Solved Suspicious iexplore.exe processes always running

B

Bigtuna00

Posts: 44   +0
Discovered my parent's computer was infected today. Malwarebytes found and removed 7 infections. However I'm suspicious all is still not well. I'm seeing two Internet Explorer processes running at all times, even after a restart. My parents don't use IE at all. Example below:

iexplore.PNG

I'll be posting the logs requested in the Sticky thread and also the Malwarebytes log from the 7 removed infections.
 
Here is the log from Malwarebytes for the removed infections:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.08.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Parents :: PARENTS-PC [administrator]

9/8/2012 3:59:02 PM
mbam-log-2012-09-08 (15-59-02).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339134
Time elapsed: 14 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Parents\AppData\Roaming\zidpl.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|zidpl (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Users\Parents\AppData\Roaming\zidpl.dll",APCMDecode -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
E:\Share\Profile\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Parents\AppData\Local\Temp\124kkk290347.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
E:\Share\Profile\Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Parents\AppData\Roaming\zidpl.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.

(end)
 
Here is the result of a current Malwarebytes quick scan:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.08.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Parents :: PARENTS-PC [administrator]

9/8/2012 5:42:52 PM
mbam-log-2012-09-08 (17-42-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209848
Time elapsed: 1 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Here is the DDS output:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Parents at 17:40:37 on 2012-09-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7933.6565 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [SansaDispatch] C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [Google Update] "C:\Users\Parents\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [qmrds] "C:\Windows\System32\rundll32.exe" "C:\Users\Parents\AppData\Roaming\qmrds.dll",AcquireLock
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8CA72E32-AD9E-4D05-88E8-9878FB8873C2} : DhcpNameServer = 10.64.0.11 207.135.64.66 207.135.127.66 10.2.2.7 10.2.2.17 10.2.2.77 10.96.0.104
TCP: Interfaces\{EC25EEA4-DE6A-4DC6-95C3-3BEF84B2B9B9} : DhcpNameServer = 192.168.1.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-28 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250568]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-28 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-09 00:07:14--------d-----w-C:\_OTL
2012-09-08 22:53:5524904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-09-08 22:53:55--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-08 22:43:519310152----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE9D1615-F802-4619-9854-16030B2BC737}\mpengine.dll
2012-09-08 22:00:56110592----a-w-C:\ProgramData\21guOreO.exe_
2012-09-08 22:00:56110592----a-w-C:\ProgramData\21guOreO.exe
2012-09-08 14:15:529310152----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-08 05:39:41--------d-----w-C:\Users\Parents\AppData\Roaming\DAVA
2012-09-08 05:22:09--------d-----w-C:\Program Files (x86)\Old Clockmaker's Riddle
2012-09-07 03:30:52163256----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\np-mswmp.dll
2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin7.dll
2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin6.dll
2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll
2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll
2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll
2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll
2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll
2012-09-05 16:43:35--------d-----w-C:\Users\Parents\AppData\Local\{6277D76C-A3F3-4371-B819-0CFBBC795A0F}
2012-09-05 06:26:20--------d-----w-C:\Users\Parents\AppData\Local\{96AE75BE-F722-11E1-8270-B8AC6F996F26}
2012-09-05 06:26:17649216----a-w-C:\Users\Parents\AppData\Roaming\qmrds.dll
2012-09-01 17:58:03--------d-----w-C:\Users\Parents\AppData\Local\{6F4E124B-21FD-4215-B128-E6212F3BE2DF}
2012-09-01 03:52:04--------d-----w-C:\Users\Parents\AppData\Roaming\ShaoLin
2012-09-01 00:49:58--------d-----w-C:\Users\Parents\AppData\Roaming\CaribbeanHideaway
2012-08-31 15:42:544278384----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 15:42:3442776----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-28 01:27:44--------d-----w-C:\ProgramData\CannyGames
2012-08-28 00:59:06--------d-----w-C:\Program Files (x86)\Atlantic Quest
2012-08-26 12:32:12--------d-----w-C:\Program Files (x86)\AMD APP
2012-08-23 21:19:31--------d-----w-C:\Users\Parents\AppData\Local\{42B6636B-3465-4568-89C7-8B2B7F92D4DF}
2012-08-22 03:18:04--------d-----w-C:\Users\Parents\AppData\Local\{2B522096-002E-4379-BBDD-1C8C5D3A5799}
2012-08-20 22:31:41--------d-----w-C:\Program Files (x86)\Big Kahuna Reef 3
2012-08-20 22:28:42--------d-----w-C:\Users\Parents\AppData\Roaming\Artifact Quest
2012-08-18 19:37:54--------d-----w-C:\Windows\en
2012-08-18 19:37:31--------d-----w-C:\Users\Parents\AppData\Local\{BE7FADC2-89CA-4336-A3B1-5A3A9B43AE7C}
2012-08-18 19:37:27--------d-----w-C:\Users\Parents\AppData\Local\{EE7371FC-F4EF-4852-9E32-27D440AF900E}
2012-08-18 19:36:19--------d-----w-C:\Users\Parents\AppData\Local\{CB9EF46C-8A48-4085-B37C-26B017D2C546}
2012-08-18 19:35:39537432----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\DXSETUP.exe
2012-08-18 19:35:391801048----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\dsetup32.dll
2012-08-18 19:35:3889944----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\DSETUP.dll
2012-08-18 19:35:31--------d-----w-C:\Users\Parents\AppData\Local\{EFA18701-33A7-4311-B109-5B224C439ADA}
2012-08-18 19:35:21--------d-----w-C:\Users\Parents\AppData\Local\{B6991C87-AE41-4462-B4EF-B0DD83773E8A}
2012-08-18 19:35:10--------d-----w-C:\Users\Parents\AppData\Local\{17ED5333-1A5B-49DC-A836-A03AA6CD0618}
2012-08-18 19:34:49--------d-----w-C:\Users\Parents\AppData\Local\{11A84E74-0E47-470A-8816-48732B49372E}
2012-08-18 19:34:39--------d-----w-C:\Users\Parents\AppData\Local\{494BB960-23BE-43CE-80DA-8E64B5789247}
2012-08-18 19:34:28--------d-----w-C:\Users\Parents\AppData\Local\{AA2C3B66-045C-4119-9930-09496AA9B695}
2012-08-18 19:34:18--------d-----w-C:\Users\Parents\AppData\Local\{06030E84-444A-449D-8B81-E1D4CB86746F}
2012-08-18 19:34:07--------d-----w-C:\Users\Parents\AppData\Local\{8AE029B5-CCC1-4649-889A-7DAF29418C1E}
2012-08-18 19:33:57--------d-----w-C:\Users\Parents\AppData\Local\{F210D26C-DC86-46CC-869C-4C88DF96D090}
2012-08-18 19:33:36--------d-----w-C:\Users\Parents\AppData\Local\{C5D2AB25-32C6-47C8-8297-E0045A772B71}
2012-08-18 15:03:34--------d-----w-C:\Program Files\Microsoft Device Center
2012-08-18 14:51:29--------d-----w-C:\Users\Parents\AppData\Local\{91A6CC58-18B8-42C4-9949-80D0853909E3}
2012-08-18 14:51:08--------d-----w-C:\Users\Parents\AppData\Local\{4E9F5533-1311-4C21-84A9-3C91581E4B52}
2012-08-18 14:47:38--------d-----w-C:\Users\Parents\AppData\Local\{4C08CAE8-1352-4FF1-AA64-E61928FB5BA0}
2012-08-18 14:47:19--------d-----w-C:\Users\Parents\AppData\Local\{D9366DE5-0E6D-47FE-8C51-FE0C33A176B5}
2012-08-18 13:39:09751104----a-w-C:\Windows\System32\win32spl.dll
2012-08-18 13:39:09559104----a-w-C:\Windows\System32\spoolsv.exe
2012-08-18 13:39:09503808----a-w-C:\Windows\System32\srcore.dll
2012-08-18 13:39:0943008----a-w-C:\Windows\SysWow64\srclient.dll
2012-08-18 13:39:0867072----a-w-C:\Windows\splwow64.exe
2012-08-18 13:39:0859392----a-w-C:\Windows\System32\browcli.dll
2012-08-18 13:39:08492032----a-w-C:\Windows\SysWow64\win32spl.dll
2012-08-18 13:39:0841984----a-w-C:\Windows\SysWow64\browcli.dll
2012-08-18 13:39:08136704----a-w-C:\Windows\System32\browser.dll
2012-08-18 13:39:03956928----a-w-C:\Windows\System32\localspl.dll
2012-08-18 13:39:033148800----a-w-C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-09-08 05:22:32466456----a-w-C:\Windows\System32\wrap_oal.dll
2012-09-08 05:22:32444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
2012-09-08 05:22:32122904----a-w-C:\Windows\System32\OpenAL32.dll
2012-09-08 05:22:32109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
2012-08-28 13:05:5473416----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 13:05:54696520----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-28 05:47:40187392----a-w-C:\Windows\System32\clinfo.exe
2012-07-28 05:47:2475776----a-w-C:\Windows\System32\OpenVideo64.dll
2012-07-28 05:47:1665024----a-w-C:\Windows\SysWow64\OpenVideo.dll
2012-07-28 05:47:1063488----a-w-C:\Windows\System32\OVDecode64.dll
2012-07-28 05:47:0656320----a-w-C:\Windows\SysWow64\OVDecode.dll
2012-07-28 05:46:5616464896----a-w-C:\Windows\System32\amdocl64.dll
2012-07-28 05:46:0613013504----a-w-C:\Windows\SysWow64\amdocl.dll
2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-06-27 04:38:3046176----a-w-C:\Windows\System32\drivers\point64.sys
2012-06-25 05:24:4852320----a-w-C:\Windows\System32\drivers\dc3d.sys
.
============= FINISH: 17:40:48.96 ===============
 
The sticky conflicts with the instructions inside "Attach.txt" from DDS so I'll hold off posting it, please let me know if you need it.

Sticky says to post it, log says not to post it...
 
More background:

How I noticed the infection: my Mom was complaining about slow performance and Firefox was crashing. There were also crash dialogs for IE (which was not open). Task Manager revealed several instances of 124kkk290347.exe running as well as one other exe with a strange name (sorry I don't remember that one and my laptop battery is dead, I can get it from my search history later). I manually killed these, they did NOT restart. I ran Malwarebytes full scan after this.

Full disclosure: this is my first serious infection in ~23 years of computing so I'm kind of a n00b at this. Previous potential threats had always been either blocked by AV software or just a file that was flagged and deleted. The point being I'm experienced enough to follow instructions but might make mistakes. I'll try my best! :p
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Sticky clearly says to ignore DDS internal instructions so I expect Attach.txt to be pasted in your next reply.

Next....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
  • Like
Reactions: Bigtuna00
Content of Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/27/2011 4:52:24 PM
System Uptime: 9/8/2012 5:30:20 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
Processor: AMD Athlon(tm) II X2 250 Processor | Socket M2 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 32.734 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 373 GiB total, 278.854 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP146: 8/29/2012 12:57:39 AM - Windows Update
RP147: 9/2/2012 6:11:58 AM - Windows Update
RP148: 9/6/2012 5:22:15 AM - Windows Update
RP149: 9/8/2012 3:47:01 PM - Removed Adobe Reader X (10.1.4).
RP150: 9/8/2012 3:48:38 PM - Removed Adobe Help Manager
RP151: 9/8/2012 3:48:49 PM - Removed Adobe Download Assistant
RP152: 9/8/2012 3:52:02 PM - Removed Skype Click to Call
RP153: 9/8/2012 4:57:42 PM - Removed JavaFX 2.1.1
RP154: 9/8/2012 4:58:01 PM - Removed Java(TM) 7 Update 5
RP155: 9/8/2012 5:00:45 PM - OTL Restore Point - 9/8/2012 5:00:45 PM
.
==== Installed Programs ======================
.
7 Wonders: Magical Mystery Tour
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Amazon MP3 Downloader 1.0.15
AMD USB Filter Driver
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Atlantic Quest
BabySmash!
Big Fish Games: Game Manager
Big Kahuna Reef 3
Call of Atlantis
CameraHelperMsi
Canon Easy-PhotoPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.0
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cradle of Egypt
Cradle of Rome 2
Cursed House
D3DX10
Death at Fairing Point: A Dana Knightstone Novel
erLT
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
Haunted Manor: Lord of Mirrors
Heroes of Hellas 3: Athens
Hidden in Time: Looking-glass Lane
ImgBurn
Intel(R) Solid-State Drive Toolbox
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Midnight Mysteries: Devil on the Mississippi Collector's Edition
MSVCRT
MusicBee
Notepad++
Old Clockmaker's Riddle
OpenAL
Ozzy Bubbles
Picasa 3
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Sansa Updater
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.10
The Treasures of Montezuma 3
TreeSize Free V2.5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Venice Mystery
VLC media player 2.0.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
9/8/2012 5:30:30 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
9/8/2012 5:07:14 PM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
Content of RKreport[1].txt:

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Parents [Admin rights]
Mode : Scan -- Date : 09/08/2012 19:24:23

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] SansaDispatch.exe -- C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc]
[SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
[RUN][BLACKLIST DLL] HKCU\[...]\Run : qmrds ("C:\Windows\System32\rundll32.exe" "C:\Users\Parents\AppData\Roaming\qmrds.dll",AcquireLock) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3689204523-1297797616-1657894789-1004[...]\Run : SansaDispatch (C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-21-3689204523-1297797616-1657894789-1004[...]\Run : qmrds ("C:\Windows\System32\rundll32.exe" "C:\Users\Parents\AppData\Roaming\qmrds.dll",AcquireLock) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
[PROXY FF] yjiglzqp.default\ : -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3689204523-1297797616-1657894789-1004\$c4a888d117ff0bfffc1d0dd151ac7ca3\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3689204523-1297797616-1657894789-1004\$c4a888d117ff0bfffc1d0dd151ac7ca3\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3689204523-1297797616-1657894789-1004\$c4a888d117ff0bfffc1d0dd151ac7ca3\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: INTEL SS DSA2M080G2GC SATA Disk Device +++++
--- User ---
[MBR] 456fd817468c22b3cf57e7bc88b9e186
[BSP] 2fbdb687bdaaf4f2316b5c58c40c5f6c : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 239f14c7f822b0c3d4c4352b8acd3e75
[BSP] cd958f910f243ab8c9473bc2dae567af : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7224 Mo

+++++ PhysicalDrive1: WDC WD40 00KS-00MNB0 SATA Disk Device +++++
--- User ---
[MBR] 4375a6c7cb224ebba4eaed7df1f91626
[BSP] e9542363fd300cb042b8dc73a14e8590 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 381551 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
Content of aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-08 19:27:20
-----------------------------
19:27:20.123 OS Version: Windows x64 6.1.7601 Service Pack 1
19:27:20.123 Number of processors: 2 586 0x602
19:27:20.124 ComputerName: PARENTS-PC UserName: Parents
19:27:20.373 Initialize success
19:29:05.385 AVAST engine defs: 12090801
19:29:22.416 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
19:29:22.418 Disk 0 Vendor: INTEL_SS 2CV1 Size: 76319MB BusType: 11
19:29:22.421 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000051
19:29:22.422 Disk 1 Vendor: WDC_WD40 07.0 Size: 381554MB BusType: 11
19:29:22.426 Disk 0 MBR read successfully
19:29:22.428 Disk 0 MBR scan
19:29:22.432 Disk 0 Windows 7 default MBR code
19:29:22.435 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
19:29:22.482 Disk 0 scanning C:\Windows\system32\drivers
19:29:29.185 Service scanning
19:29:44.770 Modules scanning
19:29:44.776 Disk 0 trace - called modules:
19:29:44.779 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:29:44.784 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078d0060]
19:29:44.788 3 CLASSPNP.SYS[fffff88001b7243f] -> nt!IofCallDriver -> [0xfffffa80078ae040]
19:29:44.796 5 amd_xata.sys[fffff880010e2b3f] -> nt!IofCallDriver -> \Device\00000050[0xfffffa80078aa060]
19:29:45.037 AVAST engine scan C:\Windows
19:29:46.080 AVAST engine scan C:\Windows\system32
19:31:59.892 AVAST engine scan C:\Windows\system32\drivers
19:32:07.796 AVAST engine scan C:\Users\Parents
19:32:35.336 AVAST engine scan C:\ProgramData
19:32:48.489 Scan finished successfully
19:33:27.812 Disk 0 MBR has been saved successfully to "C:\Users\Parents\Desktop\infection\MBR.dat"
19:33:27.818 The log file has been saved successfully to "C:\Users\Parents\Desktop\infection\aswMBR.txt"
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
The log is too large to post, should I manually split it to fit or is there a certain place that's good to split it?
 
Ok, I split it half way, here's part 1, I'll post part 2 in the next post:

19:39:01.0500 2632 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:39:02.0025 2632 ============================================================
19:39:02.0025 2632 Current date / time: 2012/09/08 19:39:02.0025
19:39:02.0025 2632 SystemInfo:
19:39:02.0025 2632
19:39:02.0025 2632 OS Version: 6.1.7601 ServicePack: 1.0
19:39:02.0025 2632 Product type: Workstation
19:39:02.0025 2632 ComputerName: PARENTS-PC
19:39:02.0025 2632 UserName: Parents
19:39:02.0025 2632 Windows directory: C:\Windows
19:39:02.0025 2632 System windows directory: C:\Windows
19:39:02.0025 2632 Running under WOW64
19:39:02.0025 2632 Processor architecture: Intel x64
19:39:02.0025 2632 Number of processors: 2
19:39:02.0025 2632 Page size: 0x1000
19:39:02.0025 2632 Boot type: Normal boot
19:39:02.0025 2632 ============================================================
19:39:02.0510 2632 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:02.0521 2632 Drive \Device\Harddisk1\DR1 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:02.0526 2632 ============================================================
19:39:02.0527 2632 \Device\Harddisk0\DR0:
19:39:02.0527 2632 MBR partitions:
19:39:02.0527 2632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
19:39:02.0527 2632 \Device\Harddisk1\DR1:
19:39:02.0527 2632 MBR partitions:
19:39:02.0527 2632 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E937C82
19:39:02.0527 2632 ============================================================
19:39:02.0530 2632 C: <-> \Device\Harddisk0\DR0\Partition1
19:39:02.0536 2632 E: <-> \Device\Harddisk1\DR1\Partition1
19:39:02.0536 2632 ============================================================
19:39:02.0536 2632 Initialize success
19:39:02.0536 2632 ============================================================
19:39:11.0484 3356 ============================================================
19:39:11.0484 3356 Scan started
19:39:11.0484 3356 Mode: Manual;
19:39:11.0484 3356 ============================================================
19:39:11.0684 3356 ================ Scan system memory ========================
19:39:11.0684 3356 System memory - ok
19:39:11.0684 3356 ================ Scan services =============================
19:39:11.0738 3356 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:39:11.0740 3356 1394ohci - ok
19:39:11.0744 3356 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
19:39:11.0745 3356 61883 - ok
19:39:11.0752 3356 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:39:11.0755 3356 ACPI - ok
19:39:11.0759 3356 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:39:11.0760 3356 AcpiPmi - ok
19:39:11.0795 3356 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:39:11.0797 3356 AdobeFlashPlayerUpdateSvc - ok
19:39:11.0805 3356 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:39:11.0808 3356 adp94xx - ok
19:39:11.0815 3356 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:39:11.0816 3356 adpahci - ok
19:39:11.0823 3356 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:39:11.0824 3356 adpu320 - ok
19:39:11.0832 3356 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:39:11.0833 3356 AeLookupSvc - ok
19:39:11.0842 3356 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:39:11.0844 3356 AFD - ok
19:39:11.0849 3356 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:39:11.0850 3356 agp440 - ok
19:39:11.0856 3356 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:39:11.0857 3356 ALG - ok
19:39:11.0861 3356 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:39:11.0861 3356 aliide - ok
19:39:11.0868 3356 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:39:11.0871 3356 AMD External Events Utility - ok
19:39:11.0876 3356 AMD FUEL Service - ok
19:39:11.0882 3356 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:39:11.0882 3356 amdide - ok
19:39:11.0887 3356 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:39:11.0888 3356 amdiox64 - ok
19:39:11.0893 3356 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:39:11.0894 3356 AmdK8 - ok
19:39:11.0993 3356 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:12.0046 3356 amdkmdag - ok
19:39:12.0059 3356 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:39:12.0061 3356 amdkmdap - ok
19:39:12.0066 3356 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:39:12.0067 3356 AmdPPM - ok
19:39:12.0073 3356 [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
19:39:12.0073 3356 amdsata - ok
19:39:12.0079 3356 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:39:12.0080 3356 amdsbs - ok
19:39:12.0085 3356 [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
19:39:12.0086 3356 amdxata - ok
19:39:12.0091 3356 [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
19:39:12.0092 3356 amd_sata - ok
19:39:12.0096 3356 [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
19:39:12.0097 3356 amd_xata - ok
19:39:12.0101 3356 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:39:12.0102 3356 AODDriver4.01 - ok
19:39:12.0107 3356 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:39:12.0107 3356 AODDriver4.1 - ok
19:39:12.0112 3356 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:39:12.0113 3356 AppID - ok
19:39:12.0118 3356 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:39:12.0119 3356 AppIDSvc - ok
19:39:12.0124 3356 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:39:12.0124 3356 Appinfo - ok
19:39:12.0134 3356 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:39:12.0136 3356 Apple Mobile Device - ok
19:39:12.0141 3356 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:39:12.0142 3356 arc - ok
19:39:12.0147 3356 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:39:12.0148 3356 arcsas - ok
19:39:12.0152 3356 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:12.0152 3356 AsyncMac - ok
19:39:12.0158 3356 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:39:12.0159 3356 atapi - ok
19:39:12.0261 3356 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:12.0312 3356 atikmdag - ok
19:39:12.0321 3356 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
19:39:12.0322 3356 AtiPcie - ok
19:39:12.0332 3356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:39:12.0338 3356 AudioEndpointBuilder - ok
19:39:12.0347 3356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:39:12.0350 3356 AudioSrv - ok
19:39:12.0355 3356 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
19:39:12.0356 3356 Avc - ok
19:39:12.0362 3356 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:39:12.0363 3356 AxInstSV - ok
19:39:12.0371 3356 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:39:12.0374 3356 b06bdrv - ok
19:39:12.0380 3356 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:39:12.0382 3356 b57nd60a - ok
19:39:12.0390 3356 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:39:12.0391 3356 BDESVC - ok
19:39:12.0395 3356 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:39:12.0396 3356 Beep - ok
19:39:12.0407 3356 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:39:12.0413 3356 BFE - ok
19:39:12.0424 3356 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:39:12.0432 3356 BITS - ok
19:39:12.0437 3356 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:39:12.0437 3356 blbdrive - ok
19:39:12.0446 3356 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:39:12.0448 3356 Bonjour Service - ok
19:39:12.0454 3356 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:39:12.0455 3356 bowser - ok
19:39:12.0459 3356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:39:12.0460 3356 BrFiltLo - ok
19:39:12.0464 3356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:39:12.0464 3356 BrFiltUp - ok
19:39:12.0471 3356 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:39:12.0472 3356 Browser - ok
19:39:12.0479 3356 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:39:12.0480 3356 Brserid - ok
19:39:12.0485 3356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:39:12.0486 3356 BrSerWdm - ok
19:39:12.0490 3356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:39:12.0491 3356 BrUsbMdm - ok
19:39:12.0496 3356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:39:12.0497 3356 BrUsbSer - ok
19:39:12.0501 3356 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:39:12.0502 3356 BTHMODEM - ok
19:39:12.0509 3356 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:39:12.0510 3356 bthserv - ok
19:39:12.0515 3356 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:39:12.0516 3356 cdfs - ok
19:39:12.0521 3356 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:39:12.0522 3356 cdrom - ok
19:39:12.0528 3356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:39:12.0529 3356 CertPropSvc - ok
19:39:12.0533 3356 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:39:12.0534 3356 circlass - ok
19:39:12.0542 3356 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:39:12.0545 3356 CLFS - ok
19:39:12.0555 3356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:12.0556 3356 clr_optimization_v2.0.50727_32 - ok
19:39:12.0564 3356 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:12.0565 3356 clr_optimization_v2.0.50727_64 - ok
19:39:12.0576 3356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:12.0577 3356 clr_optimization_v4.0.30319_32 - ok
19:39:12.0587 3356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:39:12.0588 3356 clr_optimization_v4.0.30319_64 - ok
19:39:12.0592 3356 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:12.0593 3356 CmBatt - ok
19:39:12.0598 3356 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:39:12.0598 3356 cmdide - ok
19:39:12.0606 3356 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:39:12.0609 3356 CNG - ok
19:39:12.0613 3356 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:39:12.0614 3356 Compbatt - ok
19:39:12.0619 3356 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:39:12.0619 3356 CompositeBus - ok
19:39:12.0624 3356 COMSysApp - ok
19:39:12.0630 3356 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:39:12.0631 3356 crcdisk - ok
19:39:12.0639 3356 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:39:12.0641 3356 CryptSvc - ok
19:39:12.0646 3356 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:39:12.0647 3356 dc3d - ok
19:39:12.0658 3356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:39:12.0664 3356 DcomLaunch - ok
19:39:12.0671 3356 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:39:12.0674 3356 defragsvc - ok
19:39:12.0679 3356 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:39:12.0680 3356 DfsC - ok
19:39:12.0687 3356 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:39:12.0690 3356 Dhcp - ok
19:39:12.0695 3356 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:39:12.0696 3356 discache - ok
19:39:12.0702 3356 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:39:12.0703 3356 Disk - ok
19:39:12.0709 3356 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:39:12.0711 3356 Dnscache - ok
19:39:12.0717 3356 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:39:12.0720 3356 dot3svc - ok
19:39:12.0726 3356 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:39:12.0727 3356 DPS - ok
19:39:12.0732 3356 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:39:12.0732 3356 drmkaud - ok
19:39:12.0747 3356 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:39:12.0752 3356 DXGKrnl - ok
19:39:12.0758 3356 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:39:12.0759 3356 EapHost - ok
19:39:12.0792 3356 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:39:12.0807 3356 ebdrv - ok
19:39:12.0813 3356 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:39:12.0814 3356 EFS - ok
19:39:12.0825 3356 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:39:12.0828 3356 ehRecvr - ok
19:39:12.0833 3356 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:39:12.0834 3356 ehSched - ok
19:39:12.0843 3356 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:39:12.0846 3356 elxstor - ok
19:39:12.0850 3356 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:39:12.0851 3356 ErrDev - ok
19:39:12.0864 3356 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:39:12.0868 3356 EventSystem - ok
19:39:12.0874 3356 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:39:12.0875 3356 exfat - ok
19:39:12.0881 3356 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:39:12.0883 3356 fastfat - ok
19:39:12.0893 3356 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:39:12.0900 3356 Fax - ok
19:39:12.0905 3356 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:39:12.0905 3356 fdc - ok
19:39:12.0910 3356 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:39:12.0911 3356 fdPHost - ok
19:39:12.0915 3356 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:39:12.0916 3356 FDResPub - ok
19:39:12.0921 3356 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:39:12.0922 3356 FileInfo - ok
19:39:12.0927 3356 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:39:12.0927 3356 Filetrace - ok
19:39:12.0932 3356 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:12.0933 3356 flpydisk - ok
19:39:12.0939 3356 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:39:12.0941 3356 FltMgr - ok
19:39:12.0955 3356 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:39:12.0966 3356 FontCache - ok
19:39:12.0971 3356 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:12.0971 3356 FontCache3.0.0.0 - ok
19:39:12.0976 3356 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:39:12.0977 3356 FsDepends - ok
19:39:12.0982 3356 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:39:12.0982 3356 Fs_Rec - ok
19:39:12.0989 3356 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:39:12.0990 3356 fvevol - ok
19:39:12.0995 3356 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:39:12.0996 3356 gagp30kx - ok
19:39:13.0001 3356 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:39:13.0001 3356 GEARAspiWDM - ok
19:39:13.0012 3356 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:39:13.0019 3356 gpsvc - ok
19:39:13.0026 3356 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:13.0027 3356 gupdate - ok
19:39:13.0031 3356 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:13.0032 3356 gupdatem - ok
19:39:13.0037 3356 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:39:13.0038 3356 gusvc - ok
19:39:13.0042 3356 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:39:13.0043 3356 hcw85cir - ok
19:39:13.0052 3356 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:39:13.0054 3356 HdAudAddService - ok
19:39:13.0061 3356 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:39:13.0062 3356 HDAudBus - ok
19:39:13.0067 3356 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:39:13.0068 3356 HidBatt - ok
19:39:13.0073 3356 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:39:13.0074 3356 HidBth - ok
19:39:13.0082 3356 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:39:13.0083 3356 HidIr - ok
19:39:13.0090 3356 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:39:13.0091 3356 hidserv - ok
19:39:13.0095 3356 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:39:13.0097 3356 HidUsb - ok
19:39:13.0102 3356 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:39:13.0103 3356 hkmsvc - ok
19:39:13.0111 3356 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:39:13.0114 3356 HomeGroupListener - ok
19:39:13.0120 3356 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:39:13.0123 3356 HomeGroupProvider - ok
19:39:13.0128 3356 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:39:13.0129 3356 HpSAMD - ok
19:39:13.0139 3356 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:39:13.0143 3356 HTTP - ok
19:39:13.0148 3356 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:39:13.0148 3356 hwpolicy - ok
19:39:13.0154 3356 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:39:13.0155 3356 i8042prt - ok
19:39:13.0163 3356 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:39:13.0165 3356 iaStorV - ok
19:39:13.0178 3356 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:13.0183 3356 idsvc - ok
19:39:13.0188 3356 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:39:13.0188 3356 iirsp - ok
19:39:13.0200 3356 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:39:13.0211 3356 IKEEXT - ok
19:39:13.0255 3356 [ 4BBB5A55EEB5EC11B20FCBB4CBB49357 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:39:13.0270 3356 IntcAzAudAddService - ok
19:39:13.0275 3356 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:39:13.0275 3356 intelide - ok
19:39:13.0281 3356 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:39:13.0281 3356 intelppm - ok
19:39:13.0286 3356 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:39:13.0288 3356 IPBusEnum - ok
19:39:13.0293 3356 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:13.0293 3356 IpFilterDriver - ok
19:39:13.0302 3356 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:39:13.0308 3356 iphlpsvc - ok
19:39:13.0313 3356 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:39:13.0314 3356 IPMIDRV - ok
19:39:13.0320 3356 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:39:13.0321 3356 IPNAT - ok
19:39:13.0333 3356 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:39:13.0338 3356 iPod Service - ok
19:39:13.0343 3356 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:39:13.0343 3356 IRENUM - ok
19:39:13.0348 3356 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:39:13.0348 3356 isapnp - ok
19:39:13.0356 3356 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:39:13.0358 3356 iScsiPrt - ok
19:39:13.0362 3356 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:13.0363 3356 kbdclass - ok
19:39:13.0368 3356 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:13.0369 3356 kbdhid - ok
19:39:13.0373 3356 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:39:13.0374 3356 KeyIso - ok
19:39:13.0383 3356 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:39:13.0384 3356 KSecDD - ok
19:39:13.0391 3356 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:39:13.0392 3356 KSecPkg - ok
19:39:13.0397 3356 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:39:13.0397 3356 ksthunk - ok
19:39:13.0404 3356 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:39:13.0408 3356 KtmRm - ok
19:39:13.0414 3356 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:39:13.0417 3356 LanmanServer - ok
19:39:13.0424 3356 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:39:13.0426 3356 LanmanWorkstation - ok
19:39:13.0434 3356 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:39:13.0435 3356 lltdio - ok
19:39:13.0442 3356 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:39:13.0445 3356 lltdsvc - ok
19:39:13.0450 3356 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:39:13.0451 3356 lmhosts - ok
19:39:13.0459 3356 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:39:13.0460 3356 LSI_FC - ok
19:39:13.0466 3356 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:39:13.0466 3356 LSI_SAS - ok
19:39:13.0472 3356 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:39:13.0472 3356 LSI_SAS2 - ok
19:39:13.0477 3356 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:39:13.0478 3356 LSI_SCSI - ok
19:39:13.0483 3356 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:39:13.0484 3356 luafv - ok
19:39:13.0492 3356 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
19:39:13.0494 3356 LVRS64 - ok
19:39:13.0540 3356 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
19:39:13.0563 3356 LVUVC64 - ok
19:39:13.0571 3356 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:39:13.0572 3356 Mcx2Svc - ok
19:39:13.0577 3356 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:39:13.0578 3356 megasas - ok
19:39:13.0584 3356 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:39:13.0586 3356 MegaSR - ok
19:39:13.0592 3356 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:39:13.0593 3356 MMCSS - ok
19:39:13.0598 3356 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:39:13.0599 3356 Modem - ok
19:39:13.0604 3356 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:39:13.0605 3356 monitor - ok
19:39:13.0609 3356 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:39:13.0610 3356 mouclass - ok
19:39:13.0615 3356 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:39:13.0616 3356 mouhid - ok
19:39:13.0622 3356 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:39:13.0622 3356 mountmgr - ok
19:39:13.0629 3356 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:39:13.0630 3356 MpFilter - ok
19:39:13.0636 3356 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:39:13.0637 3356 mpio - ok
19:39:13.0642 3356 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:39:13.0643 3356 mpsdrv - ok
19:39:13.0655 3356 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:39:13.0663 3356 MpsSvc - ok
19:39:13.0669 3356 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:39:13.0670 3356 MRxDAV - ok
19:39:13.0677 3356 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:13.0678 3356 mrxsmb - ok
19:39:13.0686 3356 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:13.0687 3356 mrxsmb10 - ok
19:39:13.0693 3356 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:13.0694 3356 mrxsmb20 - ok
19:39:13.0699 3356 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:39:13.0699 3356 msahci - ok
19:39:13.0706 3356 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:39:13.0707 3356 msdsm - ok
19:39:13.0712 3356 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:39:13.0714 3356 MSDTC - ok
19:39:13.0725 3356 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
19:39:13.0725 3356 MSDV - ok
19:39:13.0730 3356 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:39:13.0731 3356 Msfs - ok
19:39:13.0735 3356 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:39:13.0736 3356 mshidkmdf - ok
19:39:13.0741 3356 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:39:13.0742 3356 msisadrv - ok
19:39:13.0748 3356 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:39:13.0750 3356 MSiSCSI - ok
19:39:13.0754 3356 msiserver - ok
19:39:13.0759 3356 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:39:13.0760 3356 MSKSSRV - ok
19:39:13.0766 3356 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:39:13.0767 3356 MsMpSvc - ok
19:39:13.0772 3356 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:13.0772 3356 MSPCLOCK - ok
19:39:13.0777 3356 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:39:13.0777 3356 MSPQM - ok
19:39:13.0785 3356 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:39:13.0787 3356 MsRPC - ok
19:39:13.0795 3356 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:39:13.0795 3356 mssmbios - ok
19:39:13.0800 3356 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:39:13.0801 3356 MSTEE - ok
19:39:13.0806 3356 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:39:13.0807 3356 MTConfig - ok
19:39:13.0811 3356 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:39:13.0812 3356 Mup - ok
19:39:13.0821 3356 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:39:13.0826 3356 napagent - ok
19:39:13.0833 3356 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:39:13.0834 3356 NativeWifiP - ok
19:39:13.0847 3356 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:39:13.0852 3356 NDIS - ok
19:39:13.0857 3356 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:39:13.0857 3356 NdisCap - ok
19:39:13.0862 3356 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:13.0863 3356 NdisTapi - ok
19:39:13.0868 3356 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:13.0869 3356 Ndisuio - ok
19:39:13.0875 3356 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:13.0876 3356 NdisWan - ok
19:39:13.0881 3356 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:39:13.0882 3356 NDProxy - ok
19:39:13.0887 3356 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:39:13.0888 3356 NetBIOS - ok
19:39:13.0894 3356 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:39:13.0896 3356 NetBT - ok
19:39:13.0905 3356 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:39:13.0906 3356 Netlogon - ok
19:39:13.0914 3356 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:39:13.0918 3356 Netman - ok
19:39:13.0926 3356 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:39:13.0931 3356 netprofm - ok
 
19:39:13.0937 3356 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:13.0938 3356 NetTcpPortSharing - ok
19:39:13.0945 3356 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:39:13.0946 3356 nfrd960 - ok
19:39:13.0951 3356 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:39:13.0953 3356 NisDrv - ok
19:39:13.0959 3356 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:39:13.0960 3356 NisSrv - ok
19:39:13.0968 3356 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:39:13.0971 3356 NlaSvc - ok
19:39:13.0975 3356 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:39:13.0976 3356 Npfs - ok
19:39:13.0980 3356 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:39:13.0982 3356 nsi - ok
19:39:13.0987 3356 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:39:13.0987 3356 nsiproxy - ok
19:39:14.0009 3356 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:39:14.0017 3356 Ntfs - ok
19:39:14.0022 3356 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:39:14.0023 3356 Null - ok
19:39:14.0029 3356 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:39:14.0030 3356 nvraid - ok
19:39:14.0036 3356 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:39:14.0037 3356 nvstor - ok
19:39:14.0043 3356 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:39:14.0044 3356 nv_agp - ok
19:39:14.0049 3356 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:39:14.0050 3356 ohci1394 - ok
19:39:14.0056 3356 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:39:14.0057 3356 ose - ok
19:39:14.0064 3356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:39:14.0068 3356 p2pimsvc - ok
19:39:14.0076 3356 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:39:14.0081 3356 p2psvc - ok
19:39:14.0087 3356 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:39:14.0088 3356 Parport - ok
19:39:14.0093 3356 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:39:14.0094 3356 partmgr - ok
19:39:14.0100 3356 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:39:14.0102 3356 PcaSvc - ok
19:39:14.0109 3356 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:39:14.0110 3356 pci - ok
19:39:14.0114 3356 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:39:14.0115 3356 pciide - ok
19:39:14.0122 3356 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:39:14.0123 3356 pcmcia - ok
19:39:14.0128 3356 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:39:14.0129 3356 pcw - ok
19:39:14.0138 3356 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:39:14.0141 3356 PEAUTH - ok
19:39:14.0174 3356 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:39:14.0175 3356 PerfHost - ok
19:39:14.0198 3356 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:39:14.0211 3356 pla - ok
19:39:14.0218 3356 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:39:14.0223 3356 PlugPlay - ok
19:39:14.0227 3356 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:39:14.0229 3356 PNRPAutoReg - ok
19:39:14.0235 3356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:39:14.0238 3356 PNRPsvc - ok
19:39:14.0244 3356 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:39:14.0245 3356 Point64 - ok
19:39:14.0254 3356 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:39:14.0259 3356 PolicyAgent - ok
19:39:14.0267 3356 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:39:14.0270 3356 Power - ok
19:39:14.0275 3356 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:39:14.0276 3356 PptpMiniport - ok
19:39:14.0281 3356 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:39:14.0282 3356 Processor - ok
19:39:14.0289 3356 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:39:14.0291 3356 ProfSvc - ok
19:39:14.0296 3356 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:39:14.0297 3356 ProtectedStorage - ok
19:39:14.0303 3356 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:39:14.0304 3356 Psched - ok
19:39:14.0322 3356 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:39:14.0329 3356 ql2300 - ok
19:39:14.0338 3356 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:39:14.0339 3356 ql40xx - ok
19:39:14.0345 3356 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:39:14.0348 3356 QWAVE - ok
19:39:14.0353 3356 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:39:14.0353 3356 QWAVEdrv - ok
19:39:14.0358 3356 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:39:14.0358 3356 RasAcd - ok
19:39:14.0364 3356 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:39:14.0365 3356 RasAgileVpn - ok
19:39:14.0371 3356 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:39:14.0372 3356 RasAuto - ok
19:39:14.0378 3356 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:14.0379 3356 Rasl2tp - ok
19:39:14.0385 3356 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:39:14.0390 3356 RasMan - ok
19:39:14.0395 3356 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:14.0396 3356 RasPppoe - ok
19:39:14.0400 3356 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:39:14.0401 3356 RasSstp - ok
19:39:14.0409 3356 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:39:14.0410 3356 rdbss - ok
19:39:14.0415 3356 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:39:14.0416 3356 rdpbus - ok
19:39:14.0421 3356 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:14.0421 3356 RDPCDD - ok
19:39:14.0428 3356 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:39:14.0429 3356 RDPENCDD - ok
19:39:14.0435 3356 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:39:14.0436 3356 RDPREFMP - ok
19:39:14.0443 3356 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:39:14.0444 3356 RDPWD - ok
19:39:14.0451 3356 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:39:14.0452 3356 rdyboost - ok
19:39:14.0458 3356 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:39:14.0460 3356 RemoteAccess - ok
19:39:14.0465 3356 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:39:14.0467 3356 RemoteRegistry - ok
19:39:14.0473 3356 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:39:14.0475 3356 RpcEptMapper - ok
19:39:14.0479 3356 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:39:14.0480 3356 RpcLocator - ok
19:39:14.0488 3356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:39:14.0492 3356 RpcSs - ok
19:39:14.0497 3356 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:39:14.0497 3356 rspndr - ok
19:39:14.0506 3356 [ 2E7D1CA91D62501713C9D6E6704395C6 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
19:39:14.0507 3356 RTHDMIAzAudService - ok
19:39:14.0516 3356 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:39:14.0517 3356 RTL8167 - ok
19:39:14.0521 3356 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:39:14.0523 3356 SamSs - ok
19:39:14.0528 3356 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:39:14.0529 3356 sbp2port - ok
19:39:14.0535 3356 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:39:14.0538 3356 SCardSvr - ok
19:39:14.0542 3356 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:39:14.0543 3356 scfilter - ok
19:39:14.0555 3356 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:39:14.0566 3356 Schedule - ok
19:39:14.0571 3356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:39:14.0572 3356 SCPolicySvc - ok
19:39:14.0578 3356 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:39:14.0580 3356 SDRSVC - ok
19:39:14.0585 3356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:39:14.0586 3356 secdrv - ok
19:39:14.0591 3356 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:39:14.0592 3356 seclogon - ok
19:39:14.0597 3356 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:39:14.0599 3356 SENS - ok
19:39:14.0605 3356 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:39:14.0607 3356 SensrSvc - ok
19:39:14.0611 3356 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:39:14.0611 3356 Serenum - ok
19:39:14.0617 3356 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:39:14.0618 3356 Serial - ok
19:39:14.0623 3356 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:39:14.0624 3356 sermouse - ok
19:39:14.0636 3356 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:39:14.0638 3356 SessionEnv - ok
19:39:14.0643 3356 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:39:14.0643 3356 sffdisk - ok
19:39:14.0648 3356 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:39:14.0649 3356 sffp_mmc - ok
19:39:14.0653 3356 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:39:14.0654 3356 sffp_sd - ok
19:39:14.0659 3356 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:39:14.0659 3356 sfloppy - ok
19:39:14.0666 3356 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:39:14.0670 3356 SharedAccess - ok
19:39:14.0677 3356 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:39:14.0681 3356 ShellHWDetection - ok
19:39:14.0686 3356 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:39:14.0687 3356 SiSRaid2 - ok
19:39:14.0692 3356 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:39:14.0693 3356 SiSRaid4 - ok
19:39:14.0699 3356 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:39:14.0700 3356 SkypeUpdate - ok
19:39:14.0705 3356 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:39:14.0706 3356 Smb - ok
19:39:14.0714 3356 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:39:14.0716 3356 SNMPTRAP - ok
19:39:14.0721 3356 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:39:14.0721 3356 spldr - ok
19:39:14.0730 3356 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:39:14.0736 3356 Spooler - ok
19:39:14.0771 3356 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:39:14.0809 3356 sppsvc - ok
19:39:14.0815 3356 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:39:14.0817 3356 sppuinotify - ok
19:39:14.0825 3356 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:39:14.0828 3356 srv - ok
19:39:14.0836 3356 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:39:14.0838 3356 srv2 - ok
19:39:14.0844 3356 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:39:14.0846 3356 srvnet - ok
19:39:14.0852 3356 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:39:14.0855 3356 SSDPSRV - ok
19:39:14.0860 3356 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:39:14.0862 3356 SstpSvc - ok
19:39:14.0867 3356 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:39:14.0867 3356 stexstor - ok
19:39:14.0872 3356 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:39:14.0873 3356 StillCam - ok
19:39:14.0882 3356 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:39:14.0888 3356 stisvc - ok
19:39:14.0893 3356 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:39:14.0893 3356 swenum - ok
19:39:14.0902 3356 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:39:14.0907 3356 swprv - ok
19:39:14.0927 3356 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:39:14.0943 3356 SysMain - ok
19:39:14.0949 3356 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:39:14.0950 3356 TabletInputService - ok
19:39:14.0958 3356 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:39:14.0962 3356 TapiSrv - ok
19:39:14.0966 3356 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:39:14.0969 3356 TBS - ok
19:39:14.0990 3356 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:39:15.0000 3356 Tcpip - ok
19:39:15.0022 3356 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:39:15.0031 3356 TCPIP6 - ok
19:39:15.0039 3356 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:39:15.0040 3356 tcpipreg - ok
19:39:15.0047 3356 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:39:15.0047 3356 TDPIPE - ok
19:39:15.0052 3356 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:39:15.0053 3356 TDTCP - ok
19:39:15.0059 3356 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:39:15.0060 3356 tdx - ok
19:39:15.0065 3356 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:39:15.0065 3356 TermDD - ok
19:39:15.0076 3356 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:39:15.0083 3356 TermService - ok
19:39:15.0088 3356 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:39:15.0090 3356 Themes - ok
19:39:15.0094 3356 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:39:15.0096 3356 THREADORDER - ok
19:39:15.0101 3356 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:39:15.0103 3356 TrkWks - ok
19:39:15.0109 3356 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:39:15.0110 3356 TrustedInstaller - ok
19:39:15.0117 3356 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:15.0118 3356 tssecsrv - ok
19:39:15.0123 3356 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:39:15.0124 3356 TsUsbFlt - ok
19:39:15.0130 3356 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:39:15.0131 3356 tunnel - ok
19:39:15.0136 3356 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:39:15.0137 3356 uagp35 - ok
19:39:15.0144 3356 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:39:15.0145 3356 udfs - ok
19:39:15.0155 3356 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:39:15.0157 3356 UI0Detect - ok
19:39:15.0162 3356 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:39:15.0163 3356 uliagpkx - ok
19:39:15.0168 3356 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:39:15.0169 3356 umbus - ok
19:39:15.0173 3356 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:39:15.0174 3356 UmPass - ok
19:39:15.0183 3356 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:39:15.0185 3356 UMVPFSrv - ok
19:39:15.0194 3356 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:39:15.0199 3356 upnphost - ok
19:39:15.0204 3356 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:39:15.0205 3356 USBAAPL64 - ok
19:39:15.0210 3356 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:39:15.0211 3356 usbaudio - ok
19:39:15.0217 3356 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:15.0218 3356 usbccgp - ok
19:39:15.0223 3356 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:39:15.0224 3356 usbcir - ok
19:39:15.0229 3356 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:39:15.0230 3356 usbehci - ok
19:39:15.0236 3356 [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:39:15.0236 3356 usbfilter - ok
19:39:15.0244 3356 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:39:15.0246 3356 usbhub - ok
19:39:15.0251 3356 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:39:15.0251 3356 usbohci - ok
19:39:15.0257 3356 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:39:15.0257 3356 usbprint - ok
19:39:15.0262 3356 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:39:15.0263 3356 usbscan - ok
19:39:15.0268 3356 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:15.0269 3356 USBSTOR - ok
19:39:15.0274 3356 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:39:15.0275 3356 usbuhci - ok
19:39:15.0280 3356 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:39:15.0282 3356 usbvideo - ok
19:39:15.0287 3356 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:39:15.0289 3356 UxSms - ok
19:39:15.0293 3356 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:39:15.0294 3356 VaultSvc - ok
19:39:15.0299 3356 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:39:15.0299 3356 vdrvroot - ok
19:39:15.0308 3356 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:39:15.0314 3356 vds - ok
19:39:15.0319 3356 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:15.0320 3356 vga - ok
19:39:15.0324 3356 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:39:15.0325 3356 VgaSave - ok
19:39:15.0332 3356 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:39:15.0333 3356 vhdmp - ok
19:39:15.0339 3356 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:39:15.0339 3356 viaide - ok
19:39:15.0344 3356 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:39:15.0345 3356 volmgr - ok
19:39:15.0352 3356 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:39:15.0355 3356 volmgrx - ok
19:39:15.0361 3356 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:39:15.0363 3356 volsnap - ok
19:39:15.0369 3356 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:39:15.0370 3356 vsmraid - ok
19:39:15.0389 3356 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:39:15.0403 3356 VSS - ok
19:39:15.0408 3356 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:39:15.0408 3356 vwifibus - ok
19:39:15.0416 3356 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:39:15.0421 3356 W32Time - ok
19:39:15.0427 3356 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:39:15.0428 3356 WacomPen - ok
19:39:15.0433 3356 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:39:15.0434 3356 WANARP - ok
19:39:15.0438 3356 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:39:15.0438 3356 Wanarpv6 - ok
19:39:15.0456 3356 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:39:15.0468 3356 WatAdminSvc - ok
19:39:15.0486 3356 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:39:15.0500 3356 wbengine - ok
19:39:15.0507 3356 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:39:15.0510 3356 WbioSrvc - ok
19:39:15.0519 3356 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:39:15.0523 3356 wcncsvc - ok
19:39:15.0527 3356 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:39:15.0529 3356 WcsPlugInService - ok
19:39:15.0534 3356 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:39:15.0534 3356 Wd - ok
19:39:15.0545 3356 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:39:15.0548 3356 Wdf01000 - ok
19:39:15.0553 3356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:39:15.0555 3356 WdiServiceHost - ok
19:39:15.0559 3356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:39:15.0561 3356 WdiSystemHost - ok
19:39:15.0567 3356 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:39:15.0571 3356 WebClient - ok
19:39:15.0577 3356 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:39:15.0581 3356 Wecsvc - ok
19:39:15.0586 3356 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:39:15.0588 3356 wercplsupport - ok
19:39:15.0593 3356 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:39:15.0595 3356 WerSvc - ok
19:39:15.0599 3356 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:39:15.0599 3356 WfpLwf - ok
19:39:15.0605 3356 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:39:15.0605 3356 WIMMount - ok
19:39:15.0609 3356 WinDefend - ok
19:39:15.0616 3356 WinHttpAutoProxySvc - ok
19:39:15.0630 3356 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:39:15.0633 3356 Winmgmt - ok
19:39:15.0655 3356 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:39:15.0674 3356 WinRM - ok
19:39:15.0683 3356 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:39:15.0684 3356 WinUsb - ok
19:39:15.0696 3356 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:39:15.0705 3356 Wlansvc - ok
19:39:15.0730 3356 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:39:15.0742 3356 wlidsvc - ok
19:39:15.0748 3356 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:39:15.0748 3356 WmiAcpi - ok
19:39:15.0757 3356 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:39:15.0759 3356 wmiApSrv - ok
19:39:15.0763 3356 WMPNetworkSvc - ok
19:39:15.0770 3356 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:39:15.0772 3356 WPCSvc - ok
19:39:15.0777 3356 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:39:15.0779 3356 WPDBusEnum - ok
19:39:15.0783 3356 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:39:15.0784 3356 ws2ifsl - ok
19:39:15.0790 3356 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:39:15.0792 3356 wscsvc - ok
19:39:15.0796 3356 WSearch - ok
19:39:15.0825 3356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:39:15.0848 3356 wuauserv - ok
19:39:15.0854 3356 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:39:15.0855 3356 WudfPf - ok
19:39:15.0861 3356 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:15.0862 3356 WUDFRd - ok
19:39:15.0867 3356 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:39:15.0869 3356 wudfsvc - ok
19:39:15.0878 3356 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:39:15.0881 3356 WwanSvc - ok
19:39:15.0886 3356 ================ Scan global ===============================
19:39:15.0890 3356 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:39:15.0896 3356 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:39:15.0903 3356 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:39:15.0908 3356 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:39:15.0914 3356 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:39:15.0917 3356 [Global] - ok
19:39:15.0917 3356 ================ Scan MBR ==================================
19:39:15.0920 3356 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:39:15.0980 3356 \Device\Harddisk0\DR0 - ok
19:39:15.0983 3356 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:39:16.0045 3356 \Device\Harddisk1\DR1 - ok
19:39:16.0045 3356 ================ Scan VBR ==================================
19:39:16.0048 3356 [ BCE1349359F2200008D670AB4ED4E265 ] \Device\Harddisk0\DR0\Partition1
19:39:16.0050 3356 \Device\Harddisk0\DR0\Partition1 - ok
19:39:16.0053 3356 [ C58AC022C1B4C464E72B3E3C6A153610 ] \Device\Harddisk1\DR1\Partition1
19:39:16.0055 3356 \Device\Harddisk1\DR1\Partition1 - ok
19:39:16.0055 3356 ============================================================
19:39:16.0055 3356 Scan finished
19:39:16.0055 3356 ============================================================
19:39:16.0068 3928 Detected object count: 0
19:39:16.0068 3928 Actual detected object count: 0
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Posting from a different computer. 3 restarts, also disabled and re-enabled the network adapter as well as rebooting the router, internet connection hasn't been restored.

On the plus side I'm not seeing the iexplore.exe processes anymore :)

I'm hesitant to copy the log file for posting (I.e. using a USB drive). But I'm posting from a Mac so I imagine it will be ok. If you can give some hints about how to restore the network connection I'd appreciate it, I'll reply with the log in a moment.

Thanks for the help so far!
 
ComboFix 12-09-09.01 - Parents 09/08/2012 20:56:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7933.6313 [GMT -7:00]
Running from: c:\users\Parents\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\21guOreO.exe
c:\programdata\21guOreO.exe_
c:\users\Parents\AppData\Roaming\log.txt
c:\users\Parents\AppData\Roaming\qmrds.dll
c:\users\Public\Desktop\Scanner.lnk
e:\share\Profile\Documents\DPE.DUS
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 00:41 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{577DF72D-132B-48BE-9566-1629A6E4A7FC}\mpengine.dll
2012-09-09 00:07 . 2012-09-09 00:07--------d-----w-C:\_OTL
2012-09-08 22:53 . 2012-09-08 22:54--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-08 22:53 . 2012-07-03 20:4624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-08 14:15 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-08 05:39 . 2012-09-08 05:39--------d-----w-c:\users\Parents\AppData\Roaming\DAVA
2012-09-08 05:22 . 2012-09-08 05:22--------d-----w-c:\program files (x86)\Old Clockmaker's Riddle
2012-09-05 06:26 . 2012-09-05 06:26--------d-----w-c:\users\Parents\AppData\Local\{96AE75BE-F722-11E1-8270-B8AC6F996F26}
2012-09-01 03:52 . 2012-09-01 03:52--------d-----w-c:\users\Parents\AppData\Roaming\ShaoLin
2012-09-01 00:49 . 2012-09-02 21:23--------d-----w-c:\users\Parents\AppData\Roaming\CaribbeanHideaway
2012-08-31 15:42 . 2012-08-31 15:424278384----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 15:42 . 2012-08-31 15:4242776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-28 01:27 . 2012-08-28 01:27--------d-----w-c:\programdata\CannyGames
2012-08-28 00:59 . 2012-08-28 00:59--------d-----w-c:\program files (x86)\Atlantic Quest
2012-08-26 12:32 . 2012-08-26 12:32--------d-----w-c:\program files (x86)\AMD APP
2012-08-26 12:31 . 2012-08-26 12:31--------d-----w-c:\programdata\ATI
2012-08-20 22:31 . 2012-08-20 22:32--------d-----w-c:\program files (x86)\Big Kahuna Reef 3
2012-08-20 22:28 . 2012-08-20 22:28--------d-----w-c:\users\Parents\AppData\Roaming\Artifact Quest
2012-08-18 19:37 . 2012-08-18 19:37--------d-----w-c:\windows\en
2012-08-18 19:35 . 2012-08-18 19:35537432----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\DXSETUP.exe
2012-08-18 19:35 . 2012-08-18 19:351801048----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\dsetup32.dll
2012-08-18 19:35 . 2012-08-18 19:3589944----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\DSETUP.dll
2012-08-18 15:03 . 2012-08-18 15:03--------d-----w-c:\program files\Microsoft Device Center
2012-08-18 13:39 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
2012-08-18 13:39 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
2012-08-18 13:39 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
2012-08-18 13:39 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
2012-08-18 13:39 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
2012-08-18 13:39 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
2012-08-18 13:39 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
2012-08-18 13:39 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
2012-08-18 13:39 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
2012-08-18 13:39 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
2012-08-18 13:39 . 2012-07-18 18:153148800----a-w-c:\windows\system32\win32k.sys
2012-08-18 13:39 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 05:22 . 2011-10-12 05:36466456----a-w-c:\windows\system32\wrap_oal.dll
2012-09-08 05:22 . 2011-10-12 05:36444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-09-08 05:22 . 2011-10-12 05:36122904----a-w-c:\windows\system32\OpenAL32.dll
2012-09-08 05:22 . 2011-10-12 05:36109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-08-28 13:05 . 2012-04-03 06:22696520----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 13:05 . 2011-08-28 15:0673416----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-18 13:39 . 2011-08-28 01:5262134624----a-w-c:\windows\system32\MRT.exe
2012-07-28 05:47 . 2012-07-28 05:47187392----a-w-c:\windows\system32\clinfo.exe
2012-07-28 05:47 . 2012-07-28 05:4775776----a-w-c:\windows\system32\OpenVideo64.dll
2012-07-28 05:47 . 2012-07-28 05:4765024----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-07-28 05:47 . 2012-07-28 05:4763488----a-w-c:\windows\system32\OVDecode64.dll
2012-07-28 05:47 . 2012-07-28 05:4756320----a-w-c:\windows\SysWow64\OVDecode.dll
2012-07-28 05:46 . 2012-07-28 05:4616464896----a-w-c:\windows\system32\amdocl64.dll
2012-07-28 05:46 . 2012-07-28 05:4613013504----a-w-c:\windows\SysWow64\amdocl.dll
2012-06-27 04:38 . 2012-06-27 04:3846176----a-w-c:\windows\system32\drivers\point64.sys
2012-06-25 05:24 . 2012-06-25 05:2452320----a-w-c:\windows\system32\drivers\dc3d.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-26 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250568]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-28 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:05]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 15:05]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 15:05]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004Core.job
- c:\users\Parents\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 22:59]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004UA.job
- c:\users\Parents\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 22:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-qmrds - c:\users\Parents\AppData\Roaming\qmrds.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-08 21:02:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 04:02
.
Pre-Run: 41,776,934,912 bytes free
Post-Run: 41,226,764,288 bytes free
.
- - End Of File - - 23B2AA70EAC07E7B890D08F4AC6595AF
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2012
Ran by SYSTEM at 08-09-2012 21:38:11
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKU\Parents\...\Run: [SansaDispatch] C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2011-12-25] (SanDisk Corporation)

==================== Services ====================

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

==================== Drivers =================================

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-08 20:02 - 2012-09-08 20:02 - 00016265 ____A C:\ComboFix.txt
2012-09-08 19:55 - 2012-09-08 20:02 - 00000000 ___AD C:\Qoobox
2012-09-08 19:55 - 2012-09-08 20:00 - 00000000 ____D C:\Windows\erdnt
2012-09-08 19:55 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-08 19:55 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-08 19:55 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-08 19:55 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-08 19:55 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-08 19:55 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-08 19:55 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-08 19:55 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-08 19:48 - 2012-09-08 19:49 - 04747622 ____R (Swearware) C:\Users\Parents\Desktop\ComboFix.exe
2012-09-08 18:38 - 2012-09-08 18:38 - 00000000 ____D C:\Users\Parents\Desktop\tdsskiller
2012-09-08 18:37 - 2012-09-08 18:37 - 02193184 ____A C:\Users\Parents\Desktop\tdsskiller.zip
2012-09-08 18:23 - 2012-09-08 18:24 - 00000000 ____D C:\Users\Parents\Desktop\RK_Quarantine
2012-09-08 18:22 - 2012-09-08 18:22 - 04731392 ____A (AVAST Software) C:\Users\Parents\Desktop\aswMBR.exe
2012-09-08 18:21 - 2012-09-08 18:21 - 01378816 ____A C:\Users\Parents\Desktop\RogueKiller.exe
2012-09-08 16:37 - 2012-09-08 20:04 - 00000000 ____D C:\Users\Parents\Desktop\infection
2012-09-08 16:07 - 2012-09-08 16:07 - 00000000 ____D C:\_OTL
2012-09-08 16:07 - 2012-09-08 15:59 - 00599552 ____A (OldTimer Tools) C:\Users\Parents\Desktop\OTL.exe
2012-09-08 15:15 - 2012-09-08 20:14 - 00000448 ____A C:\Windows\setupact.log
2012-09-08 15:15 - 2012-09-08 20:00 - 00002216 ____A C:\Windows\PFRO.log
2012-09-08 15:15 - 2012-09-08 15:15 - 00000000 ____A C:\Windows\setuperr.log
2012-09-08 14:53 - 2012-09-08 14:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-08 14:53 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-08 14:01 - 2012-09-08 14:01 - 00000000 ____A C:\Users\All Users\6UdiY7.dat
2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe_.b
2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe.b
2012-09-07 21:39 - 2012-09-07 21:39 - 00000000 ____D C:\Users\Parents\AppData\Roaming\DAVA
2012-09-07 21:22 - 2012-09-07 21:22 - 00002042 ____A C:\Users\Public\Desktop\Play Old Clockmaker's Riddle.lnk
2012-09-07 21:22 - 2012-09-07 21:22 - 00001276 ____A C:\Users\Public\Desktop\More Great Games.lnk
2012-09-07 21:22 - 2012-09-07 21:22 - 00000000 ____D C:\Program Files (x86)\Old Clockmaker's Riddle
2012-09-06 19:30 - 2012-09-08 14:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-05 08:43 - 2012-09-05 08:43 - 00000000 ____D C:\Users\Parents\AppData\Local\{6277D76C-A3F3-4371-B819-0CFBBC795A0F}
2012-09-04 22:26 - 2012-09-08 18:22 - 00000000 ____A C:\Users\Parents\AppData\Local\π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄€‹›fifl‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ
2012-09-04 22:26 - 2012-09-04 22:26 - 00000000 ____D C:\Users\Parents\AppData\Local\{96AE75BE-F722-11E1-8270-B8AC6F996F26}
2012-09-01 10:26 - 2012-09-01 15:14 - 00013276 ____A C:\Users\Parents\Desktop\60's 2.jpeg
2012-09-01 10:24 - 2012-09-01 15:11 - 00013282 ____A C:\Users\Parents\Desktop\60's 1.jpeg
2012-09-01 09:58 - 2012-09-01 09:58 - 00000000 ____D C:\Users\Parents\AppData\Local\{6F4E124B-21FD-4215-B128-E6212F3BE2DF}
2012-08-31 19:52 - 2012-08-31 19:52 - 00000000 ____D C:\Users\Parents\AppData\Roaming\ShaoLin
2012-08-31 16:49 - 2012-09-02 13:23 - 00000000 ____D C:\Users\Parents\AppData\Roaming\CaribbeanHideaway
2012-08-27 17:27 - 2012-08-27 17:27 - 00000000 ____D C:\Users\All Users\CannyGames
2012-08-27 16:59 - 2012-08-27 16:59 - 00001953 ____A C:\Users\Public\Desktop\Play Atlantic Quest.lnk
2012-08-27 16:59 - 2012-08-27 16:59 - 00000000 ____D C:\Program Files (x86)\Atlantic Quest
2012-08-26 04:32 - 2012-08-26 04:32 - 00000000 ____D C:\Program Files (x86)\AMD APP
2012-08-26 04:31 - 2012-08-26 04:31 - 00000000 ____D C:\Users\All Users\ATI
2012-08-23 13:19 - 2012-08-23 13:19 - 00000000 ____D C:\Users\Parents\AppData\Local\{42B6636B-3465-4568-89C7-8B2B7F92D4DF}
2012-08-23 12:28 - 2012-08-23 12:28 - 00013124 ____A C:\Users\Parents\Desktop\005.JPG - Shortcut.lnk
2012-08-22 14:55 - 2012-08-22 14:55 - 00000000 ____D C:\Users\Public\Documents\Big Kahuna Reef 3
2012-08-21 19:18 - 2012-08-21 19:18 - 00000000 ____D C:\Users\Parents\AppData\Local\{2B522096-002E-4379-BBDD-1C8C5D3A5799}
2012-08-21 19:15 - 2012-08-21 19:15 - 00001074 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-08-20 14:32 - 2012-08-20 14:32 - 00002002 ____A C:\Users\Public\Desktop\Play Big Kahuna Reef 3.lnk
2012-08-20 14:31 - 2012-08-20 14:32 - 00000000 ____D C:\Program Files (x86)\Big Kahuna Reef 3
2012-08-20 14:28 - 2012-08-20 14:28 - 00000000 ____D C:\Users\Parents\AppData\Roaming\Artifact Quest
2012-08-18 13:45 - 2012-08-18 13:45 - 00000085 ____A C:\Users\Parents\Desktop\San Martin, CA Nursing Homes.url
2012-08-18 11:37 - 2012-08-18 11:37 - 00000000 ____D C:\Windows\en
2012-08-18 11:37 - 2012-08-18 11:37 - 00000000 ____D C:\Users\Parents\AppData\Local\{EE7371FC-F4EF-4852-9E32-27D440AF900E}
2012-08-18 11:37 - 2012-08-18 11:37 - 00000000 ____D C:\Users\Parents\AppData\Local\{BE7FADC2-89CA-4336-A3B1-5A3A9B43AE7C}
2012-08-18 11:36 - 2012-08-18 11:36 - 00000000 ____D C:\Users\Parents\AppData\Local\{CB9EF46C-8A48-4085-B37C-26B017D2C546}
2012-08-18 11:35 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{EFA18701-33A7-4311-B109-5B224C439ADA}
2012-08-18 11:35 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{B6991C87-AE41-4462-B4EF-B0DD83773E8A}
2012-08-18 11:35 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{17ED5333-1A5B-49DC-A836-A03AA6CD0618}
2012-08-18 11:34 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{11A84E74-0E47-470A-8816-48732B49372E}
2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{AA2C3B66-045C-4119-9930-09496AA9B695}
2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{8AE029B5-CCC1-4649-889A-7DAF29418C1E}
2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{494BB960-23BE-43CE-80DA-8E64B5789247}
2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{06030E84-444A-449D-8B81-E1D4CB86746F}
2012-08-18 11:33 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{F210D26C-DC86-46CC-869C-4C88DF96D090}
2012-08-18 11:33 - 2012-08-18 11:33 - 00000000 ____D C:\Users\Parents\AppData\Local\{C5D2AB25-32C6-47C8-8297-E0045A772B71}
2012-08-18 07:03 - 2012-08-18 07:03 - 00000000 ____D C:\Program Files\Microsoft Device Center
2012-08-18 06:51 - 2012-08-18 06:51 - 00000000 ____D C:\Users\Parents\AppData\Local\{91A6CC58-18B8-42C4-9949-80D0853909E3}
2012-08-18 06:51 - 2012-08-18 06:51 - 00000000 ____D C:\Users\Parents\AppData\Local\{4E9F5533-1311-4C21-84A9-3C91581E4B52}
2012-08-18 06:47 - 2012-08-18 06:47 - 00000000 ____D C:\Users\Parents\AppData\Local\{D9366DE5-0E6D-47FE-8C51-FE0C33A176B5}
2012-08-18 06:47 - 2012-08-18 06:47 - 00000000 ____D C:\Users\Parents\AppData\Local\{4C08CAE8-1352-4FF1-AA64-E61928FB5BA0}
2012-08-18 05:53 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-18 05:53 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-18 05:53 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-18 05:53 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-18 05:53 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-18 05:53 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-18 05:53 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-18 05:53 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-18 05:53 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-18 05:53 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-18 05:53 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-18 05:53 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-18 05:53 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-18 05:53 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-18 05:53 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-18 05:53 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-18 05:53 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-18 05:53 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-18 05:53 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-18 05:53 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-18 05:53 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-18 05:53 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-18 05:53 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-18 05:53 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-18 05:53 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-18 05:53 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-18 05:53 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-18 05:53 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-18 05:39 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-18 05:39 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-18 05:39 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-18 05:39 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-18 05:39 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-18 05:39 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-18 05:39 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-18 05:39 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-18 05:39 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-18 05:39 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-18 05:39 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-18 05:39 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-18 05:39 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll


==================== 3 Months Modified Files ================================

2012-09-08 20:35 - 2011-08-27 15:52 - 01714059 ____A C:\Windows\WindowsUpdate.log
2012-09-08 20:24 - 2009-07-13 21:13 - 00729944 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-08 20:21 - 2009-07-13 20:45 - 00022576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-08 20:21 - 2009-07-13 20:45 - 00022576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-08 20:14 - 2012-09-08 15:15 - 00000448 ____A C:\Windows\setupact.log
2012-09-08 20:14 - 2009-07-13 21:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-08 20:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-08 20:02 - 2012-09-08 20:02 - 00016265 ____A C:\ComboFix.txt
2012-09-08 20:00 - 2012-09-08 15:15 - 00002216 ____A C:\Windows\PFRO.log
2012-09-08 20:00 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-08 19:49 - 2012-09-08 19:48 - 04747622 ____R (Swearware) C:\Users\Parents\Desktop\ComboFix.exe
2012-09-08 19:40 - 2012-01-12 21:20 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004UA.job
2012-09-08 19:40 - 2012-01-12 21:20 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004Core.job
2012-09-08 19:27 - 2012-04-02 22:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-08 19:19 - 2011-08-28 07:05 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-08 18:37 - 2012-09-08 18:37 - 02193184 ____A C:\Users\Parents\Desktop\tdsskiller.zip
2012-09-08 18:22 - 2012-09-08 18:22 - 04731392 ____A (AVAST Software) C:\Users\Parents\Desktop\aswMBR.exe
2012-09-08 18:22 - 2012-09-04 22:26 - 00000000 ____A C:\Users\Parents\AppData\Local\π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄€‹›fifl‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ
2012-09-08 18:21 - 2012-09-08 18:21 - 01378816 ____A C:\Users\Parents\Desktop\RogueKiller.exe
2012-09-08 16:30 - 2011-08-28 07:05 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-08 15:59 - 2012-09-08 16:07 - 00599552 ____A (OldTimer Tools) C:\Users\Parents\Desktop\OTL.exe
2012-09-08 15:15 - 2012-09-08 15:15 - 00000000 ____A C:\Windows\setuperr.log
2012-09-08 15:15 - 2012-02-26 12:51 - 00688128 __ASH C:\Users\Parents\Desktop\Thumbs.db
2012-09-08 14:01 - 2012-09-08 14:01 - 00000000 ____A C:\Users\All Users\6UdiY7.dat
2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe_.b
2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe.b
2012-09-07 21:22 - 2012-09-07 21:22 - 00002042 ____A C:\Users\Public\Desktop\Play Old Clockmaker's Riddle.lnk
2012-09-07 21:22 - 2012-09-07 21:22 - 00001276 ____A C:\Users\Public\Desktop\More Great Games.lnk
2012-09-07 21:22 - 2011-10-11 21:36 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-09-07 21:22 - 2011-10-11 21:36 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-09-07 21:22 - 2011-10-11 21:36 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-09-07 21:22 - 2011-10-11 21:36 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-09-04 14:20 - 2011-08-28 07:06 - 00002348 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-01 15:14 - 2012-09-01 10:26 - 00013276 ____A C:\Users\Parents\Desktop\60's 2.jpeg
2012-09-01 15:11 - 2012-09-01 10:24 - 00013282 ____A C:\Users\Parents\Desktop\60's 1.jpeg
2012-08-28 05:05 - 2012-04-02 22:22 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-28 05:05 - 2011-08-28 07:06 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-27 16:59 - 2012-08-27 16:59 - 00001953 ____A C:\Users\Public\Desktop\Play Atlantic Quest.lnk
2012-08-23 12:28 - 2012-08-23 12:28 - 00013124 ____A C:\Users\Parents\Desktop\005.JPG - Shortcut.lnk
2012-08-21 19:15 - 2012-08-21 19:15 - 00001074 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-08-21 19:12 - 2011-10-24 18:36 - 00011776 ____A C:\Users\Parents\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-20 14:32 - 2012-08-20 14:32 - 00002002 ____A C:\Users\Public\Desktop\Play Big Kahuna Reef 3.lnk
2012-08-18 13:45 - 2012-08-18 13:45 - 00000085 ____A C:\Users\Parents\Desktop\San Martin, CA Nursing Homes.url
2012-08-18 06:53 - 2009-07-13 20:45 - 04911752 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-18 05:39 - 2011-08-27 17:52 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-13 19:00 - 2011-08-28 13:44 - 00007623 ____A C:\Users\Parents\AppData\Local\Resmon.ResmonCfg
2012-07-27 21:47 - 2012-07-27 21:47 - 00187392 ____A C:\Windows\System32\clinfo.exe
2012-07-27 21:47 - 2012-07-27 21:47 - 00075776 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
2012-07-27 21:47 - 2012-07-27 21:47 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2012-07-27 21:47 - 2012-07-27 21:47 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
2012-07-27 21:47 - 2012-07-27 21:47 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2012-07-27 21:46 - 2012-07-27 21:46 - 16464896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2012-07-27 21:46 - 2012-07-27 21:46 - 13013504 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2012-07-21 11:02 - 2012-07-21 11:02 - 00001017 ____A C:\Users\Parents\Desktop\MusicBee.lnk
2012-07-18 10:15 - 2012-08-18 05:39 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-04 14:16 - 2012-08-18 05:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-18 05:39 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-18 05:39 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-18 05:39 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-18 05:39 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 12:46 - 2012-09-08 14:53 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 20:55 - 2012-08-18 05:53 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-18 05:53 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-18 05:53 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-18 05:53 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-18 05:53 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-18 05:53 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-18 05:53 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-18 05:53 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-18 05:53 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-18 05:53 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-18 05:53 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-18 05:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-18 05:53 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-18 05:53 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-18 05:53 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-18 05:53 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-18 05:53 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-18 05:53 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-18 05:53 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-18 05:53 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-18 05:53 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-18 05:53 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-18 05:53 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-18 05:53 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-18 05:53 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-18 05:53 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-18 05:53 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-18 05:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-28 09:16 - 2011-08-28 13:27 - 00025600 __ASH C:\Users\Parents\Thumbs.db
2012-06-26 20:38 - 2012-06-26 20:38 - 00046176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\point64.sys
2012-06-24 21:24 - 2012-06-24 21:24 - 00052320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys
2012-06-22 05:05 - 2012-06-22 05:05 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-06-21 19:47 - 2012-06-21 19:47 - 00001991 ____A C:\Users\Public\Desktop\Play Call of Atlantis.lnk
2012-06-17 11:51 - 2011-08-27 19:25 - 00063088 ____A C:\Users\Parents\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-16 11:20 - 2012-06-16 11:20 - 00001487 ____A C:\Users\Parents\Desktop\Velzylogo.jpg - Shortcut.lnk
2012-06-12 07:41 - 2012-06-12 07:41 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-28 23:57:43
Restore point made on: 2012-09-02 05:12:03
Restore point made on: 2012-09-06 04:22:19
Restore point made on: 2012-09-08 14:47:06
Restore point made on: 2012-09-08 14:48:41
Restore point made on: 2012-09-08 14:48:52
Restore point made on: 2012-09-08 14:52:05
Restore point made on: 2012-09-08 15:57:46
Restore point made on: 2012-09-08 15:58:04
Restore point made on: 2012-09-08 16:00:48

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 7933.49 MB
Available physical RAM: 7133.41 MB
Total Pagefile: 7931.64 MB
Available Pagefile: 7134.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Partitions ============================

1 Drive c: (Win7) (Fixed) (Total:74.53 GB) (Free:30.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:372.61 GB) (Free:278.85 GB) NTFS
4 Drive f: () (Removable) (Total:14.9 GB) (Free:14.75 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 0 B
Disk 1 Online 372 GB 1024 KB
Disk 2 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Win7 NTFS Partition 74 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 372 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 372 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 14 GB Healthy

==================================================================================

Last Boot: 2012-09-06 05:56

==================== End Of Log =============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart normally and let me know if you got your connection back.
 

Attachments

  • fixlist.txt
    27 bytes · Views: 1
I just want to make sure before I use this, the file only has one line:

Last Boot: 2012-09-06 05:56

Is that correct? EDIT: ok, I tried it, log to follow.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2012
Ran by SYSTEM at 2012-09-08 22:01:32 Run:1
Running from F:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
 
You must log in or register to reply here.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
C
Solved DWM.exe using 30-40% CPU and 2-4GB of RAM, also creating a suspicious connection
2
Replies
46
Views
7K
Broni
Broni
IIEleven11
  • Locked
Inactive-A Help with FRST Log Please
2
Replies
27
Views
6K
Broni
Broni

Latest posts

Back