Jump to content

Build Theme!
  •  

Photo

Artemis!1498db62cea7c [Solved]


  • This topic is locked This topic is locked
52 replies to this topic

#16 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,486 posts
  • MVP

Posted 07 April 2013 - 03:17 PM

Hi tortoise,

You have 2 antivirus programs installed. This will not give you more protection but rather less as the 2 will conflict and may cause system slow downs or lockups. Microsoft Security Essentials is pretty good. I suggest you keep it and uninstall Lavasoft Ad-Aware.


You have a very old vulnerable version of java installed.

Click on the Start button > Control Panel

Depending on your setings, either
  • click on the Uninstall a program option under the Programs category.
  • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Uninstall the following program

Java™ 6 Update 7


You can get the newest versions of Java from HERE.

Accept the licencing agreement amd scroll down to the bottom of the list. The file you want is jre-7u17-windows-i586.exe .

Download it to your desktop. Right click and run as Adminstrator to install it. Decline any other install that may be offered.


Next, openOTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Services

:OTL
O4 - HKCU..\Run: [PIXELA] C:\Users\Linda\AppData\Local\PIXELA\ewdamxaw.dll ()

:Files
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
c:\users\Linda\AppData\Local\{9109D45C-21E4-4367-A342-E2B2A824641C}\{216697C5-A77C-43A2-868D-285E6492C602}
c:\users\Linda\AppData\Local\{9109D45C-21E4-4367-A342-E2B2A824641C}

:Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.


Next


Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Please post back with
  • OTL fix log
  • MBAM log
How's the computer?

Similar Topics: Artemis!1498db62cea7c [Solved]     x


#17 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 07 April 2013 - 06:07 PM

OK more gray hair. Before I started the scans, my computer shut itself down. When it came back up, I got on the internet to get here, I had the ads that you see play just before a video playing. No video but just the sound. I shut everything off, unplugged the internet and went to task manager but nothing was running. Rebooted and same thing. So I did Java but ad ware wouldn't uninstall. I ran the OTL scan to fix it and I have had no log from it. It didn't save. I have the log from Malwarebytes . It had me reboot and when it did sidebar, Adobe Reader, Adobe Mgr, and cyberlink power stopped working. Stut down for a few minutes and No problem. The music is gone too. Here is the log I have Do you want me to run OTL again and get a log? Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.07.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Linda :: LINDA-PC [administrator] Protection: Enabled 4/7/2013 7:10:39 PM mbam-log-2013-04-07 (19-10-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219689 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected)

#18 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,486 posts
  • MVP

Posted 08 April 2013 - 02:51 AM

Hi tortoise,


The OTL fix log can be found at C:\_OTL\MovedFiles It will have a file name consisting of numbers that reflect the date and time stamp the fix was ran. It will be something similar to 04072013_111009.log . Please copy and paste the contents into your next reply.

The computer still doing ok?

#19 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 08:13 AM

Found it. All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PIXELA deleted successfully. C:\Users\Linda\AppData\Local\PIXELA\ewdamxaw.dll moved successfully. ========== FILES ========== C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully. C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully. c:\users\Linda\AppData\Local\{9109D45C-21E4-4367-A342-E2B2A824641C}\{216697C5-A77C-43A2-868D-285E6492C602} folder moved successfully. c:\users\Linda\AppData\Local\{9109D45C-21E4-4367-A342-E2B2A824641C} folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Linda ->Temp folder emptied: 3499855 bytes ->Temporary Internet Files folder emptied: 132810066 bytes ->Java cache emptied: 46456166 bytes ->Google Chrome cache emptied: 18755807 bytes ->Flash cache emptied: 3640 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1906460 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 6656 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4256347 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72239714 bytes RecycleBin emptied: 329148 bytes Total Files Cleaned = 267.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04072013_184227 Files\Folders moved on Reboot... File move failed. C:\Windows\SysNative\bcm640.tmp scheduled to be moved on reboot. File\Folder C:\Windows\temp\fla2C8C.tmp not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\6644424d616c4668364f6741417a3430[1].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\adholder[1].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\africa[1].js moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\beacon[2].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\cgfutmaxbk-webfont[1].eot moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\cgfutmaxlt-webfont[1].eot moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\cms-2c[1].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\comments[1].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\fastbutton[1].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\follow_button.1363148939[1].htm moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\if[1].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\if[2].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\n6RTCDcIPWSE8UNBa4k-DA8xXkqeKCK1Z-hKQQc_vz4[1].eot moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\oauth[1].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\provider2[1].htm moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\seatbelt3[1].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\seatbelt[1].htm moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\shortcodes[1].css moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\show_content[2].htm moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\show_content[3].htm moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\trailer-661[2].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS59QIF7\xd_arbiter[2].htm moved successfully. File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\210302[1].js not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\button1[2].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\ddc[2].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\hub[1].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\if[2].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\if[3].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\if[4].htm not found! File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYFEDWMH\if[5].htm not found! C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH2EFN6Y\LiveLeak-dot-com-6ddea028be53-dtp.mp4.h264_720p_[1].mp4 moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

#20 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,486 posts
  • MVP

Posted 08 April 2013 - 08:45 AM

Hi tortoise, How's the computer?

#21 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 09:54 AM

It seems to be running less hot. When I first came online, I had the ad noise running in the background. but it stopped after the ad finished and I haven't had it play since. Malwarebytes is stopping svchost .exe every 10 seconds so when the 14 days is up, it will 1000 pages in the log. lol

#22 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,486 posts
  • MVP

Posted 08 April 2013 - 11:24 AM

Hi tortoise,



Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

#23 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 12:40 PM

I think this is the log. There was no ensure cure choice 14:14:48.0145 9476 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:14:48.0752 9476 ============================================================ 14:14:48.0752 9476 Current date / time: 2013/04/08 14:14:48.0752 14:14:48.0752 9476 SystemInfo: 14:14:48.0752 9476 14:14:48.0753 9476 OS Version: 6.0.6002 ServicePack: 2.0 14:14:48.0753 9476 Product type: Workstation 14:14:48.0753 9476 ComputerName: LINDA-PC 14:14:48.0753 9476 UserName: Linda 14:14:48.0753 9476 Windows directory: C:\Windows 14:14:48.0753 9476 System windows directory: C:\Windows 14:14:48.0753 9476 Running under WOW64 14:14:48.0753 9476 Processor architecture: Intel x64 14:14:48.0753 9476 Number of processors: 2 14:14:48.0753 9476 Page size: 0x1000 14:14:48.0753 9476 Boot type: Normal boot 14:14:48.0753 9476 ============================================================ 14:14:50.0901 9476 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:14:50.0915 9476 ============================================================ 14:14:50.0915 9476 \Device\Harddisk0\DR0: 14:14:50.0915 9476 MBR partitions: 14:14:50.0915 9476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23B3C000 14:14:50.0915 9476 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23B3C800, BlocksNum 0x18F0800 14:14:50.0915 9476 ============================================================ 14:14:50.0933 9476 C: <-> \Device\Harddisk0\DR0\Partition1 14:14:50.0985 9476 D: <-> \Device\Harddisk0\DR0\Partition2 14:14:50.0986 9476 ============================================================ 14:14:50.0986 9476 Initialize success 14:14:50.0986 9476 ============================================================ 14:16:16.0762 8880 ============================================================ 14:16:16.0762 8880 Scan started 14:16:16.0762 8880 Mode: Manual; SigCheck; TDLFS; 14:16:16.0762 8880 ============================================================ 14:16:17.0235 8880 ================ Scan system memory ======================== 14:16:17.0235 8880 System memory - ok 14:16:17.0235 8880 ================ Scan services ============================= 14:16:17.0408 8880 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys 14:16:17.0576 8880 Accelerometer - ok 14:16:17.0619 8880 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 14:16:17.0649 8880 ACPI - ok 14:16:17.0824 8880 [ FB182AD520910442ABF146BB325DE79B ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe 14:16:17.0882 8880 Ad-Aware Service - ok 14:16:18.0031 8880 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:16:18.0059 8880 AdobeFlashPlayerUpdateSvc - ok 14:16:18.0126 8880 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:16:18.0173 8880 adp94xx - ok 14:16:18.0211 8880 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:16:18.0245 8880 adpahci - ok 14:16:18.0260 8880 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:16:18.0281 8880 adpu160m - ok 14:16:18.0298 8880 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:16:18.0320 8880 adpu320 - ok 14:16:18.0352 8880 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:16:18.0485 8880 AeLookupSvc - ok 14:16:18.0526 8880 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 14:16:18.0654 8880 AFD - ok 14:16:18.0709 8880 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe 14:16:18.0779 8880 AgereModemAudio - ok 14:16:18.0880 8880 [ 70E15CDA25E151DFC60636EF73F5A7BE ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 14:16:19.0067 8880 AgereSoftModem - ok 14:16:19.0137 8880 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:16:19.0155 8880 agp440 - ok 14:16:19.0226 8880 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:16:19.0248 8880 aic78xx - ok 14:16:19.0263 8880 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 14:16:19.0459 8880 ALG - ok 14:16:19.0500 8880 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys 14:16:19.0517 8880 aliide - ok 14:16:19.0523 8880 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys 14:16:19.0541 8880 amdide - ok 14:16:19.0568 8880 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:16:19.0646 8880 AmdK8 - ok 14:16:19.0707 8880 [ 71AFF825B960731E2AE366467BC0D1F3 ] Amfilter C:\Windows\system32\DRIVERS\Amfltx64.sys 14:16:19.0771 8880 Amfilter - ok 14:16:19.0802 8880 [ 8F1DB3D133197AFFA3A721953EB0988C ] Amusbprt C:\Windows\system32\DRIVERS\Amusbx64.sys 14:16:19.0840 8880 Amusbprt - ok 14:16:19.0939 8880 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe 14:16:19.0998 8880 AntiSpywareService - ok 14:16:20.0061 8880 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 14:16:20.0106 8880 Appinfo - ok 14:16:20.0156 8880 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 14:16:20.0186 8880 arc - ok 14:16:20.0237 8880 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:16:20.0256 8880 arcsas - ok 14:16:20.0299 8880 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:16:20.0381 8880 AsyncMac - ok 14:16:20.0423 8880 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 14:16:20.0442 8880 atapi - ok 14:16:20.0490 8880 [ 6F3F60194F703080E6D20335F284310F ] ATWPKT2 C:\Windows\system32\drivers\ATWPKT264.SYS 14:16:20.0505 8880 ATWPKT2 - ok 14:16:20.0554 8880 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:16:20.0645 8880 AudioEndpointBuilder - ok 14:16:20.0688 8880 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:16:20.0730 8880 AudioSrv - ok 14:16:20.0833 8880 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe 14:16:20.0860 8880 BBSvc - ok 14:16:20.0889 8880 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe 14:16:20.0917 8880 BBUpdate - ok 14:16:21.0026 8880 [ EEF98DDD0FC6A5DA452EB8120D57CE44 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 14:16:21.0232 8880 BCM43XX - ok 14:16:21.0282 8880 Beep - ok 14:16:21.0347 8880 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 14:16:21.0427 8880 BFE - ok 14:16:21.0509 8880 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll 14:16:21.0599 8880 BITS - ok 14:16:21.0636 8880 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 14:16:21.0759 8880 blbdrive - ok 14:16:21.0798 8880 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:16:21.0857 8880 bowser - ok 14:16:21.0886 8880 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:16:21.0951 8880 BrFiltLo - ok 14:16:21.0977 8880 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:16:22.0036 8880 BrFiltUp - ok 14:16:22.0096 8880 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 14:16:22.0167 8880 Browser - ok 14:16:22.0202 8880 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 14:16:22.0436 8880 Brserid - ok 14:16:22.0470 8880 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:16:22.0579 8880 BrSerWdm - ok 14:16:22.0601 8880 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:16:22.0698 8880 BrUsbMdm - ok 14:16:22.0721 8880 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:16:22.0790 8880 BrUsbSer - ok 14:16:22.0887 8880 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 14:16:22.0996 8880 BthEnum - ok 14:16:23.0047 8880 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:16:23.0125 8880 BTHMODEM - ok 14:16:23.0162 8880 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 14:16:23.0233 8880 BthPan - ok 14:16:23.0317 8880 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 14:16:23.0388 8880 BTHPORT - ok 14:16:23.0455 8880 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll 14:16:23.0494 8880 BthServ - ok 14:16:23.0526 8880 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 14:16:23.0572 8880 BTHUSB - ok 14:16:23.0634 8880 [ 0C5D9C8B412BE72C4535EC67A24C01DB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 14:16:23.0676 8880 btwaudio - ok 14:16:23.0705 8880 [ DF18E4291C43BED05B1D0C2D5C0E96D6 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 14:16:23.0751 8880 btwavdt - ok 14:16:23.0781 8880 [ 637A44C54520A9958E2E5E3EE9E26C4A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 14:16:23.0797 8880 btwrchid - ok 14:16:23.0805 8880 catchme - ok 14:16:23.0822 8880 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:16:23.0894 8880 cdfs - ok 14:16:23.0952 8880 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:16:23.0993 8880 cdrom - ok 14:16:24.0032 8880 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 14:16:24.0091 8880 CertPropSvc - ok 14:16:24.0118 8880 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 14:16:24.0193 8880 circlass - ok 14:16:24.0239 8880 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 14:16:24.0295 8880 CLFS - ok 14:16:24.0376 8880 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:16:24.0395 8880 clr_optimization_v2.0.50727_32 - ok 14:16:24.0455 8880 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:16:24.0468 8880 clr_optimization_v2.0.50727_64 - ok 14:16:24.0551 8880 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:16:24.0565 8880 clr_optimization_v4.0.30319_32 - ok 14:16:24.0591 8880 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:16:24.0605 8880 clr_optimization_v4.0.30319_64 - ok 14:16:24.0620 8880 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 14:16:24.0686 8880 CmBatt - ok 14:16:24.0707 8880 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:16:24.0721 8880 cmdide - ok 14:16:24.0775 8880 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 14:16:24.0794 8880 Com4QLBEx - ok 14:16:24.0802 8880 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 14:16:24.0819 8880 Compbatt - ok 14:16:24.0828 8880 COMSysApp - ok 14:16:24.0854 8880 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:16:24.0872 8880 crcdisk - ok 14:16:24.0922 8880 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:16:24.0967 8880 CryptSvc - ok 14:16:25.0037 8880 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 14:16:25.0151 8880 DcomLaunch - ok 14:16:25.0212 8880 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:16:25.0286 8880 DfsC - ok 14:16:25.0425 8880 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 14:16:25.0720 8880 DFSR - ok 14:16:25.0925 8880 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:16:26.0005 8880 Dhcp - ok 14:16:26.0046 8880 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 14:16:26.0073 8880 disk - ok 14:16:26.0134 8880 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:16:26.0204 8880 Dnscache - ok 14:16:26.0248 8880 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 14:16:26.0318 8880 dot3svc - ok 14:16:26.0369 8880 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 14:16:26.0455 8880 Dot4 - ok 14:16:26.0507 8880 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 14:16:26.0586 8880 Dot4Print - ok 14:16:26.0623 8880 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 14:16:26.0725 8880 dot4usb - ok 14:16:26.0778 8880 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 14:16:26.0862 8880 DPS - ok 14:16:26.0899 8880 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:16:26.0958 8880 drmkaud - ok 14:16:27.0017 8880 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:16:27.0077 8880 DXGKrnl - ok 14:16:27.0100 8880 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 14:16:27.0148 8880 E1G60 - ok 14:16:27.0165 8880 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 14:16:27.0226 8880 EapHost - ok 14:16:27.0286 8880 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 14:16:27.0309 8880 Ecache - ok 14:16:27.0357 8880 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:16:27.0408 8880 ehRecvr - ok 14:16:27.0442 8880 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 14:16:27.0473 8880 ehSched - ok 14:16:27.0515 8880 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 14:16:27.0549 8880 ehstart - ok 14:16:27.0598 8880 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:16:27.0662 8880 elxstor - ok 14:16:27.0721 8880 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:16:27.0784 8880 EMDMgmt - ok 14:16:27.0833 8880 [ F218A3A27ED6592C0E22EC3595554447 ] enecir C:\Windows\system32\DRIVERS\enecir.sys 14:16:27.0864 8880 enecir - ok 14:16:27.0891 8880 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:16:27.0964 8880 ErrDev - ok 14:16:28.0074 8880 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 14:16:28.0163 8880 EventSystem - ok 14:16:28.0214 8880 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 14:16:28.0275 8880 exfat - ok 14:16:28.0344 8880 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:16:28.0394 8880 fastfat - ok 14:16:28.0441 8880 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:16:28.0506 8880 fdc - ok 14:16:28.0535 8880 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 14:16:28.0609 8880 fdPHost - ok 14:16:28.0623 8880 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 14:16:28.0684 8880 FDResPub - ok 14:16:28.0730 8880 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:16:28.0745 8880 FileInfo - ok 14:16:28.0784 8880 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:16:28.0851 8880 Filetrace - ok 14:16:28.0898 8880 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:16:29.0046 8880 flpydisk - ok 14:16:29.0104 8880 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:16:29.0126 8880 FltMgr - ok 14:16:29.0242 8880 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 14:16:29.0341 8880 FontCache - ok 14:16:29.0447 8880 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:16:29.0459 8880 FontCache3.0.0.0 - ok 14:16:29.0519 8880 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 14:16:29.0550 8880 fssfltr - ok 14:16:29.0707 8880 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 14:16:29.0841 8880 fsssvc - ok 14:16:29.0896 8880 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:16:29.0951 8880 Fs_Rec - ok 14:16:29.0999 8880 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:16:30.0016 8880 gagp30kx - ok 14:16:30.0085 8880 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe 14:16:30.0097 8880 GameConsoleService - ok 14:16:30.0144 8880 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 14:16:30.0191 8880 gpsvc - ok 14:16:30.0257 8880 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:16:30.0274 8880 gupdate - ok 14:16:30.0291 8880 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:16:30.0306 8880 gupdatem - ok 14:16:30.0348 8880 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 14:16:30.0367 8880 gusvc - ok 14:16:30.0422 8880 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:16:30.0576 8880 HdAudAddService - ok 14:16:30.0653 8880 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:16:30.0766 8880 HDAudBus - ok 14:16:30.0827 8880 [ 39F7D79B3401BE029D8451F761D30331 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 14:16:30.0857 8880 HidBth - ok 14:16:30.0887 8880 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 14:16:30.0935 8880 HidIr - ok 14:16:30.0991 8880 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll 14:16:31.0060 8880 hidserv - ok 14:16:31.0093 8880 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:16:31.0162 8880 HidUsb - ok 14:16:31.0201 8880 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 14:16:31.0275 8880 hkmsvc - ok 14:16:31.0353 8880 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 14:16:31.0378 8880 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning 14:16:31.0378 8880 HP Health Check Service - detected UnsignedFile.Multi.Generic (1) 14:16:31.0423 8880 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:16:31.0441 8880 HpCISSs - ok 14:16:31.0469 8880 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys 14:16:31.0482 8880 hpdskflt - ok 14:16:31.0619 8880 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 14:16:31.0642 8880 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 14:16:31.0642 8880 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 14:16:31.0690 8880 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 14:16:31.0819 8880 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 14:16:31.0819 8880 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 14:16:31.0861 8880 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 14:16:31.0928 8880 HpqKbFiltr - ok 14:16:31.0968 8880 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 14:16:31.0988 8880 hpqwmiex - ok 14:16:32.0023 8880 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe 14:16:32.0041 8880 hpsrv - ok 14:16:32.0107 8880 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:16:32.0209 8880 HTTP - ok 14:16:32.0254 8880 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:16:32.0268 8880 i2omp - ok 14:16:32.0324 8880 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:16:32.0374 8880 i8042prt - ok 14:16:32.0412 8880 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:16:32.0437 8880 iaStorV - ok 14:16:32.0546 8880 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 14:16:32.0570 8880 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:16:32.0570 8880 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:16:32.0653 8880 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:16:32.0701 8880 idsvc - ok 14:16:32.0938 8880 [ 312E18684051457A275DA878C75D69C2 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 14:16:33.0722 8880 igfx - ok 14:16:33.0769 8880 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:16:33.0814 8880 iirsp - ok 14:16:33.0970 8880 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 14:16:34.0070 8880 IKEEXT - ok 14:16:34.0122 8880 [ DEA2AB452B4FA773187369C4B6517320 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys 14:16:34.0204 8880 IntcHdmiAddService - ok 14:16:34.0271 8880 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys 14:16:34.0293 8880 intelide - ok 14:16:34.0320 8880 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:16:34.0412 8880 intelppm - ok 14:16:34.0451 8880 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:16:34.0570 8880 IPBusEnum - ok 14:16:34.0662 8880 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:16:34.0735 8880 IpFilterDriver - ok 14:16:34.0786 8880 [ BF0DBFA9792C5C14FA00F61C75116C1B ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll 14:16:34.0855 8880 IpHlpSvc - ok 14:16:34.0862 8880 IpInIp - ok 14:16:34.0910 8880 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:16:34.0967 8880 IPMIDRV - ok 14:16:34.0997 8880 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:16:35.0086 8880 IPNAT - ok 14:16:35.0117 8880 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:16:35.0202 8880 IRENUM - ok 14:16:35.0240 8880 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:16:35.0261 8880 isapnp - ok 14:16:35.0295 8880 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:16:35.0322 8880 iScsiPrt - ok 14:16:35.0334 8880 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:16:35.0353 8880 iteatapi - ok 14:16:35.0370 8880 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:16:35.0391 8880 iteraid - ok 14:16:35.0443 8880 [ 54F694C6CD3A1149BA3A8BDACC83BADC ] ITMRTSVC C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe 14:16:35.0465 8880 ITMRTSVC - ok 14:16:35.0483 8880 izpfiuve - ok 14:16:35.0515 8880 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:16:35.0544 8880 kbdclass - ok 14:16:35.0572 8880 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:16:35.0631 8880 kbdhid - ok 14:16:35.0649 8880 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 14:16:35.0692 8880 KeyIso - ok 14:16:35.0786 8880 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys 14:16:35.0814 8880 KMWDFILTER - ok 14:16:35.0881 8880 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:16:35.0959 8880 KSecDD - ok 14:16:36.0002 8880 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:16:36.0065 8880 ksthunk - ok 14:16:36.0115 8880 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 14:16:36.0249 8880 KtmRm - ok 14:16:36.0305 8880 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll 14:16:36.0367 8880 LanmanServer - ok 14:16:36.0438 8880 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:16:36.0477 8880 LanmanWorkstation - ok 14:16:36.0530 8880 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 14:16:36.0560 8880 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 14:16:36.0560 8880 LightScribeService - detected UnsignedFile.Multi.Generic (1) 14:16:36.0604 8880 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:16:36.0706 8880 lltdio - ok 14:16:36.0786 8880 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:16:36.0900 8880 lltdsvc - ok 14:16:36.0929 8880 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:16:37.0009 8880 lmhosts - ok 14:16:37.0046 8880 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:16:37.0073 8880 LSI_FC - ok 14:16:37.0096 8880 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys14:16:37.0122 8880 LSI_SAS - ok 14:16:37.0141 8880 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:16:37.0164 8880 LSI_SCSI - ok 14:16:37.0172 8880 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 14:16:37.0238 8880 luafv - ok 14:16:37.0247 8880 lxdx_device - ok 14:16:37.0312 8880 [ 36EFC8C32829A27BAF0E63BFDBD5EE90 ] massfilter C:\Windows\system32\drivers\massfilter.sys 14:16:37.0348 8880 massfilter - ok 14:16:37.0391 8880 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 14:16:37.0423 8880 MBAMProtector - ok 14:16:37.0480 8880 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 14:16:37.0507 8880 MBAMScheduler - ok 14:16:37.0569 8880 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 14:16:37.0633 8880 MBAMService - ok 14:16:37.0761 8880 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe 14:16:37.0815 8880 McciCMService ( UnsignedFile.Multi.Generic ) - warning 14:16:37.0815 8880 McciCMService - detected UnsignedFile.Multi.Generic (1) 14:16:37.0871 8880 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe 14:16:37.0900 8880 McComponentHostService - ok 14:16:37.0924 8880 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:16:37.0963 8880 Mcx2Svc - ok 14:16:37.0994 8880 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 14:16:38.0017 8880 megasas - ok 14:16:38.0083 8880 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 14:16:38.0128 8880 MegaSR - ok 14:16:38.0153 8880 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 14:16:38.0223 8880 MMCSS - ok 14:16:38.0325 8880 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 14:16:38.0426 8880 Modem - ok 14:16:38.0543 8880 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:16:38.0643 8880 monitor - ok 14:16:38.0751 8880 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:16:38.0782 8880 mouclass - ok 14:16:38.0874 8880 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:16:38.0949 8880 mouhid - ok 14:16:38.0988 8880 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:16:39.0053 8880 MountMgr - ok 14:16:39.0151 8880 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 14:16:39.0258 8880 MpFilter - ok 14:16:39.0313 8880 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 14:16:39.0345 8880 mpio - ok 14:16:39.0366 8880 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:16:39.0454 8880 mpsdrv - ok 14:16:39.0645 8880 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll 14:16:39.0921 8880 MpsSvc - ok 14:16:39.0964 8880 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:16:39.0994 8880 Mraid35x - ok 14:16:40.0049 8880 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS 14:16:40.0074 8880 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 14:16:40.0074 8880 MREMP50 - detected UnsignedFile.Multi.Generic (1) 14:16:40.0121 8880 MREMP50a64 - ok 14:16:40.0125 8880 MREMPR5 - ok 14:16:40.0131 8880 MRENDIS5 - ok 14:16:40.0147 8880 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS 14:16:40.0175 8880 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 14:16:40.0175 8880 MRESP50 - detected UnsignedFile.Multi.Generic (1) 14:16:40.0179 8880 MRESP50a64 - ok 14:16:40.0222 8880 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:16:40.0261 8880 MRxDAV - ok 14:16:40.0339 8880 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:16:40.0407 8880 mrxsmb - ok 14:16:40.0439 8880 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:16:40.0479 8880 mrxsmb10 - ok 14:16:40.0503 8880 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:16:40.0554 8880 mrxsmb20 - ok 14:16:40.0605 8880 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys 14:16:40.0624 8880 msahci - ok 14:16:40.0646 8880 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:16:40.0666 8880 msdsm - ok 14:16:40.0688 8880 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 14:16:40.0825 8880 MSDTC - ok 14:16:40.0887 8880 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:16:40.0995 8880 Msfs - ok 14:16:41.0054 8880 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:16:41.0077 8880 msisadrv - ok 14:16:41.0137 8880 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:16:41.0234 8880 MSiSCSI - ok 14:16:41.0241 8880 msiserver - ok 14:16:41.0283 8880 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:16:41.0375 8880 MSKSSRV - ok 14:16:41.0433 8880 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 14:16:41.0452 8880 MsMpSvc - ok 14:16:41.0476 8880 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:16:41.0520 8880 MSPCLOCK - ok 14:16:41.0566 8880 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:16:41.0604 8880 MSPQM - ok 14:16:41.0648 8880 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:16:41.0671 8880 MsRPC - ok 14:16:41.0698 8880 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:16:41.0713 8880 mssmbios - ok 14:16:41.0798 8880 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:16:41.0852 8880 MSTEE - ok 14:16:41.0912 8880 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 14:16:41.0931 8880 Mup - ok 14:16:42.0017 8880 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 14:16:42.0280 8880 napagent - ok 14:16:42.0345 8880 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:16:42.0539 8880 NativeWifiP - ok 14:16:42.0655 8880 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:16:42.0986 8880 NDIS - ok 14:16:43.0031 8880 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:16:43.0097 8880 NdisTapi - ok 14:16:43.0125 8880 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:16:43.0187 8880 Ndisuio - ok 14:16:43.0252 8880 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:16:43.0328 8880 NdisWan - ok 14:16:43.0371 8880 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:16:43.0417 8880 NDProxy - ok 14:16:43.0465 8880 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 14:16:43.0492 8880 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 14:16:43.0492 8880 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 14:16:43.0531 8880 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:16:43.0895 8880 NetBIOS - ok 14:16:44.0192 8880 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:16:44.0410 8880 netbt - ok 14:16:44.0528 8880 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 14:16:44.0552 8880 Netlogon - ok 14:16:44.0662 8880 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 14:16:44.0763 8880 Netman - ok 14:16:44.0832 8880 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 14:16:44.0900 8880 netprofm - ok 14:16:44.0942 8880 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:16:44.0955 8880 NetTcpPortSharing - ok 14:16:45.0084 8880 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys 14:16:45.0635 8880 NETw3v64 - ok 14:16:45.0660 8880 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:16:45.0685 8880 nfrd960 - ok 14:16:45.0765 8880 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 14:16:45.0839 8880 NisDrv - ok 14:16:45.0906 8880 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 14:16:45.0946 8880 NisSrv - ok 14:16:46.0110 8880 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 14:16:46.0207 8880 NlaSvc - ok 14:16:46.0211 8880 Norton Internet Security - ok 14:16:46.0254 8880 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:16:46.0335 8880 Npfs - ok 14:16:46.0375 8880 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 14:16:46.0438 8880 nsi - ok 14:16:46.0485 8880 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:16:46.0547 8880 nsiproxy - ok 14:16:46.0633 8880 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:16:46.0780 8880 Ntfs - ok 14:16:46.0809 8880 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 14:16:46.0885 8880 Null - ok 14:16:46.0929 8880 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:16:46.0949 8880 nvraid - ok 14:16:46.0981 8880 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:16:47.0000 8880 nvstor - ok 14:16:47.0043 8880 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:16:47.0063 8880 nv_agp - ok 14:16:47.0073 8880 NwlnkFlt - ok 14:16:47.0080 8880 NwlnkFwd - ok 14:16:47.0169 8880 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:16:47.0210 8880 odserv - ok 14:16:47.0271 8880 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 14:16:47.0342 8880 ohci1394 - ok 14:16:47.0386 8880 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:16:47.0410 8880 ose - ok 14:16:47.0462 8880 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:16:47.0575 8880 p2pimsvc - ok 14:16:47.0629 8880 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 14:16:47.0672 8880 p2psvc - ok 14:16:47.0722 8880 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 14:16:47.0839 8880 Parport - ok 14:16:47.0883 8880 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:16:47.0909 8880 partmgr - ok 14:16:47.0927 8880 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 14:16:47.0979 8880 PcaSvc - ok 14:16:48.0032 8880 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 14:16:48.0062 8880 pci - ok 14:16:48.0098 8880 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys 14:16:48.0121 8880 pciide - ok 14:16:48.0153 8880 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:16:48.0180 8880 pcmcia - ok 14:16:48.0218 8880 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:16:48.0370 8880 PEAUTH - ok 14:16:48.0444 8880 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:16:48.0523 8880 PerfHost - ok 14:16:48.0605 8880 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 14:16:48.0766 8880 pla - ok 14:16:48.0830 8880 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:16:48.0904 8880 PlugPlay - ok 14:16:48.0947 8880 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 14:16:48.0973 8880 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 14:16:48.0973 8880 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 14:16:49.0024 8880 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:16:49.0084 8880 PNRPAutoReg - ok 14:16:49.0140 8880 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:16:49.0205 8880 PNRPsvc - ok 14:16:49.0275 8880 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:16:49.0360 8880 PolicyAgent - ok 14:16:49.0417 8880 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:16:49.0467 8880 PptpMiniport - ok 14:16:49.0493 8880 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys 14:16:49.0579 8880 Processor - ok 14:16:49.0617 8880 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 14:16:49.0666 8880 ProfSvc - ok 14:16:49.0686 8880 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 14:16:49.0705 8880 ProtectedStorage - ok 14:16:49.0747 8880 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 14:16:49.0783 8880 PSched - ok 14:16:49.0819 8880 [ BCCEA08C45BEA866FFD2AF32D23611B5 ] PTDUBus C:\Windows\system32\DRIVERS\PTDUBus.sys 14:16:49.0836 8880 PTDUBus - ok 14:16:49.0856 8880 [ F94A0753921E97CEBB9002682097149A ] PTDUMdm C:\Windows\system32\DRIVERS\PTDUMdm.sys 14:16:49.0874 8880 PTDUMdm - ok 14:16:49.0896 8880 [ AC70CDAE9E26D26EF6F41C3C23087AAE ] PTDUVsp C:\Windows\system32\DRIVERS\PTDUVsp.sys 14:16:49.0913 8880 PTDUVsp - ok 14:16:49.0944 8880 [ 1D2BD34A8E5C9EFD75085AF598A7D9B4 ] PTDUWFLT C:\Windows\system32\DRIVERS\PTDUWFLT.sys 14:16:49.0957 8880 PTDUWFLT - ok 14:16:49.0971 8880 [ 3D47D2AE93FDF671C3C997B2FAC4E13F ] PTDUWWAN C:\Windows\system32\DRIVERS\PTDUWWAN.sys 14:16:49.0988 8880 PTDUWWAN - ok 14:16:50.0040 8880 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:16:50.0134 8880 ql2300 - ok 14:16:50.0157 8880 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:16:50.0172 8880 ql40xx - ok 14:16:50.0224 8880 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 14:16:50.0267 8880 QWAVE - ok 14:16:50.0293 8880 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:16:50.0334 8880 QWAVEdrv - ok 14:16:50.0364 8880 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:16:50.0401 8880 RasAcd - ok 14:16:50.0421 8880 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 14:16:50.0465 8880 RasAuto - ok 14:16:50.0507 8880 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:16:50.0555 8880 Rasl2tp - ok 14:16:50.0593 8880 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 14:16:50.0646 8880 RasMan - ok 14:16:50.0677 8880 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:16:50.0743 8880 RasPppoe - ok 14:16:50.0771 8880 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:16:50.0807 8880 RasSstp - ok 14:16:50.0886 8880 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:16:50.0941 8880 rdbss - ok 14:16:50.0976 8880 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:16:51.0021 8880 RDPCDD - ok 14:16:51.0056 8880 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 14:16:51.0147 8880 rdpdr - ok 14:16:51.0156 8880 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:16:51.0231 8880 RDPENCDD - ok 14:16:51.0278 8880 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:16:51.0314 8880 RDPWD - ok 14:16:51.0386 8880 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe 14:16:51.0410 8880 Recovery Service for Windows - ok 14:16:51.0435 8880 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:16:51.0484 8880 RemoteAccess - ok 14:16:51.0525 8880 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:16:51.0589 8880 RemoteRegistry - ok 14:16:51.0637 8880 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 14:16:51.0704 8880 RFCOMM - ok 14:16:51.0780 8880 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 14:16:51.0788 8880 RichVideo ( UnsignedFile.Multi.Generic ) - warning 14:16:51.0788 8880 RichVideo - detected UnsignedFile.Multi.Generic (1) 14:16:51.0794 8880 rlpbokoi - ok 14:16:51.0815 8880 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 14:16:51.0833 8880 RpcLocator - ok 14:16:51.0884 8880 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll 14:16:51.0932 8880 RpcSs - ok 14:16:51.0975 8880 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:16:52.0042 8880 rspndr - ok 14:16:52.0093 8880 [ 170A66DFAAA22358E08D6F4B38C8F3DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys 14:16:52.0161 8880 RTL8169 - ok 14:16:52.0211 8880 [ 4AD8464FECE8EBE276D4A7D75E418452 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS 14:16:52.0246 8880 RTSTOR - ok 14:16:52.0264 8880 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 14:16:52.0288 8880 SamSs - ok 14:16:52.0433 8880 [ C7D53053541A448FEBB1373ABBAF79EF ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe 14:16:52.0587 8880 SBAMSvc - ok 14:16:52.0629 8880 [ DB7F9394B2F2D446DF14D46C61B0E94B ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys 14:16:52.0649 8880 sbapifs - ok 14:16:52.0684 8880 [ CDB954C736D51DC5FA712C039AF4F683 ] SbFw C:\Windows\system32\drivers\SbFw.sys 14:16:52.0709 8880 SbFw - ok 14:16:52.0747 8880 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys 14:16:52.0766 8880 SBFWIMCL - ok 14:16:52.0775 8880 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys 14:16:52.0794 8880 SBFWIMCLMP - ok 14:16:52.0830 8880 [ A5BC45F8C2F30350E7566799C86B2F5D ] sbhips C:\Windows\system32\drivers\sbhips.sys 14:16:52.0848 8880 sbhips - ok 14:16:52.0875 8880 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:16:52.0899 8880 sbp2port - ok 14:16:52.0920 8880 [ FD833BEE2FD9BEFDC0AFD1941A306D9E ] SBRE C:\Windows\system32\drivers\SBREdrv.sys 14:16:52.0938 8880 SBRE - ok 14:16:52.0992 8880 [ F9955774A6BF0A5CA696F591C7B80A79 ] SbTis C:\Windows\system32\drivers\sbtis.sys 14:16:53.0012 8880 SbTis - ok 14:16:53.0058 8880 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:16:53.0133 8880 SCardSvr - ok 14:16:53.0192 8880 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 14:16:53.0249 8880 Schedule - ok 14:16:53.0302 8880 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:16:53.0335 8880 SCPolicySvc - ok 14:16:53.0357 8880 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 14:16:53.0407 8880 sdbus - ok 14:16:53.0432 8880 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:16:53.0475 8880 SDRSVC - ok 14:16:53.0500 8880 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:16:53.0574 8880 secdrv - ok 14:16:53.0600 8880 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 14:16:53.0650 8880 seclogon - ok 14:16:53.0671 8880 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll 14:16:53.0728 8880 SENS - ok 14:16:53.0749 8880 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 14:16:53.0824 8880 Serenum - ok 14:16:53.0847 8880 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 14:16:53.0905 8880 Serial - ok 14:16:53.0936 8880 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:16:53.0994 8880 sermouse - ok 14:16:54.0039 8880 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 14:16:54.0111 8880 SessionEnv - ok 14:16:54.0141 8880 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:16:54.0202 8880 sffdisk - ok 14:16:54.0227 8880 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:16:54.0293 8880 sffp_mmc - ok 14:16:54.0321 8880 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:16:54.0365 8880 sffp_sd - ok 14:16:54.0373 8880 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:16:54.0432 8880 sfloppy - ok 14:16:54.0503 8880 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:16:54.0550 8880 SharedAccess - ok 14:16:54.0591 8880 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:16:54.0635 8880 ShellHWDetection - ok 14:16:54.0668 8880 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 14:16:54.0684 8880 SiSRaid2 - ok 14:16:54.0742 8880 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:16:54.0802 8880 SiSRaid4 - ok 14:16:54.0959 8880 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 14:16:55.0137 8880 slsvc - ok 14:16:55.0189 8880 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 14:16:55.0258 8880 SLUINotify - ok 14:16:55.0302 8880 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:16:55.0348 8880 Smb - ok 14:16:55.0395 8880 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:16:55.0437 8880 SNMPTRAP - ok 14:16:55.0478 8880 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 14:16:55.0502 8880 spldr - ok 14:16:55.0548 8880 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 14:16:55.0578 8880 Spooler - ok 14:16:55.0620 8880 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 14:16:55.0720 8880 srv - ok 14:16:55.0742 8880 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:16:55.0819 8880 srv2 - ok 14:16:55.0846 8880 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:16:55.0873 8880 srvnet - ok 14:16:55.0897 8880 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:16:55.0980 8880 SSDPSRV - ok 14:16:56.0028 8880 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:16:56.0057 8880 SstpSvc - ok 14:16:56.0154 8880 [ 72EB6157E892A674E47E08732BB5CCE3 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe 14:16:56.0230 8880 STacSV - ok 14:16:56.0268 8880 [ 0C7BDA7E9A329A071C080EB5210FE019 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 14:16:56.0318 8880 STHDA - ok 14:16:56.0376 8880 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 14:16:56.0421 8880 stisvc - ok 14:16:56.0456 8880 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:16:56.0477 8880 swenum - ok 14:16:56.0521 8880 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 14:16:56.0625 8880 swprv - ok 14:16:56.0648 8880 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 14:16:56.0670 8880 Symc8xx - ok 14:16:56.0688 8880 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 14:16:56.0710 8880 Sym_hi - ok 14:16:56.0748 8880 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 14:16:56.0768 8880 Sym_u3 - ok 14:16:56.0822 8880 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 14:16:56.0864 8880 SynTP - ok 14:16:56.0926 8880 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 14:16:57.0046 8880 SysMain - ok 14:16:57.0078 8880 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:16:57.0129 8880 TabletInputService - ok 14:16:57.0171 8880 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:16:57.0249 8880 TapiSrv - ok 14:16:57.0278 8880 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 14:16:57.0365 8880 TBS - ok 14:16:57.0437 8880 [ 2860D16C5021F72130212DDB1C53018F ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:16:57.0539 8880 Tcpip - ok 14:16:57.0592 8880 [ 2860D16C5021F72130212DDB1C53018F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 14:16:57.0686 8880 Tcpip6 - ok 14:16:57.0728 8880 [ EFC6BE643B476118EC726D35A821B2A9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:16:57.0770 8880 tcpipreg - ok 14:16:57.0807 8880 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:16:57.0894 8880 TDPIPE - ok 14:16:57.0924 8880 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:16:58.0008 8880 TDTCP - ok 14:16:58.0056 8880 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:16:58.0119 8880 tdx - ok 14:16:58.0161 8880 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:16:58.0187 8880 TermDD - ok 14:16:58.0235 8880 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 14:16:58.0345 8880 TermService - ok 14:16:58.0383 8880 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 14:16:58.0413 8880 Themes - ok 14:16:58.0433 8880 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 14:16:58.0495 8880 THREADORDER - ok 14:16:58.0514 8880 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 14:16:58.0600 8880 TrkWks - ok 14:16:58.0663 8880 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:16:58.0722 8880 TrustedInstaller - ok 14:16:58.0766 8880 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:16:58.0849 8880 tssecsrv - ok 14:16:58.0881 8880 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 14:16:58.0907 8880 tunmp - ok 14:16:58.0939 8880 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:16:58.0961 8880 tunnel - ok 14:16:58.0987 8880 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:16:59.0013 8880 uagp35 - ok 14:16:59.0066 8880 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:16:59.0117 8880 udfs - ok 14:16:59.0164 8880 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:16:59.0231 8880 UI0Detect - ok 14:16:59.0255 8880 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:16:59.0274 8880 uliagpkx - ok 14:16:59.0304 8880 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 14:16:59.0329 8880 uliahci - ok 14:16:59.0354 8880 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 14:16:59.0376 8880 UlSata - ok 14:16:59.0396 8880 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 14:16:59.0417 8880 ulsata2 - ok 14:16:59.0433 8880 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:16:59.0508 8880 umbus - ok 14:16:59.0549 8880 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 14:16:59.0678 8880 upnphost - ok 14:16:59.0743 8880 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:16:59.0803 8880 usbccgp - ok 14:16:59.0837 8880 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:16:59.0922 8880 usbcir - ok 14:16:59.0958 8880 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:17:00.0006 8880 usbehci - ok 14:17:00.0107 8880 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:17:00.0181 8880 usbhub - ok 14:17:00.0211 8880 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys 14:17:00.0295 8880 usbohci - ok 14:17:00.0349 8880 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:17:00.0417 8880 usbprint - ok 14:17:00.0452 8880 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 14:17:00.0480 8880 usbscan - ok 14:17:00.0529 8880 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:17:00.0592 8880 USBSTOR - ok 14:17:00.0618 8880 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:17:00.0661 8880 usbuhci - ok 14:17:00.0712 8880 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 14:17:00.0773 8880 usbvideo - ok 14:17:00.0818 8880 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 14:17:00.0909 8880 UxSms - ok 14:17:01.0124 8880 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 14:17:01.0199 8880 vds - ok 14:17:01.0205 8880 vfulppjn - ok 14:17:01.0247 8880 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:17:01.0294 8880 vga - ok 14:17:01.0312 8880 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 14:17:01.0357 8880 VgaSave - ok 14:17:01.0365 8880 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys 14:17:01.0379 8880 viaide - ok 14:17:01.0416 8880 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:17:01.0433 8880 volmgr - ok 14:17:01.0474 8880 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:17:01.0501 8880 volmgrx - ok 14:17:01.0543 8880 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:17:01.0564 8880 volsnap - ok 14:17:01.0576 8880 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:17:01.0594 8880 vsmraid - ok 14:17:01.0659 8880 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 14:17:01.0793 8880 VSS - ok 14:17:01.0842 8880 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 14:17:01.0886 8880 W32Time - ok 14:17:01.0927 8880 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:17:02.0063 8880 WacomPen - ok 14:17:02.0104 8880 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 14:17:02.0168 8880 Wanarp - ok 14:17:02.0176 8880 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:17:02.0222 8880 Wanarpv6 - ok 14:17:02.0249 8880 wanatw - ok 14:17:02.0293 8880 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:17:02.0363 8880 wcncsvc - ok 14:17:02.0396 8880 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:17:02.0465 8880 WcsPlugInService - ok 14:17:02.0495 8880 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 14:17:02.0518 8880 Wd - ok 14:17:02.0569 8880 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:17:02.0640 8880 Wdf01000 - ok 14:17:02.0679 8880 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:17:02.0757 8880 WdiServiceHost - ok 14:17:02.0764 8880 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:17:02.0827 8880 WdiSystemHost - ok 14:17:02.0882 8880 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 14:17:02.0923 8880 WebClient - ok 14:17:02.0968 8880 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:17:03.0013 8880 Wecsvc - ok 14:17:03.0057 8880 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:17:03.0095 8880 wercplsupport - ok 14:17:03.0113 8880 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 14:17:03.0159 8880 WerSvc - ok 14:17:03.0176 8880 WinDefend - ok 14:17:03.0184 8880 WinHttpAutoProxySvc - ok 14:17:03.0248 8880 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:17:03.0284 8880 Winmgmt - ok 14:17:03.0359 8880 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll 14:17:03.0532 8880 WinRM - ok 14:17:03.0591 8880 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:17:03.0644 8880 Wlansvc - ok 14:17:03.0751 8880 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:17:03.0764 8880 wlcrasvc - ok 14:17:03.0880 8880 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:17:03.0992 8880 wlidsvc - ok 14:17:04.0031 8880 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 14:17:04.0102 8880 WmiAcpi - ok 14:17:04.0151 8880 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:17:04.0216 8880 wmiApSrv - ok 14:17:04.0243 8880 WMPNetworkSvc - ok 14:17:04.0272 8880 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:17:04.0302 8880 WPCSvc - ok 14:17:04.0338 8880 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:17:04.0368 8880 WPDBusEnum - ok 14:17:04.0499 8880 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:17:04.0591 8880 WPFFontCache_v0400 - ok 14:17:04.0636 8880 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:17:04.0714 8880 ws2ifsl - ok 14:17:04.0752 8880 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll 14:17:04.0783 8880 wscsvc - ok 14:17:04.0789 8880 WSearch - ok 14:17:04.0891 8880 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 14:17:05.0247 8880 wuauserv - ok 14:17:05.0373 8880 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:17:05.0398 8880 WudfPf - ok 14:17:05.0451 8880 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:17:05.0490 8880 WUDFRd - ok 14:17:05.0533 8880 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:17:05.0558 8880 wudfsvc - ok 14:17:05.0606 8880 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys 14:17:05.0695 8880 yukonx64 - ok 14:17:05.0747 8880 [ 722E9263A1558F98975BF2CFCEE85C12 ] ZTEusbgps C:\Windows\system32\DRIVERS\ZTEusbgps.sys 14:17:05.0790 8880 ZTEusbgps - ok 14:17:05.0821 8880 [ 722E9263A1558F98975BF2CFCEE85C12 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 14:17:05.0840 8880 ZTEusbmdm6k - ok 14:17:05.0865 8880 [ 722E9263A1558F98975BF2CFCEE85C12 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 14:17:05.0884 8880 ZTEusbnmea - ok 14:17:05.0899 8880 [ 722E9263A1558F98975BF2CFCEE85C12 ] ZTEusbnmeaext C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys 14:17:05.0918 8880 ZTEusbnmeaext - ok 14:17:05.0938 8880 [ 722E9263A1558F98975BF2CFCEE85C12 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 14:17:05.0960 8880 ZTEusbser6k - ok 14:17:06.0007 8880 [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 14:17:06.0023 8880 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok 14:17:06.0063 8880 ================ Scan global =============================== 14:17:06.0096 8880 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 14:17:06.0140 8880 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 14:17:06.0163 8880 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 14:17:06.0208 8880 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 14:17:06.0213 8880 [Global] - ok 14:17:06.0213 8880 ================ Scan MBR ================================== 14:17:06.0228 8880 [ 8B07CC54D34BF4EA642040A08361DE7F ] \Device\Harddisk0\DR0 14:17:06.0229 8880 Suspicious mbr (Forged): \Device\Harddisk0\DR0 14:17:06.0288 8880 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected 14:17:06.0289 8880 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0) 14:17:06.0439 8880 ================ Scan VBR ================================== 14:17:06.0443 8880 [ 245FF49CE7D2551E29AC4BC437D6C76A ] \Device\Harddisk0\DR0\Partition1 14:17:06.0446 8880 \Device\Harddisk0\DR0\Partition1 - ok 14:17:06.0468 8880 [ D64EE8188970EBF3F3DD8DEE7AB405E1 ] \Device\Harddisk0\DR0\Partition2 14:17:06.0471 8880 \Device\Harddisk0\DR0\Partition2 - ok 14:17:06.0472 8880 ============================================================ 14:17:06.0472 8880 Scan finished 14:17:06.0472 8880 ============================================================ 14:17:06.0492 10364 Detected object count: 12 14:17:06.0492 10364 Actual detected object count: 12 14:17:25.0911 10364 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0912 10364 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0915 10364 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0915 10364 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0917 10364 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0917 10364 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0920 10364 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0920 10364 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0923 10364 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0923 10364 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0926 10364 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0926 10364 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0926 10364 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0926 10364 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0930 10364 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0930 10364 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0932 10364 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0933 10364 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0935 10364 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0936 10364 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:25.0938 10364 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 14:17:25.0938 10364 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:17:26.0625 10364 \Device\Harddisk0\DR0\# - copied to quarantine 14:17:26.0932 10364 \Device\Harddisk0\DR0 - copied to quarantine 14:17:28.0614 10364 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot 14:17:28.0616 10364 \Device\Harddisk0\DR0 - ok 14:17:29.0209 10364 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure 14:18:28.0119 5388 Deinitialize success

#24 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,486 posts
  • MVP

Posted 08 April 2013 - 04:16 PM

Hi tortoise, How is the computer? Is MBAM still blocking svchost?

#25 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 06:01 PM

No, it has stopped. It was annoying with the box always popping up but now it is gone, I miss it. LOL So far the computer is doing good.

Edited by tortoise, 08 April 2013 - 06:03 PM.


#26 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,486 posts
  • MVP

Posted 08 April 2013 - 06:26 PM

Hi tortoise,

Looks like there were 2 or 3 of these nasties.

Your system has been infected by one or more Rootkits/Backdoor Trojans.

This may allow hackers to remotely control your computer, steal critical system information and Download and Execute files

More information on Remote Access Trojans can be found here.

I strongly suggest you do the following immediately:
  • From a known clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer until it has been cleaned.


Please disable your security programs and rerun combofix. Please post the log.

Thanks

#27 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 07:20 PM

This sucks. I think I know where I got it. Funny emails from a friend that I opened and clicked on link. Now I have to tell her to check her computer. I stopped realtime protection but when Combofix ran, it said it was open. It is on my taskbar but now it is gone. AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA} SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 ))))))))))))))))))))))))))))))) . . 2013-04-09 01:08 . 2013-04-09 01:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-08 18:40 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1FF3371-6FB7-48BB-8D5A-E639A3B580EB}\mpengine.dll 2013-04-08 18:20 . 2012-11-28 22:39 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1959C56E-486B-013E-8F7F-AAF9A43F7ED7}\GapaEngine.dll 2013-04-08 18:17 . 2013-04-08 18:17 -------- d-----w- C:\TDSSKiller_Quarantine 2013-04-07 23:21 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\programdata\Malwarebytes 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-07 23:08 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-07 22:42 . 2013-04-07 22:42 -------- d-----w- C:\_OTL 2013-04-07 22:36 . 2013-04-07 22:36 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-07 22:36 . 2013-04-07 22:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-07 22:35 . 2013-04-07 22:35 -------- d-----w- c:\program files (x86)\Java 2013-04-06 19:25 . 2013-04-06 19:25 -------- d-----w- c:\program files (x86)\SearchDonkey 2013-04-06 19:25 . 2013-04-06 19:25 -------- d-----w- c:\program files\Enigma Software Group 2013-04-06 19:24 . 2013-04-06 19:24 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-04-06 19:24 . 2013-04-06 19:24 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com 2013-04-06 19:22 . 2013-04-06 19:22 -------- d-----w- c:\programdata\APN 2013-03-29 01:16 . 2013-03-29 01:16 1409 ----a-w- c:\windows\QTFont.for 2013-03-21 15:23 . 2012-11-28 22:39 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08494117-1EF2-49F2-AA3A-97EA292ECCFE}\gapaengine.dll 2013-03-13 15:46 . 2013-02-02 06:57 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-03-13 15:43 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-13 15:42 . 2013-04-07 22:42 -------- d-----w- c:\users\Linda\AppData\Local\PIXELA . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-07 22:35 . 2012-06-17 17:25 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-04-07 22:35 . 2012-01-25 23:52 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-02 10:34 . 2009-10-03 15:13 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-13 15:51 . 2006-11-02 12:35 72013344 ----a-w- c:\windows\system32\mrt.exe 2013-03-12 19:27 . 2012-04-04 14:15 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-12 19:27 . 2011-07-07 21:31 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-09 15:00 . 2009-12-06 17:00 384512 ----a-w- c:\windows\system32\services.exe 2013-01-20 20:59 . 2013-01-20 20:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 20:59 . 2012-03-21 00:44 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}] 2013-03-08 21:01 392328 ----a-w- c:\program files (x86)\SearchDonkey\IE\common.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files (x86)\Windows Sidebar\SideBar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] "ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736] "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Exif Launcher.lnk - c:\program files (x86)\FinePixViewer\QuickDCF.exe [2002-1-9 200704] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update . S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 42199501 *NewlyCreated* - 66421452 *NewlyCreated* - 66670161 *Deregistered* - 42199501 *Deregistered* - 66421452 *Deregistered* - 66670161 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-01 22:09 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-07 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44] . 2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:27] . 2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 15:33] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 15:33] . 2013-04-06 c:\windows\Tasks\HPCeeScheduleForLinda.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-11 19:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 199704] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uStart Page = hxxp://xfinity.comcast.net/ uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Search_URL = mSearch Page = mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie mSearchAssistant = mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: juno.com Trusted Zone: netzero.com Trusted Zone: netzero.net TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-66421452.sys . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-04-08 21:12:22 ComboFix-quarantined-files.txt 2013-04-09 01:12 ComboFix2.txt 2013-04-07 00:09 . Pre-Run: 251,186,405,376 bytes free Post-Run: 251,245,060,096 bytes free . - - End Of File - - 5757DCEC48A049F95830BFB7CD7B915D

Edited by tortoise, 08 April 2013 - 07:24 PM.


#28 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 08 April 2013 - 08:04 PM

When combo fix was running, a box popped up and said mic security essentials was on but I had shut it off and could do damage. Then another box popped up saying a updated version of combofix was availaber, did i want it. I said no. After the combofix ran, I posted and made sure Sec Essentials was shut off. I ran Combofix again and got the update. Here is the log ComboFix 13-04-08.04 - Linda 04/08/2013 21:33:23.3.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4026.2122 [GMT -4:00] Running from: c:\users\Linda\Desktop\jgh.exe AV: Lavasoft Ad-Aware *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA} SP: Lavasoft Ad-Aware *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 ))))))))))))))))))))))))))))))) . . 2013-04-09 01:51 . 2013-04-09 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-08 18:40 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1FF3371-6FB7-48BB-8D5A-E639A3B580EB}\mpengine.dll 2013-04-08 18:17 . 2013-04-08 18:17 -------- d-----w- C:\TDSSKiller_Quarantine 2013-04-07 23:21 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\programdata\Malwarebytes 2013-04-07 23:08 . 2013-04-07 23:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-07 23:08 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-07 22:42 . 2013-04-07 22:42 -------- d-----w- C:\_OTL 2013-04-07 22:36 . 2013-04-07 22:36 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-07 22:36 . 2013-04-07 22:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-07 22:35 . 2013-04-07 22:35 -------- d-----w- c:\program files (x86)\Java 2013-04-06 19:25 . 2013-04-06 19:25 -------- d-----w- c:\program files (x86)\SearchDonkey 2013-04-06 19:25 . 2013-04-06 19:25 -------- d-----w- c:\program files\Enigma Software Group 2013-04-06 19:24 . 2013-04-06 19:24 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-04-06 19:24 . 2013-04-06 19:24 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com 2013-04-06 19:22 . 2013-04-06 19:22 -------- d-----w- c:\programdata\APN 2013-03-29 01:16 . 2013-03-29 01:16 1409 ----a-w- c:\windows\QTFont.for 2013-03-21 15:23 . 2012-11-28 22:39 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{08494117-1EF2-49F2-AA3A-97EA292ECCFE}\gapaengine.dll 2013-03-13 15:46 . 2013-02-02 06:57 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-03-13 15:43 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-13 15:42 . 2013-04-07 22:42 -------- d-----w- c:\users\Linda\AppData\Local\PIXELA . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-07 22:35 . 2012-06-17 17:25 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-04-07 22:35 . 2012-01-25 23:52 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-02 10:34 . 2009-10-03 15:13 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-13 15:51 . 2006-11-02 12:35 72013344 ----a-w- c:\windows\system32\mrt.exe 2013-03-12 19:27 . 2012-04-04 14:15 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-12 19:27 . 2011-07-07 21:31 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-09 15:00 . 2009-12-06 17:00 384512 ----a-w- c:\windows\system32\services.exe 2013-01-20 20:59 . 2013-01-20 20:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 20:59 . 2012-03-21 00:44 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}] 2013-03-08 21:01 392328 ----a-w- c:\program files (x86)\SearchDonkey\IE\common.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files (x86)\Windows Sidebar\SideBar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320] "ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-26 1152296] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-26 189736] "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Exif Launcher.lnk - c:\program files (x86)\FinePixViewer\QuickDCF.exe [2002-1-9 200704] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update . S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-01 22:09 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-07 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44] . 2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:27] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 15:33] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 15:33] . 2013-04-06 c:\windows\Tasks\HPCeeScheduleForLinda.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-11 19:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 199704] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . ------- Supplementary Scan ------- . uStart Page = hxxp://xfinity.comcast.net/ uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mDefault_Search_URL = mSearch Page = mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie mSearchAssistant = mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: juno.com Trusted Zone: netzero.com Trusted Zone: netzero.net TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-04-08 21:54:19 ComboFix-quarantined-files.txt 2013-04-09 01:54 ComboFix2.txt 2013-04-09 01:12 ComboFix3.txt 2013-04-07 00:09 . Pre-Run: 251,501,588,480 bytes free Post-Run: 251,459,497,984 bytes free . - - End Of File - - D02C9F0E13E4035D335DC277A8FEB93E

#29 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,486 posts
  • MVP

Posted 09 April 2013 - 05:19 AM

Hi tortoise, Try disabling Ad-Aware before you uninstall it.

#30 tortoise

tortoise

    Authentic Member

  • Authentic Member
  • PipPip
  • 30 posts

Posted 09 April 2013 - 07:58 AM

It worked but I also got rid of Mcafee too. I think Xfinity downloaded it on my desk with I signed up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users