509 8880 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll 14:16:21.0599 8880 BITS - ok 14:16:21.0636 8880 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 14:16:21.0759 8880 blbdrive - ok 14:16:21.0798 8880 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:16:21.0857 8880 bowser - ok 14:16:21.0886 8880 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:16:21.0951 8880 BrFiltLo - ok 14:16:21.0977 8880 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:16:22.0036 8880 BrFiltUp - ok 14:16:22.0096 8880 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 14:16:22.0167 8880 Browser - ok 14:16:22.0202 8880 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 14:16:22.0436 8880 Brserid - ok 14:16:22.0470 8880 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:16:22.0579 8880 BrSerWdm - ok 14:16:22.0601 8880 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:16:22.0698 8880 BrUsbMdm - ok 14:16:22.0721 8880 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:16:22.0790 8880 BrUsbSer - ok 14:16:22.0887 8880 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 14:16:22.0996 8880 BthEnum - ok 14:16:23.0047 8880 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:16:23.0125 8880 BTHMODEM - ok 14:16:23.0162 8880 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 14:16:23.0233 8880 BthPan - ok 14:16:23.0317 8880 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 14:16:23.0388 8880 BTHPORT - ok 14:16:23.0455 8880 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll 14:16:23.0494 8880 BthServ - ok 14:16:23.0526 8880 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 14:16:23.0572 8880 BTHUSB - ok 14:16:23.0634 8880 [ 0C5D9C8B412BE72C4535EC67A24C01DB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 14:16:23.0676 8880 btwaudio - ok 14:16:23.0705 8880 [ DF18E4291C43BED05B1D0C2D5C0E96D6 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 14:16:23.0751 8880 btwavdt - ok 14:16:23.0781 8880 [ 637A44C54520A9958E2E5E3EE9E26C4A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 14:16:23.0797 8880 btwrchid - ok 14:16:23.0805 8880 catchme - ok 14:16:23.0822 8880 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:16:23.0894 8880 cdfs - ok 14:16:23.0952 8880 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:16:23.0993 8880 cdrom - ok 14:16:24.0032 8880 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 14:16:24.0091 8880 CertPropSvc - ok 14:16:24.0118 8880 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 14:16:24.0193 8880 circlass - ok 14:16:24.0239 8880 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 14:16:24.0295 8880 CLFS - ok 14:16:24.0376 8880 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:16:24.0395 8880 clr_optimization_v2.0.50727_32 - ok 14:16:24.0455 8880 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:16:24.0468 8880 clr_optimization_v2.0.50727_64 - ok 14:16:24.0551 8880 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:16:24.0565 8880 clr_optimization_v4.0.30319_32 - ok 14:16:24.0591 8880 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:16:24.0605 8880 clr_optimization_v4.0.30319_64 - ok 14:16:24.0620 8880 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 14:16:24.0686 8880 CmBatt - ok 14:16:24.0707 8880 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:16:24.0721 8880 cmdide - ok 14:16:24.0775 8880 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 14:16:24.0794 8880 Com4QLBEx - ok 14:16:24.0802 8880 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 14:16:24.0819 8880 Compbatt - ok 14:16:24.0828 8880 COMSysApp - ok 14:16:24.0854 8880 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:16:24.0872 8880 crcdisk - ok 14:16:24.0922 8880 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:16:24.0967 8880 CryptSvc - ok 14:16:25.0037 8880 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 14:16:25.0151 8880 DcomLaunch - ok 14:16:25.0212 8880 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:16:25.0286 8880 DfsC - ok 14:16:25.0425 8880 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 14:16:25.0720 8880 DFSR - ok 14:16:25.0925 8880 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:16:26.0005 8880 Dhcp - ok 14:16:26.0046 8880 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 14:16:26.0073 8880 disk - ok 14:16:26.0134 8880 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:16:26.0204 8880 Dnscache - ok 14:16:26.0248 8880 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 14:16:26.0318 8880 dot3svc - ok 14:16:26.0369 8880 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 14:16:26.0455 8880 Dot4 - ok 14:16:26.0507 8880 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 14:16:26.0586 8880 Dot4Print - ok 14:16:26.0623 8880 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 14:16:26.0725 8880 dot4usb - ok 14:16:26.0778 8880 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 14:16:26.0862 8880 DPS - ok 14:16:26.0899 8880 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:16:26.0958 8880 drmkaud - ok 14:16:27.0017 8880 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:16:27.0077 8880 DXGKrnl - ok 14:16:27.0100 8880 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 14:16:27.0148 8880 E1G60 - ok 14:16:27.0165 8880 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 14:16:27.0226 8880 EapHost - ok 14:16:27.0286 8880 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 14:16:27.0309 8880 Ecache - ok 14:16:27.0357 8880 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:16:27.0408 8880 ehRecvr - ok 14:16:27.0442 8880 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 14:16:27.0473 8880 ehSched - ok 14:16:27.0515 8880 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 14:16:27.0549 8880 ehstart - ok 14:16:27.0598 8880 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:16:27.0662 8880 elxstor - ok 14:16:27.0721 8880 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:16:27.0784 8880 EMDMgmt - ok 14:16:27.0833 8880 [ F218A3A27ED6592C0E22EC3595554447 ] enecir C:\Windows\system32\DRIVERS\enecir.sys 14:16:27.0864 8880 enecir - ok 14:16:27.0891 8880 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:16:27.0964 8880 ErrDev - ok 14:16:28.0074 8880 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 14:16:28.0163 8880 EventSystem - ok 14:16:28.0214 8880 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 14:16:28.0275 8880 exfat - ok 14:16:28.0344 8880 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:16:28.0394 8880 fastfat - ok 14:16:28.0441 8880 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:16:28.0506 8880 fdc - ok 14:16:28.0535 8880 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 14:16:28.0609 8880 fdPHost - ok 14:16:28.0623 8880 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 14:16:28.0684 8880 FDResPub - ok 14:16:28.0730 8880 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:16:28.0745 8880 FileInfo - ok 14:16:28.0784 8880 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:16:28.0851 8880 Filetrace - ok 14:16:28.0898 8880 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:16:29.0046 8880 flpydisk - ok 14:16:29.0104 8880 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:16:29.0126 8880 FltMgr - ok 14:16:29.0242 8880 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 14:16:29.0341 8880 FontCache - ok 14:16:29.0447 8880 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:16:29.0459 8880 FontCache3.0.0.0 - ok 14:16:29.0519 8880 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 14:16:29.0550 8880 fssfltr - ok 14:16:29.0707 8880 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 14:16:29.0841 8880 fsssvc - ok 14:16:29.0896 8880 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:16:29.0951 8880 Fs_Rec - ok 14:16:29.0999 8880 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:16:30.0016 8880 gagp30kx - ok 14:16:30.0085 8880 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe 14:16:30.0097 8880 GameConsoleService - ok 14:16:30.0144 8880 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 14:16:30.0191 8880 gpsvc - ok 14:16:30.0257 8880 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:16:30.0274 8880 gupdate - ok 14:16:30.0291 8880 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:16:30.0306 8880 gupdatem - ok 14:16:30.0348 8880 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 14:16:30.0367 8880 gusvc - ok 14:16:30.0422 8880 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:16:30.0576 8880 HdAudAddService - ok 14:16:30.0653 8880 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:16:30.0766 8880 HDAudBus - ok 14:16:30.0827 8880 [ 39F7D79B3401BE029D8451F761D30331 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 14:16:30.0857 8880 HidBth - ok 14:16:30.0887 8880 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 14:16:30.0935 8880 HidIr - ok 14:16:30.0991 8880 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll 14:16:31.0060 8880 hidserv - ok 14:16:31.0093 8880 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:16:31.0162 8880 HidUsb - ok 14:16:31.0201 8880 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 14:16:31.0275 8880 hkmsvc - ok 14:16:31.0353 8880 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 14:16:31.0378 8880 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning 14:16:31.0378 8880 HP Health Check Service - detected UnsignedFile.Multi.Generic (1) 14:16:31.0423 8880 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:16:31.0441 8880 HpCISSs - ok 14:16:31.0469 8880 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 14:16:31.0482 8880 hpdskflt - ok 14:16:31.0619 8880 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 14:16:31.0642 8880 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 14:16:31.0642 8880 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 14:16:31.0690 8880 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 14:16:31.0819 8880 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 14:16:31.0819 8880 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 14:16:31.0861 8880 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 14:16:31.0928 8880 HpqKbFiltr - ok 14:16:31.0968 8880 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 14:16:31.0988 8880 hpqwmiex - ok 14:16:32.0023 8880 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe 14:16:32.0041 8880 hpsrv - ok 14:16:32.0107 8880 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:16:32.0209 8880 HTTP - ok 14:16:32.0254 8880 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:16:32.0268 8880 i2omp - ok 14:16:32.0324 8880 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:16:32.0374 8880 i8042prt - ok 14:16:32.0412 8880 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:16:32.0437 8880 iaStorV - ok 14:16:32.0546 8880 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 14:16:32.0570 8880 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:16:32.0570 8880 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:16:32.0653 8880 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:16:32.0701 8880 idsvc - ok 14:16:32.0938 8880 [ 312E18684051457A275DA878C75D69C2 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 14:16:33.0722 8880 igfx - ok 14:16:33.0769 8880 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:16:33.0814 8880 iirsp - ok 14:16:33.0970 8880 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 14:16:34.0070 8880 IKEEXT - ok 14:16:34.0122 8880 [ DEA2AB452B4FA773187369C4B6517320 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys 14:16:34.0204 8880 IntcHdmiAddService - ok 14:16:34.0271 8880 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys 14:16:34.0293 8880 intelide - ok 14:16:34.0320 8880 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:16:34.0412 8880 intelppm - ok 14:16:34.0451 8880 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:16:34.0570 8880 IPBusEnum - ok 14:16:34.0662 8880 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:16:34.0735 8880 IpFilterDriver - ok 14:16:34.0786 8880 [ BF0DBFA9792C5C14FA00F61C75116C1B ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll 14:16:34.0855 8880 IpHlpSvc - ok 14:16:34.0862 8880 IpInIp - ok 14:16:34.0910 8880 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:16:34.0967 8880 IPMIDRV - ok 14:16:34.0997 8880 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:16:35.0086 8880 IPNAT - ok 14:16:35.0117 8880 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:16:35.0202 8880 IRENUM - ok 14:16:35.0240 8880 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:16:35.0261 8880 isapnp - ok 14:16:35.0295 8880 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:16:35.0322 8880 iScsiPrt - ok 14:16:35.0334 8880 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:16:35.0353 8880 iteatapi - ok 14:16:35.0370 8880 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:16:35.0391 8880 iteraid - ok 14:16:35.0443 8880 [ 54F694C6CD3A1149BA3A8BDACC83BADC ] ITMRTSVC C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe 14:16:35.0465 8880 ITMRTSVC - ok 14:16:35.0483 8880 izpfiuve - ok 14:16:35.0515 8880 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:16:35.0544 8880 kbdclass - ok 14:16:35.0572 8880 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:16:35.0631 8880 kbdhid - ok 14:16:35.0649 8880 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 14:16:35.0692 8880 KeyIso - ok 14:16:35.0786 8880 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys 14:16:35.0814 8880 KMWDFILTER - ok 14:16:35.0881 8880 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:16:35.0959 8880 KSecDD - ok 14:16:36.0002 8880 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:16:36.0065 8880 ksthunk - ok 14:16:36.0115 8880 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 14:16:36.0249 8880 KtmRm - ok 14:16:36.0305 8880 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll 14:16:36.0367 8880 LanmanServer - ok 14:16:36.0438 8880 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:16:36.0477 8880 LanmanWorkstation - ok 14:16:36.0530 8880 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 14:16:36.0560 8880 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 14:16:36.0560 8880 LightScribeService - detected UnsignedFile.Multi.Generic (1) 14:16:36.0604 8880 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:16:36.0706 8880 lltdio - ok 14:16:36.0786 8880 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:16:36.0900 8880 lltdsvc - ok 14:16:36.0929 8880 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:16:37.0009 8880 lmhosts - ok 14:16:37.0046 8880 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:16:37.0073 8880 LSI_FC - ok 14:16:37.0096 8880 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys14:16:37.0122 8880 LSI_SAS - ok 14:16:37.0141 8880 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:16:37.0164 8880 LSI_SCSI - ok 14:16:37.0172 8880 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 14:16:37.0238 8880 luafv - ok 14:16:37.0247 8880 lxdx_device - ok 14:16:37.0312 8880 [ 36EFC8C32829A27BAF0E63BFDBD5EE90 ] massfilter C:\Windows\system32\drivers\massfilter.sys 14:16:37.0348 8880 massfilter - ok 14:16:37.0391 8880 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 14:16:37.0423 8880 MBAMProtector - ok 14:16:37.0480 8880 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 14:16:37.0507 8880 MBAMScheduler - ok 14:16:37.0569 8880 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 14:16:37.0633 8880 MBAMService - ok 14:16:37.0761 8880 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe 14:16:37.0815 8880 McciCMService ( UnsignedFile.Multi.Generic ) - warning 14:16:37.0815 8880 McciCMService - detected UnsignedFile.Multi.Generic (1) 14:16:37.0871 8880 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe 14:16:37.0900 8880 McComponentHostService - ok 14:16:37.0924 8880 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:16:37.0963 8880 Mcx2Svc - ok 14:16:37.0994 8880 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 14:16:38.0017 8880 megasas - ok 14:16:38.0083 8880 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 14:16:38.0128 8880 MegaSR - ok 14:16:38.0153 8880 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 14:16:38.0223 8880 MMCSS - ok 14:16:38.0325 8880 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 14:16:38.0426 8880 Modem - ok 14:16:38.0543 8880 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:16:38.0643 8880 monitor - ok 14:16:38.0751 8880 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:16:38.0782 8880 mouclass - ok 14:16:38.0874 8880 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:16:38.0949 8880 mouhid - ok 14:16:38.0988 8880 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:16:39.0053 8880 MountMgr - ok 14:16:39.0151 8880 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 14:16:39.0258 8880 MpFilter - ok 14:16:39.0313 8880 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 14:16:39.0345 8880 mpio - ok 14:16:39.0366 8880 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:16:39.0454 8880 mpsdrv - ok 14:16:39.0645 8880 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll 14:16:39.0921 8880 MpsSvc - ok 14:16:39.0964 8880 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:16:39.0994 8880 Mraid35x - ok 14:16:40.0049 8880 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS 14:16:40.0074 8880 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 14:16:40.0074 8880 MREMP50 - detected UnsignedFile.Multi.Generic (1) 14:16:40.0121 8880 MREMP50a64 - ok 14:16:40.0125 8880 MREMPR5 - ok 14:16:40.0131 8880 MRENDIS5 - ok 14:16:40.0147 8880 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS 14:16:40.0175 8880 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 14:16:40.0175 8880 MRESP50 - detected UnsignedFile.Multi.Generic (1) 14:16:40.0179 8880 MRESP50a64 - ok 14:16:40.0222 8880 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:16:40.0261 8880 MRxDAV - ok 14:16:40.0339 8880 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:16:40.0407 8880 mrxsmb - ok 14:16:40.0439 8880 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:16:40.0479 8880 mrxsmb10 - ok 14:16:40.0503 8880 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:16:40.0554 8880 mrxsmb20 - ok 14:16:40.0605 8880 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys 14:16:40.0624 8880 msahci - ok 14:16:40.0646 8880 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:16:40.0666 8880 msdsm - ok 14:16:40.0688 8880 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 14:16:40.0825 8880 MSDTC - ok 14:16:40.0887 8880 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:16:40.0995 8880 Msfs - ok 14:16:41.0054 8880 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:16:41.0077 8880 msisadrv - ok 14:16:41.0137 8880 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:16:41.0234 8880 MSiSCSI - ok 14:16:41.0241 8880 msiserver - ok 14:16:41.0283 8880 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:16:41.0375 8880 MSKSSRV - ok 14:16:41.0433 8880 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 14:16:41.0452 8880 MsMpSvc - ok 14:16:41.0476 8880 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:16:41.0520 8880 MSPCLOCK - ok 14:16:41.0566 8880 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:16:41.0604 8880 MSPQM - ok 14:16:41.0648 8880 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:16:41.0671 8880 MsRPC - ok 14:16:41.0698 8880 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:16:41.0713 8880 mssmbios - ok 14:16:41.0798 8880 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:16:41.0852 8880 MSTEE - ok 14:16:41.0912 8880 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 14:16:41.0931 8880 Mup - ok 14:16:42.0017 8880 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 14:16:42.0280 8880 napagent - ok 14:16:42.0345 8880 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:16:42.0539 8880 NativeWifiP - ok 14:16:42.0655 8880 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:16:42.0986 8880 NDIS - ok 14:16:43.0031 8880 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:16:43.0097 8880 NdisTapi - ok 14:16:43.0125 8880 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:16:43.0187 8880 Ndisuio - ok 14:16:43.0252 8880 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:16:43.0328 8880 NdisWan - ok 14:16:43.0371 8880 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:16:43.0417 8880 NDProxy - ok 14:16:43.0465 8880 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 14:16:43.0492 8880 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 14:16:43.0492 8880 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 14:16:43.0531 8880 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:16:43.0895 8880 NetBIOS - ok 14:16:44.0192 8880 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:16:44.0410 8880 netbt - ok 14:16:44.0528 8880 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 14:16:44.0552 8880 Netlogon - ok 14:16:44.0662 8880 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 14:16:44.0763 8880 Netman - ok 14:16:44.0832 8880 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 14:16:44.0900 8880 netprofm - ok 14:16:44.0942 8880 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:16:44.0955 8880 NetTcpPortSharing - ok 14:16:45.0084 8880 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys 14:16:45.0635 8880 NETw3v64 - ok 14:16:45.0660 8880 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:16:45.0685 8880 nfrd960 - ok 14:16:45.0765 8880 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 14:16:45.0839 8880 NisDrv - ok 14:16:45.0906 8880 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 14:16:45.0946 8880 NisSrv - ok 14:16:46.0110 8880 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 14:16:46.0207 8880 NlaSvc - ok 14:16:46.0211 8880 Norton Internet Security - ok 14:16:46.0254 8880 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:16:46.0335 8880 Npfs - ok 14:16:46.0375 8880 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 14:16:46.0438 8880 nsi - ok 14:16:46.0485 8880 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:16:46.0547 8880 nsiproxy - ok 14:16:46.0633 8880 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:16:46.0780 8880 Ntfs - ok 14:16:46.0809 8880 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 14:16:46.0885 8880 Null - ok 14:16:46.0929 8880 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:16:46.0949 8880 nvraid - ok 14:16:46.0981 8880 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:16:47.0000 8880 nvstor - ok 14:16:47.0043 8880 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:16:47.0063 8880 nv_agp - ok 14:16:47.0073 8880 NwlnkFlt - ok 14:16:47.0080 8880 NwlnkFwd - ok 14:16:47.0169 8880 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:16:47.0210 8880 odserv - ok 14:16:47.0271 8880 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 14:16:47.0342 8880 ohci1394 - ok 14:16:47.0386 8880 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:16:47.0410 8880 ose - ok 14:16:47.0462 8880 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:16:47.0575 8880 p2pimsvc - ok 14:16:47.0629 8880 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 14:16:47.0672 8880 p2psvc - ok 14:16:47.0722 8880 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 14:16:47.0839 8880 Parport - ok 14:16:47.0883 8880 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:16:47.0909 8880 partmgr - ok 14:16:47.0927 8880 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 14:16:47.0979 8880 PcaSvc - ok 14:16:48.0032 8880 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 14:16:48.0062 8880 pci - ok 14:16:48.0098 8880 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys 14:16:48.0121 8880 pciide - ok 14:16:48.0153 8880 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:16:48.0180 8880 pcmcia - ok 14:16:48.0218 8880 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:16:48.0370 8880 PEAUTH - ok 14:16:48.0444 8880 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:16:48.0523 8880 PerfHost - ok 14:16:48.0605 8880 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 14:16:48.0766 8880 pla - ok 14:16:48.0830 8880 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:16:48.0904 8880 PlugPlay - ok 14:16:48.0947 8880 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 14:16:48.0973 8880 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 14:16:48.0973 8880 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 14:16:49.0024 8880 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:16:49.0084 8880 PNRPAutoReg - ok 14:16:49.0140 8880 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:16:49.0205 8880 PNRPsvc - ok 14:16:49.0275 8880 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:16:49.0360 8880 PolicyAgent - ok 14:16:49.0417 8880 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:16:49.0467 8880 PptpMiniport - ok 14:16:49.0493 8880 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys 14:16:49.0579 8880 Processor - ok 14:16:49.0617 8880 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 14:16:49.0666 8880 ProfSvc - ok 14:16:49.0686 8880 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 14:16:49.0705 8880 ProtectedStorage - ok 14:16:49.0747 8880 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 14:16:49.0783 8880 PSched - ok 14:16:49.0819 8880 [ BCCEA08C45BEA866FFD2AF32D23611B5 ] PTDUBus C:\Windows\system32\DRIVERS\PTDUBus.sys 14:16:49.0836 8880 PTDUBus - ok 14:16:49.0856 8880 [ F94A0753921E97CEBB9002682097149A ] PTDUMdm C:\Windows\system32\DRIVERS\PTDUMdm.sys 14:16:49.0874 8880 PTDUMdm - ok 14:16:49.0896 8880 [ AC70CDAE9E26D26EF6F41C3C23087AAE ] PTDUVsp C:\Windows\system32\DRIVERS\PTDUVsp.sys 14:16:49.0913 8880 PTDUVsp - ok 14:16:49.0944 8880 [ 1D2BD34A8E5C9EFD75085AF598A7D9B4 ] PTDUWFLT C:\Windows\system32\DRIVERS\PTDUWFLT.sys 14:16:49.0957 8880 PTDUWFLT - ok 14:16:49.0971 8880 [ 3D47D2AE93FDF671C3C997B2FAC4E13F ] PTDUWWAN C:\Windows\system32\DRIVERS\PTDUWWAN.sys 14:16:49.0988 8880 PTDUWWAN - ok 14:16:50.0040 8880 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:16:50.0134 8880 ql2300 - ok 14:16:50.0157 8880 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:16:50.0172 8880 ql40xx - ok 14:16:50.0224 8880 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 14:16:50.0267 8880 QWAVE - ok 14:16:50.0293 8880 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:16:50.0334 8880 QWAVEdrv - ok 14:16:50.0364 8880 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:16:50.0401 8880 RasAcd - ok 14:16:50.0421 8880 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 14:16:50.0465 8880 RasAuto - ok 14:16:50.0507 8880 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:16:50.0555 8880 Rasl2tp - ok 14:16:50.0593 8880 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 14:16:50.0646 8880 RasMan - ok 14:16:50.0677 8880 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:16:50.0743 8880 RasPppoe - ok 14:16:50.0771 8880 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:16:50.0807 8880 RasSstp - ok 14:16:50.0886 8880 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:16:50.0941 8880 rdbss - ok 14:16:50.0976 8880 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:16:51.0021 8880 RDPCDD - ok 14:16:51.0056 8880 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 14:16:51.0147 8880 rdpdr - ok 14:16:51.0156 8880 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:16:51.0231 8880 RDPENCDD - ok 14:16:51.0278 8880 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:16:51.0314 8880 RDPWD - ok 14:16:51.0386 8880 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe 14:16:51.0410 8880 Recovery Service for Windows - ok 14:16:51.0435 8880 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:16:51.0484 8880 RemoteAccess - ok 14:16:51.0525 8880 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:16:51.0589 8880 RemoteRegistry - ok 14:16:51.0637 8880 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 14:16:51.0704 8880 RFCOMM - ok 14:16:51.0780 8880 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 14:16:51.0788 8880 RichVideo ( UnsignedFile.Multi.Generic ) - warning 14:16:51.0788 8880 RichVideo - detected UnsignedFile.Multi.Generic (1) 14:16:51.0794 8880 rlpbokoi - ok 14:16:51.0815 8880 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 14:16:51.0833 8880 RpcLocator - ok 14:16:51.0884 8880 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll 14:16:51.0932 8880 RpcSs - ok 14:16:51.0975 8880 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:16:52.0042 8880 rspndr - ok 14:16:52.0093 8880 [ 170A66DFAAA22358E08D6F4B38C8F3DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys 14:16:52.0161 8880 RTL8169 - ok 14:16:52.0211 8880 [ 4AD8464FECE8EBE276D4A7D75E418452 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS 14:16:52.0246 8880 RTSTOR - ok 14:16:52.0264 8880 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 14:16:52.0288 8880 SamSs - ok 14:16:52.0433 8880 [ C7D53053541A448FEBB1373ABBAF79EF ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe 14:16:52.0587 8880 SBAMSvc - ok 14:16:52.0629 8880 [ DB7F9394B2F2D446DF14D46C61B0E94B ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys 14:16:52.0649 8880 sbapifs - ok 14:16:52.0684 8880 [ CDB954C736D51DC5FA712C039AF4F683 ] SbFw C:\Windows\system32\drivers\SbFw.sys 14:16:52.0709 8880 SbFw - ok 14:16:52.0747 8880 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys 14:16:52.0766 8880 SBFWIMCL - ok 14:16:52.0775 8880 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys 14:16:52.0794 8880 SBFWIMCLMP - ok 14:16:52.0830 8880 [ A5BC45F8C2F30350E7566799C86B2F5D ] sbhips C:\Windows\system32\drivers\sbhips.sys 14:16:52.0848 8880 sbhips - ok 14:16:52.0875 8880 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:16:52.0899 8880 sbp2port - ok 14:16:52.0920 8880 [ FD833BEE2FD9BEFDC0AFD1941A306D9E ] SBRE C:\Windows\system32\drivers\SBREdrv.sys 14:16:52.0938 8880 SBRE - ok 14:16:52.0992 8880 [ F9955774A6BF0A5CA696F591C7B80A79 ] SbTis C:\Windows\system32\drivers\sbtis.sys 14:16:53.0012 8880 SbTis - ok 14:16:53.0058 8880 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:16:53.0133 8880 SCardSvr - ok 14:16:53.0192 8880 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 14:16:53.0249 8880 Schedule - ok 14:16:53.0302 8880 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:16:53.0335 8880 SCPolicySvc - ok 14:16:53.0357 8880 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 14:16:53.0407 8880 sdbus - ok 14:16:53.0432 8880 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:16:53.0475 8880 SDRSVC - ok 14:16:53.0500 8880 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:16:53.0574 8880 secdrv - ok 14:16:53.0600 8880 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 14:16:53.0650 8880 seclogon - ok 14:16:53.0671 8880 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll 14:16:53.0728 8880 SENS - ok 14:16:53.0749 8880 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 14:16:53.0824 8880 Serenum - ok 14:16:53.0847 8880 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 14:16:53.0905 8880 Serial - ok 14:16:53.0936 8880 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:16:53.0994 8880 sermouse - ok 14:16:54.0039 8880 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 14:16:54.0111 8880 SessionEnv - ok 14:16:54.0141 8880 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:16:54.0202 8880 sffdisk - ok 14:16:54.0227 8880 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:16:54.0293 8880 sffp_mmc - ok 14:16:54.0321 8880 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:16:54.0365 8880 sffp_sd - ok 14:16:54.0373 8880 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:16:54.0432 8880 sfloppy - ok 14:16:54.0503 8880 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:16:54.0550 8880 SharedAccess - ok 14:16:54.0591 8880 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:16:54.0635 8880 ShellHWDetection - ok 14:16:54.0668 8880 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 14:16:54.0684 8880 SiSRaid2 - ok 14:16:54.0742 8880 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:16:54.0802 8880 SiSRaid4 - ok 14:16:54.0959 8880 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 14:16:55.0137 8880 slsvc - ok 14:16:55.0189 8880 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 14:16:55.0258 8880 SLUINotify - ok 14:16:55.0302 8880 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:16:55.0348 8880 Smb - ok 14:16:55.0395 8880 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:16:55.0437 8880 SNMPTRAP - ok 14:16:55.0478 8880 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 14:16:55.0502 8880 spldr - ok 14:16:55.0548 8880 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 14:16:55.0578 8880 Spooler - ok 14:16:55.0620 8880 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 14:16:55.0720 8880 srv - ok 14:16:55.0742 8880 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:16:55.0819 8880 srv2 - ok 14:16:55.0846 8880 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:16:55.0873 8880 srvnet - ok 14:16:55.0897 8880 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:16:55.0980 8880 SSDPSRV - ok 14:16:56.0028 8880 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:16:56.0057 8880 SstpSvc - ok 14:16:56.0154 8880 [ 72EB6157E892A674E47E08732BB5CCE3 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe 14:16:56.0230 8880 STacSV - ok 14:16:56.0268 8880 [ 0C7BDA7E9A329A071C080EB5210FE019 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 14:16:56.0318 8880 STHDA - ok 14:16:56.0376 8880 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 14:16:56.0421 8880 stisvc - ok 14:16:56.0456 8880 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:16:56.0477 8880 swenum - ok 14:16:56.0521 8880 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 14:16:56.0625 8880 swprv - ok 14:16:56.0648 8880 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 14:16:56.0670 8880 Symc8xx - ok 14:16:56.0688 8880 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 14:16:56.0710 8880 Sym_hi - ok 14:16:56.0748 8880 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 14:16:56.0768 8880 Sym_u3 - ok 14:16:56.0822 8880 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 14:16:56.0864 8880 SynTP - ok 14:16:56.0926 8880 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 14:16:57.0046 8880 SysMain - ok 14:16:57.0078 8880 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:16:57.0129 8880 TabletInputService - ok 14:16:57.0171 8880 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:16:57.0249 8880 TapiSrv - ok 14:16:57.0278 8880 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 14:16:57.0365 8880 TBS - ok 14:16:57.0437 8880 [ 2860D16C5021F72130212DDB1C53018F ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:16:57.0539 8880 Tcpip - ok 14:16:57.0592 8880 [ 2860D16C5021F72130212DDB1C53018F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 14:16:57.0686 8880 Tcpip6 - ok 14:16:57.0728 8880 [ EFC6BE643B476118EC726D35A821B2A9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:16:57.0770 8880 tcpipreg - ok 14:16:57.0807 8880 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:16:57.0894 8880 TDPIPE - ok 14:16:57.0924 8880 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:16:58.0008 8880 TDTCP - ok 14:16:58.0056 8880 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:16:58.0119 8880 tdx - ok 14:16:58.0161 8880 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:16:58.0187 8880 TermDD - ok 14:16:58.0235 8880 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 14:16:58.0345 8880 TermService - ok 14:16:58.0383 8880 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 14:16:58.0413 8880 Themes - ok 14:16:58.0433 8880 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 14:16:58.0495 8880 THREADORDER - ok 14:16:58.0514 8880 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 14:16:58.0600 8880 TrkWks - ok 14:16:58.0663 8880 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:16:58.0722 8880 TrustedInstaller - ok 14:16:58.0766 8880 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:16:58.0849 8880 tssecsrv - ok 14:16:58.0881 8880 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 14:16:58.0907 8880 tunmp - ok 14:16:58.0939 8880 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:16:58.0961 8880 tunnel - ok 14:16:58.0987 8880 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:16:59.0013 8880 uagp35 - ok 14:16:59.0066 8880 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:16:59.0117 8880 udfs - ok 14:16:59.0164 8880 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:16:59.0231 8880 UI0Detect - ok 14:16:59.0255 8880 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:16:59.0274 8880 uliagpkx - ok 14:16:59.0304 8880 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 14:16:59.0329 8880 uliahci - ok 14:16:59.0354 8880 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 14:16:59.0376 8880 UlSata - ok 14:16:59.0396 8880 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 14:16:59.0417 8880 ulsata2 - ok 14:16:59.0433 8880 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:16:59.0508 8880 umbus - ok 14:16:59.0549 8880 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 14:16:59.0678 8880 upnphost - ok 14:16:59.0743 8880 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:16:59.0803 8880 usbccgp - ok 14:16:59.0837 8880 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:16:59.0922 8880 usbcir - ok 14:16:59.0958 8880 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:17:00.0006 8880 usbehci - ok 14:17:00.0107 8880 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:17:00.0181 8880 usbhub - ok 14:17:00.0211 8880 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:17:00.0295 8880 usbohci - ok 14:17:00.0349 8880 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:17:00.0417 8880 usbprint - ok 14:17:00.0452 8880 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 14:17:00.0480 8880 usbscan - ok 14:17:00.0529 8880 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:17:00.0592 8880 USBSTOR - ok 14:17:00.0618 8880 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:17:00.0661 8880 usbuhci - ok 14:17:00.0712 8880 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 14:17:00.0773 8880 usbvideo - ok 14:17:00.0818 8880 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 14:17:00.0909 8880 UxSms - ok 14:17:01.0124 8880 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 14:17:01.0199 8880 vds - ok 14:17:01.0205 8880 vfulppjn - ok 14:17:01.0247 8880 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:17:01.0294 8880 vga - ok 14:17:01.0312 8880 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 14:17:01.0357 8880 VgaSave - ok 14:17:01.0365 8880 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys 14:17:01.0379 8880 viaide - ok 14:17:01.0416 8880 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:17:01.0433 8880 volmgr - ok 14:17:01.0474 8880 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:17:01.0501 8880 volmgrx - ok 14:17:01.0543 8880 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:17:01.0564 8880 volsnap - ok 14:17:01.0576 8880 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:17:01.0594 8880 vsmraid - ok 14:17:01.0659 8880 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 14:17:01.0793 8880 VSS - ok 14:17:01.0842 8880 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 14:17:01.0886 8880 W32Time - ok 14:17:01.0927 8880 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:17:02.0063 8880 WacomPen - ok 14:17:02.0104 8880 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 14:17:02.0168 8880 Wanarp - ok 14:17:02.0176 8880 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:17:02.0222 8880 Wanarpv6 - ok 14:17:02.0249 8880 wanatw - ok 14:17:02.0293 8880 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:17:02.0363 8880 wcncsvc - ok 14:17:02.0396 8880 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:17:02.0465 8880 WcsPlugInService - ok 14:17:02.0495 8880 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 14:17:02.0518 8880 Wd - ok 14:17:02.0569 8880 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:17:02.0640 8880 Wdf01000 - ok 14:17:02.0679 8880 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:17:02.0757 8880 WdiServiceHost - ok 14:17:02.0764 8880 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:17:02.0827 8880 WdiSystemHost - ok 14:17:02.0882 8880 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 14:17:02.0923 8880 WebClient - ok 14:17:02.0968 8880 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:17:03.0013 8880 Wecsvc - ok 14:17:03.0057 8880 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:17:03.0095 8880 wercplsupport - ok 14:17:03.0113 8880 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 14:17:03.0159 8880 WerSvc - ok 14:17:03.0176 8880 WinDefend - ok 14:17:03.0184 8880 WinHttpAutoProxySvc - ok 14:17:03.0248 8880 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:17:03.0284 8880 Winmgmt - ok 14:17:03.0359 8880 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll 14:17:03.0532 8880 WinRM - ok 14:17:03.0591 8880 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:17:03.0644 8880 Wlansvc - ok 14:17:03.0751 8880 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:17:03.0764 8880 wlcrasvc - ok 14:17:03.0880 8880 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:17:03.0992 8880 wlidsvc - ok 14:17:04.0031 8880 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 14:17:04.0102 8880 WmiAcpi - ok 14:17:04.0151 8880 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:17:04.0216 8880 wmiApSrv - ok 14:17:04.0243 8880 WMPNetworkSvc - ok 14:17:04.0272 8880 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:17:04.0302 8880 WPCSvc - ok 14:17:04.0338 8880 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:17:04.0368 8880 WPDBusEnum - ok 14:17:04.0499 8880 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:17:04.0591 8880 WPFFontCache_v0400 - ok 14:17:04.0636 8880 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:17:04.0714 8880 ws2ifsl - ok 14:17:04.0752 8880 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll 14:17:04.0783 8880 wscsvc - ok 14:17:04.0789 8880 WSearch - ok 14:17:04.0891 8880 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 14:17:05.0247 8880 wuauserv - ok 14:17:05.0373 8880 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:17:05.0398 8880 WudfPf - ok 14:17:05.0451 8880 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:17:05.0490 8880 WUDFRd - ok 14:17:05.0533 8880 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:17:05.0558 8880 wudfsvc - ok 14:17:05.0606 8880 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys 14:17:05.0695 8880 yukonx64 - ok 14:17:05.0747 8880 [ 722E9263A1558F98975BF2CFCEE85C12 ] ZTEusbgps C:\Windows\system32\DRIVERS\ZTEusbgps.sys 14:17:05.0790 8880 ZTEusbgps - ok 14:17:05.0821 8880 [ 722E9263A1558F98975BF2CFCEE85C12 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 14:17:05.0840 8880 ZTEusbmdm6k - ok 14:17:05.0865 8880 [ 722E9263A1558F98975BF2CFCEE85C12 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 14:17:05.0884 8880 ZTEusbnmea - ok 14:17:05.0899 8880 [ 722E9263A1558F98975BF2CFCEE85C12 ] ZTEusbnmeaext C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys 14:17:05.0918 8880 ZTEusbnmeaext - ok 14:17:05.0938 8880 [ 722E9263A1558F98975BF2CFCEE85C12 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 14:17:05.0960 8880 ZTEusbser6k - ok 14:17:06.0007 8880 [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 14:17:06.0023 8880 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok 14:17:06.0063 8880 ================ Scan global =============================== 14:17:06.0096 8880 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 14:17:06.0140 8880 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 14:17:06.0163 8880 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 14:17:06.0208 8880 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 14:17:06.0213 8880 [Global] - ok 14:17:06.0213 8880 ================ Scan MBR ================================== 14:17:06.0228 8880 [ 8B07CC54D34BF4EA642040A08361DE7F ] \Device\Harddisk0\DR0 14:17:06.0229 8880 Suspicious mbr (Forged): \Device\Harddisk0\DR0 14:17:06.0288 8880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected 14:17:06.0289 8880 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0) 14:17:06.0439 8880 ================ Scan VBR ================================== 14:17:06.0443 8880 [ 245FF49CE7D2551E29AC4BC437D6C76A ] \Device\Harddisk0\DR0\Partition1 14:17:06.0446 8880 \Device\Harddisk0\DR0\Partition1 - ok 14:17:06.0468 8880 [ D64EE8188970EBF3F3DD8DEE7AB405E1 ] \Device\Harddisk0\DR0\Partition2 14:17:06.0471 8880 \Device\Harddisk0\DR0\Partition2 - ok 14:17:06.0472 8880 ============================================================ 14:17:06.0472 8880 Scan finished 14:17:06.0472 8880 ============================================================ 14:17:06.0492 10364 Detected object count: 12 14:17:06.0492 10364 Actual detected object count: 12 14:17:25.0911 10364 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0912 10364 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0915 10364 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0915 10364 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0917 10364 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0917 10364 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0920 10364 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0920 10364 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0923 10364 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0923 10364 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0926 10364 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0926 10364 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0926 10364 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0926 10364 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0930 10364 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0930 10364 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0932 10364 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0933 10364 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0935 10364 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0936 10364 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0938 10364 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0938 10364 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:26.0625 10364 \Device\Harddisk0\DR0\# - copied to quarantine 14:17:26.0932 10364 \Device\Harddisk0\DR0 - copied to quarantine 14:17:28.0614 10364 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot 14:17:28.0616 10364 \Device\Harddisk0\DR0 - ok 14:17:29.0209 10364 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure 14:18:28.0119 5388 Deinitialize success

#24 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,561 posts
  • MVP

Posted 08 April 2013 - 04:16 PM

Hi tortoise, How is the computer? Is MBAM still blocking svchost?

#25 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 06:01 PM

No, it has stopped. It was annoying with the box always popping up but now it is gone, I miss it. LOL So far the computer is doing good.

Edited by tortoise, 08 April 2013 - 06:03 PM.


#26 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,561 posts
  • MVP

Posted 08 April 2013 - 06:26 PM

Hi tortoise,

Looks like there were 2 or 3 of these nasties.

Your system has been infected by one or more Rootkits/Backdoor Trojans.

This may allow hackers to remotely control your computer, steal critical system information and Download and Execute files

More information on Remote Access Trojans can be found here.

I strongly suggest you do the following immediately:
  • From a known clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer until it has been cleaned.


Please disable your security programs and rerun combofix. Please post the log.

Thanks

#27 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 07:20 PM

This sucks. I think I know where I got it. Funny emails from a friend that I opened and clicked on link. Now I have to tell her to check her computer. I stopped realtime protection but when Combofix ran, it said it was open. It is on my taskbar but now it is gone. AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA} SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 ))))))))))))))))))))))))))))))) . . 2013-04-09 01:08 . 2013-04-09 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-08 18:40 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1FF3371-6FB7-48BB-8D5A-E639A3B580EB}\mpengine.dll 2013-04-08 18:20 . 2012-11-28 22:39 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1959C56E-486B-013E-8F7F-AAF9A43F7ED7}\GapaEngine.dll 2013-04-08 18:17 . 2013-04-08 18:17 -------- d-----w- C:\TDSSKiller_Quarantine 2013-04-07 23:21 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\programdata\Malwarebytes 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-07 23:08 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-07 22:42 . 2013-04-07 22:42 -------- d-----w- C:\_OTL 2013-04-07 22:36 . 2013-04-07 22:36 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-07 22:36 . 2013-04-07 22:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-07 22:35 . 2013-04-07 22:35 -------- d-----w- c:\program files (x86)\Java 2013-04-06 19:25 . 2013-04-06 19:25 -------- d-----w- c:\program files (x86)\SearchDonkey 2013-04-06 19:25 . 2013-04-06 19:25 -------- d-----w- c:\program files\Enigma Software Group 2013-04-06 19:24 . 2013-04-06 19:24 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-04-06 19:24 . 2013-04-06 19:24 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com 2013-04-06 19:22 . 2013-04-06 19:22 -------- d-----w- c:\programdata\APN 2013-03-29 01:16 . 2013-03-29 01:16 1409 ----a-w- c:\windows\QTFont.for 2013-03-21 15:23 . 2012-11-28 22:39 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08494117-1EF2-49F2-AA3A-97EA292ECCFE}\gapaengine.dll 2013-03-13 15:46 . 2013-02-02 06:57 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-03-13 15:43 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-13 15:42 . 2013-04-07 22:42 -------- d-----w- c:\users\Linda\AppData\Local\PIXELA . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-07 22:35 . 2012-06-17 17:25 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-04-07 22:35 . 2012-01-25 23:52 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-02 10:34 . 2009-10-03 15:13 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-13 15:51 . 2006-11-02 12:35 72013344 ----a-w- c:\windows\system32\mrt.exe 2013-03-12 19:27 . 2012-04-04 14:15 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-12 19:27 . 2011-07-07 21:31 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-09 15:00 . 2009-12-06 17:00 384512 ----a-w- c:\windows\system32\services.exe 2013-01-20 20:59 . 2013-01-20 20:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 20:59 . 2012-03-21 00:44 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}] 2013-03-08 21:01 392328 ----a-w- c:\program files (x86)\SearchDonkey\IE\common.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files (x86)\Windows Sidebar\SideBar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] "ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736] "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Exif Launcher.lnk - c:\program files (x86)\FinePixViewer\QuickDCF.exe [2002-1-9 200704] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update . S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 42199501 *NewlyCreated* - 66421452 *NewlyCreated* - 66670161 *Deregistered* - 42199501 *Deregistered* - 66421452 *Deregistered* - 66670161 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-01 22:09 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-07 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44] . 2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:27] . 2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 15:33] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 15:33] . 2013-04-06 c:\windows\Tasks\HPCeeScheduleForLinda.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-11 19:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 199704] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uStart Page = hxxp://xfinity.comcast.net/ uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Search_URL = mSearch Page = mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie mSearchAssistant = mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: juno.com Trusted Zone: netzero.com Trusted Zone: netzero.net TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-66421452.sys . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-04-08 21:12:22 ComboFix-quarantined-files.txt 2013-04-09 01:12 ComboFix2.txt 2013-04-07 00:09 . Pre-Run: 251,186,405,376 bytes free Post-Run: 251,245,060,096 bytes free . - - End Of File - - 5757DCEC48A049F95830BFB7CD7B915D

Edited by tortoise, 08 April 2013 - 07:24 PM.


#28 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 08:04 PM

When combo fix was running, a box popped up and said mic security essentials was on but I had shut it off and could do damage. Then another box popped up saying a updated version of combofix was availaber, did i want it. I said no. After the combofix ran, I posted and made sure Sec Essentials was shut off. I ran Combofix again and got the update. Here is the log ComboFix 13-04-08.04 - Linda 04/08/2013 21:33:23.3.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4026.2122 [GMT -4:00] Running from: c:\users\Linda\Desktop\jgh.exe AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA} SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 ))))))))))))))))))))))))))))))) . . 2013-04-09 01:51 . 2013-04-09 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-08 18:40 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1FF3371-6FB7-48BB-8D5A-E639A3B580EB}\mpengine.dll 2013-04-08 18:17 . 2013-04-08 18:17 -------- d-----w- C:\TDSSKiller_Quarantine 2013-04-07 23:21 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\programdata\Malwarebytes 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-07 23:08 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-07 22:42 . 2013-04-07 22:42 -------- d-----w- C:\_OTL 2013-04-07 22:36 . 2013-04-07 22:36 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-07 22:36 . 2013-04-07 22:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-07 22:35 . 2013-04-07 22:35 -------- d-----w- c:\program files (x86)\Java 2013-04-06 19:25 . 2013-04-06 19:25 -------- d-----w- c:\program files (x86)\SearchDonkey 2013-04-06 19:25 . 2013-04-06 19:25 -------- d-----w- c:\program files\Enigma Software Group 2013-04-06 19:24 . 2013-04-06 19:24 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-04-06 19:24 . 2013-04-06 19:24 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com 2013-04-06 19:22 . 2013-04-06 19:22 -------- d-----w- c:\programdata\APN 2013-03-29 01:16 . 2013-03-29 01:16 1409 ----a-w- c:\windows\QTFont.for 2013-03-21 15:23 . 2012-11-28 22:39 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08494117-1EF2-49F2-AA3A-97EA292ECCFE}\gapaengine.dll 2013-03-13 15:46 . 2013-02-02 06:57 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-03-13 15:43 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-13 15:42 . 2013-04-07 22:42 -------- d-----w- c:\users\Linda\AppData\Local\PIXELA . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-07 22:35 . 2012-06-17 17:25 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-04-07 22:35 . 2012-01-25 23:52 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-02 10:34 . 2009-10-03 15:13 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-13 15:51 . 2006-11-02 12:35 72013344 ----a-w- c:\windows\system32\mrt.exe 2013-03-12 19:27 . 2012-04-04 14:15 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-12 19:27 . 2011-07-07 21:31 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-09 15:00 . 2009-12-06 17:00 384512 ----a-w- c:\windows\system32\services.exe 2013-01-20 20:59 . 2013-01-20 20:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 20:59 . 2012-03-21 00:44 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}] 2013-03-08 21:01 392328 ----a-w- c:\program files (x86)\SearchDonkey\IE\common.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files (x86)\Windows Sidebar\SideBar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] "ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736] "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Exif Launcher.lnk - c:\program files (x86)\FinePixViewer\QuickDCF.exe [2002-1-9 200704] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update . S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-01 22:09 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-07 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44] . 2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:27] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 15:33] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 15:33] . 2013-04-06 c:\windows\Tasks\HPCeeScheduleForLinda.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-11 19:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 199704] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uStart Page = hxxp://xfinity.comcast.net/ uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Search_URL = mSearch Page = mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie mSearchAssistant = mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: juno.com Trusted Zone: netzero.com Trusted Zone: netzero.net TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-04-08 21:54:19 ComboFix-quarantined-files.txt 2013-04-09 01:54 ComboFix2.txt 2013-04-09 01:12 ComboFix3.txt 2013-04-07 00:09 . Pre-Run: 251,501,588,480 bytes free Post-Run: 251,459,497,984 bytes free . - - End Of File - - D02C9F0E13E4035D335DC277A8FEB93E

#29 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,561 posts
  • MVP

Posted 09 April 2013 - 05:19 AM

Hi tortoise, Try disabling Ad-Aware before you uninstall it.

#30 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 09 April 2013 - 07:58 AM

It worked but I also got rid of Mcafee too. I think Xfinity downloaded it on my desk with I signed up.



Similar Topics: Artemis!1498db62cea7c [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users