TechSpot

Suspicious iexplore.exe processes always running

Solved
By Bigtuna00
Sep 8, 2012
  1. Discovered my parent's computer was infected today. Malwarebytes found and removed 7 infections. However I'm suspicious all is still not well. I'm seeing two Internet Explorer processes running at all times, even after a restart. My parents don't use IE at all. Example below:

    iexplore.PNG

    I'll be posting the logs requested in the Sticky thread and also the Malwarebytes log from the 7 removed infections.
  2. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Here is the log from Malwarebytes for the removed infections:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.08.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Parents :: PARENTS-PC [administrator]

    9/8/2012 3:59:02 PM
    mbam-log-2012-09-08 (15-59-02).txt

    Scan type: Full scan (C:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 339134
    Time elapsed: 14 minute(s), 27 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\Users\Parents\AppData\Roaming\zidpl.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|zidpl (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Users\Parents\AppData\Roaming\zidpl.dll",APCMDecode -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    E:\Share\Profile\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
    C:\Users\Parents\AppData\Local\Temp\124kkk290347.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
    E:\Share\Profile\Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Users\Parents\AppData\Roaming\zidpl.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.

    (end)
  3. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Here is the result of a current Malwarebytes quick scan:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.08.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Parents :: PARENTS-PC [administrator]

    9/8/2012 5:42:52 PM
    mbam-log-2012-09-08 (17-42-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 209848
    Time elapsed: 1 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Ran GMER per sticky instructions, the log was blank.
  5. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Here is the DDS output:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Parents at 17:40:37 on 2012-09-08
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7933.6565 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Microsoft Device Center\itype.exe
    C:\Program Files\Microsoft Device Center\ipoint.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uSearch Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=userinit.exe,
    BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    uRun: [SansaDispatch] C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    uRun: [Google Update] "C:\Users\Parents\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [qmrds] "C:\Windows\System32\rundll32.exe" "C:\Users\Parents\AppData\Roaming\qmrds.dll",AcquireLock
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{8CA72E32-AD9E-4D05-88E8-9878FB8873C2} : DhcpNameServer = 10.64.0.11 207.135.64.66 207.135.127.66 10.2.2.7 10.2.2.17 10.2.2.77 10.96.0.104
    TCP: Interfaces\{EC25EEA4-DE6A-4DC6-95C3-3BEF84B2B9B9} : DhcpNameServer = 192.168.1.254
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
    BHO-X64: AMD SteadyVideo BHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
    R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-28 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250568]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-28 136176]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-09 00:07:14--------d-----w-C:\_OTL
    2012-09-08 22:53:5524904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-08 22:53:55--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-08 22:43:519310152----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE9D1615-F802-4619-9854-16030B2BC737}\mpengine.dll
    2012-09-08 22:00:56110592----a-w-C:\ProgramData\21guOreO.exe_
    2012-09-08 22:00:56110592----a-w-C:\ProgramData\21guOreO.exe
    2012-09-08 14:15:529310152----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-08 05:39:41--------d-----w-C:\Users\Parents\AppData\Roaming\DAVA
    2012-09-08 05:22:09--------d-----w-C:\Program Files (x86)\Old Clockmaker's Riddle
    2012-09-07 03:30:52163256----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\np-mswmp.dll
    2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin7.dll
    2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin6.dll
    2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll
    2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll
    2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll
    2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll
    2012-09-07 03:30:52159744----a-w-C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll
    2012-09-05 16:43:35--------d-----w-C:\Users\Parents\AppData\Local\{6277D76C-A3F3-4371-B819-0CFBBC795A0F}
    2012-09-05 06:26:20--------d-----w-C:\Users\Parents\AppData\Local\{96AE75BE-F722-11E1-8270-B8AC6F996F26}
    2012-09-05 06:26:17649216----a-w-C:\Users\Parents\AppData\Roaming\qmrds.dll
    2012-09-01 17:58:03--------d-----w-C:\Users\Parents\AppData\Local\{6F4E124B-21FD-4215-B128-E6212F3BE2DF}
    2012-09-01 03:52:04--------d-----w-C:\Users\Parents\AppData\Roaming\ShaoLin
    2012-09-01 00:49:58--------d-----w-C:\Users\Parents\AppData\Roaming\CaribbeanHideaway
    2012-08-31 15:42:544278384----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-08-31 15:42:3442776----a-w-C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-08-28 01:27:44--------d-----w-C:\ProgramData\CannyGames
    2012-08-28 00:59:06--------d-----w-C:\Program Files (x86)\Atlantic Quest
    2012-08-26 12:32:12--------d-----w-C:\Program Files (x86)\AMD APP
    2012-08-23 21:19:31--------d-----w-C:\Users\Parents\AppData\Local\{42B6636B-3465-4568-89C7-8B2B7F92D4DF}
    2012-08-22 03:18:04--------d-----w-C:\Users\Parents\AppData\Local\{2B522096-002E-4379-BBDD-1C8C5D3A5799}
    2012-08-20 22:31:41--------d-----w-C:\Program Files (x86)\Big Kahuna Reef 3
    2012-08-20 22:28:42--------d-----w-C:\Users\Parents\AppData\Roaming\Artifact Quest
    2012-08-18 19:37:54--------d-----w-C:\Windows\en
    2012-08-18 19:37:31--------d-----w-C:\Users\Parents\AppData\Local\{BE7FADC2-89CA-4336-A3B1-5A3A9B43AE7C}
    2012-08-18 19:37:27--------d-----w-C:\Users\Parents\AppData\Local\{EE7371FC-F4EF-4852-9E32-27D440AF900E}
    2012-08-18 19:36:19--------d-----w-C:\Users\Parents\AppData\Local\{CB9EF46C-8A48-4085-B37C-26B017D2C546}
    2012-08-18 19:35:39537432----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\DXSETUP.exe
    2012-08-18 19:35:391801048----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\dsetup32.dll
    2012-08-18 19:35:3889944----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\DSETUP.dll
    2012-08-18 19:35:31--------d-----w-C:\Users\Parents\AppData\Local\{EFA18701-33A7-4311-B109-5B224C439ADA}
    2012-08-18 19:35:21--------d-----w-C:\Users\Parents\AppData\Local\{B6991C87-AE41-4462-B4EF-B0DD83773E8A}
    2012-08-18 19:35:10--------d-----w-C:\Users\Parents\AppData\Local\{17ED5333-1A5B-49DC-A836-A03AA6CD0618}
    2012-08-18 19:34:49--------d-----w-C:\Users\Parents\AppData\Local\{11A84E74-0E47-470A-8816-48732B49372E}
    2012-08-18 19:34:39--------d-----w-C:\Users\Parents\AppData\Local\{494BB960-23BE-43CE-80DA-8E64B5789247}
    2012-08-18 19:34:28--------d-----w-C:\Users\Parents\AppData\Local\{AA2C3B66-045C-4119-9930-09496AA9B695}
    2012-08-18 19:34:18--------d-----w-C:\Users\Parents\AppData\Local\{06030E84-444A-449D-8B81-E1D4CB86746F}
    2012-08-18 19:34:07--------d-----w-C:\Users\Parents\AppData\Local\{8AE029B5-CCC1-4649-889A-7DAF29418C1E}
    2012-08-18 19:33:57--------d-----w-C:\Users\Parents\AppData\Local\{F210D26C-DC86-46CC-869C-4C88DF96D090}
    2012-08-18 19:33:36--------d-----w-C:\Users\Parents\AppData\Local\{C5D2AB25-32C6-47C8-8297-E0045A772B71}
    2012-08-18 15:03:34--------d-----w-C:\Program Files\Microsoft Device Center
    2012-08-18 14:51:29--------d-----w-C:\Users\Parents\AppData\Local\{91A6CC58-18B8-42C4-9949-80D0853909E3}
    2012-08-18 14:51:08--------d-----w-C:\Users\Parents\AppData\Local\{4E9F5533-1311-4C21-84A9-3C91581E4B52}
    2012-08-18 14:47:38--------d-----w-C:\Users\Parents\AppData\Local\{4C08CAE8-1352-4FF1-AA64-E61928FB5BA0}
    2012-08-18 14:47:19--------d-----w-C:\Users\Parents\AppData\Local\{D9366DE5-0E6D-47FE-8C51-FE0C33A176B5}
    2012-08-18 13:39:09751104----a-w-C:\Windows\System32\win32spl.dll
    2012-08-18 13:39:09559104----a-w-C:\Windows\System32\spoolsv.exe
    2012-08-18 13:39:09503808----a-w-C:\Windows\System32\srcore.dll
    2012-08-18 13:39:0943008----a-w-C:\Windows\SysWow64\srclient.dll
    2012-08-18 13:39:0867072----a-w-C:\Windows\splwow64.exe
    2012-08-18 13:39:0859392----a-w-C:\Windows\System32\browcli.dll
    2012-08-18 13:39:08492032----a-w-C:\Windows\SysWow64\win32spl.dll
    2012-08-18 13:39:0841984----a-w-C:\Windows\SysWow64\browcli.dll
    2012-08-18 13:39:08136704----a-w-C:\Windows\System32\browser.dll
    2012-08-18 13:39:03956928----a-w-C:\Windows\System32\localspl.dll
    2012-08-18 13:39:033148800----a-w-C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2012-09-08 05:22:32466456----a-w-C:\Windows\System32\wrap_oal.dll
    2012-09-08 05:22:32444952----a-w-C:\Windows\SysWow64\wrap_oal.dll
    2012-09-08 05:22:32122904----a-w-C:\Windows\System32\OpenAL32.dll
    2012-09-08 05:22:32109080----a-w-C:\Windows\SysWow64\OpenAL32.dll
    2012-08-28 13:05:5473416----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-28 13:05:54696520----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-28 05:47:40187392----a-w-C:\Windows\System32\clinfo.exe
    2012-07-28 05:47:2475776----a-w-C:\Windows\System32\OpenVideo64.dll
    2012-07-28 05:47:1665024----a-w-C:\Windows\SysWow64\OpenVideo.dll
    2012-07-28 05:47:1063488----a-w-C:\Windows\System32\OVDecode64.dll
    2012-07-28 05:47:0656320----a-w-C:\Windows\SysWow64\OVDecode.dll
    2012-07-28 05:46:5616464896----a-w-C:\Windows\System32\amdocl64.dll
    2012-07-28 05:46:0613013504----a-w-C:\Windows\SysWow64\amdocl.dll
    2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
    2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-06-27 04:38:3046176----a-w-C:\Windows\System32\drivers\point64.sys
    2012-06-25 05:24:4852320----a-w-C:\Windows\System32\drivers\dc3d.sys
    .
    ============= FINISH: 17:40:48.96 ===============
  6. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    The sticky conflicts with the instructions inside "Attach.txt" from DDS so I'll hold off posting it, please let me know if you need it.

    Sticky says to post it, log says not to post it...
  7. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    More background:

    How I noticed the infection: my Mom was complaining about slow performance and Firefox was crashing. There were also crash dialogs for IE (which was not open). Task Manager revealed several instances of 124kkk290347.exe running as well as one other exe with a strange name (sorry I don't remember that one and my laptop battery is dead, I can get it from my search history later). I manually killed these, they did NOT restart. I ran Malwarebytes full scan after this.

    Full disclosure: this is my first serious infection in ~23 years of computing so I'm kind of a n00b at this. Previous potential threats had always been either blocked by AV software or just a file that was flagged and deleted. The point being I'm experienced enough to follow instructions but might make mistakes. I'll try my best! :p
  8. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Sticky clearly says to ignore DDS internal instructions so I expect Attach.txt to be pasted in your next reply.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
    Bigtuna00 likes this.
  9. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Content of Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/27/2011 4:52:24 PM
    System Uptime: 9/8/2012 5:30:20 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
    Processor: AMD Athlon(tm) II X2 250 Processor | Socket M2 | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 32.734 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 373 GiB total, 278.854 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP146: 8/29/2012 12:57:39 AM - Windows Update
    RP147: 9/2/2012 6:11:58 AM - Windows Update
    RP148: 9/6/2012 5:22:15 AM - Windows Update
    RP149: 9/8/2012 3:47:01 PM - Removed Adobe Reader X (10.1.4).
    RP150: 9/8/2012 3:48:38 PM - Removed Adobe Help Manager
    RP151: 9/8/2012 3:48:49 PM - Removed Adobe Download Assistant
    RP152: 9/8/2012 3:52:02 PM - Removed Skype Click to Call
    RP153: 9/8/2012 4:57:42 PM - Removed JavaFX 2.1.1
    RP154: 9/8/2012 4:58:01 PM - Removed Java(TM) 7 Update 5
    RP155: 9/8/2012 5:00:45 PM - OTL Restore Point - 9/8/2012 5:00:45 PM
    .
    ==== Installed Programs ======================
    .
    7 Wonders: Magical Mystery Tour
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Amazon MP3 Downloader 1.0.15
    AMD USB Filter Driver
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    Atlantic Quest
    BabySmash!
    Big Fish Games: Game Manager
    Big Kahuna Reef 3
    Call of Atlantis
    CameraHelperMsi
    Canon Easy-PhotoPrint EX
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 1.0
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cradle of Egypt
    Cradle of Rome 2
    Cursed House
    D3DX10
    Death at Fairing Point: A Dana Knightstone Novel
    erLT
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Haunted Manor: Lord of Mirrors
    Heroes of Hellas 3: Athens
    Hidden in Time: Looking-glass Lane
    ImgBurn
    Intel(R) Solid-State Drive Toolbox
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Midnight Mysteries: Devil on the Mississippi Collector's Edition
    MSVCRT
    MusicBee
    Notepad++
    Old Clockmaker's Riddle
    OpenAL
    Ozzy Bubbles
    Picasa 3
    QuickTime
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Sansa Updater
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Skype™ 5.10
    The Treasures of Montezuma 3
    TreeSize Free V2.5
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Venice Mystery
    VLC media player 2.0.2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/8/2012 5:30:30 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
    9/8/2012 5:07:14 PM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
  10. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Content of RKreport[1].txt:

    RogueKiller V8.0.2 [08/31/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Parents [Admin rights]
    Mode : Scan -- Date : 09/08/2012 19:24:23

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] SansaDispatch.exe -- C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc]
    [SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 10 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
    [RUN][BLACKLIST DLL] HKCU\[...]\Run : qmrds ("C:\Windows\System32\rundll32.exe" "C:\Users\Parents\AppData\Roaming\qmrds.dll",AcquireLock) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-3689204523-1297797616-1657894789-1004[...]\Run : SansaDispatch (C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND
    [RUN][BLACKLIST DLL] HKUS\S-1-5-21-3689204523-1297797616-1657894789-1004[...]\Run : qmrds ("C:\Windows\System32\rundll32.exe" "C:\Users\Parents\AppData\Roaming\qmrds.dll",AcquireLock) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> FOUND
    [PROXY FF] yjiglzqp.default\ : -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3689204523-1297797616-1657894789-1004\$c4a888d117ff0bfffc1d0dd151ac7ca3\n.) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3689204523-1297797616-1657894789-1004\$c4a888d117ff0bfffc1d0dd151ac7ca3\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3689204523-1297797616-1657894789-1004\$c4a888d117ff0bfffc1d0dd151ac7ca3\L --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: INTEL SS DSA2M080G2GC SATA Disk Device +++++
    --- User ---
    [MBR] 456fd817468c22b3cf57e7bc88b9e186
    [BSP] 2fbdb687bdaaf4f2316b5c58c40c5f6c : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 239f14c7f822b0c3d4c4352b8acd3e75
    [BSP] cd958f910f243ab8c9473bc2dae567af : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7224 Mo

    +++++ PhysicalDrive1: WDC WD40 00KS-00MNB0 SATA Disk Device +++++
    --- User ---
    [MBR] 4375a6c7cb224ebba4eaed7df1f91626
    [BSP] e9542363fd300cb042b8dc73a14e8590 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 381551 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  11. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Content of aswMBR.txt:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-08 19:27:20
    -----------------------------
    19:27:20.123 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:27:20.123 Number of processors: 2 586 0x602
    19:27:20.124 ComputerName: PARENTS-PC UserName: Parents
    19:27:20.373 Initialize success
    19:29:05.385 AVAST engine defs: 12090801
    19:29:22.416 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
    19:29:22.418 Disk 0 Vendor: INTEL_SS 2CV1 Size: 76319MB BusType: 11
    19:29:22.421 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000051
    19:29:22.422 Disk 1 Vendor: WDC_WD40 07.0 Size: 381554MB BusType: 11
    19:29:22.426 Disk 0 MBR read successfully
    19:29:22.428 Disk 0 MBR scan
    19:29:22.432 Disk 0 Windows 7 default MBR code
    19:29:22.435 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
    19:29:22.482 Disk 0 scanning C:\Windows\system32\drivers
    19:29:29.185 Service scanning
    19:29:44.770 Modules scanning
    19:29:44.776 Disk 0 trace - called modules:
    19:29:44.779 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    19:29:44.784 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078d0060]
    19:29:44.788 3 CLASSPNP.SYS[fffff88001b7243f] -> nt!IofCallDriver -> [0xfffffa80078ae040]
    19:29:44.796 5 amd_xata.sys[fffff880010e2b3f] -> nt!IofCallDriver -> \Device\00000050[0xfffffa80078aa060]
    19:29:45.037 AVAST engine scan C:\Windows
    19:29:46.080 AVAST engine scan C:\Windows\system32
    19:31:59.892 AVAST engine scan C:\Windows\system32\drivers
    19:32:07.796 AVAST engine scan C:\Users\Parents
    19:32:35.336 AVAST engine scan C:\ProgramData
    19:32:48.489 Scan finished successfully
    19:33:27.812 Disk 0 MBR has been saved successfully to "C:\Users\Parents\Desktop\infection\MBR.dat"
    19:33:27.818 The log file has been saved successfully to "C:\Users\Parents\Desktop\infection\aswMBR.txt"
     
  12. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  13. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    The log is too large to post, should I manually split it to fit or is there a certain place that's good to split it?
  14. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Ok, I split it half way, here's part 1, I'll post part 2 in the next post:

    19:39:01.0500 2632 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
    19:39:02.0025 2632 ============================================================
    19:39:02.0025 2632 Current date / time: 2012/09/08 19:39:02.0025
    19:39:02.0025 2632 SystemInfo:
    19:39:02.0025 2632
    19:39:02.0025 2632 OS Version: 6.1.7601 ServicePack: 1.0
    19:39:02.0025 2632 Product type: Workstation
    19:39:02.0025 2632 ComputerName: PARENTS-PC
    19:39:02.0025 2632 UserName: Parents
    19:39:02.0025 2632 Windows directory: C:\Windows
    19:39:02.0025 2632 System windows directory: C:\Windows
    19:39:02.0025 2632 Running under WOW64
    19:39:02.0025 2632 Processor architecture: Intel x64
    19:39:02.0025 2632 Number of processors: 2
    19:39:02.0025 2632 Page size: 0x1000
    19:39:02.0025 2632 Boot type: Normal boot
    19:39:02.0025 2632 ============================================================
    19:39:02.0510 2632 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:39:02.0521 2632 Drive \Device\Harddisk1\DR1 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:39:02.0526 2632 ============================================================
    19:39:02.0527 2632 \Device\Harddisk0\DR0:
    19:39:02.0527 2632 MBR partitions:
    19:39:02.0527 2632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
    19:39:02.0527 2632 \Device\Harddisk1\DR1:
    19:39:02.0527 2632 MBR partitions:
    19:39:02.0527 2632 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E937C82
    19:39:02.0527 2632 ============================================================
    19:39:02.0530 2632 C: <-> \Device\Harddisk0\DR0\Partition1
    19:39:02.0536 2632 E: <-> \Device\Harddisk1\DR1\Partition1
    19:39:02.0536 2632 ============================================================
    19:39:02.0536 2632 Initialize success
    19:39:02.0536 2632 ============================================================
    19:39:11.0484 3356 ============================================================
    19:39:11.0484 3356 Scan started
    19:39:11.0484 3356 Mode: Manual;
    19:39:11.0484 3356 ============================================================
    19:39:11.0684 3356 ================ Scan system memory ========================
    19:39:11.0684 3356 System memory - ok
    19:39:11.0684 3356 ================ Scan services =============================
    19:39:11.0738 3356 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:39:11.0740 3356 1394ohci - ok
    19:39:11.0744 3356 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
    19:39:11.0745 3356 61883 - ok
    19:39:11.0752 3356 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:39:11.0755 3356 ACPI - ok
    19:39:11.0759 3356 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:39:11.0760 3356 AcpiPmi - ok
    19:39:11.0795 3356 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:39:11.0797 3356 AdobeFlashPlayerUpdateSvc - ok
    19:39:11.0805 3356 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    19:39:11.0808 3356 adp94xx - ok
    19:39:11.0815 3356 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    19:39:11.0816 3356 adpahci - ok
    19:39:11.0823 3356 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    19:39:11.0824 3356 adpu320 - ok
    19:39:11.0832 3356 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:39:11.0833 3356 AeLookupSvc - ok
    19:39:11.0842 3356 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    19:39:11.0844 3356 AFD - ok
    19:39:11.0849 3356 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:39:11.0850 3356 agp440 - ok
    19:39:11.0856 3356 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    19:39:11.0857 3356 ALG - ok
    19:39:11.0861 3356 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:39:11.0861 3356 aliide - ok
    19:39:11.0868 3356 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    19:39:11.0871 3356 AMD External Events Utility - ok
    19:39:11.0876 3356 AMD FUEL Service - ok
    19:39:11.0882 3356 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    19:39:11.0882 3356 amdide - ok
    19:39:11.0887 3356 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
    19:39:11.0888 3356 amdiox64 - ok
    19:39:11.0893 3356 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    19:39:11.0894 3356 AmdK8 - ok
    19:39:11.0993 3356 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    19:39:12.0046 3356 amdkmdag - ok
    19:39:12.0059 3356 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    19:39:12.0061 3356 amdkmdap - ok
    19:39:12.0066 3356 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    19:39:12.0067 3356 AmdPPM - ok
    19:39:12.0073 3356 [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
    19:39:12.0073 3356 amdsata - ok
    19:39:12.0079 3356 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    19:39:12.0080 3356 amdsbs - ok
    19:39:12.0085 3356 [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
    19:39:12.0086 3356 amdxata - ok
    19:39:12.0091 3356 [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
    19:39:12.0092 3356 amd_sata - ok
    19:39:12.0096 3356 [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
    19:39:12.0097 3356 amd_xata - ok
    19:39:12.0101 3356 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    19:39:12.0102 3356 AODDriver4.01 - ok
    19:39:12.0107 3356 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    19:39:12.0107 3356 AODDriver4.1 - ok
    19:39:12.0112 3356 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    19:39:12.0113 3356 AppID - ok
    19:39:12.0118 3356 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:39:12.0119 3356 AppIDSvc - ok
    19:39:12.0124 3356 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    19:39:12.0124 3356 Appinfo - ok
    19:39:12.0134 3356 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:39:12.0136 3356 Apple Mobile Device - ok
    19:39:12.0141 3356 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    19:39:12.0142 3356 arc - ok
    19:39:12.0147 3356 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    19:39:12.0148 3356 arcsas - ok
    19:39:12.0152 3356 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:39:12.0152 3356 AsyncMac - ok
    19:39:12.0158 3356 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    19:39:12.0159 3356 atapi - ok
    19:39:12.0261 3356 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    19:39:12.0312 3356 atikmdag - ok
    19:39:12.0321 3356 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
    19:39:12.0322 3356 AtiPcie - ok
    19:39:12.0332 3356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:39:12.0338 3356 AudioEndpointBuilder - ok
    19:39:12.0347 3356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    19:39:12.0350 3356 AudioSrv - ok
    19:39:12.0355 3356 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
    19:39:12.0356 3356 Avc - ok
    19:39:12.0362 3356 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:39:12.0363 3356 AxInstSV - ok
    19:39:12.0371 3356 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    19:39:12.0374 3356 b06bdrv - ok
    19:39:12.0380 3356 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:39:12.0382 3356 b57nd60a - ok
    19:39:12.0390 3356 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:39:12.0391 3356 BDESVC - ok
    19:39:12.0395 3356 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:39:12.0396 3356 Beep - ok
    19:39:12.0407 3356 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    19:39:12.0413 3356 BFE - ok
    19:39:12.0424 3356 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    19:39:12.0432 3356 BITS - ok
    19:39:12.0437 3356 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:39:12.0437 3356 blbdrive - ok
    19:39:12.0446 3356 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    19:39:12.0448 3356 Bonjour Service - ok
    19:39:12.0454 3356 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:39:12.0455 3356 bowser - ok
    19:39:12.0459 3356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:39:12.0460 3356 BrFiltLo - ok
    19:39:12.0464 3356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:39:12.0464 3356 BrFiltUp - ok
    19:39:12.0471 3356 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    19:39:12.0472 3356 Browser - ok
    19:39:12.0479 3356 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:39:12.0480 3356 Brserid - ok
    19:39:12.0485 3356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:39:12.0486 3356 BrSerWdm - ok
    19:39:12.0490 3356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:39:12.0491 3356 BrUsbMdm - ok
    19:39:12.0496 3356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:39:12.0497 3356 BrUsbSer - ok
    19:39:12.0501 3356 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    19:39:12.0502 3356 BTHMODEM - ok
    19:39:12.0509 3356 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    19:39:12.0510 3356 bthserv - ok
    19:39:12.0515 3356 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:39:12.0516 3356 cdfs - ok
    19:39:12.0521 3356 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    19:39:12.0522 3356 cdrom - ok
    19:39:12.0528 3356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    19:39:12.0529 3356 CertPropSvc - ok
    19:39:12.0533 3356 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    19:39:12.0534 3356 circlass - ok
    19:39:12.0542 3356 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    19:39:12.0545 3356 CLFS - ok
    19:39:12.0555 3356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:39:12.0556 3356 clr_optimization_v2.0.50727_32 - ok
    19:39:12.0564 3356 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:39:12.0565 3356 clr_optimization_v2.0.50727_64 - ok
    19:39:12.0576 3356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:39:12.0577 3356 clr_optimization_v4.0.30319_32 - ok
    19:39:12.0587 3356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:39:12.0588 3356 clr_optimization_v4.0.30319_64 - ok
    19:39:12.0592 3356 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    19:39:12.0593 3356 CmBatt - ok
    19:39:12.0598 3356 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:39:12.0598 3356 cmdide - ok
    19:39:12.0606 3356 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    19:39:12.0609 3356 CNG - ok
    19:39:12.0613 3356 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    19:39:12.0614 3356 Compbatt - ok
    19:39:12.0619 3356 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    19:39:12.0619 3356 CompositeBus - ok
    19:39:12.0624 3356 COMSysApp - ok
    19:39:12.0630 3356 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    19:39:12.0631 3356 crcdisk - ok
    19:39:12.0639 3356 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:39:12.0641 3356 CryptSvc - ok
    19:39:12.0646 3356 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    19:39:12.0647 3356 dc3d - ok
    19:39:12.0658 3356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:39:12.0664 3356 DcomLaunch - ok
    19:39:12.0671 3356 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    19:39:12.0674 3356 defragsvc - ok
    19:39:12.0679 3356 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:39:12.0680 3356 DfsC - ok
    19:39:12.0687 3356 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:39:12.0690 3356 Dhcp - ok
    19:39:12.0695 3356 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    19:39:12.0696 3356 discache - ok
    19:39:12.0702 3356 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    19:39:12.0703 3356 Disk - ok
    19:39:12.0709 3356 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:39:12.0711 3356 Dnscache - ok
    19:39:12.0717 3356 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:39:12.0720 3356 dot3svc - ok
    19:39:12.0726 3356 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    19:39:12.0727 3356 DPS - ok
    19:39:12.0732 3356 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:39:12.0732 3356 drmkaud - ok
    19:39:12.0747 3356 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:39:12.0752 3356 DXGKrnl - ok
    19:39:12.0758 3356 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    19:39:12.0759 3356 EapHost - ok
    19:39:12.0792 3356 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    19:39:12.0807 3356 ebdrv - ok
    19:39:12.0813 3356 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    19:39:12.0814 3356 EFS - ok
    19:39:12.0825 3356 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    19:39:12.0828 3356 ehRecvr - ok
    19:39:12.0833 3356 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    19:39:12.0834 3356 ehSched - ok
    19:39:12.0843 3356 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    19:39:12.0846 3356 elxstor - ok
    19:39:12.0850 3356 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:39:12.0851 3356 ErrDev - ok
    19:39:12.0864 3356 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    19:39:12.0868 3356 EventSystem - ok
    19:39:12.0874 3356 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    19:39:12.0875 3356 exfat - ok
    19:39:12.0881 3356 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:39:12.0883 3356 fastfat - ok
    19:39:12.0893 3356 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    19:39:12.0900 3356 Fax - ok
    19:39:12.0905 3356 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    19:39:12.0905 3356 fdc - ok
    19:39:12.0910 3356 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    19:39:12.0911 3356 fdPHost - ok
    19:39:12.0915 3356 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    19:39:12.0916 3356 FDResPub - ok
    19:39:12.0921 3356 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:39:12.0922 3356 FileInfo - ok
    19:39:12.0927 3356 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:39:12.0927 3356 Filetrace - ok
    19:39:12.0932 3356 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    19:39:12.0933 3356 flpydisk - ok
    19:39:12.0939 3356 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:39:12.0941 3356 FltMgr - ok
    19:39:12.0955 3356 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    19:39:12.0966 3356 FontCache - ok
    19:39:12.0971 3356 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:39:12.0971 3356 FontCache3.0.0.0 - ok
    19:39:12.0976 3356 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:39:12.0977 3356 FsDepends - ok
    19:39:12.0982 3356 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:39:12.0982 3356 Fs_Rec - ok
    19:39:12.0989 3356 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:39:12.0990 3356 fvevol - ok
    19:39:12.0995 3356 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:39:12.0996 3356 gagp30kx - ok
    19:39:13.0001 3356 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:39:13.0001 3356 GEARAspiWDM - ok
    19:39:13.0012 3356 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    19:39:13.0019 3356 gpsvc - ok
    19:39:13.0026 3356 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:39:13.0027 3356 gupdate - ok
    19:39:13.0031 3356 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:39:13.0032 3356 gupdatem - ok
    19:39:13.0037 3356 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:39:13.0038 3356 gusvc - ok
    19:39:13.0042 3356 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:39:13.0043 3356 hcw85cir - ok
    19:39:13.0052 3356 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:39:13.0054 3356 HdAudAddService - ok
    19:39:13.0061 3356 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    19:39:13.0062 3356 HDAudBus - ok
    19:39:13.0067 3356 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    19:39:13.0068 3356 HidBatt - ok
    19:39:13.0073 3356 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    19:39:13.0074 3356 HidBth - ok
    19:39:13.0082 3356 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    19:39:13.0083 3356 HidIr - ok
    19:39:13.0090 3356 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    19:39:13.0091 3356 hidserv - ok
    19:39:13.0095 3356 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:39:13.0097 3356 HidUsb - ok
    19:39:13.0102 3356 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:39:13.0103 3356 hkmsvc - ok
    19:39:13.0111 3356 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:39:13.0114 3356 HomeGroupListener - ok
    19:39:13.0120 3356 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:39:13.0123 3356 HomeGroupProvider - ok
    19:39:13.0128 3356 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:39:13.0129 3356 HpSAMD - ok
    19:39:13.0139 3356 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:39:13.0143 3356 HTTP - ok
    19:39:13.0148 3356 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:39:13.0148 3356 hwpolicy - ok
    19:39:13.0154 3356 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    19:39:13.0155 3356 i8042prt - ok
    19:39:13.0163 3356 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:39:13.0165 3356 iaStorV - ok
    19:39:13.0178 3356 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:39:13.0183 3356 idsvc - ok
    19:39:13.0188 3356 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    19:39:13.0188 3356 iirsp - ok
    19:39:13.0200 3356 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    19:39:13.0211 3356 IKEEXT - ok
    19:39:13.0255 3356 [ 4BBB5A55EEB5EC11B20FCBB4CBB49357 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    19:39:13.0270 3356 IntcAzAudAddService - ok
    19:39:13.0275 3356 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    19:39:13.0275 3356 intelide - ok
    19:39:13.0281 3356 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:39:13.0281 3356 intelppm - ok
    19:39:13.0286 3356 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:39:13.0288 3356 IPBusEnum - ok
    19:39:13.0293 3356 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:39:13.0293 3356 IpFilterDriver - ok
    19:39:13.0302 3356 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:39:13.0308 3356 iphlpsvc - ok
    19:39:13.0313 3356 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:39:13.0314 3356 IPMIDRV - ok
    19:39:13.0320 3356 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:39:13.0321 3356 IPNAT - ok
    19:39:13.0333 3356 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    19:39:13.0338 3356 iPod Service - ok
    19:39:13.0343 3356 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:39:13.0343 3356 IRENUM - ok
    19:39:13.0348 3356 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:39:13.0348 3356 isapnp - ok
    19:39:13.0356 3356 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:39:13.0358 3356 iScsiPrt - ok
    19:39:13.0362 3356 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    19:39:13.0363 3356 kbdclass - ok
    19:39:13.0368 3356 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    19:39:13.0369 3356 kbdhid - ok
    19:39:13.0373 3356 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    19:39:13.0374 3356 KeyIso - ok
    19:39:13.0383 3356 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:39:13.0384 3356 KSecDD - ok
    19:39:13.0391 3356 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:39:13.0392 3356 KSecPkg - ok
    19:39:13.0397 3356 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    19:39:13.0397 3356 ksthunk - ok
    19:39:13.0404 3356 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:39:13.0408 3356 KtmRm - ok
    19:39:13.0414 3356 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    19:39:13.0417 3356 LanmanServer - ok
    19:39:13.0424 3356 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:39:13.0426 3356 LanmanWorkstation - ok
    19:39:13.0434 3356 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:39:13.0435 3356 lltdio - ok
    19:39:13.0442 3356 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:39:13.0445 3356 lltdsvc - ok
    19:39:13.0450 3356 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:39:13.0451 3356 lmhosts - ok
    19:39:13.0459 3356 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:39:13.0460 3356 LSI_FC - ok
    19:39:13.0466 3356 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:39:13.0466 3356 LSI_SAS - ok
    19:39:13.0472 3356 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:39:13.0472 3356 LSI_SAS2 - ok
    19:39:13.0477 3356 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:39:13.0478 3356 LSI_SCSI - ok
    19:39:13.0483 3356 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    19:39:13.0484 3356 luafv - ok
    19:39:13.0492 3356 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
    19:39:13.0494 3356 LVRS64 - ok
    19:39:13.0540 3356 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
    19:39:13.0563 3356 LVUVC64 - ok
    19:39:13.0571 3356 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:39:13.0572 3356 Mcx2Svc - ok
    19:39:13.0577 3356 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    19:39:13.0578 3356 megasas - ok
    19:39:13.0584 3356 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    19:39:13.0586 3356 MegaSR - ok
    19:39:13.0592 3356 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    19:39:13.0593 3356 MMCSS - ok
    19:39:13.0598 3356 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    19:39:13.0599 3356 Modem - ok
    19:39:13.0604 3356 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:39:13.0605 3356 monitor - ok
    19:39:13.0609 3356 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    19:39:13.0610 3356 mouclass - ok
    19:39:13.0615 3356 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:39:13.0616 3356 mouhid - ok
    19:39:13.0622 3356 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:39:13.0622 3356 mountmgr - ok
    19:39:13.0629 3356 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    19:39:13.0630 3356 MpFilter - ok
    19:39:13.0636 3356 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:39:13.0637 3356 mpio - ok
    19:39:13.0642 3356 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:39:13.0643 3356 mpsdrv - ok
    19:39:13.0655 3356 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:39:13.0663 3356 MpsSvc - ok
    19:39:13.0669 3356 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:39:13.0670 3356 MRxDAV - ok
    19:39:13.0677 3356 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:39:13.0678 3356 mrxsmb - ok
    19:39:13.0686 3356 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:39:13.0687 3356 mrxsmb10 - ok
    19:39:13.0693 3356 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:39:13.0694 3356 mrxsmb20 - ok
    19:39:13.0699 3356 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    19:39:13.0699 3356 msahci - ok
    19:39:13.0706 3356 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:39:13.0707 3356 msdsm - ok
    19:39:13.0712 3356 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    19:39:13.0714 3356 MSDTC - ok
    19:39:13.0725 3356 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
    19:39:13.0725 3356 MSDV - ok
    19:39:13.0730 3356 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:39:13.0731 3356 Msfs - ok
    19:39:13.0735 3356 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:39:13.0736 3356 mshidkmdf - ok
    19:39:13.0741 3356 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:39:13.0742 3356 msisadrv - ok
    19:39:13.0748 3356 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:39:13.0750 3356 MSiSCSI - ok
    19:39:13.0754 3356 msiserver - ok
    19:39:13.0759 3356 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:39:13.0760 3356 MSKSSRV - ok
    19:39:13.0766 3356 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    19:39:13.0767 3356 MsMpSvc - ok
    19:39:13.0772 3356 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:39:13.0772 3356 MSPCLOCK - ok
    19:39:13.0777 3356 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:39:13.0777 3356 MSPQM - ok
    19:39:13.0785 3356 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:39:13.0787 3356 MsRPC - ok
    19:39:13.0795 3356 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    19:39:13.0795 3356 mssmbios - ok
    19:39:13.0800 3356 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:39:13.0801 3356 MSTEE - ok
    19:39:13.0806 3356 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    19:39:13.0807 3356 MTConfig - ok
    19:39:13.0811 3356 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    19:39:13.0812 3356 Mup - ok
    19:39:13.0821 3356 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    19:39:13.0826 3356 napagent - ok
    19:39:13.0833 3356 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:39:13.0834 3356 NativeWifiP - ok
    19:39:13.0847 3356 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:39:13.0852 3356 NDIS - ok
    19:39:13.0857 3356 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:39:13.0857 3356 NdisCap - ok
    19:39:13.0862 3356 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:39:13.0863 3356 NdisTapi - ok
    19:39:13.0868 3356 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:39:13.0869 3356 Ndisuio - ok
    19:39:13.0875 3356 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:39:13.0876 3356 NdisWan - ok
    19:39:13.0881 3356 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:39:13.0882 3356 NDProxy - ok
    19:39:13.0887 3356 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:39:13.0888 3356 NetBIOS - ok
    19:39:13.0894 3356 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:39:13.0896 3356 NetBT - ok
    19:39:13.0905 3356 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    19:39:13.0906 3356 Netlogon - ok
    19:39:13.0914 3356 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    19:39:13.0918 3356 Netman - ok
    19:39:13.0926 3356 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    19:39:13.0931 3356 netprofm - ok
  15. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    19:39:13.0937 3356 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:39:13.0938 3356 NetTcpPortSharing - ok
    19:39:13.0945 3356 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    19:39:13.0946 3356 nfrd960 - ok
    19:39:13.0951 3356 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    19:39:13.0953 3356 NisDrv - ok
    19:39:13.0959 3356 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    19:39:13.0960 3356 NisSrv - ok
    19:39:13.0968 3356 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:39:13.0971 3356 NlaSvc - ok
    19:39:13.0975 3356 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:39:13.0976 3356 Npfs - ok
    19:39:13.0980 3356 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    19:39:13.0982 3356 nsi - ok
    19:39:13.0987 3356 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:39:13.0987 3356 nsiproxy - ok
    19:39:14.0009 3356 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:39:14.0017 3356 Ntfs - ok
    19:39:14.0022 3356 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    19:39:14.0023 3356 Null - ok
    19:39:14.0029 3356 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:39:14.0030 3356 nvraid - ok
    19:39:14.0036 3356 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:39:14.0037 3356 nvstor - ok
    19:39:14.0043 3356 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:39:14.0044 3356 nv_agp - ok
    19:39:14.0049 3356 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:39:14.0050 3356 ohci1394 - ok
    19:39:14.0056 3356 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:39:14.0057 3356 ose - ok
    19:39:14.0064 3356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:39:14.0068 3356 p2pimsvc - ok
    19:39:14.0076 3356 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    19:39:14.0081 3356 p2psvc - ok
    19:39:14.0087 3356 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    19:39:14.0088 3356 Parport - ok
    19:39:14.0093 3356 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:39:14.0094 3356 partmgr - ok
    19:39:14.0100 3356 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:39:14.0102 3356 PcaSvc - ok
    19:39:14.0109 3356 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    19:39:14.0110 3356 pci - ok
    19:39:14.0114 3356 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    19:39:14.0115 3356 pciide - ok
    19:39:14.0122 3356 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    19:39:14.0123 3356 pcmcia - ok
    19:39:14.0128 3356 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    19:39:14.0129 3356 pcw - ok
    19:39:14.0138 3356 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:39:14.0141 3356 PEAUTH - ok
    19:39:14.0174 3356 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    19:39:14.0175 3356 PerfHost - ok
    19:39:14.0198 3356 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    19:39:14.0211 3356 pla - ok
    19:39:14.0218 3356 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:39:14.0223 3356 PlugPlay - ok
    19:39:14.0227 3356 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:39:14.0229 3356 PNRPAutoReg - ok
    19:39:14.0235 3356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:39:14.0238 3356 PNRPsvc - ok
    19:39:14.0244 3356 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    19:39:14.0245 3356 Point64 - ok
    19:39:14.0254 3356 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:39:14.0259 3356 PolicyAgent - ok
    19:39:14.0267 3356 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    19:39:14.0270 3356 Power - ok
    19:39:14.0275 3356 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:39:14.0276 3356 PptpMiniport - ok
    19:39:14.0281 3356 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    19:39:14.0282 3356 Processor - ok
    19:39:14.0289 3356 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    19:39:14.0291 3356 ProfSvc - ok
    19:39:14.0296 3356 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:39:14.0297 3356 ProtectedStorage - ok
    19:39:14.0303 3356 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:39:14.0304 3356 Psched - ok
    19:39:14.0322 3356 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    19:39:14.0329 3356 ql2300 - ok
    19:39:14.0338 3356 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    19:39:14.0339 3356 ql40xx - ok
    19:39:14.0345 3356 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    19:39:14.0348 3356 QWAVE - ok
    19:39:14.0353 3356 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:39:14.0353 3356 QWAVEdrv - ok
    19:39:14.0358 3356 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:39:14.0358 3356 RasAcd - ok
    19:39:14.0364 3356 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:39:14.0365 3356 RasAgileVpn - ok
    19:39:14.0371 3356 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    19:39:14.0372 3356 RasAuto - ok
    19:39:14.0378 3356 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:39:14.0379 3356 Rasl2tp - ok
    19:39:14.0385 3356 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    19:39:14.0390 3356 RasMan - ok
    19:39:14.0395 3356 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:39:14.0396 3356 RasPppoe - ok
    19:39:14.0400 3356 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:39:14.0401 3356 RasSstp - ok
    19:39:14.0409 3356 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:39:14.0410 3356 rdbss - ok
    19:39:14.0415 3356 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    19:39:14.0416 3356 rdpbus - ok
    19:39:14.0421 3356 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:39:14.0421 3356 RDPCDD - ok
    19:39:14.0428 3356 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:39:14.0429 3356 RDPENCDD - ok
    19:39:14.0435 3356 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:39:14.0436 3356 RDPREFMP - ok
    19:39:14.0443 3356 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:39:14.0444 3356 RDPWD - ok
    19:39:14.0451 3356 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:39:14.0452 3356 rdyboost - ok
    19:39:14.0458 3356 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:39:14.0460 3356 RemoteAccess - ok
    19:39:14.0465 3356 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:39:14.0467 3356 RemoteRegistry - ok
    19:39:14.0473 3356 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:39:14.0475 3356 RpcEptMapper - ok
    19:39:14.0479 3356 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    19:39:14.0480 3356 RpcLocator - ok
    19:39:14.0488 3356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    19:39:14.0492 3356 RpcSs - ok
    19:39:14.0497 3356 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:39:14.0497 3356 rspndr - ok
    19:39:14.0506 3356 [ 2E7D1CA91D62501713C9D6E6704395C6 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
    19:39:14.0507 3356 RTHDMIAzAudService - ok
    19:39:14.0516 3356 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    19:39:14.0517 3356 RTL8167 - ok
    19:39:14.0521 3356 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    19:39:14.0523 3356 SamSs - ok
    19:39:14.0528 3356 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:39:14.0529 3356 sbp2port - ok
    19:39:14.0535 3356 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:39:14.0538 3356 SCardSvr - ok
    19:39:14.0542 3356 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:39:14.0543 3356 scfilter - ok
    19:39:14.0555 3356 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    19:39:14.0566 3356 Schedule - ok
    19:39:14.0571 3356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:39:14.0572 3356 SCPolicySvc - ok
    19:39:14.0578 3356 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:39:14.0580 3356 SDRSVC - ok
    19:39:14.0585 3356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:39:14.0586 3356 secdrv - ok
    19:39:14.0591 3356 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    19:39:14.0592 3356 seclogon - ok
    19:39:14.0597 3356 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    19:39:14.0599 3356 SENS - ok
    19:39:14.0605 3356 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:39:14.0607 3356 SensrSvc - ok
    19:39:14.0611 3356 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:39:14.0611 3356 Serenum - ok
    19:39:14.0617 3356 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:39:14.0618 3356 Serial - ok
    19:39:14.0623 3356 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    19:39:14.0624 3356 sermouse - ok
    19:39:14.0636 3356 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    19:39:14.0638 3356 SessionEnv - ok
    19:39:14.0643 3356 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:39:14.0643 3356 sffdisk - ok
    19:39:14.0648 3356 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:39:14.0649 3356 sffp_mmc - ok
    19:39:14.0653 3356 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:39:14.0654 3356 sffp_sd - ok
    19:39:14.0659 3356 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    19:39:14.0659 3356 sfloppy - ok
    19:39:14.0666 3356 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:39:14.0670 3356 SharedAccess - ok
    19:39:14.0677 3356 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:39:14.0681 3356 ShellHWDetection - ok
    19:39:14.0686 3356 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:39:14.0687 3356 SiSRaid2 - ok
    19:39:14.0692 3356 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    19:39:14.0693 3356 SiSRaid4 - ok
    19:39:14.0699 3356 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:39:14.0700 3356 SkypeUpdate - ok
    19:39:14.0705 3356 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:39:14.0706 3356 Smb - ok
    19:39:14.0714 3356 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:39:14.0716 3356 SNMPTRAP - ok
    19:39:14.0721 3356 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:39:14.0721 3356 spldr - ok
    19:39:14.0730 3356 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    19:39:14.0736 3356 Spooler - ok
    19:39:14.0771 3356 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    19:39:14.0809 3356 sppsvc - ok
    19:39:14.0815 3356 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:39:14.0817 3356 sppuinotify - ok
    19:39:14.0825 3356 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:39:14.0828 3356 srv - ok
    19:39:14.0836 3356 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:39:14.0838 3356 srv2 - ok
    19:39:14.0844 3356 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:39:14.0846 3356 srvnet - ok
    19:39:14.0852 3356 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:39:14.0855 3356 SSDPSRV - ok
    19:39:14.0860 3356 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:39:14.0862 3356 SstpSvc - ok
    19:39:14.0867 3356 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    19:39:14.0867 3356 stexstor - ok
    19:39:14.0872 3356 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    19:39:14.0873 3356 StillCam - ok
    19:39:14.0882 3356 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    19:39:14.0888 3356 stisvc - ok
    19:39:14.0893 3356 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    19:39:14.0893 3356 swenum - ok
    19:39:14.0902 3356 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    19:39:14.0907 3356 swprv - ok
    19:39:14.0927 3356 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    19:39:14.0943 3356 SysMain - ok
    19:39:14.0949 3356 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:39:14.0950 3356 TabletInputService - ok
    19:39:14.0958 3356 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:39:14.0962 3356 TapiSrv - ok
    19:39:14.0966 3356 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    19:39:14.0969 3356 TBS - ok
    19:39:14.0990 3356 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:39:15.0000 3356 Tcpip - ok
    19:39:15.0022 3356 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:39:15.0031 3356 TCPIP6 - ok
    19:39:15.0039 3356 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:39:15.0040 3356 tcpipreg - ok
    19:39:15.0047 3356 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:39:15.0047 3356 TDPIPE - ok
    19:39:15.0052 3356 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:39:15.0053 3356 TDTCP - ok
    19:39:15.0059 3356 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:39:15.0060 3356 tdx - ok
    19:39:15.0065 3356 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    19:39:15.0065 3356 TermDD - ok
    19:39:15.0076 3356 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    19:39:15.0083 3356 TermService - ok
    19:39:15.0088 3356 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    19:39:15.0090 3356 Themes - ok
    19:39:15.0094 3356 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    19:39:15.0096 3356 THREADORDER - ok
    19:39:15.0101 3356 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    19:39:15.0103 3356 TrkWks - ok
    19:39:15.0109 3356 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:39:15.0110 3356 TrustedInstaller - ok
    19:39:15.0117 3356 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:39:15.0118 3356 tssecsrv - ok
    19:39:15.0123 3356 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:39:15.0124 3356 TsUsbFlt - ok
    19:39:15.0130 3356 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:39:15.0131 3356 tunnel - ok
    19:39:15.0136 3356 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    19:39:15.0137 3356 uagp35 - ok
    19:39:15.0144 3356 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:39:15.0145 3356 udfs - ok
    19:39:15.0155 3356 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:39:15.0157 3356 UI0Detect - ok
    19:39:15.0162 3356 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:39:15.0163 3356 uliagpkx - ok
    19:39:15.0168 3356 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    19:39:15.0169 3356 umbus - ok
    19:39:15.0173 3356 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    19:39:15.0174 3356 UmPass - ok
    19:39:15.0183 3356 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    19:39:15.0185 3356 UMVPFSrv - ok
    19:39:15.0194 3356 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    19:39:15.0199 3356 upnphost - ok
    19:39:15.0204 3356 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    19:39:15.0205 3356 USBAAPL64 - ok
    19:39:15.0210 3356 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    19:39:15.0211 3356 usbaudio - ok
    19:39:15.0217 3356 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:39:15.0218 3356 usbccgp - ok
    19:39:15.0223 3356 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:39:15.0224 3356 usbcir - ok
    19:39:15.0229 3356 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    19:39:15.0230 3356 usbehci - ok
    19:39:15.0236 3356 [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    19:39:15.0236 3356 usbfilter - ok
    19:39:15.0244 3356 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:39:15.0246 3356 usbhub - ok
    19:39:15.0251 3356 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    19:39:15.0251 3356 usbohci - ok
    19:39:15.0257 3356 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    19:39:15.0257 3356 usbprint - ok
    19:39:15.0262 3356 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    19:39:15.0263 3356 usbscan - ok
    19:39:15.0268 3356 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:39:15.0269 3356 USBSTOR - ok
    19:39:15.0274 3356 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    19:39:15.0275 3356 usbuhci - ok
    19:39:15.0280 3356 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    19:39:15.0282 3356 usbvideo - ok
    19:39:15.0287 3356 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    19:39:15.0289 3356 UxSms - ok
    19:39:15.0293 3356 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    19:39:15.0294 3356 VaultSvc - ok
    19:39:15.0299 3356 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:39:15.0299 3356 vdrvroot - ok
    19:39:15.0308 3356 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    19:39:15.0314 3356 vds - ok
    19:39:15.0319 3356 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:39:15.0320 3356 vga - ok
    19:39:15.0324 3356 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:39:15.0325 3356 VgaSave - ok
    19:39:15.0332 3356 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:39:15.0333 3356 vhdmp - ok
    19:39:15.0339 3356 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    19:39:15.0339 3356 viaide - ok
    19:39:15.0344 3356 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:39:15.0345 3356 volmgr - ok
    19:39:15.0352 3356 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:39:15.0355 3356 volmgrx - ok
    19:39:15.0361 3356 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:39:15.0363 3356 volsnap - ok
    19:39:15.0369 3356 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    19:39:15.0370 3356 vsmraid - ok
    19:39:15.0389 3356 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    19:39:15.0403 3356 VSS - ok
    19:39:15.0408 3356 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    19:39:15.0408 3356 vwifibus - ok
    19:39:15.0416 3356 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    19:39:15.0421 3356 W32Time - ok
    19:39:15.0427 3356 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    19:39:15.0428 3356 WacomPen - ok
    19:39:15.0433 3356 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:39:15.0434 3356 WANARP - ok
    19:39:15.0438 3356 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:39:15.0438 3356 Wanarpv6 - ok
    19:39:15.0456 3356 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    19:39:15.0468 3356 WatAdminSvc - ok
    19:39:15.0486 3356 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    19:39:15.0500 3356 wbengine - ok
    19:39:15.0507 3356 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:39:15.0510 3356 WbioSrvc - ok
    19:39:15.0519 3356 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:39:15.0523 3356 wcncsvc - ok
    19:39:15.0527 3356 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:39:15.0529 3356 WcsPlugInService - ok
    19:39:15.0534 3356 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    19:39:15.0534 3356 Wd - ok
    19:39:15.0545 3356 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:39:15.0548 3356 Wdf01000 - ok
    19:39:15.0553 3356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:39:15.0555 3356 WdiServiceHost - ok
    19:39:15.0559 3356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:39:15.0561 3356 WdiSystemHost - ok
    19:39:15.0567 3356 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    19:39:15.0571 3356 WebClient - ok
    19:39:15.0577 3356 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:39:15.0581 3356 Wecsvc - ok
    19:39:15.0586 3356 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:39:15.0588 3356 wercplsupport - ok
    19:39:15.0593 3356 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:39:15.0595 3356 WerSvc - ok
    19:39:15.0599 3356 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:39:15.0599 3356 WfpLwf - ok
    19:39:15.0605 3356 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:39:15.0605 3356 WIMMount - ok
    19:39:15.0609 3356 WinDefend - ok
    19:39:15.0616 3356 WinHttpAutoProxySvc - ok
    19:39:15.0630 3356 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:39:15.0633 3356 Winmgmt - ok
    19:39:15.0655 3356 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    19:39:15.0674 3356 WinRM - ok
    19:39:15.0683 3356 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    19:39:15.0684 3356 WinUsb - ok
    19:39:15.0696 3356 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:39:15.0705 3356 Wlansvc - ok
    19:39:15.0730 3356 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:39:15.0742 3356 wlidsvc - ok
    19:39:15.0748 3356 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:39:15.0748 3356 WmiAcpi - ok
    19:39:15.0757 3356 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:39:15.0759 3356 wmiApSrv - ok
    19:39:15.0763 3356 WMPNetworkSvc - ok
    19:39:15.0770 3356 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:39:15.0772 3356 WPCSvc - ok
    19:39:15.0777 3356 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:39:15.0779 3356 WPDBusEnum - ok
    19:39:15.0783 3356 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:39:15.0784 3356 ws2ifsl - ok
    19:39:15.0790 3356 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    19:39:15.0792 3356 wscsvc - ok
    19:39:15.0796 3356 WSearch - ok
    19:39:15.0825 3356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    19:39:15.0848 3356 wuauserv - ok
    19:39:15.0854 3356 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:39:15.0855 3356 WudfPf - ok
    19:39:15.0861 3356 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:39:15.0862 3356 WUDFRd - ok
    19:39:15.0867 3356 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:39:15.0869 3356 wudfsvc - ok
    19:39:15.0878 3356 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:39:15.0881 3356 WwanSvc - ok
    19:39:15.0886 3356 ================ Scan global ===============================
    19:39:15.0890 3356 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    19:39:15.0896 3356 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    19:39:15.0903 3356 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    19:39:15.0908 3356 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    19:39:15.0914 3356 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    19:39:15.0917 3356 [Global] - ok
    19:39:15.0917 3356 ================ Scan MBR ==================================
    19:39:15.0920 3356 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    19:39:15.0980 3356 \Device\Harddisk0\DR0 - ok
    19:39:15.0983 3356 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    19:39:16.0045 3356 \Device\Harddisk1\DR1 - ok
    19:39:16.0045 3356 ================ Scan VBR ==================================
    19:39:16.0048 3356 [ BCE1349359F2200008D670AB4ED4E265 ] \Device\Harddisk0\DR0\Partition1
    19:39:16.0050 3356 \Device\Harddisk0\DR0\Partition1 - ok
    19:39:16.0053 3356 [ C58AC022C1B4C464E72B3E3C6A153610 ] \Device\Harddisk1\DR1\Partition1
    19:39:16.0055 3356 \Device\Harddisk1\DR1\Partition1 - ok
    19:39:16.0055 3356 ============================================================
    19:39:16.0055 3356 Scan finished
    19:39:16.0055 3356 ============================================================
    19:39:16.0068 3928 Detected object count: 0
    19:39:16.0068 3928 Actual detected object count: 0
  16. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  17. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Posting from a different computer. 3 restarts, also disabled and re-enabled the network adapter as well as rebooting the router, internet connection hasn't been restored.

    On the plus side I'm not seeing the iexplore.exe processes anymore :)

    I'm hesitant to copy the log file for posting (I.e. using a USB drive). But I'm posting from a Mac so I imagine it will be ok. If you can give some hints about how to restore the network connection I'd appreciate it, I'll reply with the log in a moment.

    Thanks for the help so far!
  18. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    ComboFix 12-09-09.01 - Parents 09/08/2012 20:56:37.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7933.6313 [GMT -7:00]
    Running from: c:\users\Parents\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\21guOreO.exe
    c:\programdata\21guOreO.exe_
    c:\users\Parents\AppData\Roaming\log.txt
    c:\users\Parents\AppData\Roaming\qmrds.dll
    c:\users\Public\Desktop\Scanner.lnk
    e:\share\Profile\Documents\DPE.DUS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-09 00:41 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{577DF72D-132B-48BE-9566-1629A6E4A7FC}\mpengine.dll
    2012-09-09 00:07 . 2012-09-09 00:07--------d-----w-C:\_OTL
    2012-09-08 22:53 . 2012-09-08 22:54--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-08 22:53 . 2012-07-03 20:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-08 14:15 . 2012-08-23 08:269310152----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-08 05:39 . 2012-09-08 05:39--------d-----w-c:\users\Parents\AppData\Roaming\DAVA
    2012-09-08 05:22 . 2012-09-08 05:22--------d-----w-c:\program files (x86)\Old Clockmaker's Riddle
    2012-09-05 06:26 . 2012-09-05 06:26--------d-----w-c:\users\Parents\AppData\Local\{96AE75BE-F722-11E1-8270-B8AC6F996F26}
    2012-09-01 03:52 . 2012-09-01 03:52--------d-----w-c:\users\Parents\AppData\Roaming\ShaoLin
    2012-09-01 00:49 . 2012-09-02 21:23--------d-----w-c:\users\Parents\AppData\Roaming\CaribbeanHideaway
    2012-08-31 15:42 . 2012-08-31 15:424278384----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-08-31 15:42 . 2012-08-31 15:4242776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-08-28 01:27 . 2012-08-28 01:27--------d-----w-c:\programdata\CannyGames
    2012-08-28 00:59 . 2012-08-28 00:59--------d-----w-c:\program files (x86)\Atlantic Quest
    2012-08-26 12:32 . 2012-08-26 12:32--------d-----w-c:\program files (x86)\AMD APP
    2012-08-26 12:31 . 2012-08-26 12:31--------d-----w-c:\programdata\ATI
    2012-08-20 22:31 . 2012-08-20 22:32--------d-----w-c:\program files (x86)\Big Kahuna Reef 3
    2012-08-20 22:28 . 2012-08-20 22:28--------d-----w-c:\users\Parents\AppData\Roaming\Artifact Quest
    2012-08-18 19:37 . 2012-08-18 19:37--------d-----w-c:\windows\en
    2012-08-18 19:35 . 2012-08-18 19:35537432----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\DXSETUP.exe
    2012-08-18 19:35 . 2012-08-18 19:351801048----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\dsetup32.dll
    2012-08-18 19:35 . 2012-08-18 19:3589944----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\a5792bed1cd7d7802\DSETUP.dll
    2012-08-18 15:03 . 2012-08-18 15:03--------d-----w-c:\program files\Microsoft Device Center
    2012-08-18 13:39 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
    2012-08-18 13:39 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
    2012-08-18 13:39 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
    2012-08-18 13:39 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
    2012-08-18 13:39 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2012-08-18 13:39 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2012-08-18 13:39 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2012-08-18 13:39 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2012-08-18 13:39 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
    2012-08-18 13:39 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
    2012-08-18 13:39 . 2012-07-18 18:153148800----a-w-c:\windows\system32\win32k.sys
    2012-08-18 13:39 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-08 05:22 . 2011-10-12 05:36466456----a-w-c:\windows\system32\wrap_oal.dll
    2012-09-08 05:22 . 2011-10-12 05:36444952----a-w-c:\windows\SysWow64\wrap_oal.dll
    2012-09-08 05:22 . 2011-10-12 05:36122904----a-w-c:\windows\system32\OpenAL32.dll
    2012-09-08 05:22 . 2011-10-12 05:36109080----a-w-c:\windows\SysWow64\OpenAL32.dll
    2012-08-28 13:05 . 2012-04-03 06:22696520----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-28 13:05 . 2011-08-28 15:0673416----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-18 13:39 . 2011-08-28 01:5262134624----a-w-c:\windows\system32\MRT.exe
    2012-07-28 05:47 . 2012-07-28 05:47187392----a-w-c:\windows\system32\clinfo.exe
    2012-07-28 05:47 . 2012-07-28 05:4775776----a-w-c:\windows\system32\OpenVideo64.dll
    2012-07-28 05:47 . 2012-07-28 05:4765024----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-07-28 05:47 . 2012-07-28 05:4763488----a-w-c:\windows\system32\OVDecode64.dll
    2012-07-28 05:47 . 2012-07-28 05:4756320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-07-28 05:46 . 2012-07-28 05:4616464896----a-w-c:\windows\system32\amdocl64.dll
    2012-07-28 05:46 . 2012-07-28 05:4613013504----a-w-c:\windows\SysWow64\amdocl.dll
    2012-06-27 04:38 . 2012-06-27 04:3846176----a-w-c:\windows\system32\drivers\point64.sys
    2012-06-25 05:24 . 2012-06-25 05:2452320----a-w-c:\windows\system32\drivers\dc3d.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SansaDispatch"="c:\users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-26 79872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250568]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-28 1255736]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:05]
    .
    2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 15:05]
    .
    2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 15:05]
    .
    2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004Core.job
    - c:\users\Parents\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 22:59]
    .
    2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004UA.job
    - c:\users\Parents\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-13 22:59]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 192.168.*.*;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    ------- File Associations -------
    .
    .txt=Notepad++_file
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-qmrds - c:\users\Parents\AppData\Roaming\qmrds.dll
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-09-08 21:02:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-09 04:02
    .
    Pre-Run: 41,776,934,912 bytes free
    Post-Run: 41,226,764,288 bytes free
    .
    - - End Of File - - 23B2AA70EAC07E7B890D08F4AC6595AF
  19. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  20. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2012
    Ran by SYSTEM at 08-09-2012 21:38:11
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12666984 2011-08-09] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)
    HKU\Parents\...\Run: [SansaDispatch] C:\Users\Parents\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2011-12-25] (SanDisk Corporation)

    ==================== Services ====================

    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

    ==================== Drivers =================================

    3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]

    ==================== NetSvcs (Whitelisted) =================


    ==================== One Month Created Files and Folders ======================

    2012-09-08 20:02 - 2012-09-08 20:02 - 00016265 ____A C:\ComboFix.txt
    2012-09-08 19:55 - 2012-09-08 20:02 - 00000000 ___AD C:\Qoobox
    2012-09-08 19:55 - 2012-09-08 20:00 - 00000000 ____D C:\Windows\erdnt
    2012-09-08 19:55 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-09-08 19:55 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-09-08 19:55 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-09-08 19:55 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-09-08 19:55 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-09-08 19:55 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-09-08 19:55 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-09-08 19:55 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-09-08 19:48 - 2012-09-08 19:49 - 04747622 ____R (Swearware) C:\Users\Parents\Desktop\ComboFix.exe
    2012-09-08 18:38 - 2012-09-08 18:38 - 00000000 ____D C:\Users\Parents\Desktop\tdsskiller
    2012-09-08 18:37 - 2012-09-08 18:37 - 02193184 ____A C:\Users\Parents\Desktop\tdsskiller.zip
    2012-09-08 18:23 - 2012-09-08 18:24 - 00000000 ____D C:\Users\Parents\Desktop\RK_Quarantine
    2012-09-08 18:22 - 2012-09-08 18:22 - 04731392 ____A (AVAST Software) C:\Users\Parents\Desktop\aswMBR.exe
    2012-09-08 18:21 - 2012-09-08 18:21 - 01378816 ____A C:\Users\Parents\Desktop\RogueKiller.exe
    2012-09-08 16:37 - 2012-09-08 20:04 - 00000000 ____D C:\Users\Parents\Desktop\infection
    2012-09-08 16:07 - 2012-09-08 16:07 - 00000000 ____D C:\_OTL
    2012-09-08 16:07 - 2012-09-08 15:59 - 00599552 ____A (OldTimer Tools) C:\Users\Parents\Desktop\OTL.exe
    2012-09-08 15:15 - 2012-09-08 20:14 - 00000448 ____A C:\Windows\setupact.log
    2012-09-08 15:15 - 2012-09-08 20:00 - 00002216 ____A C:\Windows\PFRO.log
    2012-09-08 15:15 - 2012-09-08 15:15 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-08 14:53 - 2012-09-08 14:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-08 14:53 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-08 14:01 - 2012-09-08 14:01 - 00000000 ____A C:\Users\All Users\6UdiY7.dat
    2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe_.b
    2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe.b
    2012-09-07 21:39 - 2012-09-07 21:39 - 00000000 ____D C:\Users\Parents\AppData\Roaming\DAVA
    2012-09-07 21:22 - 2012-09-07 21:22 - 00002042 ____A C:\Users\Public\Desktop\Play Old Clockmaker's Riddle.lnk
    2012-09-07 21:22 - 2012-09-07 21:22 - 00001276 ____A C:\Users\Public\Desktop\More Great Games.lnk
    2012-09-07 21:22 - 2012-09-07 21:22 - 00000000 ____D C:\Program Files (x86)\Old Clockmaker's Riddle
    2012-09-06 19:30 - 2012-09-08 14:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-09-05 08:43 - 2012-09-05 08:43 - 00000000 ____D C:\Users\Parents\AppData\Local\{6277D76C-A3F3-4371-B819-0CFBBC795A0F}
    2012-09-04 22:26 - 2012-09-08 18:22 - 00000000 ____A C:\Users\Parents\AppData\Local\π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄€‹›fifl‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ
    2012-09-04 22:26 - 2012-09-04 22:26 - 00000000 ____D C:\Users\Parents\AppData\Local\{96AE75BE-F722-11E1-8270-B8AC6F996F26}
    2012-09-01 10:26 - 2012-09-01 15:14 - 00013276 ____A C:\Users\Parents\Desktop\60's 2.jpeg
    2012-09-01 10:24 - 2012-09-01 15:11 - 00013282 ____A C:\Users\Parents\Desktop\60's 1.jpeg
    2012-09-01 09:58 - 2012-09-01 09:58 - 00000000 ____D C:\Users\Parents\AppData\Local\{6F4E124B-21FD-4215-B128-E6212F3BE2DF}
    2012-08-31 19:52 - 2012-08-31 19:52 - 00000000 ____D C:\Users\Parents\AppData\Roaming\ShaoLin
    2012-08-31 16:49 - 2012-09-02 13:23 - 00000000 ____D C:\Users\Parents\AppData\Roaming\CaribbeanHideaway
    2012-08-27 17:27 - 2012-08-27 17:27 - 00000000 ____D C:\Users\All Users\CannyGames
    2012-08-27 16:59 - 2012-08-27 16:59 - 00001953 ____A C:\Users\Public\Desktop\Play Atlantic Quest.lnk
    2012-08-27 16:59 - 2012-08-27 16:59 - 00000000 ____D C:\Program Files (x86)\Atlantic Quest
    2012-08-26 04:32 - 2012-08-26 04:32 - 00000000 ____D C:\Program Files (x86)\AMD APP
    2012-08-26 04:31 - 2012-08-26 04:31 - 00000000 ____D C:\Users\All Users\ATI
    2012-08-23 13:19 - 2012-08-23 13:19 - 00000000 ____D C:\Users\Parents\AppData\Local\{42B6636B-3465-4568-89C7-8B2B7F92D4DF}
    2012-08-23 12:28 - 2012-08-23 12:28 - 00013124 ____A C:\Users\Parents\Desktop\005.JPG - Shortcut.lnk
    2012-08-22 14:55 - 2012-08-22 14:55 - 00000000 ____D C:\Users\Public\Documents\Big Kahuna Reef 3
    2012-08-21 19:18 - 2012-08-21 19:18 - 00000000 ____D C:\Users\Parents\AppData\Local\{2B522096-002E-4379-BBDD-1C8C5D3A5799}
    2012-08-21 19:15 - 2012-08-21 19:15 - 00001074 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2012-08-20 14:32 - 2012-08-20 14:32 - 00002002 ____A C:\Users\Public\Desktop\Play Big Kahuna Reef 3.lnk
    2012-08-20 14:31 - 2012-08-20 14:32 - 00000000 ____D C:\Program Files (x86)\Big Kahuna Reef 3
    2012-08-20 14:28 - 2012-08-20 14:28 - 00000000 ____D C:\Users\Parents\AppData\Roaming\Artifact Quest
    2012-08-18 13:45 - 2012-08-18 13:45 - 00000085 ____A C:\Users\Parents\Desktop\San Martin, CA Nursing Homes.url
    2012-08-18 11:37 - 2012-08-18 11:37 - 00000000 ____D C:\Windows\en
    2012-08-18 11:37 - 2012-08-18 11:37 - 00000000 ____D C:\Users\Parents\AppData\Local\{EE7371FC-F4EF-4852-9E32-27D440AF900E}
    2012-08-18 11:37 - 2012-08-18 11:37 - 00000000 ____D C:\Users\Parents\AppData\Local\{BE7FADC2-89CA-4336-A3B1-5A3A9B43AE7C}
    2012-08-18 11:36 - 2012-08-18 11:36 - 00000000 ____D C:\Users\Parents\AppData\Local\{CB9EF46C-8A48-4085-B37C-26B017D2C546}
    2012-08-18 11:35 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{EFA18701-33A7-4311-B109-5B224C439ADA}
    2012-08-18 11:35 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{B6991C87-AE41-4462-B4EF-B0DD83773E8A}
    2012-08-18 11:35 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{17ED5333-1A5B-49DC-A836-A03AA6CD0618}
    2012-08-18 11:34 - 2012-08-18 11:35 - 00000000 ____D C:\Users\Parents\AppData\Local\{11A84E74-0E47-470A-8816-48732B49372E}
    2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{AA2C3B66-045C-4119-9930-09496AA9B695}
    2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{8AE029B5-CCC1-4649-889A-7DAF29418C1E}
    2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{494BB960-23BE-43CE-80DA-8E64B5789247}
    2012-08-18 11:34 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{06030E84-444A-449D-8B81-E1D4CB86746F}
    2012-08-18 11:33 - 2012-08-18 11:34 - 00000000 ____D C:\Users\Parents\AppData\Local\{F210D26C-DC86-46CC-869C-4C88DF96D090}
    2012-08-18 11:33 - 2012-08-18 11:33 - 00000000 ____D C:\Users\Parents\AppData\Local\{C5D2AB25-32C6-47C8-8297-E0045A772B71}
    2012-08-18 07:03 - 2012-08-18 07:03 - 00000000 ____D C:\Program Files\Microsoft Device Center
    2012-08-18 06:51 - 2012-08-18 06:51 - 00000000 ____D C:\Users\Parents\AppData\Local\{91A6CC58-18B8-42C4-9949-80D0853909E3}
    2012-08-18 06:51 - 2012-08-18 06:51 - 00000000 ____D C:\Users\Parents\AppData\Local\{4E9F5533-1311-4C21-84A9-3C91581E4B52}
    2012-08-18 06:47 - 2012-08-18 06:47 - 00000000 ____D C:\Users\Parents\AppData\Local\{D9366DE5-0E6D-47FE-8C51-FE0C33A176B5}
    2012-08-18 06:47 - 2012-08-18 06:47 - 00000000 ____D C:\Users\Parents\AppData\Local\{4C08CAE8-1352-4FF1-AA64-E61928FB5BA0}
    2012-08-18 05:53 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-18 05:53 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-18 05:53 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-18 05:53 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-18 05:53 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-18 05:53 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-18 05:53 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-18 05:53 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-18 05:53 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-18 05:53 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-18 05:53 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-18 05:53 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-18 05:53 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-18 05:53 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-18 05:53 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-18 05:53 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-18 05:53 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-18 05:53 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-18 05:53 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-18 05:53 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-18 05:53 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-18 05:53 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-18 05:53 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-18 05:53 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-18 05:53 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-18 05:53 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-18 05:53 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-18 05:53 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-18 05:39 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-08-18 05:39 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-08-18 05:39 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-08-18 05:39 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-08-18 05:39 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-08-18 05:39 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-08-18 05:39 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-08-18 05:39 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-08-18 05:39 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-08-18 05:39 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-08-18 05:39 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-08-18 05:39 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-08-18 05:39 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll


    ==================== 3 Months Modified Files ================================

    2012-09-08 20:35 - 2011-08-27 15:52 - 01714059 ____A C:\Windows\WindowsUpdate.log
    2012-09-08 20:24 - 2009-07-13 21:13 - 00729944 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-08 20:21 - 2009-07-13 20:45 - 00022576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-08 20:21 - 2009-07-13 20:45 - 00022576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-08 20:14 - 2012-09-08 15:15 - 00000448 ____A C:\Windows\setupact.log
    2012-09-08 20:14 - 2009-07-13 21:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-08 20:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-08 20:02 - 2012-09-08 20:02 - 00016265 ____A C:\ComboFix.txt
    2012-09-08 20:00 - 2012-09-08 15:15 - 00002216 ____A C:\Windows\PFRO.log
    2012-09-08 20:00 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-09-08 19:49 - 2012-09-08 19:48 - 04747622 ____R (Swearware) C:\Users\Parents\Desktop\ComboFix.exe
    2012-09-08 19:40 - 2012-01-12 21:20 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004UA.job
    2012-09-08 19:40 - 2012-01-12 21:20 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689204523-1297797616-1657894789-1004Core.job
    2012-09-08 19:27 - 2012-04-02 22:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-08 19:19 - 2011-08-28 07:05 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-09-08 18:37 - 2012-09-08 18:37 - 02193184 ____A C:\Users\Parents\Desktop\tdsskiller.zip
    2012-09-08 18:22 - 2012-09-08 18:22 - 04731392 ____A (AVAST Software) C:\Users\Parents\Desktop\aswMBR.exe
    2012-09-08 18:22 - 2012-09-04 22:26 - 00000000 ____A C:\Users\Parents\AppData\Local\π∫ªºΩæø¿¡¬√ƒ≈∆«»… ÀÃÕŒœ–—“”‘’÷◊ÿŸ⁄€‹›fifl‡·‚„‰ÂÊÁËÈÍÎÏÌÓÔÒÚÛÙıˆ˜¯˘˙˚¸˝˛ˇ
    2012-09-08 18:21 - 2012-09-08 18:21 - 01378816 ____A C:\Users\Parents\Desktop\RogueKiller.exe
    2012-09-08 16:30 - 2011-08-28 07:05 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-08 15:59 - 2012-09-08 16:07 - 00599552 ____A (OldTimer Tools) C:\Users\Parents\Desktop\OTL.exe
    2012-09-08 15:15 - 2012-09-08 15:15 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-08 15:15 - 2012-02-26 12:51 - 00688128 __ASH C:\Users\Parents\Desktop\Thumbs.db
    2012-09-08 14:01 - 2012-09-08 14:01 - 00000000 ____A C:\Users\All Users\6UdiY7.dat
    2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe_.b
    2012-09-08 14:00 - 2012-09-08 14:00 - 00000001 ____A C:\Users\All Users\21guOreO.exe.b
    2012-09-07 21:22 - 2012-09-07 21:22 - 00002042 ____A C:\Users\Public\Desktop\Play Old Clockmaker's Riddle.lnk
    2012-09-07 21:22 - 2012-09-07 21:22 - 00001276 ____A C:\Users\Public\Desktop\More Great Games.lnk
    2012-09-07 21:22 - 2011-10-11 21:36 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-09-07 21:22 - 2011-10-11 21:36 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-09-07 21:22 - 2011-10-11 21:36 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-09-07 21:22 - 2011-10-11 21:36 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-09-04 14:20 - 2011-08-28 07:06 - 00002348 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-09-01 15:14 - 2012-09-01 10:26 - 00013276 ____A C:\Users\Parents\Desktop\60's 2.jpeg
    2012-09-01 15:11 - 2012-09-01 10:24 - 00013282 ____A C:\Users\Parents\Desktop\60's 1.jpeg
    2012-08-28 05:05 - 2012-04-02 22:22 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-28 05:05 - 2011-08-28 07:06 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-27 16:59 - 2012-08-27 16:59 - 00001953 ____A C:\Users\Public\Desktop\Play Atlantic Quest.lnk
    2012-08-23 12:28 - 2012-08-23 12:28 - 00013124 ____A C:\Users\Parents\Desktop\005.JPG - Shortcut.lnk
    2012-08-21 19:15 - 2012-08-21 19:15 - 00001074 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2012-08-21 19:12 - 2011-10-24 18:36 - 00011776 ____A C:\Users\Parents\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-08-20 14:32 - 2012-08-20 14:32 - 00002002 ____A C:\Users\Public\Desktop\Play Big Kahuna Reef 3.lnk
    2012-08-18 13:45 - 2012-08-18 13:45 - 00000085 ____A C:\Users\Parents\Desktop\San Martin, CA Nursing Homes.url
    2012-08-18 06:53 - 2009-07-13 20:45 - 04911752 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-18 05:39 - 2011-08-27 17:52 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-08-13 19:00 - 2011-08-28 13:44 - 00007623 ____A C:\Users\Parents\AppData\Local\Resmon.ResmonCfg
    2012-07-27 21:47 - 2012-07-27 21:47 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-07-27 21:47 - 2012-07-27 21:47 - 00075776 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-07-27 21:47 - 2012-07-27 21:47 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-07-27 21:47 - 2012-07-27 21:47 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-07-27 21:47 - 2012-07-27 21:47 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-07-27 21:46 - 2012-07-27 21:46 - 16464896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-07-27 21:46 - 2012-07-27 21:46 - 13013504 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-07-21 11:02 - 2012-07-21 11:02 - 00001017 ____A C:\Users\Parents\Desktop\MusicBee.lnk
    2012-07-18 10:15 - 2012-08-18 05:39 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-04 14:16 - 2012-08-18 05:39 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 14:13 - 2012-08-18 05:39 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 14:13 - 2012-08-18 05:39 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 13:16 - 2012-08-18 05:39 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-07-04 13:14 - 2012-08-18 05:39 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-07-03 12:46 - 2012-09-08 14:53 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-28 20:55 - 2012-08-18 05:53 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-28 20:09 - 2012-08-18 05:53 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-28 19:56 - 2012-08-18 05:53 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-28 19:49 - 2012-08-18 05:53 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-28 19:49 - 2012-08-18 05:53 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-28 19:48 - 2012-08-18 05:53 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-28 19:47 - 2012-08-18 05:53 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-28 19:45 - 2012-08-18 05:53 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-28 19:44 - 2012-08-18 05:53 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-28 19:43 - 2012-08-18 05:53 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-28 19:42 - 2012-08-18 05:53 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-28 19:40 - 2012-08-18 05:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-28 19:39 - 2012-08-18 05:53 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-28 19:35 - 2012-08-18 05:53 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-28 16:52 - 2012-08-18 05:53 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-28 16:27 - 2012-08-18 05:53 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-28 16:16 - 2012-08-18 05:53 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-28 16:09 - 2012-08-18 05:53 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-28 16:09 - 2012-08-18 05:53 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-28 16:08 - 2012-08-18 05:53 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-28 16:07 - 2012-08-18 05:53 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-28 16:06 - 2012-08-18 05:53 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-28 16:04 - 2012-08-18 05:53 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-28 16:04 - 2012-08-18 05:53 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-28 16:01 - 2012-08-18 05:53 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-28 16:01 - 2012-08-18 05:53 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-28 16:00 - 2012-08-18 05:53 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-28 15:57 - 2012-08-18 05:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-28 09:16 - 2011-08-28 13:27 - 00025600 __ASH C:\Users\Parents\Thumbs.db
    2012-06-26 20:38 - 2012-06-26 20:38 - 00046176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\point64.sys
    2012-06-24 21:24 - 2012-06-24 21:24 - 00052320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys
    2012-06-22 05:05 - 2012-06-22 05:05 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
    2012-06-21 19:47 - 2012-06-21 19:47 - 00001991 ____A C:\Users\Public\Desktop\Play Call of Atlantis.lnk
    2012-06-17 11:51 - 2011-08-27 19:25 - 00063088 ____A C:\Users\Parents\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-16 11:20 - 2012-06-16 11:20 - 00001487 ____A C:\Users\Parents\Desktop\Velzylogo.jpg - Shortcut.lnk
    2012-06-12 07:41 - 2012-06-12 07:41 - 00001787 ____A C:\Users\Public\Desktop\iTunes.lnk


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-08-28 23:57:43
    Restore point made on: 2012-09-02 05:12:03
    Restore point made on: 2012-09-06 04:22:19
    Restore point made on: 2012-09-08 14:47:06
    Restore point made on: 2012-09-08 14:48:41
    Restore point made on: 2012-09-08 14:48:52
    Restore point made on: 2012-09-08 14:52:05
    Restore point made on: 2012-09-08 15:57:46
    Restore point made on: 2012-09-08 15:58:04
    Restore point made on: 2012-09-08 16:00:48

    ==================== Memory info ===========================

    Percentage of memory in use: 10%
    Total physical RAM: 7933.49 MB
    Available physical RAM: 7133.41 MB
    Total Pagefile: 7931.64 MB
    Available Pagefile: 7134.36 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Partitions ============================

    1 Drive c: (Win7) (Fixed) (Total:74.53 GB) (Free:30.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (Data) (Fixed) (Total:372.61 GB) (Free:278.85 GB) NTFS
    4 Drive f: () (Removable) (Total:14.9 GB) (Free:14.75 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 74 GB 0 B
    Disk 1 Online 372 GB 1024 KB
    Disk 2 Online 14 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 74 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C Win7 NTFS Partition 74 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 372 GB 31 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Data NTFS Partition 372 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 14 GB Healthy

    ==================================================================================

    Last Boot: 2012-09-06 05:56

    ==================== End Of Log =============================
  21. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Restart normally and let me know if you got your connection back.

    Attached Files:

  22. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    I just want to make sure before I use this, the file only has one line:

    Last Boot: 2012-09-06 05:56

    Is that correct? EDIT: ok, I tried it, log to follow.
  23. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-09-2012
    Ran by SYSTEM at 2012-09-08 22:01:32 Run:1
    Running from F:\

    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
  24. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Very well.
    How is internet connection?
  25. Bigtuna00

    Bigtuna00 TS Rookie Topic Starter Posts: 44

    Back to posting from my parent's PC so it appears to be working :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.