Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Zbot and can't download OTL


  • Please log in to reply

#1
geordieboy

geordieboy

    Member

  • Member
  • PipPip
  • 11 posts
Hi, really hoping one of you experts can help me.

I am using a laptop running Windows 7. I have two users, one for me and one for my son. I have access to both accounts and I'm typing this post from my account. The laptop has been acting strange the last couple of days and I think it is infected. Here's what I have noticed :

1) A windows security popup mentioned a Win 32 ZBot infection but said it couldn't clean it

2) The "Solve PC Issues" icon in the notification area tells me that the windows security centre service is not running

3) I have MS security essentials installed but when I try to run it I get a msseces.exe error saying Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.

4) I also have McAfee installed. This is just an FYI.

5) I have run TFC to clean up temporary files (on my user account) and it deleted a whole load of stuff from all user accounts

6) I have tried to download OTL but I can't. Windows keeps stepping in an saying OTL.exe has a virus and has been removed. Even if I save as, and try to name it something else it won't work. A googls search suggested trying to name it explorer.exe but that didn't work either. So sadly I can't get you an OTL list at this current time.


So really hoping someone can help me. I guess the first step is to somehow download and run OTL, but I don't know how.

Thanks in advance!

GB.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Can you download DDS?

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool. (Vista and Win 7 please right click and Run As Admin)
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
  • 0

#3
geordieboy

geordieboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for quick reply!

Nope sadly both of those download links do the the same thing. It downloads it but then a security bar along bottom of browser pops up (with a red windows security shield) and says dds.scr contained a virus and was delete - learn more.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I expect it is Zero Access but just in case let's try:

Copy the lines between the stars (but not the stars):

****************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"ScanWithAntiVirus"=dword:00000001


****************

Open notepad and paste the above into it. Verify that you have it all then File, Save As, (to your desktop) "NoScan.reg" OK (Make sure you includes the quotes around the file name)

Close notepad and all browsers. Right click on NoScan.reg and select Merge. Allow it to merge. (If you don't see the Merge option you probably left off the quotes and notepad tacked on .txt)

Open your Browser and try to download OTL Same problem?

Try deleting the Windows Defender folder in c:\Program Files or C:\Program Files (x86)

Do you have Firefox? Type in:
about:config
and hit Enter
then scroll down until you find

browser.download.manager.scanWhenDone

then right click on it and Toggle. Close and reopen Firefox and try to download something in Firefox.
  • 0

#5
geordieboy

geordieboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Whilst waiting for your reply, I thought I'd try another browser so tried Chrome and I was able to download OTL.exe and run a quick scan. So it seems it is only IE that deletes the files when I download. I'll stick to Chrome for now to avoid further problems.

So I didn't follow your instructions in your reply as I thought you'd be more interested in the OTL log. Here's the results (note I didn't touch any settings before running the scan) :

OTL logfile created on: 16/09/2013 17:16:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mam & Dad\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 52.28% Memory free
7.73 Gb Paging File | 5.79 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.61 Gb Total Space | 133.93 Gb Free Space | 59.90% Space Free | Partition Type: NTFS

Computer Name: WILLIAM_LAPTOP | User Name: Mam & Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/16 17:15:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mam & Dad\Downloads\OTL.exe
PRC - [2013/07/17 21:06:22 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/05 17:17:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/25 01:49:46 | 000,396,240 | ---- | M] () -- C:\Users\Mam & Dad\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/25 01:49:44 | 004,052,944 | ---- | M] () -- C:\Users\Mam & Dad\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/25 01:48:54 | 000,601,552 | ---- | M] () -- C:\Users\Mam & Dad\AppData\Local\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/25 01:48:53 | 000,123,344 | ---- | M] () -- C:\Users\Mam & Dad\AppData\Local\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/25 01:48:51 | 001,597,392 | ---- | M] () -- C:\Users\Mam & Dad\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/11/06 16:50:18 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_6d4d1665097f1e86\stacsv64.exe -- (STacSV)
SRV - [2013/09/16 16:52:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/08/02 23:45:51 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/05 17:17:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/09/10 14:12:11 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/11/06 16:50:18 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_6d4d1665097f1e86\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/18 07:24:46 | 000,038,424 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/05/07 06:34:48 | 000,032,256 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/25 04:26:58 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010/02/10 08:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 22:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/13 16:38:52 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/12/11 17:28:52 | 000,017,912 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SoilIO.sys -- (SoilIO)
DRV:64bit: - [2009/12/03 10:04:16 | 000,013,304 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SoilMC.sys -- (SoilMC)
DRV:64bit: - [2009/12/03 10:03:50 | 000,013,816 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Soilkbc.sys -- (soilkbc)
DRV:64bit: - [2009/12/02 08:58:40 | 000,153,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/12/01 22:19:16 | 000,649,472 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009/12/01 22:18:32 | 000,617,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/10/02 06:33:00 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...DSGK&bmod=DSGK;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...GK_enGB411GB411
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mam & Dad\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mam & Dad\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/02 23:45:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/25 21:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mam & Dad\AppData\Roaming\Mozilla\Extensions
[2013/01/16 21:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mam & Dad\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbrs73.default\extensions
[2012/07/04 15:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/19 08:35:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/02 23:45:55 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/25 08:49:02 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/17 14:46:50 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/07/25 08:49:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/25 08:49:02 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/07/25 08:49:02 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/07/25 08:49:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/07/25 08:49:02 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: Shredder Chess Free = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelpbbhpcpelmnfablcbcianelefnnbg\1.0.1_0\
CHR - Extension: Angry Birds = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Pulsate = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjilkkfelgjefpjbjfnfdhmmoglpbhli\1.1_0\
CHR - Extension: Solitaire = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.4.4_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: AdBlock = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: PageRank Status = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.5.3.0_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Free Texas Holdem Poker = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpefcbpnjnanfacddfaaommfheilhkdb\1.0.0.2_0\
CHR - Extension: Sky+ = C:\Users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookngkjbobceimcicokadhjonlejhobj\1.1.4_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
O4 - Startup: C:\Users\Mam & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Mam & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: jpmchase.com ([iconnect-bas] https in Trusted sites)
O15 - HKCU\..Trusted Domains: jpmchase.com ([iconnect-ve] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.66.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (SysInfo Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webvpn-emea....SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A540523B-5D37-4710-834C-0C29221906EC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.66\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42bb9abc-0ff8-11e0-9878-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{42bb9abc-0ff8-11e0-9878-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/03 13:06:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Mam & Dad\Documents\*.tmp files -> C:\Users\Mam & Dad\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/16 17:15:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1539896414-3530851473-1342265360-1003UA.job
[2013/09/16 17:15:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1539896414-3530851473-1342265360-1003Core.job
[2013/09/16 17:01:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/16 17:01:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/16 16:52:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/16 16:45:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1539896414-3530851473-1342265360-1001UA.job
[2013/09/16 16:20:47 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/16 16:20:47 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/16 16:12:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/16 16:12:08 | 3113,234,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/16 16:09:41 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1539896414-3530851473-1342265360-1001Core.job
[2013/09/03 13:13:42 | 000,732,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/03 13:13:42 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/03 13:13:42 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Mam & Dad\Documents\*.tmp files -> C:\Users\Mam & Dad\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/05 16:57:10 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/05 16:57:06 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/06 09:02:17 | 000,000,011 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/12/06 09:02:17 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/12/06 09:00:16 | 000,000,239 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/12/06 08:47:27 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/06 08:47:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd2040.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/03/02 10:29:14 | 000,000,000 | ---D | M] -- C:\Users\Mam & Dad\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/09/20 17:40:25 | 000,000,000 | ---D | M] -- C:\Users\Mam & Dad\AppData\Roaming\Garmin
[2011/07/16 11:58:05 | 000,000,000 | ---D | M] -- C:\Users\Mam & Dad\AppData\Roaming\ICAClient
[2011/07/09 21:53:37 | 000,000,000 | ---D | M] -- C:\Users\Mam & Dad\AppData\Roaming\Juniper Networks
[2011/08/07 11:28:29 | 000,000,000 | ---D | M] -- C:\Users\Mam & Dad\AppData\Roaming\Lionhead Studios
[2011/03/01 21:53:54 | 000,000,000 | ---D | M] -- C:\Users\Mam & Dad\AppData\Roaming\Nokia
[2011/12/07 12:54:22 | 000,000,000 | ---D | M] -- C:\Users\Mam & Dad\AppData\Roaming\OpenOffice.org
[2011/03/01 21:32:07 | 000,000,000 | ---D | M] -- C:\Users\Mam & Dad\AppData\Roaming\PC Suite

========== Purity Check ==========



< End of report >
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
No sign of Zero Access in the OTL log. Let's try a few other scans:



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
IF you don't get a log after the first run then run it a second time. If you get an error about a registry key marked for deletion then just reboot and that will fix it.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.
  • 0

#7
geordieboy

geordieboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ASWmbr :

- scan showed 1 red line : Service **NEDDIH** exe .....

- but Fix button not enabled after completion of scan. So I just saved the log which is pasted at the bottom. Interestingly that red line I mention above doesn't appear to be in the actual log file, but was definitely on the screen with the ..... being a long random name of chars.


ComboxFix :

- It complained that Microsoft Security Essentials was still running. However, I can't see it in the Task Manager -> Processes, or Task Manager -> Services list at all, so can't kill it. It isn't in the notification area of my task bar either. When I try to run it (to disable it), I get the error I mentioned in my first post.

- So I stopped ComboFix before it really did anything as I wanted your advice before continuing.


Below is the pasted log from ASWmbr :

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-16 17:39:54
-----------------------------
17:39:54.452 OS Version: Windows x64 6.1.7601 Service Pack 1
17:39:54.452 Number of processors: 4 586 0x2502
17:39:54.453 ComputerName: WILLIAM_LAPTOP UserName: Mam & Dad
17:39:55.618 Initialize success
17:43:18.781 AVAST engine defs: 13091600
17:43:43.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:43:43.368 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
17:43:43.522 Disk 0 MBR read successfully
17:43:43.526 Disk 0 MBR scan
17:43:43.549 Disk 0 Windows 7 default MBR code
17:43:43.569 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 9500 MB offset 2048
17:43:43.585 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228973 MB offset 19458048
17:43:43.732 Disk 0 scanning C:\Windows\system32\drivers
17:43:56.028 Service scanning
17:44:28.829 Service ?etadpug C:\Program Files (x86)\Google\Desktop\Install\{e225d003-12fe-8095-5f75-df0618ac0d4f}\ \...\???\{e225d003-12fe-8095-5f75-df0618ac0d4f}\GoogleUpdate.exe **HIDDEN**
17:44:29.351 Modules scanning
17:44:30.864 AVAST engine scan C:\Windows
17:44:33.892 AVAST engine scan C:\Windows\system32
17:49:10.153 AVAST engine scan C:\Windows\system32\drivers
17:49:24.040 AVAST engine scan C:\Users\Mam & Dad
17:52:32.023 AVAST engine scan C:\ProgramData
17:54:02.364 Scan finished successfully
17:55:35.401 Disk 0 MBR has been saved successfully to "C:\Users\Mam & Dad\Desktop\MBR.dat"
17:55:35.410 The log file has been saved successfully to "C:\Users\Mam & Dad\Desktop\aswMBR.txt"
  • 0

#8
geordieboy

geordieboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
FYI I have found a Microsoft Antimalware Service listed in services.msc but the description is <Failed to Read Description. Error code : 5>. And the service is currently stopped.

On second glance of task list I can see a service called Microsoft Antilmalware but its stopped.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
This is the newest version of Zero Access:

17:44:28.829 Service ?etadpug C:\Program Files (x86)\Google\Desktop\Install\{e225d003-12fe-8095-5f75-df0618ac0d4f}\ \...\???\{e225d003-12fe-8095-5f75-df0618ac0d4f}\GoogleUpdate.exe **HIDDEN**

Run Combofix and ignore the warnings about MSE. Once it finishes, it will probably not give you a log. Run it a second time and it should give you a log.
  • 0

#10
geordieboy

geordieboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix created a log on the first run, so I didn't run it again. Note that it rebooted half way through and I got 3-4 strange errors upon logging back in which I've never seen before. Anyway, I've pasted the ComboFix log below. Also, FYI it appears I have some Windows updates to install - I'm not doing that for now unless you tell me to. Thanks for help so far!

ComboFix 13-09-16.01 - Mam & Dad 16/09/2013 18:50:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3959.2458 [GMT 1:00]
Running from: c:\users\Mam & Dad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\programdata\E1010.tmp
c:\programdata\OSD10.tmp
c:\users\Mam & Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Mam & Dad\Documents\~WRL0005.tmp
c:\users\William\AppData\Roaming\Wivi
c:\users\William\AppData\Roaming\Wivi\oqin.exe
c:\users\William\AppData\Roaming\Zace
c:\users\William\AppData\Roaming\Zace\beqy.eqy
.
.
((((((((((((((((((((((((( Files Created from 2013-08-16 to 2013-09-16 )))))))))))))))))))))))))))))))
.
.
2013-09-09 17:01 . 2013-07-26 03:35 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-03 12:06 . 2013-09-16 15:16 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-16 15:52 . 2012-04-21 19:07 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-16 15:52 . 2011-07-08 10:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-03 12:06 . 2011-01-07 19:17 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-01 12:09 . 2013-08-01 12:09 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35A09E0F-9F43-4B38-9709-71979632800C}\offreg.dll
2013-07-20 07:05 . 2013-07-20 07:06 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1CA1317-5781-46E4-9D17-40F06FC732F1}\gapaengine.dll
2013-07-02 08:34 . 2013-08-01 10:21 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{35A09E0F-9F43-4B38-9709-71979632800C}\mpengine.dll
2013-07-02 08:34 . 2013-07-22 19:35 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-11-17 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PlantronicsURE.exe"="c:\program files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe" [2012-03-26 624080]
"PlantronicsBatteryStatus.exe"="c:\program files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe" [2012-03-26 354768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Mam & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe /AUTOHIDE [2012-8-1 2056192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SoilIO;SoilIO; [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 soilkbc;soilkbc; [x]
S3 SoilMC;SoilMC; [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 15:52]
.
2013-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539896414-3530851473-1342265360-1001Core.job
- c:\users\William\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 12:39]
.
2013-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1539896414-3530851473-1342265360-1001UA.job
- c:\users\William\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 12:39]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 07:18]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 07:18]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1539896414-3530851473-1342265360-1003Core.job
- c:\users\Mam & Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 14:25]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1539896414-3530851473-1342265360-1003UA.job
- c:\users\Mam & Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-25 14:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-06 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: jpmchase.com\iconnect-bas
Trusted Zone: jpmchase.com\iconnect-ve
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mam & Dad\AppData\Roaming\Mozilla\Firefox\Profiles\4xzbrs73.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
c:\users\Mam & Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-1597893766.skyplayer.sky.com - c:\program files (x86)\Microsoft Silverlight\4.0.60129.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2013-09-16 19:16:24 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-16 18:16
.
Pre-Run: 143,206,510,592 bytes free
Post-Run: 142,502,252,544 bytes free
.
- - End Of File - - 1EFEB2ED9C5EAAD67BDEF6683816E9E7
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Run aswMBR again and let's see if Zero Access is still there.
  • 0

#12
geordieboy

geordieboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
New log for aswMBR below. Note that I never got as far as running tdsskiller or installing Antimalware - I'll leave those until you ask me to do them.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-16 19:28:35
-----------------------------
19:28:35.711 OS Version: Windows x64 6.1.7601 Service Pack 1
19:28:35.711 Number of processors: 4 586 0x2502
19:28:35.711 ComputerName: WILLIAM_LAPTOP UserName: Mam & Dad
19:28:36.522 Initialize success
19:31:15.430 AVAST engine defs: 13091600
19:31:34.258 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:31:34.262 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
19:31:34.401 Disk 0 MBR read successfully
19:31:34.405 Disk 0 MBR scan
19:31:34.411 Disk 0 Windows 7 default MBR code
19:31:34.426 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 9500 MB offset 2048
19:31:34.442 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228973 MB offset 19458048
19:31:34.578 Disk 0 scanning C:\Windows\system32\drivers
19:31:46.596 Service scanning
19:32:19.909 Modules scanning
19:32:21.343 AVAST engine scan C:\Windows
19:32:24.861 AVAST engine scan C:\Windows\system32
19:37:19.470 AVAST engine scan C:\Windows\system32\drivers
19:37:33.491 AVAST engine scan C:\Users\Mam & Dad
19:40:25.758 AVAST engine scan C:\ProgramData
19:41:32.643 Scan finished successfully
19:41:59.220 Disk 0 MBR has been saved successfully to "C:\Users\Mam & Dad\Desktop\MBR.dat"
19:41:59.227 The log file has been saved successfully to "C:\Users\Mam & Dad\Desktop\aswMBR log 2.txt"
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Looks like Combofix got it. Go ahead and run TDSSKiller and MBAM just to be sure.

Also let's check for problems:


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#14
geordieboy

geordieboy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok, tdsskiller did find 1 thing but it was likely a false positive and I skipped it as it didn't match the TDSS in your instructions. BMAM also found 3 items which I selected and fixed.

All of this has been done inside my user account. Please let me know if I need to repeat any of it in the second user account.

TDSS log :

19:55:19.0841 2932 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:55:20.0144 2932 ============================================================
19:55:20.0144 2932 Current date / time: 2013/09/16 19:55:20.0144
19:55:20.0144 2932 SystemInfo:
19:55:20.0144 2932
19:55:20.0144 2932 OS Version: 6.1.7601 ServicePack: 1.0
19:55:20.0144 2932 Product type: Workstation
19:55:20.0144 2932 ComputerName: WILLIAM_LAPTOP
19:55:20.0144 2932 UserName: Mam & Dad
19:55:20.0144 2932 Windows directory: C:\Windows
19:55:20.0144 2932 System windows directory: C:\Windows
19:55:20.0144 2932 Running under WOW64
19:55:20.0144 2932 Processor architecture: Intel x64
19:55:20.0145 2932 Number of processors: 4
19:55:20.0145 2932 Page size: 0x1000
19:55:20.0145 2932 Boot type: Normal boot
19:55:20.0145 2932 ============================================================
19:55:20.0782 2932 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:55:20.0789 2932 ============================================================
19:55:20.0789 2932 \Device\Harddisk0\DR0:
19:55:20.0794 2932 MBR partitions:
19:55:20.0794 2932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x128E000
19:55:20.0795 2932 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x128E800, BlocksNum 0x1BF36970
19:55:20.0795 2932 ============================================================
19:55:20.0847 2932 C: <-> \Device\Harddisk0\DR0\Partition2
19:55:20.0847 2932 ============================================================
19:55:20.0847 2932 Initialize success
19:55:20.0847 2932 ============================================================
19:55:31.0940 3844 ============================================================
19:55:31.0940 3844 Scan started
19:55:31.0940 3844 Mode: Manual; SigCheck; TDLFS;
19:55:31.0940 3844 ============================================================
19:55:32.0361 3844 ================ Scan system memory ========================
19:55:32.0362 3844 System memory - ok
19:55:32.0362 3844 ================ Scan services =============================
19:55:32.0563 3844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:55:32.0670 3844 1394ohci - ok
19:55:32.0725 3844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:55:32.0756 3844 ACPI - ok
19:55:32.0795 3844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:55:32.0824 3844 AcpiPmi - ok
19:55:32.0915 3844 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:55:32.0936 3844 AdobeARMservice - ok
19:55:33.0101 3844 [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:55:33.0122 3844 AdobeFlashPlayerUpdateSvc - ok
19:55:33.0179 3844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:55:33.0215 3844 adp94xx - ok
19:55:33.0251 3844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:55:33.0281 3844 adpahci - ok
19:55:33.0303 3844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:55:33.0327 3844 adpu320 - ok
19:55:33.0378 3844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:55:33.0471 3844 AeLookupSvc - ok
19:55:33.0534 3844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:55:33.0590 3844 AFD - ok
19:55:33.0659 3844 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
19:55:33.0705 3844 AgereSoftModem - ok
19:55:33.0748 3844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:55:33.0769 3844 agp440 - ok
19:55:33.0798 3844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:55:33.0845 3844 ALG - ok
19:55:33.0875 3844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:55:33.0894 3844 aliide - ok
19:55:33.0914 3844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:55:33.0933 3844 amdide - ok
19:55:33.0975 3844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:55:33.0998 3844 AmdK8 - ok
19:55:34.0004 3844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:55:34.0048 3844 AmdPPM - ok
19:55:34.0092 3844 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:55:34.0113 3844 amdsata - ok
19:55:34.0135 3844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:55:34.0161 3844 amdsbs - ok
19:55:34.0178 3844 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:55:34.0199 3844 amdxata - ok
19:55:34.0225 3844 [ FAD35699987BAA96E22E13B24FF44769 ] androidusb C:\Windows\system32\Drivers\androidusb.sys
19:55:34.0250 3844 androidusb - ok
19:55:34.0287 3844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:55:34.0357 3844 AppID - ok
19:55:34.0417 3844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:55:34.0511 3844 AppIDSvc - ok
19:55:34.0569 3844 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:55:34.0593 3844 Appinfo - ok
19:55:34.0651 3844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:55:34.0673 3844 arc - ok
19:55:34.0706 3844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:55:34.0727 3844 arcsas - ok
19:55:34.0758 3844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:55:34.0830 3844 AsyncMac - ok
19:55:34.0869 3844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:55:34.0889 3844 atapi - ok
19:55:34.0959 3844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:55:35.0044 3844 AudioEndpointBuilder - ok
19:55:35.0070 3844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:55:35.0154 3844 AudioSrv - ok
19:55:35.0201 3844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:55:35.0257 3844 AxInstSV - ok
19:55:35.0309 3844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:55:35.0358 3844 b06bdrv - ok
19:55:35.0396 3844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:55:35.0442 3844 b57nd60a - ok
19:55:35.0489 3844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:55:35.0511 3844 BDESVC - ok
19:55:35.0526 3844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:55:35.0598 3844 Beep - ok
19:55:35.0649 3844 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:55:35.0733 3844 BFE - ok
19:55:35.0797 3844 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:55:35.0886 3844 BITS - ok
19:55:35.0923 3844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:55:35.0945 3844 blbdrive - ok
19:55:35.0988 3844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:55:36.0034 3844 bowser - ok
19:55:36.0055 3844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:55:36.0085 3844 BrFiltLo - ok
19:55:36.0098 3844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:55:36.0124 3844 BrFiltUp - ok
19:55:36.0138 3844 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:55:36.0230 3844 BridgeMP - ok
19:55:36.0295 3844 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:55:36.0318 3844 Browser - ok
19:55:36.0345 3844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:55:36.0372 3844 Brserid - ok
19:55:36.0390 3844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:55:36.0437 3844 BrSerWdm - ok
19:55:36.0445 3844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:55:36.0477 3844 BrUsbMdm - ok
19:55:36.0504 3844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:55:36.0525 3844 BrUsbSer - ok
19:55:36.0537 3844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:55:36.0592 3844 BTHMODEM - ok
19:55:36.0643 3844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:55:36.0718 3844 bthserv - ok
19:55:36.0722 3844 catchme - ok
19:55:36.0742 3844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:55:36.0831 3844 cdfs - ok
19:55:36.0867 3844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:55:36.0911 3844 cdrom - ok
19:55:36.0946 3844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:55:37.0044 3844 CertPropSvc - ok
19:55:37.0081 3844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:55:37.0125 3844 circlass - ok
19:55:37.0164 3844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:55:37.0195 3844 CLFS - ok
19:55:37.0243 3844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:37.0261 3844 clr_optimization_v2.0.50727_32 - ok
19:55:37.0308 3844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:55:37.0326 3844 clr_optimization_v2.0.50727_64 - ok
19:55:37.0393 3844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:37.0413 3844 clr_optimization_v4.0.30319_32 - ok
19:55:37.0463 3844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:55:37.0482 3844 clr_optimization_v4.0.30319_64 - ok
19:55:37.0520 3844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:55:37.0542 3844 CmBatt - ok
19:55:37.0594 3844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:55:37.0614 3844 cmdide - ok
19:55:37.0666 3844 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:55:37.0710 3844 CNG - ok
19:55:37.0721 3844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:55:37.0740 3844 Compbatt - ok
19:55:37.0771 3844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:55:37.0816 3844 CompositeBus - ok
19:55:37.0821 3844 COMSysApp - ok
19:55:37.0844 3844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:55:37.0863 3844 crcdisk - ok
19:55:37.0934 3844 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:55:37.0958 3844 CryptSvc - ok
19:55:38.0002 3844 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
19:55:38.0020 3844 ctxusbm - ok
19:55:38.0079 3844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:55:38.0162 3844 DcomLaunch - ok
19:55:38.0193 3844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:55:38.0292 3844 defragsvc - ok
19:55:38.0334 3844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:55:38.0423 3844 DfsC - ok
19:55:38.0496 3844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:55:38.0524 3844 Dhcp - ok
19:55:38.0549 3844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:55:38.0649 3844 discache - ok
19:55:38.0681 3844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:55:38.0702 3844 Disk - ok
19:55:38.0749 3844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:55:38.0794 3844 Dnscache - ok
19:55:38.0835 3844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:55:38.0934 3844 dot3svc - ok
19:55:38.0975 3844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:55:39.0071 3844 DPS - ok
19:55:39.0112 3844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:55:39.0163 3844 drmkaud - ok
19:55:39.0226 3844 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:55:39.0275 3844 DXGKrnl - ok
19:55:39.0310 3844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:55:39.0400 3844 EapHost - ok
19:55:39.0507 3844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:55:39.0596 3844 ebdrv - ok
19:55:39.0643 3844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:55:39.0666 3844 EFS - ok
19:55:39.0750 3844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:55:39.0786 3844 ehRecvr - ok
19:55:39.0820 3844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:55:39.0866 3844 ehSched - ok
19:55:39.0931 3844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:55:39.0965 3844 elxstor - ok
19:55:40.0005 3844 [ 78D6694F98009400BCACCB5342848A67 ] emAudio C:\Windows\system32\drivers\emAudio64.sys
19:55:40.0048 3844 emAudio - ok
19:55:40.0072 3844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:55:40.0113 3844 ErrDev - ok
19:55:40.0209 3844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:55:40.0290 3844 EventSystem - ok
19:55:40.0313 3844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:55:40.0388 3844 exfat - ok
19:55:40.0423 3844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:55:40.0514 3844 fastfat - ok
19:55:40.0577 3844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:55:40.0612 3844 Fax - ok
19:55:40.0618 3844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:55:40.0664 3844 fdc - ok
19:55:40.0710 3844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:55:40.0781 3844 fdPHost - ok
19:55:40.0790 3844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:55:40.0884 3844 FDResPub - ok
19:55:40.0925 3844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:55:40.0947 3844 FileInfo - ok
19:55:40.0958 3844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:55:41.0056 3844 Filetrace - ok
19:55:41.0085 3844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:55:41.0107 3844 flpydisk - ok
19:55:41.0150 3844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:55:41.0177 3844 FltMgr - ok
19:55:41.0258 3844 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:55:41.0305 3844 FontCache - ok
19:55:41.0355 3844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:55:41.0370 3844 FontCache3.0.0.0 - ok
19:55:41.0391 3844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:55:41.0411 3844 FsDepends - ok
19:55:41.0444 3844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:55:41.0464 3844 Fs_Rec - ok
19:55:41.0499 3844 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:55:41.0530 3844 fvevol - ok
19:55:41.0546 3844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:55:41.0568 3844 gagp30kx - ok
19:55:41.0631 3844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:55:41.0741 3844 gpsvc - ok
19:55:41.0808 3844 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:41.0825 3844 gupdate - ok
19:55:41.0842 3844 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:41.0859 3844 gupdatem - ok
19:55:41.0880 3844 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:55:41.0900 3844 gusvc - ok
19:55:41.0928 3844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:55:41.0949 3844 hcw85cir - ok
19:55:41.0990 3844 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:55:42.0048 3844 HdAudAddService - ok
19:55:42.0089 3844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:55:42.0134 3844 HDAudBus - ok
19:55:42.0163 3844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:55:42.0186 3844 HidBatt - ok
19:55:42.0205 3844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:55:42.0235 3844 HidBth - ok
19:55:42.0246 3844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:55:42.0274 3844 HidIr - ok
19:55:42.0321 3844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:55:42.0394 3844 hidserv - ok
19:55:42.0434 3844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:55:42.0456 3844 HidUsb - ok
19:55:42.0507 3844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:55:42.0607 3844 hkmsvc - ok
19:55:42.0651 3844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:55:42.0693 3844 HomeGroupListener - ok
19:55:42.0740 3844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:55:42.0784 3844 HomeGroupProvider - ok
19:55:42.0825 3844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:55:42.0847 3844 HpSAMD - ok
19:55:42.0902 3844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:55:43.0014 3844 HTTP - ok
19:55:43.0051 3844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:55:43.0070 3844 hwpolicy - ok
19:55:43.0113 3844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:55:43.0136 3844 i8042prt - ok
19:55:43.0180 3844 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:55:43.0213 3844 iaStor - ok
19:55:43.0279 3844 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:55:43.0295 3844 IAStorDataMgrSvc - ok
19:55:43.0338 3844 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:55:43.0369 3844 iaStorV - ok
19:55:43.0444 3844 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:55:43.0472 3844 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:55:43.0472 3844 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:55:43.0533 3844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:55:43.0573 3844 idsvc - ok
19:55:43.0868 3844 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:55:44.0143 3844 igfx - ok
19:55:44.0181 3844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:55:44.0201 3844 iirsp - ok
19:55:44.0270 3844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:55:44.0360 3844 IKEEXT - ok
19:55:44.0398 3844 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:55:44.0416 3844 Impcd - ok
19:55:44.0443 3844 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:55:44.0488 3844 IntcDAud - ok
19:55:44.0518 3844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:55:44.0538 3844 intelide - ok
19:55:44.0593 3844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:55:44.0640 3844 intelppm - ok
19:55:44.0684 3844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:55:44.0760 3844 IPBusEnum - ok
19:55:44.0806 3844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:55:44.0901 3844 IpFilterDriver - ok
19:55:44.0987 3844 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:55:45.0038 3844 iphlpsvc - ok
19:55:45.0082 3844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:55:45.0121 3844 IPMIDRV - ok
19:55:45.0160 3844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:55:45.0252 3844 IPNAT - ok
19:55:45.0282 3844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:55:45.0340 3844 IRENUM - ok
19:55:45.0364 3844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:55:45.0384 3844 isapnp - ok
19:55:45.0425 3844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:55:45.0452 3844 iScsiPrt - ok
19:55:45.0482 3844 [ 364F2281F960895788EF55C401E946E9 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
19:55:45.0502 3844 JMCR - ok
19:55:45.0516 3844 [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME C:\Windows\system32\DRIVERS\JME.sys
19:55:45.0534 3844 JME - ok
19:55:45.0549 3844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:55:45.0569 3844 kbdclass - ok
19:55:45.0608 3844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:55:45.0630 3844 kbdhid - ok
19:55:45.0654 3844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:55:45.0676 3844 KeyIso - ok
19:55:45.0714 3844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:55:45.0736 3844 KSecDD - ok
19:55:45.0779 3844 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:55:45.0803 3844 KSecPkg - ok
19:55:45.0831 3844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:55:45.0924 3844 ksthunk - ok
19:55:45.0968 3844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:55:46.0066 3844 KtmRm - ok
19:55:46.0119 3844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:55:46.0216 3844 LanmanServer - ok
19:55:46.0252 3844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:55:46.0352 3844 LanmanWorkstation - ok
19:55:46.0381 3844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:55:46.0472 3844 lltdio - ok
19:55:46.0503 3844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:55:46.0606 3844 lltdsvc - ok
19:55:46.0627 3844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:55:46.0700 3844 lmhosts - ok
19:55:46.0730 3844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:55:46.0752 3844 LSI_FC - ok
19:55:46.0777 3844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:55:46.0799 3844 LSI_SAS - ok
19:55:46.0816 3844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:55:46.0836 3844 LSI_SAS2 - ok
19:55:46.0855 3844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:55:46.0878 3844 LSI_SCSI - ok
19:55:46.0898 3844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:55:46.0988 3844 luafv - ok
19:55:47.0070 3844 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
19:55:47.0095 3844 McComponentHostService - ok
19:55:47.0146 3844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:55:47.0197 3844 Mcx2Svc - ok
19:55:47.0224 3844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:55:47.0245 3844 megasas - ok
19:55:47.0260 3844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:55:47.0288 3844 MegaSR - ok
19:55:47.0379 3844 Microsoft SharePoint Workspace Audit Service - ok
19:55:47.0407 3844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:55:47.0500 3844 MMCSS - ok
19:55:47.0530 3844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:55:47.0624 3844 Modem - ok
19:55:47.0647 3844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:55:47.0690 3844 monitor - ok
19:55:47.0739 3844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:55:47.0759 3844 mouclass - ok
19:55:47.0772 3844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:55:47.0794 3844 mouhid - ok
19:55:47.0830 3844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:55:47.0852 3844 mountmgr - ok
19:55:47.0896 3844 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:55:47.0917 3844 MozillaMaintenance - ok
19:55:47.0961 3844 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:55:47.0994 3844 MpFilter - ok
19:55:48.0011 3844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:55:48.0035 3844 mpio - ok
19:55:48.0067 3844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:55:48.0140 3844 mpsdrv - ok
19:55:48.0203 3844 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:55:48.0315 3844 MpsSvc - ok
19:55:48.0364 3844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:55:48.0424 3844 MRxDAV - ok
19:55:48.0481 3844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:55:48.0531 3844 mrxsmb - ok
19:55:48.0589 3844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:55:48.0639 3844 mrxsmb10 - ok
19:55:48.0665 3844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:55:48.0687 3844 mrxsmb20 - ok
19:55:48.0709 3844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:55:48.0729 3844 msahci - ok
19:55:48.0762 3844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:55:48.0785 3844 msdsm - ok
19:55:48.0807 3844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:55:48.0833 3844 MSDTC - ok
19:55:48.0869 3844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:55:48.0942 3844 Msfs - ok
19:55:48.0960 3844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:55:49.0032 3844 mshidkmdf - ok
19:55:49.0063 3844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:55:49.0082 3844 msisadrv - ok
19:55:49.0108 3844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:55:49.0198 3844 MSiSCSI - ok
19:55:49.0204 3844 msiserver - ok
19:55:49.0228 3844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:55:49.0327 3844 MSKSSRV - ok
19:55:49.0429 3844 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:55:49.0452 3844 MsMpSvc - ok
19:55:49.0465 3844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:55:49.0561 3844 MSPCLOCK - ok
19:55:49.0589 3844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:55:49.0684 3844 MSPQM - ok
19:55:49.0752 3844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:55:49.0781 3844 MsRPC - ok
19:55:49.0819 3844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:55:49.0839 3844 mssmbios - ok
19:55:49.0844 3844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:55:49.0916 3844 MSTEE - ok
19:55:49.0936 3844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:55:49.0983 3844 MTConfig - ok
19:55:50.0007 3844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:55:50.0027 3844 Mup - ok
19:55:50.0069 3844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:55:50.0176 3844 napagent - ok
19:55:50.0212 3844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:55:50.0248 3844 NativeWifiP - ok
19:55:50.0308 3844 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:55:50.0358 3844 NDIS - ok
19:55:50.0376 3844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:55:50.0469 3844 NdisCap - ok
19:55:50.0500 3844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:55:50.0569 3844 NdisTapi - ok
19:55:50.0602 3844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:55:50.0694 3844 Ndisuio - ok
19:55:50.0743 3844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:55:50.0841 3844 NdisWan - ok
19:55:50.0880 3844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:55:50.0970 3844 NDProxy - ok
19:55:51.0006 3844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:55:51.0095 3844 NetBIOS - ok
19:55:51.0147 3844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:55:51.0247 3844 NetBT - ok
19:55:51.0299 3844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:55:51.0320 3844 Netlogon - ok
19:55:51.0349 3844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:55:51.0429 3844 Netman - ok
19:55:51.0454 3844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:55:51.0556 3844 netprofm - ok
19:55:51.0584 3844 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:51.0603 3844 NetTcpPortSharing - ok
19:55:51.0637 3844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:55:51.0658 3844 nfrd960 - ok
19:55:51.0702 3844 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:55:51.0729 3844 NisDrv - ok
19:55:51.0774 3844 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:55:51.0811 3844 NisSrv - ok
19:55:51.0866 3844 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:55:51.0894 3844 NlaSvc - ok
19:55:51.0916 3844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:55:51.0989 3844 Npfs - ok
19:55:52.0024 3844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:55:52.0115 3844 nsi - ok
19:55:52.0145 3844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:55:52.0240 3844 nsiproxy - ok
19:55:52.0320 3844 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:55:52.0393 3844 Ntfs - ok
19:55:52.0423 3844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:55:52.0495 3844 Null - ok
19:55:52.0510 3844 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:55:52.0533 3844 nvraid - ok
19:55:52.0585 3844 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:55:52.0609 3844 nvstor - ok
19:55:52.0672 3844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:55:52.0695 3844 nv_agp - ok
19:55:52.0743 3844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:55:52.0766 3844 ohci1394 - ok
19:55:52.0826 3844 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:52.0845 3844 ose - ok
19:55:53.0037 3844 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:55:53.0208 3844 osppsvc - ok
19:55:53.0246 3844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:55:53.0294 3844 p2pimsvc - ok
19:55:53.0332 3844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:55:53.0362 3844 p2psvc - ok
19:55:53.0389 3844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:55:53.0412 3844 Parport - ok
19:55:53.0440 3844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:55:53.0461 3844 partmgr - ok
19:55:53.0483 3844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:55:53.0543 3844 PcaSvc - ok
19:55:53.0548 3844 pccsmcfd - ok
19:55:53.0579 3844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:55:53.0604 3844 pci - ok
19:55:53.0648 3844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:55:53.0668 3844 pciide - ok
19:55:53.0705 3844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:55:53.0730 3844 pcmcia - ok
19:55:53.0745 3844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:55:53.0766 3844 pcw - ok
19:55:53.0797 3844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:55:53.0903 3844 PEAUTH - ok
19:55:54.0031 3844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:55:54.0076 3844 PerfHost - ok
19:55:54.0160 3844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:55:54.0282 3844 pla - ok
19:55:54.0330 3844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:55:54.0380 3844 PlugPlay - ok
19:55:54.0386 3844 PnkBstrA - ok
19:55:54.0430 3844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:55:54.0452 3844 PNRPAutoReg - ok
19:55:54.0479 3844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:55:54.0505 3844 PNRPsvc - ok
19:55:54.0551 3844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:55:54.0653 3844 PolicyAgent - ok
19:55:54.0695 3844 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:55:54.0788 3844 Power - ok
19:55:54.0830 3844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:55:54.0920 3844 PptpMiniport - ok
19:55:54.0956 3844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:55:55.0005 3844 Processor - ok
19:55:55.0052 3844 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:55:55.0093 3844 ProfSvc - ok
19:55:55.0121 3844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:55:55.0141 3844 ProtectedStorage - ok
19:55:55.0189 3844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:55:55.0277 3844 Psched - ok
19:55:55.0336 3844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:55:55.0402 3844 ql2300 - ok
19:55:55.0438 3844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:55:55.0461 3844 ql40xx - ok
19:55:55.0490 3844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:55:55.0526 3844 QWAVE - ok
19:55:55.0542 3844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:55:55.0596 3844 QWAVEdrv - ok
19:55:55.0617 3844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:55:55.0710 3844 RasAcd - ok
19:55:55.0759 3844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:55:55.0832 3844 RasAgileVpn - ok
19:55:55.0847 3844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:55:55.0951 3844 RasAuto - ok
19:55:55.0993 3844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:56.0090 3844 Rasl2tp - ok
19:55:56.0171 3844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:55:56.0249 3844 RasMan - ok
19:55:56.0280 3844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:56.0356 3844 RasPppoe - ok
19:55:56.0373 3844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:55:56.0447 3844 RasSstp - ok
19:55:56.0495 3844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:55:56.0585 3844 rdbss - ok
19:55:56.0609 3844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:55:56.0662 3844 rdpbus - ok
19:55:56.0695 3844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:56.0794 3844 RDPCDD - ok
19:55:56.0820 3844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:55:56.0916 3844 RDPENCDD - ok
19:55:56.0943 3844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:55:57.0018 3844 RDPREFMP - ok
19:55:57.0068 3844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:55:57.0114 3844 RDPWD - ok
19:55:57.0159 3844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:55:57.0185 3844 rdyboost - ok
19:55:57.0223 3844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:55:57.0301 3844 RemoteRegistry - ok
19:55:57.0315 3844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:55:57.0388 3844 RpcEptMapper - ok
19:55:57.0422 3844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:55:57.0445 3844 RpcLocator - ok
19:55:57.0490 3844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
19:55:57.0573 3844 RpcSs - ok
19:55:57.0604 3844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:55:57.0675 3844 rspndr - ok
19:55:57.0717 3844 [ A8ED9726734D403217A4861A6788B144 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
19:55:57.0752 3844 rtl8192se - ok
19:55:57.0765 3844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:55:57.0786 3844 SamSs - ok
19:55:57.0833 3844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:55:57.0856 3844 sbp2port - ok
19:55:57.0886 3844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:55:57.0964 3844 SCardSvr - ok
19:55:58.0008 3844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:55:58.0100 3844 scfilter - ok
19:55:58.0167 3844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:55:58.0260 3844 Schedule - ok
19:55:58.0301 3844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:55:58.0370 3844 SCPolicySvc - ok
19:55:58.0411 3844 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:55:58.0440 3844 sdbus - ok
19:55:58.0489 3844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:55:58.0539 3844 SDRSVC - ok
19:55:58.0575 3844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:55:58.0676 3844 secdrv - ok
19:55:58.0743 3844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:55:58.0814 3844 seclogon - ok
19:55:58.0859 3844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:55:58.0959 3844 SENS - ok
19:55:58.0980 3844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:55:59.0020 3844 SensrSvc - ok
19:55:59.0046 3844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:55:59.0088 3844 Serenum - ok
19:55:59.0133 3844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:55:59.0156 3844 Serial - ok
19:55:59.0199 3844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:55:59.0244 3844 sermouse - ok
19:55:59.0318 3844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:55:59.0411 3844 SessionEnv - ok
19:55:59.0452 3844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:55:59.0503 3844 sffdisk - ok
19:55:59.0534 3844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:55:59.0578 3844 sffp_mmc - ok
19:55:59.0608 3844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:55:59.0658 3844 sffp_sd - ok
19:55:59.0692 3844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:55:59.0713 3844 sfloppy - ok
19:55:59.0762 3844 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:55:59.0859 3844 SharedAccess - ok
19:55:59.0909 3844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:55:59.0987 3844 ShellHWDetection - ok
19:56:00.0001 3844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:56:00.0021 3844 SiSRaid2 - ok
19:56:00.0034 3844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:56:00.0055 3844 SiSRaid4 - ok
19:56:00.0205 3844 [ D0776778A9FC5E37F2E9EB21FC8A9709 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:56:00.0322 3844 Skype C2C Service - ok
19:56:00.0393 3844 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:56:00.0410 3844 SkypeUpdate - ok
19:56:00.0445 3844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:56:00.0547 3844 Smb - ok
19:56:00.0586 3844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:56:00.0626 3844 SNMPTRAP - ok
19:56:00.0646 3844 [ 47B37E4F919BF170818920A98C2FE1C6 ] SoilIO C:\Windows\system32\drivers\SoilIO.sys
19:56:00.0663 3844 SoilIO - ok
19:56:00.0671 3844 [ 0626C7524FBE58E1AF6E76F1BB739CA2 ] soilkbc C:\Windows\system32\drivers\soilkbc.sys
19:56:00.0686 3844 soilkbc - ok
19:56:00.0703 3844 [ 709BDE623D7680E2D2A958CD4DC0A902 ] SoilMC C:\Windows\system32\drivers\SoilMC.sys
19:56:00.0719 3844 SoilMC - ok
19:56:00.0733 3844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:56:00.0752 3844 spldr - ok
19:56:00.0800 3844 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:56:00.0832 3844 Spooler - ok
19:56:00.0946 3844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:56:01.0089 3844 sppsvc - ok
19:56:01.0135 3844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:56:01.0211 3844 sppuinotify - ok
19:56:01.0255 3844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:56:01.0308 3844 srv - ok
19:56:01.0339 3844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:56:01.0387 3844 srv2 - ok
19:56:01.0421 3844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:56:01.0462 3844 srvnet - ok
19:56:01.0500 3844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:56:01.0581 3844 SSDPSRV - ok
19:56:01.0598 3844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:56:01.0675 3844 SstpSvc - ok
19:56:01.0784 3844 [ C270EA56966AD4474D5EFE777405E876 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_6d4d1665097f1e86\STacSV64.exe
19:56:01.0806 3844 STacSV - ok
19:56:01.0862 3844 Steam Client Service - ok
19:56:01.0895 3844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:56:01.0915 3844 stexstor - ok
19:56:01.0936 3844 [ 936A4D05F7A790B8AAB3B6BE61651E0E ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:56:01.0986 3844 STHDA - ok
19:56:02.0048 3844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:56:02.0117 3844 stisvc - ok
19:56:02.0166 3844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:56:02.0186 3844 swenum - ok
19:56:02.0220 3844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:56:02.0326 3844 swprv - ok
19:56:02.0411 3844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:56:02.0510 3844 SysMain - ok
19:56:02.0548 3844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:56:02.0584 3844 TabletInputService - ok
19:56:02.0625 3844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:56:02.0700 3844 TapiSrv - ok
19:56:02.0726 3844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:56:02.0800 3844 TBS - ok
19:56:02.0896 3844 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:56:02.0976 3844 Tcpip - ok
19:56:03.0062 3844 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:56:03.0141 3844 TCPIP6 - ok
19:56:03.0182 3844 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:56:03.0204 3844 tcpipreg - ok
19:56:03.0239 3844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:56:03.0283 3844 TDPIPE - ok
19:56:03.0321 3844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:56:03.0362 3844 TDTCP - ok
19:56:03.0411 3844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:56:03.0481 3844 tdx - ok
19:56:03.0525 3844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:56:03.0546 3844 TermDD - ok
19:56:03.0606 3844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:56:03.0690 3844 TermService - ok
19:56:03.0720 3844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:56:03.0752 3844 Themes - ok
19:56:03.0773 3844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:56:03.0846 3844 THREADORDER - ok
19:56:03.0867 3844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:56:03.0966 3844 TrkWks - ok
19:56:04.0047 3844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:56:04.0140 3844 TrustedInstaller - ok
19:56:04.0184 3844 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:56:04.0218 3844 tssecsrv - ok
19:56:04.0257 3844 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:56:04.0277 3844 TsUsbFlt - ok
19:56:04.0320 3844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:56:04.0405 3844 tunnel - ok
19:56:04.0443 3844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:56:04.0464 3844 uagp35 - ok
19:56:04.0511 3844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:56:04.0588 3844 udfs - ok
19:56:04.0627 3844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:56:04.0652 3844 UI0Detect - ok
19:56:04.0695 3844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:56:04.0716 3844 uliagpkx - ok
19:56:04.0753 3844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:56:04.0794 3844 umbus - ok
19:56:04.0835 3844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:56:04.0874 3844 UmPass - ok
19:56:04.0950 3844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:56:05.0058 3844 upnphost - ok
19:56:05.0113 3844 [ 0835843DE85ACBD7D5C6CF887E8876B7 ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA64.sys
19:56:05.0161 3844 USB28xxBGA - ok
19:56:05.0210 3844 [ C95A614A4DC06DCFC3DA7B15F299F827 ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM64.sys
19:56:05.0256 3844 USB28xxOEM - ok
19:56:05.0303 3844 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:56:05.0352 3844 usbaudio - ok
19:56:05.0393 3844 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:56:05.0414 3844 usbccgp - ok
19:56:05.0451 3844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:56:05.0480 3844 usbcir - ok
19:56:05.0520 3844 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:56:05.0561 3844 usbehci - ok
19:56:05.0596 3844 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:56:05.0648 3844 usbhub - ok
19:56:05.0691 3844 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:56:05.0711 3844 usbohci - ok
19:56:05.0740 3844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:56:05.0787 3844 usbprint - ok
19:56:05.0844 3844 [ 0F0C72A657C622286013788B886968AD ] usbser C:\Windows\system32\drivers\usbser.sys
19:56:05.0885 3844 usbser - ok
19:56:05.0908 3844 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:56:05.0949 3844 USBSTOR - ok
19:56:05.0975 3844 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:56:06.0020 3844 usbuhci - ok
19:56:06.0046 3844 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:56:06.0077 3844 usbvideo - ok
19:56:06.0113 3844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:56:06.0207 3844 UxSms - ok
19:56:06.0232 3844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:56:06.0253 3844 VaultSvc - ok
19:56:06.0264 3844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:56:06.0285 3844 vdrvroot - ok
19:56:06.0338 3844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:56:06.0444 3844 vds - ok
19:56:06.0494 3844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:56:06.0522 3844 vga - ok
19:56:06.0532 3844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:56:06.0621 3844 VgaSave - ok
19:56:06.0664 3844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:56:06.0690 3844 vhdmp - ok
19:56:06.0733 3844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:56:06.0752 3844 viaide - ok
19:56:06.0769 3844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:56:06.0791 3844 volmgr - ok
19:56:06.0835 3844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:56:06.0865 3844 volmgrx - ok
19:56:06.0880 3844 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:56:06.0908 3844 volsnap - ok
19:56:06.0940 3844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:56:06.0964 3844 vsmraid - ok
19:56:07.0061 3844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:56:07.0184 3844 VSS - ok
19:56:07.0210 3844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:56:07.0237 3844 vwifibus - ok
19:56:07.0249 3844 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:56:07.0280 3844 vwififlt - ok
19:56:07.0331 3844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:56:07.0435 3844 W32Time - ok
19:56:07.0491 3844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:56:07.0512 3844 WacomPen - ok
19:56:07.0554 3844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:56:07.0653 3844 WANARP - ok
19:56:07.0658 3844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:56:07.0730 3844 Wanarpv6 - ok
19:56:07.0810 3844 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:56:07.0868 3844 WatAdminSvc - ok
19:56:07.0938 3844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:56:07.0991 3844 wbengine - ok
19:56:08.0029 3844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:56:08.0064 3844 WbioSrvc - ok
19:56:08.0141 3844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:56:08.0204 3844 wcncsvc - ok
19:56:08.0234 3844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:56:08.0255 3844 WcsPlugInService - ok
19:56:08.0291 3844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:56:08.0311 3844 Wd - ok
19:56:08.0368 3844 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:56:08.0414 3844 Wdf01000 - ok
19:56:08.0436 3844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:56:08.0472 3844 WdiServiceHost - ok
19:56:08.0477 3844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:56:08.0513 3844 WdiSystemHost - ok
19:56:08.0557 3844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:56:08.0616 3844 WebClient - ok
19:56:08.0673 3844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:56:08.0775 3844 Wecsvc - ok
19:56:08.0797 3844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:56:08.0871 3844 wercplsupport - ok
19:56:08.0880 3844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:56:08.0954 3844 WerSvc - ok
19:56:08.0963 3844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:56:09.0034 3844 WfpLwf - ok
19:56:09.0070 3844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:56:09.0090 3844 WIMMount - ok
19:56:09.0110 3844 WinDefend - ok
19:56:09.0117 3844 WinHttpAutoProxySvc - ok
19:56:09.0194 3844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:56:09.0292 3844 Winmgmt - ok
19:56:09.0381 3844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:56:09.0508 3844 WinRM - ok
19:56:09.0573 3844 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:56:09.0621 3844 WinUsb - ok
19:56:09.0678 3844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:56:09.0748 3844 Wlansvc - ok
19:56:09.0885 3844 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:56:09.0971 3844 wlidsvc - ok
19:56:10.0009 3844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:56:10.0054 3844 WmiAcpi - ok
19:56:10.0099 3844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:56:10.0152 3844 wmiApSrv - ok
19:56:10.0183 3844 WMPNetworkSvc - ok
19:56:10.0230 3844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:56:10.0251 3844 WPCSvc - ok
19:56:10.0293 3844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:56:10.0322 3844 WPDBusEnum - ok
19:56:10.0366 3844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:56:10.0463 3844 ws2ifsl - ok
19:56:10.0532 3844 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:56:10.0582 3844 wscsvc - ok
19:56:10.0587 3844 WSearch - ok
19:56:10.0692 3844 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:56:10.0785 3844 wuauserv - ok
19:56:10.0824 3844 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:56:10.0863 3844 WudfPf - ok
19:56:10.0894 3844 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:56:10.0943 3844 WUDFRd - ok
19:56:10.0983 3844 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:56:11.0007 3844 wudfsvc - ok
19:56:11.0062 3844 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:56:11.0102 3844 WwanSvc - ok
19:56:11.0140 3844 [ 741D9BBFE2A392031157A39D921CE052 ] zghsmdm C:\Windows\system32\DRIVERS\zghsmdm.sys
19:56:11.0176 3844 zghsmdm - ok
19:56:11.0185 3844 ================ Scan global ===============================
19:56:11.0233 3844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:56:11.0285 3844 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:56:11.0296 3844 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:56:11.0324 3844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:56:11.0360 3844 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:56:11.0366 3844 [Global] - ok
19:56:11.0366 3844 ================ Scan MBR ==================================
19:56:11.0381 3844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:56:11.0706 3844 \Device\Harddisk0\DR0 - ok
19:56:11.0707 3844 ================ Scan VBR ==================================
19:56:11.0710 3844 [ A09DB59D62504BAE8148F6AB5CEE84BD ] \Device\Harddisk0\DR0\Partition1
19:56:11.0712 3844 \Device\Harddisk0\DR0\Partition1 - ok
19:56:11.0744 3844 [ 69B332CC853E1863D5F8BC545D14FDEF ] \Device\Harddisk0\DR0\Partition2
19:56:11.0747 3844 \Device\Harddisk0\DR0\Partition2 - ok
19:56:11.0747 3844 ============================================================
19:56:11.0747 3844 Scan finished
19:56:11.0747 3844 ============================================================
19:56:11.0760 3076 Detected object count: 1
19:56:11.0760 3076 Actual detected object count: 1
19:57:03.0255 3076 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:57:03.0255 3076 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:57:10.0547 2436 Deinitialize success



MBAM log :

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.16.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Mam & Dad :: WILLIAM_LAPTOP [administrator]

16/09/2013 19:59:18
mbam-log-2013-09-16 (19-59-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255234
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\William\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Users\William\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

(end)
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Looking pretty good. Can you download with IE again?

I see you had some adware so let's clean it all out:

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP