Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Madness. SVCHOST.EXE? Windows will not update.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 25th, 2014, 3:44 am

I am helping a friend with his computer that became inundated with malicious programs/files recently. I have reached the point where I am at a loss and not sure where to go from here. I have scanned and repaired quite a few (300) objects with Malwarebytes. But his computer is still very iffy and sluggish. Strangely enough, the icon in the lower right portion of the screen that indicates if you are connected to the internet, always has a red X through it... but the internet still works? I wish I could explain more but I simply am not savvy enough to describe. Please help! Thank you in advance!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.60.2
Run by bamf at 0:39:32 on 2014-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7991.5698 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.mydreamworld.50webs.com
mDefault_Search_URL = hxxp://www.mydreamworld.50webs.com
BHO: MRI_DISABLED - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{4C67ACCC-17B0-4CA7-8EBB-B5AC781C59B3} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{4C67ACCC-17B0-4CA7-8EBB-B5AC781C59B3}\2656C6B696E6E233567316 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4C67ACCC-17B0-4CA7-8EBB-B5AC781C59B3}\47562727973747572746 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{4C67ACCC-17B0-4CA7-8EBB-B5AC781C59B3}\86F6E65697261646765627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4C67ACCC-17B0-4CA7-8EBB-B5AC781C59B3}\C696679616478616E6 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bamf\AppData\Roaming\Mozilla\Firefox\Profiles\r8l5nuej.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-16 55280]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/01/16 15:25:12];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2011-1-16 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-16 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-3 822624]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-16 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-25 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-25 860472]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-5-18 116632]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-9 65657]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-9-30 508776]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-16 2320920]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-9-19 71168]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-9-19 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-9-19 81920]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-1-16 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-16 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-16 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-16 289280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-25 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-25 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-25 63704]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-9-30 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-9-30 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-9-30 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-9-30 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-9-30 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-1-16 53800]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-16 35104]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-12-9 35840]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-6-25 57024]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-6-25 32512]
S3 L6UX1;Service - Line 6 UX1;C:\Windows\System32\drivers\L6UX164.sys [2012-3-26 772224]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-4-5 11776]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-1-24 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-24 9728]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\System32\drivers\motodrv.sys [2009-5-7 53632]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-1-24 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-7 11776]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-16 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-9 539240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-12 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-5 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S3 ZTEusbgps;ZTE GPS Port;C:\Windows\System32\drivers\ZTEusbgps.sys [2011-4-5 121344]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;C:\Windows\System32\drivers\ZTEusbnmeaext.sys [2011-4-5 121344]
S4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-28 606720]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-29 3048136]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-12 160944]
S4 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-28 911872]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-25 10:56:12 -------- d-----w- C:\Users\bamf\AppData\Local\ElevatedDiagnostics
2014-06-25 10:49:02 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-25 10:48:53 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-25 10:48:53 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-25 10:48:53 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-25 10:48:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 10:29:06 -------- d-----w- C:\Windows\ERUNT
2014-06-25 10:23:21 -------- d-----w- C:\ProgramData\PCDr
2014-06-25 10:17:44 -------- d-----w- C:\Users\bamf\AppData\Local\VirtualStore
2014-06-25 10:02:31 -------- d-----w- C:\Users\bamf\AppData\Local\CrashDumps
2014-06-25 08:10:44 -------- d-----w- C:\EEK
2014-06-25 07:54:09 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-06-25 07:38:52 -------- d-----w- C:\ProgramData\HitmanPro
2014-06-25 07:30:41 -------- d-----w- C:\ProgramData\Oracle
2014-06-25 07:29:38 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-25 07:29:31 -------- d-----w- C:\AdwCleaner
2014-06-25 07:22:56 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-25 06:59:14 98816 ----a-w- C:\Windows\sed.exe
2014-06-25 06:59:14 256000 ----a-w- C:\Windows\PEV.exe
2014-06-25 06:59:14 208896 ----a-w- C:\Windows\MBR.exe
2014-06-25 06:23:21 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-25 05:52:12 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-24 18:48:05 -------- d-----w- C:\ProgramData\IObit
2014-06-24 18:47:35 -------- d-----w- C:\Users\bamf\AppData\Roaming\IObit
2014-06-24 18:47:31 -------- d-----w- C:\Program Files (x86)\IObit
2014-06-24 18:44:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-24 18:44:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-21 20:42:35 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2EE2C6CA-267B-4BD1-B39D-613AEC90B205}\offreg.dll
2014-06-21 13:10:18 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2EE2C6CA-267B-4BD1-B39D-613AEC90B205}\mpengine.dll
2014-06-21 09:29:23 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-21 09:29:07 -------- d-----w- C:\Users\bamf\AppData\Local\Programs
.
==================== Find3M ====================
.
.
============= FINISH: 0:42:02.84 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/4/2011 1:35:27 PM
System Uptime: 6/25/2014 12:25:31 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WXY9J
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU 1 | 2661/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 8.319 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP277: 6/24/2014 10:43:03 PM - Removed Live! Cam Avatar Creator
RP284: 6/25/2014 12:19:41 AM - Removed Java(TM) 6 Update 22 (64-bit)
RP285: 6/25/2014 12:20:37 AM - Removed Java(TM) 7 Update 4
RP286: 6/25/2014 12:23:46 AM - Removed JavaFX 2.1.0
RP287: 6/25/2014 12:28:55 AM - Installed Java 7 Update 60
RP278: 6/25/2014 12:49:28 AM - Checkpoint by HitmanPro
RP279: 6/25/2014 12:50:24 AM - Checkpoint by HitmanPro
RP280: 6/25/2014 3:20:40 AM - Removed Dell Product Registration.
RP281: 6/25/2014 3:22:00 AM - Removed Dell DataSafe Local Backup
RP282: 6/25/2014 3:22:56 AM - Removed Dell Support Center
RP283: 6/25/2014 3:25:33 AM - Removed Intel WiMAX Tutorial.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader 9.2
Advanced Audio FX Engine
Age of Empires III
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Best Buy pc app
Bonjour
D3DX10
Dell Getting Started Guide
Diablo II
Empire Earth II
Facebook Video Calling 1.2.0.287
GoToAssist 8.0.0.514
IDT Audio
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor
Intel® PROSet/Wireless WiMAX Software
Internet Explorer
iTunes
Java 7 Update 60
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 5.6.0
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MSXML4 Parser
OpenOffice.org 3.3
Origin
PowerDVD DX
Quickset64
QuickTime
Roxio Burn
RSDLite
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Skype Click to Call
Skype™ 5.10
Synaptics Pointing Device Driver
The Sims™ 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VZAccess Manager
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZTE USB Drivers
.
==== Event Viewer Messages From Past Week ========
.
6/25/2014 3:52:46 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).
6/25/2014 3:50:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).
6/25/2014 3:49:40 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).
6/25/2014 3:49:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).
6/25/2014 3:49:28 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).
6/25/2014 3:47:20 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).
6/25/2014 3:47:13 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).
6/25/2014 3:47:13 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).
6/25/2014 3:47:01 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).
6/25/2014 3:46:31 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).
6/25/2014 12:41:44 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The specified module could not be found.
6/25/2014 12:39:32 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).
6/25/2014 12:39:32 AM, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: The system cannot find the file specified.
6/25/2014 12:28:37 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).
6/25/2014 12:28:36 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).
6/25/2014 12:28:35 AM, Error: Microsoft-Windows-WMPNSS-Service [14329] - Service 'WMPNetworkSvc' did not start correctly because the registry could not be updated due to error '0x80070006'. If possible, reinstall Windows Media Player.
6/25/2014 12:28:19 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
6/25/2014 12:28:13 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
6/25/2014 12:27:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
6/25/2014 12:27:43 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/25/2014 12:27:23 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/25/2014 12:25:52 AM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.
6/25/2014 12:24:23 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 22 time(s).
6/25/2014 12:24:04 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 21 time(s).
6/25/2014 12:23:58 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 20 time(s).
6/25/2014 12:08:39 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).
.
==== End Of File ===========================
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am
Advertisement
Register to Remove

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » June 26th, 2014, 10:13 am

Hello sturdman, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

*I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » June 26th, 2014, 4:10 pm

Hi sturdman,
I have a few questions and a small program for you to run.

I noticed that there appears to be no Anti-Virus program installed, but there are iObit entries listed in logs.
Do you have an Anti-virus program installed?

Here are some programs that assist in removing malware.
Would you please post the logs from these?
AdwCleaner
TDSSKiller
2014-06-25 07:29:31 -------- d-----w- C:\AdwCleaner
2014-06-25 05:52:12 -------- d-----w- C:\TDSSKiller_Quarantine

Do you have any malwarebye logs where malware was found and removed?
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Can you tell me what this computer is used for?
codecheck
  • Please download codecheck from here and save it to your Desktop.
  • Right-click codecheck.exe > select " Run as administrator "
  • After a very short time a codecheck.txt icon will appear on your Desktop
  • Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 26th, 2014, 5:28 pm

First, to answer all of you questions:
The only program I currently have installed is Malwarebytes. I have run numerous scans and gotten rid of a lot of "objects" but it was with IObit not malwarebytes. Also, the TDSS log that I found is too large to post here... it is too many characters. I will post the AdwCleaner log (although it came back with no results, as did the TDSS scan) followed by the codecheck log. This computer is just a personal computer used for gaming. First I will post the IObit log:

IObit Malware Fighter

OS: Windows 7
Version: 2.4.1.16
Define Version: 1350
Time Elapsed: 00:39:53
Objects Scanned: 87167
Threats Found: 381
Save Time: 6/25/2014 7:18:36 AM

|Name|Type|Description|ID|
Backdoor.Trojan, FILE, C:\Program Files (x86)\Java\java.exe, 1002206
Worm.Agent, FILE, C:\Windows\Fonts\Fonts.exe, 1017157
Worm.AutoRun, FILE, C:\Windows\Fonts\Fonts.exe, 1017209
Mal/Gen.Downloader, FILE, C:\Windows\help\Help.exe, 1017386
Trojan.Win32/Agent, FILE, C:\Windows\Prefetch\Prefetch.exe, 1018022
Trojan.Win32/Agent, FILE, C:\Windows\svchost.exe, 1018291
Trojan-spy.Banker, FILE, C:\Windows\System\System.exe, 1018569
Trojan.Win32/Agent, FILE, C:\Windows\Windows.exe, 1018986
Trojan.Agent, FILE, C:\Windows\Windows.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Wistools\Wistools.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Web\Web.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Vss\Vss.exe, 4099968
Trojan.Agent, FILE, C:\Windows\twain_32\twain_32.exe, 4099968
Trojan.Agent, FILE, C:\Windows\tracing\tracing.exe, 4099968
Trojan.Agent, FILE, C:\Windows\TAPI\TAPI.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\System32.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\SysWOW64.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\woaurud.exe, 4064907
Trojan.Agent, FILE, C:\Windows\SysWOW64\yeazem.exe, 4064842
Trojan.Agent, FILE, C:\Windows\SysWOW64\zh-TW\zh-TW.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\zh-HK\zh-HK.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\zh-CN\zh-CN.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\winrm\winrm.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\winrm\0409\0409.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\WindowsPowerShell\WindowsPowerShell.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\WindowsPowerShell\v1.0\v1.0.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\wdi\wdi.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\wdi\perftrack\perftrack.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\WCN\WCN.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\WCN\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\wbem\wbem.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\wbem\xml\xml.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\wbem\tmf\tmf.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\wbem\Repository\Repository.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\wbem\Logs\Logs.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\wbem\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\wbem\AutoRecover\AutoRecover.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Wat\Wat.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\uk-UA\uk-UA.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\tr-TR\tr-TR.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\th-TH\th-TH.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\sysprep\sysprep.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\sysprep\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\sv-SE\sv-SE.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\sr-Latn-CS\sr-Latn-CS.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\sppui\sppui.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\spp\spp.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\spp\tokens\tokens.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Speech\Speech.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Speech\Engines\Engines.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\slmgr\slmgr.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\slmgr\0409\0409.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\sl-SI\sl-SI.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\sk-SK\sk-SK.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Setup\Setup.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Setup\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\ru-RU\ru-RU.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\ro-RO\ro-RO.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\restore\restore.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Recovery\Recovery.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\ras\ras.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\pt-PT\pt-PT.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\pt-BR\pt-BR.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Printing_Admin_Scripts\Printing_Admin_Scripts.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\pl-PL\pl-PL.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\oobe\oobe.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\oobe\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\nl-NL\nl-NL.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\NetworkList\NetworkList.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\NetworkList\Icons\Icons.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\NDF\NDF.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\nb-NO\nb-NO.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\MUI\MUI.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\MUI\dispspec\dispspec.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\MUI\0409\0409.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Msdtc\Msdtc.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Msdtc\Trace\Trace.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\migwiz\replacementmanifests\replacementmanifests.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\migwiz\PostMigRes\PostMigRes.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\migwiz\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\migwiz\dlmanifests\dlmanifests.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\migration\migration.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\migration\WSMT\WSMT.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\migration\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\manifeststore\manifeststore.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Macromed\Macromed.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Macromed\Flash\Flash.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\lv-LV\lv-LV.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\lt-LT\lt-LT.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\LogFiles\LogFiles.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\LogFiles\Windows Portable Devices\Windows Portable Devices.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\ko-KR\ko-KR.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\ja-JP\ja-JP.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\it-IT\it-IT.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\InstallShield\InstallShield.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\InstallShield\setupdir\setupdir.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\inetsrv\inetsrv.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\IME\IME.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\IME\shared\shared.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\IME\IMETC10\IMETC10.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\IME\IMESC5\IMESC5.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\IME\imekr8\imekr8.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\IME\IMEJP10\IMEJP10.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\hu-HU\hu-HU.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\hr-HR\hr-HR.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\he-IL\he-IL.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\GroupPolicyUsers\GroupPolicyUsers.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\GroupPolicy\GroupPolicy.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\FxsTmp\FxsTmp.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\fr-FR\fr-FR.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\fi-FI\fi-FI.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\et-EE\et-EE.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\es-ES\es-ES.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\en\en.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\el-GR\el-GR.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\drivers\UMDF\UMDF.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\drivers\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Dism\Dism.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\Dism\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\directx\directx.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\de-DE\de-DE.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\da-DK\da-DK.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\cs-CZ\cs-CZ.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\config\config.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\config\TxR\TxR.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\config\systemprofile\systemprofile.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\config\RegBack\RegBack.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\config\Journal\Journal.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\com\com.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\com\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\com\dmp\dmp.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\catroot2\catroot2.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\catroot\catroot.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\bg-BG\bg-BG.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\ar-SA\ar-SA.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SysWOW64\0409\0409.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\LogFiles.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\WUDF\WUDF.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\WMI\WMI.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\Windows Portable Devices\Windows Portable Devices.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\Srt\Srt.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\SQM\SQM.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\Scm\Scm.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\MemDiag\MemDiag.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\HTTPERR\HTTPERR.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\Firewall\Firewall.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\Fax\Fax.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\LogFiles\AIT\AIT.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\catroot2\catroot2.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\catroot\catroot.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.exe, 4099968
Trojan.Agent, FILE, C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}.exe, 4099968
Trojan.Agent, FILE, C:\Windows\system\system.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Sun\Sun.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Speech\Speech.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SoftwareDistribution\SoftwareDistribution.exe, 4099968
Trojan.Agent, FILE, C:\Windows\ShellNew\ShellNew.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Setup\Setup.exe, 4099968
Trojan.Agent, FILE, C:\Windows\ServiceProfiles\ServiceProfiles.exe, 4099968
Trojan.Agent, FILE, C:\Windows\security\security.exe, 4099968
Trojan.Agent, FILE, C:\Windows\schemas\schemas.exe, 4099968
Trojan.Agent, FILE, C:\Windows\SchCache\SchCache.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Resources\Resources.exe, 4099968
Trojan.Agent, FILE, C:\Windows\registration\registration.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Prefetch\Prefetch.exe, 4099968
Trojan.Agent, FILE, C:\Windows\PolicyDefinitions\PolicyDefinitions.exe, 4099968
Trojan.Agent, FILE, C:\Windows\PLA\PLA.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Performance\Performance.exe, 4099968
Trojan.Agent, FILE, C:\Windows\PCHEALTH\PCHEALTH.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Panther\Panther.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Offline Web Pages\Offline Web Pages.exe, 4099968
Trojan.Agent, FILE, C:\Windows\ModemLogs\ModemLogs.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Minidump\Minidump.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Microsoft.NET\Microsoft.NET.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Media\Media.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Logs\Logs.exe, 4099968
Trojan.Agent, FILE, C:\Windows\LiveKernelReports\LiveKernelReports.exe, 4099968
Trojan.Agent, FILE, C:\Windows\L2Schemas\L2Schemas.exe, 4099968
Trojan.Agent, FILE, C:\Windows\inf\inf.exe, 4099968
Trojan.Agent, FILE, C:\Windows\IME\IME.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Help\Help.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Globalization\Globalization.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Fonts\Fonts.exe, 4099968
Trojan.Agent, FILE, C:\Windows\en-US\en-US.exe, 4099968
Trojan.Agent, FILE, C:\Windows\en\en.exe, 4099968
Trojan.Agent, FILE, C:\Windows\ehome\ehome.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Downloaded Program Files\Downloaded Program Files.exe, 4099968
Trojan.Agent, FILE, C:\Windows\DigitalLocker\DigitalLocker.exe, 4099968
Trojan.Agent, FILE, C:\Windows\debug\debug.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Cursors\Cursors.exe, 4099968
Trojan.Agent, FILE, C:\Windows\Branding\Branding.exe, 4099968
Trojan.Agent, FILE, C:\Windows\assembly\assembly.exe, 4099968
Trojan.Agent, FILE, C:\Windows\AppPatch\AppPatch.exe, 4099968
Trojan.Agent, FILE, C:\Windows\AppCompat\AppCompat.exe, 4099968
Trojan.Agent, FILE, C:\Windows\addins\addins.exe, 4099968
Trojan.Agent, FILE, C:\Users\Users.exe, 4099968
Trojan.Agent, FILE, C:\Users\SHITSHOW\SHITSHOW.exe, 4099968
Trojan.Agent, FILE, C:\Users\Satan\Satan.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Public.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 9\Top Gear - Season 9.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 8\Top Gear - Season 8.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 7\Top Gear - Season 7.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 6\Top Gear - Season 6.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 20\Top Gear - Season 20.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 19\Top Gear - Season 19.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 18\Top Gear - Season 18.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 17\Top Gear - Season 17.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 16\Top Gear - Season 16.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 15\Top Gear - Season 15.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 14\Top Gear - Season 14.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 13\Top Gear - Season 13.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 12\Top Gear - Season 12.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 11\Top Gear - Season 11.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Top Gear-BBC\Top Gear - Season 10\Top Gear - Season 10.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\The Amityville Horror (2005)\The Amityville Horror (2005).exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\ShitShow\ShitShow.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\shameless\Season 2.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\shameless\Season 1\Season 1.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Resident Evil\Resident Evil.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\New folder\New folder.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Never Back Down\Never Back Down.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\music vids\music vids.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\music vids\Music Videos\Music Videos.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\music vids\Music Videos\Katy Perry\Katy Perry.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Mission Impossible DVD Boxset 1, 2 & 3 DVDRip\Mission Impossible DVD Boxset 1, 2 & 3 DVDRip.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Mission Impossible DVD Boxset 1, 2 & 3 DVDRip\Mission Impossible III\Mission Impossible III.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Mission Impossible DVD Boxset 1, 2 & 3 DVDRip\Mission Impossible II\Mission Impossible II.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Mission Impossible DVD Boxset 1, 2 & 3 DVDRip\Mission Impossible I\Mission Impossible I.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Mission Impossible DVD Boxset 1, 2 & 3 DVDRip\Mission impossible\Mission impossible.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Jar head\Jar head.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Get Rich or Die Tryin\Get Rich or Die Tryin.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Gangs.Of.New.York.DVDRip\Gangs.Of.New.York.DVDRip.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Friday I,II,III\Friday I,II,III.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Fast and Furious 1 to 4 Collection BRrip H264 6ch\Fast and Furious 1 to 4 Collection BRrip H264 6ch.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Fast and Furious 1 to 4 Collection BRrip H264 6ch\Fast.And.The.Furious 3Tokyo.Drift[2006]DvDrip[Eng]-aXXo\Fast.And.The.Furious 3Tokyo.Drift[2006]DvDrip[Eng]-aXXo.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Devil's Reject, The\Devil's Reject, The.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Death Race Saga\Death Race Saga.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\BoonDock Saints I,II\BoonDock Saints I,II.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\back to the future trilogy\back to the future trilogy.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Austin Powers series\Austin Powers series.exe, 4099968
Trojan.Agent, FILE, C:\Users\Public\Videos\Movies\Assassination.Games.2011.DVDRip.XviD.AC3-playXD\Assassination.Games.2011.DVDRip.XviD.AC3-playXD.exe, 4099968
Trojan.Agent, FILE, C:\Users\pc\pc.exe, 4099968
Trojan.Agent, FILE, C:\Users\Guest\Guest.exe, 4099968
Trojan.Agent, FILE, C:\Users\bamf\bamf.exe, 4099968
Trojan.Agent, FILE, C:\Users\bamf\Music\iTunes\iTunes Media\iTunes Media.exe, 4099968
Trojan.Agent, FILE, C:\Users\bamf\Music\iTunes\iTunes Media\Automatically Add to iTunes\Automatically Add to iTunes.exe, 4099968
Trojan.Agent, FILE, C:\Users\bamf\Music\iTunes\Album Artwork\Album Artwork.exe, 4099968
Trojan.Agent, FILE, C:\Users\bamf\Music\iTunes\Album Artwork\Download\Download.exe, 4099968
Trojan.Agent, FILE, C:\Users\bamf\Music\iTunes\Album Artwork\Cache\Cache.exe, 4099968
Trojan.Agent, FILE, C:\Temp\Temp.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Program Files (x86).exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\ZTEDriverAC30\ZTEDriverAC30.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Windows Sidebar\Windows Sidebar.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Windows Portable Devices\Windows Portable Devices.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Windows Photo Viewer\Windows Photo Viewer.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Windows NT\Windows NT.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Windows Media Player\Windows Media Player.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Windows Mail\Windows Mail.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Windows Live\Windows Live.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Windows Defender\Windows Defender.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Verizon Wireless\Verizon Wireless.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\System Registration\System Registration.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Versions.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Shaders14515\Shaders14515.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Shaders14513\Shaders14513.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Base18574\Base18574.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Base18092\Base18092.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Base17326\Base17326.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Base16939\Base16939.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Base16755\Base16755.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Base16605\Base16605.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Base16561\Base16561.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Versions\Base15405\Base15405.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Support\Support.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Mods\Mods.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Mods\LibertyMulti.SC2Mod\LibertyMulti.SC2Mod.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Mods\Liberty.SC2Mod\Liberty.SC2Mod.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Mods\Core.SC2Mod\Core.SC2Mod.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Logs\Logs.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Campaigns\Campaigns.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Campaigns\LibertyStory.SC2Campaign\LibertyStory.SC2Campaign.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Campaigns\Liberty.SC2Campaign\Liberty.SC2Campaign.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\StarCraft II\Battle.net\Battle.net.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Sonoma Wire Works\Sonoma Wire Works.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Skype\Skype.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Sierra\Sierra.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Reference Assemblies\Reference Assemblies.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\QuickTime\QuickTime.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Origin Games\Origin Games.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Oracle\Oracle.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\OpenOffice.org 3\OpenOffice.org 3.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\MSXML 4.0\MSXML 4.0.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\MSBuild\MSBuild.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Motorola Mobility\Motorola Mobility.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Motorola\Motorola.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Microsoft.NET\Microsoft.NET.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Microsoft WSE\Microsoft WSE.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Microsoft SQL Server Compact Edition\Microsoft SQL Server Compact Edition.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Microsoft Silverlight\Microsoft Silverlight.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Microsoft Office\Microsoft Office.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Microsoft Games\Microsoft Games.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Microsoft Application Virtualization Client\Microsoft Application Virtualization Client.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Microsoft\Microsoft.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Maxis\Maxis.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Line6\Line6.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Java\Java.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Interplay\Interplay.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Internet Explorer\Internet Explorer.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\GameSpy Arcade\GameSpy Arcade.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Diablo II\Save\Save.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Diablo II\Save\Asia\Asia.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Dell DataSafe Local Backup\Dell DataSafe Local Backup.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Dell\Dell.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\CyberLink\CyberLink.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Creative Live! Cam\Creative Live! Cam.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Creative\Creative.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Common Files\Common Files.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Citrix\Citrix.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Cisco\Cisco.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Bonjour\Bonjour.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Bethesda Softworks\Bethesda Softworks.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Belkin\Belkin.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Apple Software Update\Apple Software Update.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Adobe\Adobe.exe, 4099968
Trojan.Agent, FILE, C:\Program Files (x86)\Ableton\Ableton.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Program Files.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Windows Sidebar\Windows Sidebar.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Windows Portable Devices\Windows Portable Devices.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Windows Photo Viewer\Windows Photo Viewer.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Windows NT\Windows NT.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Windows Media Player\Windows Media Player.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Windows Mail\Windows Mail.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Windows Live\Windows Live.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Windows Journal\Windows Journal.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Windows Defender\Windows Defender.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\WIDCOMM\WIDCOMM.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Trend Micro\Trend Micro.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Synaptics\Synaptics.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Reference Assemblies\Reference Assemblies.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\MSBuild\MSBuild.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Motorola Inc\Motorola Inc.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Microsoft Silverlight\Microsoft Silverlight.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Microsoft Office\Microsoft Office.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Microsoft Games\Microsoft Games.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Java\Java.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\iTunes\iTunes.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\iPod\iPod.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Internet Explorer\Internet Explorer.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Intel\Intel.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\IDT\IDT.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\DVD Maker\DVD Maker.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\DIFX\DIFX.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Dell Support Center\Dell Support Center.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Dell\Dell.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Common Files\Common Files.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\Bonjour\Bonjour.exe, 4099968
Trojan.Agent, FILE, C:\Program Files\7-Zip\7-Zip.exe, 4099968
Trojan.Agent, FILE, C:\PerfLogs\PerfLogs.exe, 4099968
Trojan.Agent, FILE, C:\PerfLogs\Admin\Admin.exe, 4099968
Trojan.Agent, FILE, C:\Netgear\Netgear.exe, 4099968
Trojan.Agent, FILE, C:\Netgear\assets\assets.exe, 4099968
Trojan.Agent, FILE, C:\Intel\Intel.exe, 4099968
Trojan.Agent, FILE, C:\Intel\Logs\Logs.exe, 4099968
Trojan.Agent, FILE, C:\Intel\ExtremeGraphics\ExtremeGraphics.exe, 4099968
Trojan.Agent, FILE, C:\e97f734ce53a4f0f2ddf\e97f734ce53a4f0f2ddf.exe, 4099968
Trojan.Agent, FILE, C:\Dell\Dell.exe, 4099968
Trojan.Agent, FILE, C:\Dell\SEULAS\seulas.exe, 4099968
Trojan.Agent, FILE, C:\Dell\DownloadStore\DownloadStore.exe, 4099968
Trojan.Agent, FILE, C:\cf93a67289d1622400ea751ba98cc57d\cf93a67289d1622400ea751ba98cc57d.exe, 4099968
Trojan.Agent, FILE, C:\96e38ee4d2ea305896ed6e8c895acf\96e38ee4d2ea305896ed6e8c895acf.exe, 4099968
Trojan.Agent, FILE, C:\19bb88c62ac2fff6e948\19bb88c62ac2fff6e948.exe, 4099968
Trojan.Agent, FILE, C:\19bb88c62ac2fff6e948\f76c3e5bafc0b53d1bae966d0ccca69a\f76c3e5bafc0b53d1bae966d0ccca69a.exe, 4099968


AdwCleaner Log:
# AdwCleaner v3.213 - Report created 26/06/2014 at 14:27:28
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : bamf - PC-PC
# Running from : C:\Users\bamf\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16483


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\bamf\AppData\Roaming\Mozilla\Firefox\Profiles\r8l5nuej.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [689 octets] - [25/06/2014 00:29:52]
AdwCleaner[R1].txt - [884 octets] - [26/06/2014 13:27:23]
AdwCleaner[R2].txt - [746 octets] - [26/06/2014 14:27:28]
AdwCleaner[S0].txt - [751 octets] - [25/06/2014 00:31:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [864 octets] ##########


Codecheck Version 1.0

06026
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » June 26th, 2014, 8:55 pm

Hi sturdman,

This statement you made in your opening post leaves me a bit confused because now you say you used IObit Malware Fighter not malwarebytes.
I have scanned and repaired quite a few (300) objects with Malwarebytes.


We do not recommend or endorse iObit products. They are not the best and can be misleading. Not to mention the iObit at one time was pirating Malwarebyte's database.
IOBit Steals Malwarebytes' Intellectual Property

This link from PC Mag is more current and pretty much explains why iObit's Malware Fighter is pretty useless.
IObit Malware Fighter 2

This has a screenshot from the installation process showing bloat ware being installed with iObit's Malware Fighter.
Review: IObit Malware Fighter

I would suggest switching to something else.

Please post the entire TDSSKiller log in sections.

Please run OTL

OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 26th, 2014, 10:10 pm

Here is the TDSS log part 1:
19:07:38.0340 0x3280 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
19:07:42.0100 0x3280 ============================================================
19:07:42.0100 0x3280 Current date / time: 2014/06/26 19:07:42.0100
19:07:42.0100 0x3280 SystemInfo:
19:07:42.0100 0x3280
19:07:42.0100 0x3280 OS Version: 6.1.7601 ServicePack: 1.0
19:07:42.0100 0x3280 Product type: Workstation
19:07:42.0100 0x3280 ComputerName: PC-PC
19:07:42.0100 0x3280 UserName: bamf
19:07:42.0100 0x3280 Windows directory: C:\Windows
19:07:42.0100 0x3280 System windows directory: C:\Windows
19:07:42.0100 0x3280 Running under WOW64
19:07:42.0100 0x3280 Processor architecture: Intel x64
19:07:42.0100 0x3280 Number of processors: 4
19:07:42.0100 0x3280 Page size: 0x1000
19:07:42.0100 0x3280 Boot type: Normal boot
19:07:42.0100 0x3280 ============================================================
19:07:42.0458 0x3280 KLMD registered as C:\Windows\system32\drivers\21867151.sys
19:07:43.0067 0x3280 System UUID: {121C6E9F-E605-4811-2E1A-2D62FC99EF62}
19:07:43.0706 0x3280 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:43.0722 0x3280 ============================================================
19:07:43.0722 0x3280 \Device\Harddisk0\DR0:
19:07:43.0722 0x3280 MBR partitions:
19:07:43.0722 0x3280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
19:07:43.0722 0x3280 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x557C76F0
19:07:43.0722 0x3280 ============================================================
19:07:43.0753 0x3280 C: <-> \Device\Harddisk0\DR0\Partition2
19:07:43.0753 0x3280 ============================================================
19:07:43.0753 0x3280 Initialize success
19:07:43.0753 0x3280 ============================================================
19:07:53.0690 0x20dc ============================================================
19:07:53.0690 0x20dc Scan started
19:07:53.0690 0x20dc Mode: Manual;
19:07:53.0690 0x20dc ============================================================
19:07:53.0690 0x20dc KSN ping started
19:08:07.0642 0x20dc KSN ping finished: true
19:08:09.0272 0x20dc ================ Scan system memory ========================
19:08:09.0272 0x20dc System memory - ok
19:08:09.0272 0x20dc ================ Scan services =============================
19:08:09.0392 0x20dc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:08:09.0402 0x20dc 1394ohci - ok
19:08:09.0442 0x20dc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:08:09.0442 0x20dc ACPI - ok
19:08:09.0472 0x20dc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:08:09.0472 0x20dc AcpiPmi - ok
19:08:09.0512 0x20dc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:08:09.0532 0x20dc adp94xx - ok
19:08:09.0552 0x20dc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:08:09.0552 0x20dc adpahci - ok
19:08:09.0572 0x20dc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:08:09.0572 0x20dc adpu320 - ok
19:08:09.0612 0x20dc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:08:09.0612 0x20dc AeLookupSvc - ok
19:08:09.0692 0x20dc [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
19:08:09.0702 0x20dc AESTFilters - ok
19:08:09.0782 0x20dc [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD C:\Windows\system32\drivers\afd.sys
19:08:09.0812 0x20dc AFD - ok
19:08:09.0842 0x20dc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
19:08:09.0842 0x20dc agp440 - ok
19:08:09.0872 0x20dc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:08:09.0872 0x20dc ALG - ok
19:08:09.0902 0x20dc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
19:08:09.0902 0x20dc aliide - ok
19:08:09.0902 0x20dc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
19:08:09.0912 0x20dc amdide - ok
19:08:09.0942 0x20dc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:08:09.0942 0x20dc AmdK8 - ok
19:08:09.0952 0x20dc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:08:09.0952 0x20dc AmdPPM - ok
19:08:09.0982 0x20dc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:08:09.0992 0x20dc amdsata - ok
19:08:10.0022 0x20dc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:08:10.0022 0x20dc amdsbs - ok
19:08:10.0052 0x20dc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:08:10.0052 0x20dc amdxata - ok
19:08:10.0122 0x20dc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
19:08:10.0132 0x20dc AppID - ok
19:08:10.0152 0x20dc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:08:10.0152 0x20dc AppIDSvc - ok
19:08:10.0212 0x20dc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
19:08:10.0212 0x20dc Appinfo - ok
19:08:10.0342 0x20dc [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:08:10.0342 0x20dc Apple Mobile Device - ok
19:08:10.0412 0x20dc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:08:10.0412 0x20dc arc - ok
19:08:10.0432 0x20dc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:08:10.0442 0x20dc arcsas - ok
19:08:10.0472 0x20dc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:10.0472 0x20dc AsyncMac - ok
19:08:10.0502 0x20dc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
19:08:10.0502 0x20dc atapi - ok
19:08:10.0592 0x20dc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:08:10.0612 0x20dc AudioEndpointBuilder - ok
19:08:10.0642 0x20dc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:08:10.0652 0x20dc AudioSrv - ok
19:08:10.0732 0x20dc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:08:10.0732 0x20dc AxInstSV - ok
19:08:10.0762 0x20dc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:08:10.0772 0x20dc b06bdrv - ok
19:08:10.0792 0x20dc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:08:10.0802 0x20dc b57nd60a - ok
19:08:10.0832 0x20dc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:08:10.0832 0x20dc BDESVC - ok
19:08:10.0842 0x20dc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:08:10.0842 0x20dc Beep - ok
19:08:10.0942 0x20dc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
19:08:10.0952 0x20dc BFE - ok
19:08:10.0982 0x20dc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
19:08:11.0002 0x20dc BITS - ok
19:08:11.0012 0x20dc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:08:11.0012 0x20dc blbdrive - ok
19:08:11.0082 0x20dc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:08:11.0102 0x20dc Bonjour Service - ok
19:08:11.0122 0x20dc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:08:11.0132 0x20dc bowser - ok
19:08:11.0162 0x20dc [ 86A4289EE7663E0A51F1A523F8466EA2, 6E04295791F3132896ABD56DE10888331DBA42D32069DB7DC623773092A0A8E8 ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
19:08:11.0162 0x20dc bpenum - ok
19:08:11.0192 0x20dc [ CFADDB7733E91214F04641BCA3CC1D06, 084FF4FFCEA64EF275F03065A3CA3C22002A2B0312C4C60FADEEFC033C8D994D ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
19:08:11.0192 0x20dc bpmp - ok
19:08:11.0212 0x20dc [ 24884464FCE06814158752AF782A0B18, A12AF41B474DB8289A462D00B71045F0CA04111DF09CB4BA1BF6ECCE448A0185 ] bpusb C:\Windows\system32\Drivers\bpusb.sys
19:08:11.0212 0x20dc bpusb - ok
19:08:11.0232 0x20dc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:08:11.0232 0x20dc BrFiltLo - ok
19:08:11.0252 0x20dc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:08:11.0252 0x20dc BrFiltUp - ok
19:08:11.0292 0x20dc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:08:11.0302 0x20dc BridgeMP - ok
19:08:11.0362 0x20dc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
19:08:11.0362 0x20dc Browser - ok
19:08:11.0392 0x20dc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:08:11.0402 0x20dc Brserid - ok
19:08:11.0412 0x20dc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:08:11.0412 0x20dc BrSerWdm - ok
19:08:11.0432 0x20dc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:08:11.0432 0x20dc BrUsbMdm - ok
19:08:11.0442 0x20dc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:08:11.0442 0x20dc BrUsbSer - ok
19:08:11.0472 0x20dc [ FF7C57973EEAD140062238C5A0B7D455, 71055CAA7A7072F88E9218F2DCBD3122FAB3DFEE042F8D4D0D90AAC922C736E2 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
19:08:11.0472 0x20dc BTCFilterService - ok
19:08:11.0552 0x20dc [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:08:11.0552 0x20dc BthEnum - ok
19:08:11.0572 0x20dc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:08:11.0572 0x20dc BTHMODEM - ok
19:08:11.0602 0x20dc [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:08:11.0602 0x20dc BthPan - ok
19:08:11.0682 0x20dc [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:08:11.0692 0x20dc BTHPORT - ok
19:08:11.0722 0x20dc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:08:11.0722 0x20dc bthserv - ok
19:08:11.0792 0x20dc [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:08:11.0792 0x20dc BTHUSB - ok
19:08:11.0822 0x20dc [ D3466F77C2C49C6E393BA5FBA963A33E, FD5E48A29E153BBAB095AB2E3B86F592B1FC1F790978911093B5F8A2CD6C5652 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
19:08:11.0822 0x20dc btusbflt - ok
19:08:11.0842 0x20dc [ AF838D8029AE7C27470862D63FA54D24, 96247094D2446CEE594AD765B98DE8583762A96FE83223CB18B4CDB3A4958376 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
19:08:11.0852 0x20dc btwaudio - ok
19:08:11.0862 0x20dc [ 5C849BD7C78791C5CEE9F4651D7FE38D, BC93A1B911FB4A44EC4DB64AF9AFC6F2013CD76BFB6FA9E4834CFDAAAF4BCD9F ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
19:08:11.0872 0x20dc btwavdt - ok
19:08:11.0952 0x20dc [ 10FFB5FA51D5713D872B41A59DFC2213, E0C0EA99C862E3FCE4D121BB34DEC00E74A371DF4093A44055E70E9F4CFA3DC6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:08:11.0972 0x20dc btwdins - ok
19:08:11.0992 0x20dc [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
19:08:11.0992 0x20dc btwl2cap - ok
19:08:12.0002 0x20dc [ 3E1991AFA851A36DC978B0A1B0535C8B, F55F7FDDD2A71532F163E4F14B26A09DCDB7C970E806D803418D4CE0DFF09FB6 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
19:08:12.0002 0x20dc btwrchid - ok
19:08:12.0082 0x20dc [ 9887CA12F407D7FBC7F48F3678F5F0B6, 1EA21563AE990CE4EF407AB349DE5A66CB93CD7602FE6E450E119ADF0343914E ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
19:08:12.0082 0x20dc BVRPMPR5a64 - ok
19:08:12.0112 0x20dc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:08:12.0122 0x20dc cdfs - ok
19:08:12.0152 0x20dc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:08:12.0152 0x20dc cdrom - ok
19:08:12.0232 0x20dc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
19:08:12.0232 0x20dc CertPropSvc - ok
19:08:12.0262 0x20dc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:08:12.0262 0x20dc circlass - ok
19:08:12.0332 0x20dc [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp C:\EEK\Run\cleanhlp64.sys
19:08:12.0342 0x20dc cleanhlp - ok
19:08:12.0372 0x20dc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
19:08:12.0392 0x20dc CLFS - ok
19:08:12.0442 0x20dc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:12.0442 0x20dc clr_optimization_v2.0.50727_32 - ok
19:08:12.0492 0x20dc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:08:12.0492 0x20dc clr_optimization_v2.0.50727_64 - ok
19:08:12.0542 0x20dc [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:12.0552 0x20dc clr_optimization_v4.0.30319_32 - ok
19:08:12.0592 0x20dc [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:08:12.0592 0x20dc clr_optimization_v4.0.30319_64 - ok
19:08:12.0622 0x20dc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:12.0622 0x20dc CmBatt - ok
19:08:12.0642 0x20dc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:08:12.0642 0x20dc cmdide - ok
19:08:12.0732 0x20dc [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG C:\Windows\system32\Drivers\cng.sys
19:08:12.0742 0x20dc CNG - ok
19:08:12.0762 0x20dc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:08:12.0762 0x20dc Compbatt - ok
19:08:12.0792 0x20dc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:08:12.0792 0x20dc CompositeBus - ok
19:08:12.0802 0x20dc COMSysApp - ok
19:08:12.0822 0x20dc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:08:12.0832 0x20dc crcdisk - ok
19:08:12.0892 0x20dc [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:08:12.0902 0x20dc CryptSvc - ok
19:08:12.0922 0x20dc [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:08:12.0932 0x20dc CtClsFlt - ok
19:08:13.0092 0x20dc [ 72794D112CBAFF3BC0C29BF7350D4741, 060C207F27306A3464FBCD8B08BDC97E34923ECA349933ECB059848BD08F41ED ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:08:13.0112 0x20dc cvhsvc - ok
19:08:13.0202 0x20dc [ D042E5FE276874195047E9872DE6A14D, 24288C8CDC10143879058620AFB874AB40B6395413229E0314570A8B255BCC67 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:08:13.0222 0x20dc DcomLaunch - ok
19:08:13.0252 0x20dc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:08:13.0252 0x20dc defragsvc - ok
19:08:13.0322 0x20dc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:08:13.0322 0x20dc DfsC - ok
19:08:13.0402 0x20dc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:08:13.0422 0x20dc Dhcp - ok
19:08:13.0442 0x20dc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:08:13.0442 0x20dc discache - ok
19:08:13.0522 0x20dc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:08:13.0522 0x20dc Disk - ok
19:08:13.0602 0x20dc [ 982D487E4D2D1FCC48A97B102055ECE0, 05D3888351C411BAD787730AA804ADB6D3E9A6A759476B27314751D8B99B691A ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
19:08:13.0612 0x20dc DMAgent - ok
19:08:13.0642 0x20dc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:08:13.0642 0x20dc Dnscache - ok
19:08:13.0682 0x20dc DockLoginService - ok
19:08:13.0742 0x20dc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
19:08:13.0762 0x20dc dot3svc - ok
19:08:13.0812 0x20dc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
19:08:13.0812 0x20dc DPS - ok
19:08:13.0852 0x20dc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:08:13.0852 0x20dc drmkaud - ok
19:08:13.0942 0x20dc [ AF2E16242AA723F68F461B6EAE2EAD3D, 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:08:13.0962 0x20dc DXGKrnl - ok
19:08:13.0992 0x20dc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:08:13.0992 0x20dc EapHost - ok
19:08:14.0092 0x20dc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:08:14.0152 0x20dc ebdrv - ok
19:08:14.0222 0x20dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\Windows\System32\lsass.exe
19:08:14.0222 0x20dc EFS - ok
19:08:14.0332 0x20dc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:08:14.0372 0x20dc ehRecvr - ok
19:08:14.0392 0x20dc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:08:14.0392 0x20dc ehSched - ok
19:08:14.0442 0x20dc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:08:14.0452 0x20dc elxstor - ok
19:08:14.0462 0x20dc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:08:14.0462 0x20dc ErrDev - ok
19:08:14.0492 0x20dc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:08:14.0502 0x20dc EventSystem - ok
19:08:14.0602 0x20dc [ B56D9602DB5FE1C116B1CA5EFD8E2E50, 34F52939089A98860E659BEF6AB8275BC50C33CC282DD3D34E13909BB7E3E575 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:08:14.0632 0x20dc EvtEng - ok
19:08:14.0652 0x20dc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:08:14.0662 0x20dc exfat - ok
19:08:14.0692 0x20dc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:08:14.0702 0x20dc fastfat - ok
19:08:14.0782 0x20dc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
19:08:14.0802 0x20dc Fax - ok
19:08:14.0812 0x20dc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:08:14.0822 0x20dc fdc - ok
19:08:14.0842 0x20dc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:08:14.0842 0x20dc fdPHost - ok
19:08:14.0862 0x20dc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:08:14.0862 0x20dc FDResPub - ok
19:08:14.0882 0x20dc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:08:14.0892 0x20dc FileInfo - ok
19:08:14.0902 0x20dc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:08:14.0902 0x20dc Filetrace - ok
19:08:14.0922 0x20dc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:08:14.0922 0x20dc flpydisk - ok
19:08:14.0993 0x20dc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:08:15.0003 0x20dc FltMgr - ok
19:08:15.0103 0x20dc [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache C:\Windows\system32\FntCache.dll
19:08:15.0123 0x20dc FontCache - ok
19:08:15.0193 0x20dc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:08:15.0203 0x20dc FontCache3.0.0.0 - ok
19:08:15.0213 0x20dc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:08:15.0223 0x20dc FsDepends - ok
19:08:15.0233 0x20dc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:08:15.0233 0x20dc Fs_Rec - ok
19:08:15.0313 0x20dc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:08:15.0323 0x20dc fvevol - ok
19:08:15.0343 0x20dc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:08:15.0343 0x20dc gagp30kx - ok
19:08:15.0423 0x20dc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:08:15.0423 0x20dc GEARAspiWDM - ok
19:08:15.0483 0x20dc [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
19:08:15.0483 0x20dc GoToAssist - ok
19:08:15.0573 0x20dc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
19:08:15.0593 0x20dc gpsvc - ok
19:08:15.0613 0x20dc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:08:15.0613 0x20dc hcw85cir - ok
19:08:15.0653 0x20dc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:08:15.0653 0x20dc HdAudAddService - ok
19:08:15.0683 0x20dc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:08:15.0683 0x20dc HDAudBus - ok
19:08:15.0723 0x20dc [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:08:15.0723 0x20dc HECIx64 - ok
19:08:15.0743 0x20dc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:08:15.0743 0x20dc HidBatt - ok
19:08:15.0763 0x20dc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:08:15.0763 0x20dc HidBth - ok
19:08:15.0783 0x20dc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:08:15.0793 0x20dc HidIr - ok
19:08:15.0813 0x20dc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
19:08:15.0813 0x20dc hidserv - ok
19:08:15.0843 0x20dc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:08:15.0853 0x20dc HidUsb - ok
19:08:15.0893 0x20dc [ FCE2251FE4464DCAA2F4684F19A8EE9B, 8062CD636DEFA8E160427BC2C61BC5C0DAA5396E16ABE9353B27C217FDE70B04 ] hitmanpro37 C:\Windows\system32\drivers\hitmanpro37.sys
19:08:15.0903 0x20dc hitmanpro37 - ok
19:08:15.0963 0x20dc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:08:15.0963 0x20dc hkmsvc - ok
19:08:16.0023 0x20dc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:08:16.0033 0x20dc HomeGroupListener - ok
19:08:16.0103 0x20dc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:08:16.0113 0x20dc HomeGroupProvider - ok
19:08:16.0143 0x20dc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:08:16.0143 0x20dc HpSAMD - ok
19:08:16.0233 0x20dc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:08:16.0263 0x20dc HTTP - ok
19:08:16.0323 0x20dc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:08:16.0323 0x20dc hwpolicy - ok
19:08:16.0403 0x20dc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:08:16.0413 0x20dc i8042prt - ok
19:08:16.0463 0x20dc [ 2064090C9FAAD92C090D77E50E735B2E, 802BF10AF2F4B5DC93926C34DB2782DA6FD7243766D583E85603879483A592D2 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:08:16.0483 0x20dc iaStor - ok
19:08:16.0543 0x20dc [ A9BE186ABF28B3D3D698CB855EDF457E, 03E1851132E1C8669CF9B3CEB1C9E6AE45BBAC2632FEEDD311F3B3FAA9B623DD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:08:16.0543 0x20dc IAStorDataMgrSvc - ok
19:08:16.0583 0x20dc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:08:16.0603 0x20dc iaStorV - ok
19:08:16.0693 0x20dc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:08:16.0703 0x20dc idsvc - ok
19:08:17.0043 0x20dc [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:08:17.0373 0x20dc igfx - ok
19:08:17.0423 0x20dc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:08:17.0423 0x20dc iirsp - ok
19:08:17.0513 0x20dc [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
19:08:17.0533 0x20dc IKEEXT - ok
19:08:17.0563 0x20dc [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:08:17.0573 0x20dc Impcd - ok
19:08:17.0613 0x20dc [ C6C1F19205DA83C801BE7C25F4E2EE07, AE28686272D0F3789751C8F73BE998026BA80D93539C81DDE148E34A34A9AD0C ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:08:17.0623 0x20dc IntcDAud - ok
19:08:17.0633 0x20dc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
19:08:17.0633 0x20dc intelide - ok
19:08:17.0643 0x20dc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:08:17.0643 0x20dc intelppm - ok
19:08:17.0663 0x20dc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:08:17.0673 0x20dc IPBusEnum - ok
19:08:17.0733 0x20dc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:08:17.0733 0x20dc IpFilterDriver - ok
19:08:17.0823 0x20dc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:08:17.0833 0x20dc iphlpsvc - ok
19:08:17.0853 0x20dc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:08:17.0853 0x20dc IPMIDRV - ok
19:08:17.0873 0x20dc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:08:17.0873 0x20dc IPNAT - ok
19:08:17.0973 0x20dc [ 4EFFC8FF6D349E971E94B1C670C0C66A, E92DA19CE9725BB4CC34DF94873C6B441AE61679A8C615780E1A1E9404C8FA26 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:08:17.0983 0x20dc iPod Service - ok
19:08:18.0003 0x20dc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:08:18.0003 0x20dc IRENUM - ok
19:08:18.0023 0x20dc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:08:18.0023 0x20dc isapnp - ok
19:08:18.0053 0x20dc [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:08:18.0063 0x20dc iScsiPrt - ok
19:08:18.0083 0x20dc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:08:18.0083 0x20dc kbdclass - ok
19:08:18.0093 0x20dc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:08:18.0093 0x20dc kbdhid - ok
19:08:18.0113 0x20dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\Windows\system32\lsass.exe
19:08:18.0113 0x20dc KeyIso - ok
19:08:18.0183 0x20dc [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:08:18.0193 0x20dc KSecDD - ok
19:08:18.0263 0x20dc [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:08:18.0263 0x20dc KSecPkg - ok
19:08:18.0283 0x20dc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:08:18.0283 0x20dc ksthunk - ok
19:08:18.0313 0x20dc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:08:18.0333 0x20dc KtmRm - ok
19:08:18.0433 0x20dc [ 07265E0B1A6D30453539F7DFB4942BF2, 8ECF643ED2FC04DF8C564494A88A641303959CFFFAD6EEAB04437D3E910FE838 ] L6UX1 C:\Windows\system32\Drivers\L6UX164.sys
19:08:18.0443 0x20dc L6UX1 - ok
19:08:18.0513 0x20dc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:08:18.0523 0x20dc LanmanServer - ok
19:08:18.0593 0x20dc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:08:18.0603 0x20dc LanmanWorkstation - ok
19:08:18.0633 0x20dc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:08:18.0633 0x20dc lltdio - ok
19:08:18.0663 0x20dc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:08:18.0673 0x20dc lltdsvc - ok
19:08:18.0693 0x20dc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:08:18.0693 0x20dc lmhosts - ok
19:08:18.0753 0x20dc [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:08:18.0763 0x20dc LMS - ok
19:08:18.0793 0x20dc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:08:18.0793 0x20dc LSI_FC - ok
19:08:18.0813 0x20dc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:08:18.0813 0x20dc LSI_SAS - ok
19:08:18.0823 0x20dc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:08:18.0823 0x20dc LSI_SAS2 - ok
19:08:18.0843 0x20dc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:08:18.0843 0x20dc LSI_SCSI - ok
19:08:18.0863 0x20dc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:08:18.0863 0x20dc luafv - ok
19:08:18.0903 0x20dc [ 36EFC8C32829A27BAF0E63BFDBD5EE90, 7B8C211FFDFBD5D2D9680FA4633379185740876919709F8B41515BAD95BD215B ] massfilter C:\Windows\system32\drivers\massfilter.sys
19:08:18.0903 0x20dc massfilter - ok
19:08:18.0943 0x20dc [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:08:18.0943 0x20dc MBAMProtector - ok
19:08:19.0063 0x20dc [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
19:08:19.0183 0x20dc MBAMScheduler - ok
19:08:19.0233 0x20dc [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
19:08:19.0263 0x20dc MBAMService - ok
19:08:19.0323 0x20dc [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
19:08:19.0333 0x20dc MBAMSwissArmy - ok
19:08:19.0383 0x20dc [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
19:08:19.0383 0x20dc MBAMWebAccessControl - ok
19:08:19.0443 0x20dc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:08:19.0453 0x20dc Mcx2Svc - ok
19:08:19.0473 0x20dc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:08:19.0473 0x20dc megasas - ok
19:08:19.0503 0x20dc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:08:19.0513 0x20dc MegaSR - ok
19:08:19.0533 0x20dc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 26th, 2014, 10:12 pm

Part 2:
19:08:19.0533 0x20dc MMCSS - ok
19:08:19.0553 0x20dc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:08:19.0553 0x20dc Modem - ok
19:08:19.0563 0x20dc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:08:19.0563 0x20dc monitor - ok
19:08:19.0593 0x20dc [ 85198FB1E5CC4A9DB03443A385EA0AD2, 773C262B10EC278072E605314F74EE4C4FE9CD78A74763A31219FF489B7D3D32 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
19:08:19.0593 0x20dc motccgp - ok
19:08:19.0623 0x20dc [ 577399C75CF85AC68E7830EB150F45EF, 0E8D496CDAC260C8B2AB7B37654BA2395EC924903EE07161D13F1B6B1F8C8966 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
19:08:19.0623 0x20dc motccgpfl - ok
19:08:19.0643 0x20dc [ 3CC500C9B0E4D476802D277353CB2C89, 9E4EE267BF70FE0A43A1B994546186FD5ED6E384A7B8F905DFA81617DBEF9AD8 ] MotDev C:\Windows\system32\DRIVERS\motodrv.sys
19:08:19.0643 0x20dc MotDev - ok
19:08:19.0683 0x20dc [ 0EF6B989AF403C1C1B6EBCBD2A280612, 822033F81967519EF4B29B5960E8AECD91AC088B4FF8FADD25422350E9D17CA2 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
19:08:19.0693 0x20dc motmodem - ok
19:08:19.0743 0x20dc [ 5DDCE3FC5A54A4A58EE693046EBFAEF3, 45733E3343823C60F2550CDBEE56D550E622F0AE8CBFE2488E2D1BDC9150FC1D ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
19:08:19.0743 0x20dc Motorola Device Manager - ok
19:08:19.0763 0x20dc [ EBD05F60CAFC5BBA2602B8D7101082D3, 9144E1E7C4DD6150C0E97B4C628DE0216ED372062F5F0FB216C81CAF93DBBF07 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
19:08:19.0763 0x20dc MotoSwitchService - ok
19:08:19.0773 0x20dc [ 7E1BD35249F4D5A745144B3C77F9FB85, 87653E2D8CB78A9DC6573DC96E3C85E6B9C2EEFBA42B38A0BA51D89A4398E214 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
19:08:19.0783 0x20dc Motousbnet - ok
19:08:19.0793 0x20dc [ D075B1D964A314D240F5498773EE89DF, 3EEF4D06556CE9CA4A268F335D87FCA25C078DAE341F4C23B6F56DB9D746FD80 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
19:08:19.0793 0x20dc motusbdevice - ok
19:08:19.0823 0x20dc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:08:19.0823 0x20dc mouclass - ok
19:08:19.0893 0x20dc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:08:19.0893 0x20dc mouhid - ok
19:08:19.0966 0x20dc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:08:19.0966 0x20dc mountmgr - ok
19:08:20.0016 0x20dc [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:08:20.0016 0x20dc MozillaMaintenance - ok
19:08:20.0046 0x20dc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
19:08:20.0046 0x20dc mpio - ok
19:08:20.0076 0x20dc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:08:20.0076 0x20dc mpsdrv - ok
19:08:20.0176 0x20dc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:08:20.0186 0x20dc MpsSvc - ok
19:08:20.0266 0x20dc [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:08:20.0266 0x20dc MRxDAV - ok
19:08:20.0286 0x20dc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:20.0296 0x20dc mrxsmb - ok
19:08:20.0366 0x20dc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:20.0376 0x20dc mrxsmb10 - ok
19:08:20.0396 0x20dc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:20.0396 0x20dc mrxsmb20 - ok
19:08:20.0416 0x20dc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
19:08:20.0416 0x20dc msahci - ok
19:08:20.0436 0x20dc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:08:20.0436 0x20dc msdsm - ok
19:08:20.0446 0x20dc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:08:20.0456 0x20dc MSDTC - ok
19:08:20.0476 0x20dc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:08:20.0486 0x20dc Msfs - ok
19:08:20.0496 0x20dc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:08:20.0496 0x20dc mshidkmdf - ok
19:08:20.0506 0x20dc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:08:20.0516 0x20dc msisadrv - ok
19:08:20.0536 0x20dc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:08:20.0546 0x20dc MSiSCSI - ok
19:08:20.0546 0x20dc msiserver - ok
19:08:20.0576 0x20dc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:08:20.0576 0x20dc MSKSSRV - ok
19:08:20.0586 0x20dc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:20.0586 0x20dc MSPCLOCK - ok
19:08:20.0586 0x20dc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:08:20.0596 0x20dc MSPQM - ok
19:08:20.0666 0x20dc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:08:20.0686 0x20dc MsRPC - ok
19:08:20.0696 0x20dc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:08:20.0696 0x20dc mssmbios - ok
19:08:20.0706 0x20dc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:08:20.0716 0x20dc MSTEE - ok
19:08:20.0716 0x20dc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:08:20.0716 0x20dc MTConfig - ok
19:08:20.0726 0x20dc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:08:20.0736 0x20dc Mup - ok
19:08:20.0766 0x20dc [ A9BC2302FBDF52C8AF4E2FC966288D21, 4CBDCDCC2BA8133BDC0BA1A1EB47FB9241CAACF93544BAD37175417DA9E616D6 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:08:20.0786 0x20dc MyWiFiDHCPDNS - ok
19:08:20.0866 0x20dc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
19:08:20.0866 0x20dc napagent - ok
19:08:20.0896 0x20dc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:08:20.0906 0x20dc NativeWifiP - ok
19:08:21.0016 0x20dc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
19:08:21.0026 0x20dc NDIS - ok
19:08:21.0056 0x20dc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:08:21.0056 0x20dc NdisCap - ok
19:08:21.0076 0x20dc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:21.0076 0x20dc NdisTapi - ok
19:08:21.0196 0x20dc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:21.0196 0x20dc Ndisuio - ok
19:08:21.0256 0x20dc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:21.0266 0x20dc NdisWan - ok
19:08:21.0316 0x20dc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:08:21.0326 0x20dc NDProxy - ok
19:08:21.0336 0x20dc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:08:21.0346 0x20dc NetBIOS - ok
19:08:21.0416 0x20dc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:08:21.0436 0x20dc NetBT - ok
19:08:21.0456 0x20dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\Windows\system32\lsass.exe
19:08:21.0456 0x20dc Netlogon - ok
19:08:21.0486 0x20dc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:08:21.0506 0x20dc Netman - ok
19:08:21.0536 0x20dc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:08:21.0546 0x20dc netprofm - ok
19:08:21.0566 0x20dc [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:21.0566 0x20dc NetTcpPortSharing - ok
19:08:21.0836 0x20dc [ 18555F48844C2861D9DCE8F2B7223AE5, 35F8C0DFCF14780F86AD9A476A7AE22A98589B27ED9C7E109945CBBD227E6E2B ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
19:08:22.0096 0x20dc NETw5s64 - ok
19:08:22.0136 0x20dc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:08:22.0136 0x20dc nfrd960 - ok
19:08:22.0206 0x20dc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:08:22.0216 0x20dc NlaSvc - ok
19:08:22.0236 0x20dc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:08:22.0236 0x20dc Npfs - ok
19:08:22.0256 0x20dc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:08:22.0256 0x20dc nsi - ok
19:08:22.0266 0x20dc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:08:22.0266 0x20dc nsiproxy - ok
19:08:22.0406 0x20dc [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:08:22.0456 0x20dc Ntfs - ok
19:08:22.0476 0x20dc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:08:22.0476 0x20dc Null - ok
19:08:22.0506 0x20dc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:08:22.0506 0x20dc nvraid - ok
19:08:22.0526 0x20dc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:08:22.0526 0x20dc nvstor - ok
19:08:22.0536 0x20dc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:08:22.0536 0x20dc nv_agp - ok
19:08:22.0556 0x20dc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:08:22.0556 0x20dc ohci1394 - ok
19:08:22.0636 0x20dc [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:08:22.0646 0x20dc ose - ok
19:08:22.0826 0x20dc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:08:22.0916 0x20dc osppsvc - ok
19:08:22.0946 0x20dc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:08:22.0956 0x20dc p2pimsvc - ok
19:08:22.0986 0x20dc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:08:22.0996 0x20dc p2psvc - ok
19:08:23.0016 0x20dc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:08:23.0026 0x20dc Parport - ok
19:08:23.0056 0x20dc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:08:23.0056 0x20dc partmgr - ok
19:08:23.0076 0x20dc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
19:08:23.0086 0x20dc PcaSvc - ok
19:08:23.0096 0x20dc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
19:08:23.0106 0x20dc pci - ok
19:08:23.0126 0x20dc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
19:08:23.0126 0x20dc pciide - ok
19:08:23.0146 0x20dc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:08:23.0146 0x20dc pcmcia - ok
19:08:23.0156 0x20dc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:08:23.0166 0x20dc pcw - ok
19:08:23.0186 0x20dc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:08:23.0206 0x20dc PEAUTH - ok
19:08:23.0256 0x20dc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:08:23.0266 0x20dc PerfHost - ok
19:08:23.0396 0x20dc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
19:08:23.0436 0x20dc pla - ok
19:08:23.0516 0x20dc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:08:23.0536 0x20dc PlugPlay - ok
19:08:23.0556 0x20dc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:08:23.0556 0x20dc PNRPAutoReg - ok
19:08:23.0586 0x20dc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:08:23.0596 0x20dc PNRPsvc - ok
19:08:23.0686 0x20dc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:08:23.0696 0x20dc PolicyAgent - ok
19:08:23.0726 0x20dc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:08:23.0726 0x20dc Power - ok
19:08:23.0786 0x20dc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:08:23.0796 0x20dc PptpMiniport - ok
19:08:23.0816 0x20dc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:08:23.0816 0x20dc Processor - ok
19:08:23.0876 0x20dc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
19:08:23.0886 0x20dc ProfSvc - ok
19:08:23.0896 0x20dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:08:23.0896 0x20dc ProtectedStorage - ok
19:08:23.0966 0x20dc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:08:23.0976 0x20dc Psched - ok
19:08:24.0067 0x20dc [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
19:08:24.0067 0x20dc PST Service - ok
19:08:24.0107 0x20dc [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:08:24.0107 0x20dc PxHlpa64 - ok
19:08:24.0197 0x20dc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:08:24.0217 0x20dc ql2300 - ok
19:08:24.0267 0x20dc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:08:24.0277 0x20dc ql40xx - ok
19:08:24.0307 0x20dc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
19:08:24.0317 0x20dc QWAVE - ok
19:08:24.0327 0x20dc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:08:24.0327 0x20dc QWAVEdrv - ok
19:08:24.0337 0x20dc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:08:24.0337 0x20dc RasAcd - ok
19:08:24.0367 0x20dc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:08:24.0367 0x20dc RasAgileVpn - ok
19:08:24.0377 0x20dc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
19:08:24.0387 0x20dc RasAuto - ok
19:08:24.0447 0x20dc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:24.0457 0x20dc Rasl2tp - ok
19:08:24.0537 0x20dc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
19:08:24.0547 0x20dc RasMan - ok
19:08:24.0567 0x20dc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:24.0567 0x20dc RasPppoe - ok
19:08:24.0577 0x20dc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:08:24.0587 0x20dc RasSstp - ok
19:08:24.0667 0x20dc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:08:24.0677 0x20dc rdbss - ok
19:08:24.0687 0x20dc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:08:24.0697 0x20dc rdpbus - ok
19:08:24.0717 0x20dc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:24.0717 0x20dc RDPCDD - ok
19:08:24.0737 0x20dc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:08:24.0737 0x20dc RDPENCDD - ok
19:08:24.0747 0x20dc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:08:24.0747 0x20dc RDPREFMP - ok
19:08:24.0817 0x20dc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:08:24.0827 0x20dc RDPWD - ok
19:08:24.0907 0x20dc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:08:24.0917 0x20dc rdyboost - ok
19:08:24.0997 0x20dc [ 0AA473966357C4A41B5EB19649EB6E5E, D4F1EADDECE41481332CBF03B8CAB4AC6AB048834DF013DB30757E7941F306FE ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:08:25.0017 0x20dc RegSrvc - ok
19:08:25.0037 0x20dc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:08:25.0037 0x20dc RemoteAccess - ok
19:08:25.0057 0x20dc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:08:25.0067 0x20dc RemoteRegistry - ok
19:08:25.0087 0x20dc [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:08:25.0097 0x20dc RFCOMM - ok
19:08:25.0107 0x20dc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:08:25.0107 0x20dc RpcEptMapper - ok
19:08:25.0127 0x20dc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
19:08:25.0137 0x20dc RpcLocator - ok
19:08:25.0217 0x20dc [ D042E5FE276874195047E9872DE6A14D, 24288C8CDC10143879058620AFB874AB40B6395413229E0314570A8B255BCC67 ] RpcSs C:\Windows\system32\rpcss.dll
19:08:25.0227 0x20dc RpcSs - ok
19:08:25.0257 0x20dc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:08:25.0257 0x20dc rspndr - ok
19:08:25.0317 0x20dc [ 30F463768D5143BFD7B2DF822B53CF4D, 3DD94DDF95086C7C2A83617B499627C04D020BF9F230C0F080B169CB846F796F ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:08:25.0327 0x20dc RSUSBSTOR - ok
19:08:25.0357 0x20dc [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:08:25.0367 0x20dc RTL8167 - ok
19:08:25.0377 0x20dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\Windows\system32\lsass.exe
19:08:25.0387 0x20dc SamSs - ok
19:08:25.0397 0x20dc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:08:25.0407 0x20dc sbp2port - ok
19:08:25.0437 0x20dc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:08:25.0447 0x20dc SCardSvr - ok
19:08:25.0497 0x20dc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:08:25.0507 0x20dc scfilter - ok
19:08:25.0667 0x20dc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
19:08:25.0687 0x20dc Schedule - ok
19:08:25.0757 0x20dc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:08:25.0767 0x20dc SCPolicySvc - ok
19:08:25.0787 0x20dc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:08:25.0797 0x20dc SDRSVC - ok
19:08:25.0837 0x20dc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:08:25.0837 0x20dc secdrv - ok
19:08:25.0897 0x20dc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
19:08:25.0897 0x20dc seclogon - ok
19:08:25.0917 0x20dc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
19:08:25.0927 0x20dc SENS - ok
19:08:25.0947 0x20dc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:08:25.0947 0x20dc SensrSvc - ok
19:08:25.0957 0x20dc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:08:25.0967 0x20dc Serenum - ok
19:08:25.0987 0x20dc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:08:25.0987 0x20dc Serial - ok
19:08:26.0008 0x20dc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:08:26.0008 0x20dc sermouse - ok
19:08:26.0068 0x20dc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
19:08:26.0078 0x20dc SessionEnv - ok
19:08:26.0098 0x20dc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:08:26.0098 0x20dc sffdisk - ok
19:08:26.0108 0x20dc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:08:26.0108 0x20dc sffp_mmc - ok
19:08:26.0118 0x20dc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:08:26.0118 0x20dc sffp_sd - ok
19:08:26.0138 0x20dc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:08:26.0138 0x20dc sfloppy - ok
19:08:26.0228 0x20dc [ C6CC9297BD53E5229653303E556AA539, 921E21EDED244FEE15B56564B97C97785F45AB862C1012BFA0B96B121DC90076 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:08:26.0238 0x20dc Sftfs - ok
19:08:26.0378 0x20dc [ 13693B6354DD6E72DC5131DA7D764B90, 447EFDA7CFB1F62EA316219D996406C8DC374097DB903F362D6E945227D8BB2D ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:08:26.0388 0x20dc sftlist - ok
19:08:26.0408 0x20dc [ 390AA7BC52CEE43F6790CDEA1E776703, 0D008289E4B14EF56D5233B7C8C789A36503FBAA8896660776557D6F08808FA7 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:08:26.0418 0x20dc Sftplay - ok
19:08:26.0428 0x20dc [ 617E29A0B0A2807466560D4C4E338D3E, 5E95D38DB9A6776EB4A15A952FA7949831D6F660EED8C3E79BD09D102BAC5D67 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:08:26.0428 0x20dc Sftredir - ok
19:08:26.0438 0x20dc [ 8F571F016FA1976F445147E9E6C8AE9B, 527AB960F2E08F598D1B953BDA4EA749831DD3C765DA278044B8AB22365F02B5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:08:26.0438 0x20dc Sftvol - ok
19:08:26.0458 0x20dc [ C3CDDD18F43D44AB713CF8C4916F7696, 38093295825AFDD08D7E32CC4EF2A6C447F6D6E3C6F7EA5554C25E7C3F16FC92 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:08:26.0468 0x20dc sftvsa - ok
19:08:26.0508 0x20dc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:08:26.0508 0x20dc SharedAccess - ok
19:08:26.0578 0x20dc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:08:26.0598 0x20dc ShellHWDetection - ok
19:08:26.0618 0x20dc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:08:26.0628 0x20dc SiSRaid2 - ok
19:08:26.0638 0x20dc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:08:26.0638 0x20dc SiSRaid4 - ok
19:08:26.0858 0x20dc [ 4CA43B85F22C7739311788B651A779CB, 5F761B3ADBDB093A4198CE5FE3BB444AB3C063483815F45DFB186082DDEB8CBC ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:08:26.0908 0x20dc Skype C2C Service - ok
19:08:27.0008 0x20dc [ F07AF60B152221472FBDB2FECEC4896D, A18FDCE8462A48429E249C44F0E49F844F2E3A4B5215349DE104F34D935EF983 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:08:27.0018 0x20dc SkypeUpdate - ok
19:08:27.0028 0x20dc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:08:27.0038 0x20dc Smb - ok
19:08:27.0058 0x20dc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:08:27.0068 0x20dc SNMPTRAP - ok
19:08:27.0078 0x20dc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
19:08:27.0078 0x20dc spldr - ok
19:08:27.0158 0x20dc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
19:08:27.0188 0x20dc Spooler - ok
19:08:27.0358 0x20dc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
19:08:27.0418 0x20dc sppsvc - ok
19:08:27.0448 0x20dc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:08:27.0458 0x20dc sppuinotify - ok
19:08:27.0488 0x20dc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:08:27.0498 0x20dc srv - ok
19:08:27.0518 0x20dc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:08:27.0538 0x20dc srv2 - ok
19:08:27.0548 0x20dc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:08:27.0558 0x20dc srvnet - ok
19:08:27.0568 0x20dc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:08:27.0578 0x20dc SSDPSRV - ok
19:08:27.0588 0x20dc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:08:27.0598 0x20dc SstpSvc - ok
19:08:27.0658 0x20dc [ 463E33B1EA7AF1E6EB87B66B831DB41A, E76654F8E301829C0F27775A5673A3BA929FE4FA6C1C214A98C2915C5EC189A4 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
19:08:27.0668 0x20dc STacSV - ok
19:08:27.0688 0x20dc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:08:27.0688 0x20dc stexstor - ok
19:08:27.0718 0x20dc [ 4304B75094E106FB5423A290C95841E5, 55670F1DBC9B25A5E31FBEB3CB3C97E2B11CCD6359DA89FF1310C1BBCEC66A80 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:08:27.0738 0x20dc STHDA - ok
19:08:27.0838 0x20dc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
19:08:27.0858 0x20dc stisvc - ok
19:08:27.0918 0x20dc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
19:08:27.0918 0x20dc swenum - ok
19:08:27.0958 0x20dc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
19:08:27.0968 0x20dc swprv - ok
19:08:28.0008 0x20dc [ 8A3FBCB3D6D4710730D27DA4392A4863, 392CCBB54FF2017EDA147283F479E8DED525F41A316EAE114596BBA02D04AF82 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:08:28.0018 0x20dc SynTP - ok
19:08:28.0138 0x20dc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
19:08:28.0168 0x20dc SysMain - ok
19:08:28.0228 0x20dc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:08:28.0238 0x20dc TabletInputService - ok
19:08:28.0258 0x20dc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:08:28.0278 0x20dc TapiSrv - ok
19:08:28.0288 0x20dc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
19:08:28.0298 0x20dc TBS - ok
19:08:28.0408 0x20dc [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:08:28.0448 0x20dc Tcpip - ok
19:08:28.0528 0x20dc [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:08:28.0558 0x20dc TCPIP6 - ok
19:08:28.0618 0x20dc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:08:28.0618 0x20dc tcpipreg - ok
19:08:28.0648 0x20dc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:08:28.0648 0x20dc TDPIPE - ok
19:08:28.0668 0x20dc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:08:28.0668 0x20dc TDTCP - ok
19:08:28.0728 0x20dc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:08:28.0728 0x20dc tdx - ok
19:08:28.0758 0x20dc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
19:08:28.0758 0x20dc TermDD - ok
19:08:28.0848 0x20dc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
19:08:28.0858 0x20dc TermService - ok
19:08:28.0878 0x20dc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
19:08:28.0878 0x20dc Themes - ok
19:08:28.0908 0x20dc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
19:08:28.0908 0x20dc THREADORDER - ok
19:08:28.0928 0x20dc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
19:08:28.0928 0x20dc TrkWks - ok
19:08:29.0008 0x20dc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:08:29.0018 0x20dc TrustedInstaller - ok
19:08:29.0068 0x20dc [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:29.0078 0x20dc tssecsrv - ok
19:08:29.0148 0x20dc [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:08:29.0148 0x20dc TsUsbFlt - ok
19:08:29.0208 0x20dc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:08:29.0218 0x20dc tunnel - ok
19:08:29.0238 0x20dc [ 825E7A1F48FB8BCFBA27C178AAB4E275, 94F039917B52BEFFFE383E14A6169AE81B6E79C30BA7DD017A9CFE15708A1605 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
19:08:29.0238 0x20dc TurboB - ok
19:08:29.0278 0x20dc [ B206BE1174D5964D49A56BB6C4E0524A, 9D7DA11220B69E2EDEA9E55EC0E4CB554DD7F638ABF49B76353CE5A5C75965B8 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:08:29.0288 0x20dc TurboBoost - ok
19:08:29.0318 0x20dc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:08:29.0318 0x20dc uagp35 - ok
19:08:29.0388 0x20dc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:08:29.0408 0x20dc udfs - ok
19:08:29.0428 0x20dc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:08:29.0438 0x20dc UI0Detect - ok
19:08:29.0448 0x20dc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:08:29.0448 0x20dc uliagpkx - ok
19:08:29.0468 0x20dc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
19:08:29.0478 0x20dc umbus - ok
19:08:29.0488 0x20dc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:08:29.0488 0x20dc UmPass - ok
19:08:29.0638 0x20dc [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:08:29.0668 0x20dc UNS - ok
19:08:29.0728 0x20dc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
19:08:29.0728 0x20dc upnphost - ok
19:08:29.0808 0x20dc [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:08:29.0808 0x20dc USBAAPL64 - ok
19:08:29.0868 0x20dc [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:29.0868 0x20dc usbccgp - ok
19:08:29.0898 0x20dc [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:08:29.0908 0x20dc usbcir - ok
19:08:29.0928 0x20dc [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:08:29.0938 0x20dc usbehci - ok
19:08:29.0958 0x20dc [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:08:29.0968 0x20dc usbhub - ok
19:08:29.0978 0x20dc [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:08:29.0978 0x20dc usbohci - ok
19:08:29.0998 0x20dc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:08:29.0998 0x20dc usbprint - ok
19:08:30.0008 0x20dc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:30.0008 0x20dc USBSTOR - ok
19:08:30.0018 0x20dc [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:08:30.0018 0x20dc usbuhci - ok
19:08:30.0048 0x20dc [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:08:30.0058 0x20dc usbvideo - ok
19:08:30.0088 0x20dc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
19:08:30.0088 0x20dc UxSms - ok
19:08:30.0098 0x20dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\Windows\system32\lsass.exe
19:08:30.0098 0x20dc VaultSvc - ok
19:08:30.0128 0x20dc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:08:30.0138 0x20dc vdrvroot - ok
19:08:30.0218 0x20dc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
19:08:30.0238 0x20dc vds - ok
19:08:30.0258 0x20dc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:30.0258 0x20dc vga - ok
19:08:30.0268 0x20dc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:08:30.0278 0x20dc VgaSave - ok
19:08:30.0298 0x20dc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:08:30.0298 0x20dc vhdmp - ok
19:08:30.0318 0x20dc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
19:08:30.0318 0x20dc viaide - ok
19:08:30.0338 0x20dc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:08:30.0338 0x20dc volmgr - ok
19:08:30.0408 0x20dc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:08:30.0418 0x20dc volmgrx - ok
19:08:30.0448 0x20dc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:08:30.0458 0x20dc volsnap - ok
19:08:30.0478 0x20dc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:08:30.0488 0x20dc vsmraid - ok
19:08:30.0598 0x20dc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
19:08:30.0618 0x20dc VSS - ok
19:08:30.0628 0x20dc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:08:30.0638 0x20dc vwifibus - ok
19:08:30.0648 0x20dc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:08:30.0648 0x20dc vwififlt - ok
19:08:30.0668 0x20dc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:08:30.0668 0x20dc vwifimp - ok
19:08:30.0718 0x20dc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
19:08:30.0728 0x20dc W32Time - ok
19:08:30.0748 0x20dc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:08:30.0748 0x20dc WacomPen - ok
19:08:30.0808 0x20dc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:08:30.0818 0x20dc WANARP - ok
19:08:30.0828 0x20dc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:08:30.0828 0x20dc Wanarpv6 - ok
19:08:30.0918 0x20dc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:08:30.0938 0x20dc WatAdminSvc - ok
19:08:31.0049 0x20dc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
19:08:31.0089 0x20dc wbengine - ok
19:08:31.0119 0x20dc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:08:31.0129 0x20dc WbioSrvc - ok
19:08:31.0199 0x20dc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:08:31.0229 0x20dc wcncsvc - ok
19:08:31.0239 0x20dc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:08:31.0239 0x20dc WcsPlugInService - ok
19:08:31.0259 0x20dc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:08:31.0259 0x20dc Wd - ok
19:08:31.0329 0x20dc [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
19:08:31.0329 0x20dc WDC_SAM - ok
19:08:31.0429 0x20dc [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:08:31.0469 0x20dc Wdf01000 - ok
19:08:31.0489 0x20dc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:08:31.0499 0x20dc WdiServiceHost - ok
19:08:31.0499 0x20dc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:08:31.0509 0x20dc WdiSystemHost - ok
19:08:31.0569 0x20dc [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
19:08:31.0589 0x20dc WebClient - ok
19:08:31.0609 0x20dc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:08:31.0619 0x20dc Wecsvc - ok
19:08:31.0639 0x20dc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:08:31.0639 0x20dc wercplsupport - ok
19:08:31.0659 0x20dc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 26th, 2014, 10:13 pm

Part 3 (last of TDSS log):
19:08:31.0659 0x20dc WerSvc - ok
19:08:31.0679 0x20dc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:08:31.0679 0x20dc WfpLwf - ok
19:08:31.0769 0x20dc [ 221780B6C152FB24881638DEFEFF4305, C41A16F910AF7B8672D8395D8F0B104C73F0D7458FE6EE700054B45E9E477F2D ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
19:08:31.0789 0x20dc WiMAXAppSrv - ok
19:08:31.0829 0x20dc [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:08:31.0829 0x20dc WimFltr - ok
19:08:31.0849 0x20dc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:08:31.0849 0x20dc WIMMount - ok
19:08:31.0859 0x20dc WinDefend - ok
19:08:31.0869 0x20dc WinHttpAutoProxySvc - ok
19:08:31.0909 0x20dc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:08:31.0919 0x20dc Winmgmt - ok
19:08:32.0059 0x20dc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
19:08:32.0149 0x20dc WinRM - ok
19:08:32.0189 0x20dc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:08:32.0189 0x20dc WinUsb - ok
19:08:32.0239 0x20dc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:08:32.0269 0x20dc Wlansvc - ok
19:08:32.0299 0x20dc [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:08:32.0299 0x20dc wlcrasvc - ok
19:08:32.0429 0x20dc [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:08:32.0469 0x20dc wlidsvc - ok
19:08:32.0519 0x20dc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:08:32.0519 0x20dc WmiAcpi - ok
19:08:32.0559 0x20dc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:08:32.0569 0x20dc wmiApSrv - ok
19:08:32.0599 0x20dc WMPNetworkSvc - ok
19:08:32.0629 0x20dc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:08:32.0629 0x20dc WPCSvc - ok
19:08:32.0689 0x20dc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:08:32.0699 0x20dc WPDBusEnum - ok
19:08:32.0729 0x20dc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:08:32.0729 0x20dc ws2ifsl - ok
19:08:32.0739 0x20dc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
19:08:32.0739 0x20dc wscsvc - ok
19:08:32.0739 0x20dc WSearch - ok
19:08:32.0949 0x20dc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
19:08:32.0989 0x20dc wuauserv - ok
19:08:33.0049 0x20dc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:08:33.0049 0x20dc WudfPf - ok
19:08:33.0059 0x20dc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:33.0069 0x20dc WUDFRd - ok
19:08:33.0119 0x20dc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:08:33.0129 0x20dc wudfsvc - ok
19:08:33.0189 0x20dc [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:08:33.0199 0x20dc WwanSvc - ok
19:08:33.0239 0x20dc [ B3EEACF62445E24FBB2CD4B0FB4DB026, 2E5B6220094C47754233EDA59E6514CE47AC6C6879F367C72B2C02330EABE8E0 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:08:33.0249 0x20dc yukonw7 - ok
19:08:33.0289 0x20dc [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbgps C:\Windows\system32\DRIVERS\ZTEusbgps.sys
19:08:33.0299 0x20dc ZTEusbgps - ok
19:08:33.0329 0x20dc [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:08:33.0329 0x20dc ZTEusbmdm6k - ok
19:08:33.0349 0x20dc [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:08:33.0359 0x20dc ZTEusbnmea - ok
19:08:33.0359 0x20dc [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbnmeaext C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys
19:08:33.0369 0x20dc ZTEusbnmeaext - ok
19:08:33.0379 0x20dc [ D6959A4FC3B56AFD9E31B0E71377C05F, 95ACE7E58C1DCB8DE6E64CD0E0FF06D5B84311C2D864E7B6E29F59B2D8888F5B ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:08:33.0379 0x20dc ZTEusbser6k - ok
19:08:33.0419 0x20dc [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
19:08:33.0429 0x20dc {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
19:08:33.0459 0x20dc ================ Scan global ===============================
19:08:33.0489 0x20dc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:08:33.0529 0x20dc [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
19:08:33.0559 0x20dc [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
19:08:33.0579 0x20dc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:08:33.0619 0x20dc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:08:33.0629 0x20dc [ Global ] - ok
19:08:33.0639 0x20dc ================ Scan MBR ==================================
19:08:33.0649 0x20dc [ C3220EB08ADD62E3ED9F72A1F4E4B1BB ] \Device\Harddisk0\DR0
19:08:33.0849 0x20dc \Device\Harddisk0\DR0 - ok
19:08:33.0849 0x20dc ================ Scan VBR ==================================
19:08:33.0859 0x20dc [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
19:08:33.0859 0x20dc \Device\Harddisk0\DR0\Partition1 - ok
19:08:33.0879 0x20dc [ 02D3C531AC736F85F2D45F0E1FD3F66F ] \Device\Harddisk0\DR0\Partition2
19:08:33.0909 0x20dc \Device\Harddisk0\DR0\Partition2 - ok
19:08:33.0909 0x20dc ================ Scan generic autorun ======================
19:08:33.0949 0x20dc [ 82A420C1388C76FD18018B0676933D33, B9A97A07F77B641B9FC3AEC04DD48C52DA850DB794AE757F9863B9FA166607A6 ] C:\Program Files\IDT\WDM\sttray64.exe
19:08:33.0959 0x20dc SysTrayApp - ok
19:08:33.0959 0x20dc SynTPEnh - ok
19:08:34.0029 0x20dc [ F2C49A7AA03FC231BE87A65E50D0B6F6, 549A188E8F1E2CA1E4A82EC4F5D7B45C24BAB2B1177EA848183D72F97E198E38 ] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
19:08:34.0059 0x20dc IntelWireless - ok
19:08:34.0129 0x20dc [ D551BF3FAE88AFEC02A371CE8D4691A2, 4B241C18959FA7E1DD16120428BD72FFEEBCB2F6E550D11690294D3DDCBCDF28 ] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
19:08:34.0159 0x20dc IntelWirelessWiMAX - ok
19:08:34.0219 0x20dc [ 810A5F70CEB063CEC85360394BEC2C56, FCC289B23B2347AD7C34B48E6EFB1914B5ED8D9DD397B0816D94747B168DFD64 ] C:\Windows\system32\igfxtray.exe
19:08:34.0229 0x20dc IgfxTray - ok
19:08:34.0249 0x20dc [ 2FE8F6A30802B69A3F501607F346DEEA, CD603DB6055861E9EAD397234120FBE0D3CACEFADB0D6001099CF0DA9DF1CC34 ] C:\Windows\system32\hkcmd.exe
19:08:34.0259 0x20dc HotKeysCmds - ok
19:08:34.0279 0x20dc [ CA1941B93BA45B7EA4D7D9F451B25C84, B0648762862931CB12004C92CD7A7EF8E3B1C14DD33C980A490D8AA56F7AA723 ] C:\Windows\system32\igfxpers.exe
19:08:34.0279 0x20dc Persistence - ok
19:08:34.0319 0x20dc [ CBEBF85763814AD2CA23491050B08D76, E67ECEB3B9921DF8EB4236FC811E4C40AE7EE3272ED5D1E6CBF1ACB1E205963B ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
19:08:34.0329 0x20dc IAStorIcon - ok
19:08:34.0389 0x20dc [ EDAD4A8A1D46AFCF9E76B996D55116EB, 937549E6FBF5D7282E56866C705539646F2CB6839FD74BF7AA8FB2BA5CCEE940 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:08:34.0399 0x20dc SunJavaUpdateSched - ok
19:08:34.0399 0x20dc "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" - ok
19:08:34.0419 0x20dc Facebook Update - ok
19:08:34.0929 0x20dc [ CBEC06E32D0AC9C3D0A9199EDC1FB959, 9D7F9A372096EAE6B401653207ADDC08EC275065250EEFA235F580FB45D73E19 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
19:08:35.0189 0x20dc Skype - ok
19:08:35.0209 0x20dc IDT - ok
19:08:35.0209 0x20dc HTML - ok
19:08:35.0299 0x20dc [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files (x86)\QuickTime\QTTask.exe
19:08:35.0319 0x20dc QuickTime Task - ok
19:08:35.0339 0x20dc [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files (x86)\QuickTime\QTTask.exe
19:08:35.0349 0x20dc QuickTime Task - ok
19:08:35.0349 0x20dc Waiting for KSN requests completion. In queue: 76
19:08:36.0350 0x20dc Waiting for KSN requests completion. In queue: 76
19:08:37.0350 0x20dc Waiting for KSN requests completion. In queue: 76
19:08:38.0410 0x20dc Win FW state via NFP2: enabled
19:08:41.0270 0x20dc ============================================================
19:08:41.0270 0x20dc Scan finished
19:08:41.0270 0x20dc ============================================================
19:08:41.0280 0x57c8 Detected object count: 0
19:08:41.0280 0x57c8 Actual detected object count: 0
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 26th, 2014, 10:26 pm

I apologize for the misstatement about cleaning with Malwarebytes. I was trying a lot of different programs and don't really remember which ones I used. Thank you for the info on IObit... I've since uninstalled it and will be sure to let anyone else know that stumbles upon it.

Here are the two logs you requested:
OTL logfile created on: 6/26/2014 7:15:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bamf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 72.31% Memory free
8.44 Gb Paging File | 6.02 Gb Available in Paging File | 71.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.89 Gb Total Space | 1.99 Gb Free Space | 0.29% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: bamf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/26 19:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bamf\Desktop\OTL.exe
PRC - [2014/06/05 21:38:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/11 15:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/11 15:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/11 15:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2012/05/18 09:37:40 | 000,780,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/05/18 09:37:40 | 000,116,632 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2011/09/30 16:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/09/30 16:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/02 00:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 09:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2014/06/21 11:29:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2014/06/21 11:29:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2014/06/21 11:29:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2014/06/21 11:29:14 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f3abe5e86f6df8943d5d2802bdf964c\IAStorUtil.ni.dll
MOD - [2014/06/21 11:29:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2014/06/21 11:29:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2014/06/21 11:28:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2014/06/21 11:28:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2014/06/21 11:28:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2014/06/21 11:27:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2014/06/05 21:38:46 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/18 09:37:40 | 000,780,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2010/09/28 11:32:44 | 000,911,872 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/09/28 11:27:06 | 000,606,720 | ---- | M] (Red Bend Ltd.) [Disabled | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/03/05 09:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 09:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 09:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/12/29 13:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/11/02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/06/05 21:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/11 15:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/11 15:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/12 21:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 21:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/18 09:37:40 | 000,116,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/30 16:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/09/30 16:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/02 00:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/01/16 14:22:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/06/26 17:17:47 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/06/25 00:54:09 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/05/11 15:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/11 15:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/12 21:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/20 21:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/26 13:00:20 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6UX164.sys -- (L6UX1)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/24 22:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/01/24 22:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012/01/24 22:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2012/01/24 22:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/01/10 06:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/11/07 21:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/09/30 16:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/09/30 16:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/09/30 16:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/09/30 16:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/09 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/26 19:10:30 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/09/19 19:11:28 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2010/09/19 19:11:22 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/09/19 19:11:18 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/08/30 05:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/05/31 11:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/03/30 12:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 12:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/30 12:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/30 12:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/30 12:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/17 14:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 14:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/26 17:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/07 20:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/01/29 02:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/05/06 00:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/15 09:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2008/04/15 09:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV:64bit: - [2008/04/15 09:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2008/04/15 09:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008/04/15 09:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbgps.sys -- (ZTEusbgps)
DRV:64bit: - [2008/04/15 09:17:32 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2007/11/02 00:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2014/06/24 08:16:28 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2009/12/29 15:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/16 15:25:12] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mydreamworld.50webs.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mydreamworld.50webs.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 9B 88 6D 46 90 CF 01 [binary data]
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/06/25 03:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bamf\AppData\Roaming\Mozilla\Extensions
[2014/06/25 00:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bamf\AppData\Roaming\Mozilla\Firefox\Profiles\r8l5nuej.default\extensions
[2014/06/25 03:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/25 03:46:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/06/24 12:04:28 | 000,450,709 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll File not found
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C67ACCC-17B0-4CA7-8EBB-B5AC781C59B3}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll File not found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/26 19:14:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bamf\Desktop\OTL.exe
[2014/06/25 03:56:12 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Local\ElevatedDiagnostics
[2014/06/25 03:55:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/06/25 03:49:02 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/25 03:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/25 03:48:53 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/25 03:48:53 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/25 03:48:53 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/25 03:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/25 03:46:39 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Roaming\Mozilla
[2014/06/25 03:46:39 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Local\Mozilla
[2014/06/25 03:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/06/25 03:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/06/25 03:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/25 03:29:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/25 03:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2014/06/25 03:17:44 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Local\VirtualStore
[2014/06/25 03:02:31 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Local\CrashDumps
[2014/06/25 01:10:44 | 000,000,000 | ---D | C] -- C:\EEK
[2014/06/25 00:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/06/25 00:31:05 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Roaming\Oracle
[2014/06/25 00:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/06/25 00:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/06/25 00:29:47 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/06/25 00:29:38 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/06/25 00:29:38 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/06/25 00:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/06/25 00:29:37 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/06/25 00:29:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/25 00:22:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/24 23:59:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/06/24 23:59:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/06/24 23:59:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/06/24 23:54:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/06/24 23:53:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/06/24 23:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/06/24 22:52:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/06/24 11:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/06/24 11:47:35 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Roaming\IObit
[2014/06/24 11:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/06/24 11:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/06/24 11:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/06/21 02:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/21 02:29:07 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Local\Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/26 19:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bamf\Desktop\OTL.exe
[2014/06/26 17:17:47 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/26 14:53:23 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/26 14:53:23 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/26 14:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/26 14:45:46 | 1989,160,959 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/26 14:27:40 | 000,025,088 | ---- | M] () -- C:\Users\bamf\Desktop\codecheck.exe
[2014/06/25 03:48:55 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2014/06/25 03:46:34 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/25 03:37:54 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/06/25 00:54:09 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/06/25 00:50:37 | 000,003,536 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/06/25 00:29:29 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/06/25 00:29:28 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/06/25 00:29:28 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/06/25 00:29:28 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/06/24 23:49:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2014/06/24 12:04:28 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/21 11:22:18 | 000,321,486 | --S- | M] () -- C:\Windows\SysNative\kamy.piu
[2014/06/21 11:12:53 | 000,000,454 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/26 14:27:36 | 000,025,088 | ---- | C] () -- C:\Users\bamf\Desktop\codecheck.exe
[2014/06/25 03:48:55 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2014/06/25 03:46:34 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/25 03:46:34 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/25 03:37:50 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/06/25 00:54:09 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/06/25 00:50:37 | 000,003,536 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/06/24 23:59:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/06/24 23:59:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/06/24 23:59:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/06/24 23:59:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/06/24 23:59:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/06/21 11:22:18 | 000,321,486 | --S- | C] () -- C:\Windows\SysNative\kamy.piu
[2012/08/22 14:31:50 | 000,744,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/11 14:08:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


And:
OTL Extras logfile created on: 6/26/2014 7:15:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bamf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 5.64 Gb Available Physical Memory | 72.31% Memory free
8.44 Gb Paging File | 6.02 Gb Available in Paging File | 71.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.89 Gb Total Space | 1.99 Gb Free Space | 0.29% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: bamf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0538A4C5-4D79-4489-8878-98EED6F16477}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{065F8CCD-2AD0-4810-8B49-9E8BF0D07DC0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0772E38C-8A23-4AF0-84FE-9C92BCAFE836}" = lport=139 | protocol=6 | dir=in | app=system |
"{083B1B4E-4668-47BC-8EEC-EF1073C61DA2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0C86EACD-09BE-4B6C-A0B0-29F77401E217}" = rport=138 | protocol=17 | dir=out | app=system |
"{0EA2B0EA-5081-48A0-97C4-ED9F049AAE1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0EFAC2A0-E678-4C37-8938-978F5AB3E27D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FB892E7-9BC5-4817-8D87-68793B077D3E}" = lport=137 | protocol=17 | dir=in | app=system |
"{20EE5B95-36C3-4932-8897-FC585FF84097}" = lport=138 | protocol=17 | dir=in | app=system |
"{24026473-76AC-4302-8526-675D66B58524}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42353E17-F6D3-4E62-A9B6-2AB57D06D72D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42A69A0A-5F0C-49A7-BCD9-142DF08E3657}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DFFAF06-B920-47BF-9D38-CE265229D92A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7415E9DD-3C72-4B3F-B0BA-074CBE3F6034}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75A7085E-F33D-44C3-932E-30591894EEE6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87C2F6BA-DFC9-4EF4-B28A-9F33FF5FE5A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87D5073A-CBC6-4B8D-BB03-ACD3E0C593C6}" = rport=139 | protocol=6 | dir=out | app=system |
"{ABD4881B-BE81-461A-A98D-C0ACC713A119}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3120AF4-02AE-4A65-A683-5DAA9C5567CA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CFB63588-8306-4F34-B9B5-7BCF241A35AA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D5136AF5-5E5C-4EA0-B11F-887098B13057}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DD53E81E-8638-43B6-ACB9-3E0C75DF76A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{E3AFC7C2-CB76-44E1-8A87-BF6D8E52CE8C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFD24B38-9A55-4A8C-922F-86C2D1E2BF71}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F67A7C9C-B358-4D3B-9CE8-76056D6551DC}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA9A94C-B77C-4A34-AE2C-130B1D305570}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{14B541B2-13DC-4769-80A0-A7DB858C2BD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A5480BF-860C-461E-BBDC-FDC36367F9C4}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{1B2D76F6-8C16-4C0C-B4D8-2CDE1BA57A92}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{1C4A88F0-640B-4F6D-925C-6362D4A91E2F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{222F4712-41EE-46EF-AEF3-551C52EA6EB7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{2532C5EA-77C6-44AC-9A08-9B902D2EC65E}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{26AA1234-8738-4DFB-AF22-B14A0E8E751A}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{291A08A4-8171-4068-8915-B82084D7193F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{30233D8E-6CD1-4ABF-B3F8-F8A83C9C9094}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{332354E1-CFA5-4B9E-BEFD-FE6389A578CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3979F594-2687-48FA-A123-E0B55E911D54}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{3D15B5FD-3581-4232-BE2E-8E0F099AC50F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{431C7ED1-B498-487C-B6BE-FE72637490FE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{43D6FA2D-BA6C-4A62-885D-826EA3EA4C43}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{4C198000-7DD8-4324-A83D-9BD45DE44B7C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CEE1D3B-42F0-4449-B5DE-D53E05262136}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{535ED889-7B1D-4C1C-9A11-FB465EE9C25C}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{56049F6D-3966-4675-AF3A-4387A5B78C55}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{56DB01E7-6066-4A06-9E7B-A87951815762}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A3A2FC5-6B00-45E7-9104-D1F633C991C4}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{5C661AFC-7DFB-4DED-ABB9-29DE031BB47D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5CCDF9F3-632C-46A2-8601-A2A35057DA20}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{5D4475F3-D099-4045-8186-77A993276422}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F9F757A-7EFC-47C1-B718-E52A722FC59E}" = dir=in | app=c:\users\pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{6088F101-E919-4B64-9067-6FAB86FD9250}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{646AA5E7-62F7-4D9C-BD14-DD3BFF98D0B5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{678F944E-7511-4374-84E5-8A2FE6B51EA0}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{739DEE81-6C8D-460B-80BD-54AF4362902B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7724C22F-BA19-4A58-83A7-96E511CC65E0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7CCEEBD2-A44E-4AB8-B350-C5FBA2615A12}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{8255F2FE-1DB1-451D-993C-F6BBCFD87D6A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{86B5C0F1-1DF7-4E8A-9027-A7AB188B8DCD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{887A513D-D60F-44BE-98FC-2D4D9D32476D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8F1B5E07-8180-44F8-BF5F-5069DCAC366B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{91C752FD-FD5A-4A5A-A76C-F052A4E754DD}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{927DD7EC-6951-4955-A91A-956B9AAC2B52}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9767018E-EE8E-44EE-AA92-E365932EF070}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C88FA92-0C47-4CB9-9F55-002F8C5B52A6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0B9457B-3612-4843-A126-C9753615B212}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{A270B20B-1C9F-4EB7-8D34-277857A74D4E}" = protocol=6 | dir=out | app=system |
"{A2E85670-7115-4BB0-AB78-038E2DD99261}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{A3B7D846-C3B6-41DF-9DD7-B8940AEF9F30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A67527FC-FB89-4A88-9F7C-B19AED3E68CC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AEFB30E7-54B6-4D7D-A410-5E99BBCF1336}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{B2BFC2BA-0453-4E89-B747-7DB69F53901C}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{B676A668-8192-4BF8-BEC6-E77DECD20A98}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{B9A0B7B1-5C28-46A3-9F84-6F3E62E932B8}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{BF5F5220-DA58-4C8C-B0E0-81442064C005}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{C07E9B04-BA99-4E60-810B-82EAC3B2DD76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0C530CA-B435-46F5-B9C7-36BAE756D16A}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{C1144E1C-9903-4AE4-8E68-C09DA35F3E57}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{C4059B59-9644-4CC4-9791-35FC3F003963}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C40E4D8A-7550-4C5D-8CD5-E6A9F766873D}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{CA8BA5B6-F754-49DA-858D-C71164E06B77}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{CD3AF112-011F-4EA9-BFA1-BB2880F3AB05}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{D278F177-73A8-472F-B313-31593BBA7EE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D41717E5-0E8F-4D27-B06F-A32BD451B142}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DAC71F7C-CB7F-4822-8545-8D15104F3FFC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DB44AD6E-020B-4808-8061-C29EE7E8F68B}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{EEA26343-5C7E-44BE-B00E-CFBB764C1486}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2978225-9758-422F-8FCF-497CB94103E2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F304743F-162A-4CC8-95D3-8F4566F3ABF8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F322C172-6E22-4660-BC72-F0F68AA97F8B}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{F6C36E87-B044-4861-92AD-070E181FD0B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC53D3DD-726D-4A29-8E79-3CBC063268D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{22D04169-52F8-4C78-8700-034DB6631739}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{5E17342B-A2C7-4A5B-BF30-2C314C089151}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{DECDAB39-46C5-47EE-A36E-A7DF8E444467}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{F99CA79E-26D9-4D1E-ABE4-9C64923BE905}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |
"UDP Query User{3AFEA84E-729A-4EE7-9F5D-05A6C6C2A566}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{3F8F4A96-4F66-4D5B-9968-8308226D710C}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{632EDE20-532C-40FE-BA60-E850F40B2375}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{BFAE8A8A-D193-4A86-8E6E-F271741A151D}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FD9C13F5-1BF8-4C63-89D2-FE955C9DABD8}" = Motorola Mobile Drivers Installation 5.6.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A2DDF67-3FA4-451C-8BF1-21CA4E546AEF}" = Motorola Device Software Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35F7D0BF-08AB-42E3-A403-AF9772AC216A}" = Adobe Flash Player 10 Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{624A02E4-8F95-43F6-9EF3-7E437AB9B80B}" = VZAccess Manager
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F78676-9219-4C9D-9E24-FAA187C4DF1E}" = ZTE USB Drivers
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EAC93E1D-4807-43E2-B39A-8170B731B7D0}" = RSDLite
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Diablo II" = Diablo II
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MotoHelper" = MotoHelper 2.0.45 Driver 5.0.0
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/26/2014 10:07:26 PM | Computer Name = pc-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 6/26/2014 10:07:26 PM | Computer Name = pc-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 6/26/2014 10:07:26 PM | Computer Name = pc-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 6/26/2014 10:07:26 PM | Computer Name = pc-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 6/26/2014 10:14:59 PM | Computer Name = pc-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 6/26/2014 10:14:59 PM | Computer Name = pc-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 6/26/2014 10:14:59 PM | Computer Name = pc-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 6/26/2014 10:14:59 PM | Computer Name = pc-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 6/26/2014 10:14:59 PM | Computer Name = pc-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 6/26/2014 10:14:59 PM | Computer Name = pc-PC | Source = Windows Search Service | ID = 7010
Description =

[ Dell Events ]
Error - 4/4/2011 5:22:21 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/5/2011 2:04:46 AM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/5/2011 2:04:46 AM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/29/2011 12:57:45 AM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/29/2011 12:57:45 AM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/1/2011 6:06:11 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/1/2011 6:06:11 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/6/2011 6:51:46 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/6/2011 6:51:46 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/21/2011 6:55:21 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 6/26/2014 10:19:28 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 6/26/2014 10:19:58 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 6/26/2014 10:20:28 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 6/26/2014 10:20:58 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 6/26/2014 10:21:28 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 6/26/2014 10:21:58 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 6/26/2014 10:22:28 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 6/26/2014 10:22:58 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 6/26/2014 10:23:28 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 6/26/2014 10:23:58 PM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126


< End of report >
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » June 29th, 2014, 1:22 pm

Hi sturdman,

Sorry for the delayed reply. I need more information on what infections were removed by the programs you used. This way I can determine the course of action to take.
Specific infections target specfic areas of the operating system. Hence;
But his computer is still very iffy and sluggish. Strangely enough, the icon in the lower right portion of the screen that indicates if you are connected to the internet, always has a red X through it... but the internet still works?


Step 1.
  • Copy all text in the quote box (below)...to Notepad, Do not include the word Code:or Select all:
    Code: Select all
    @echo off
    set >> "%userprofile%\desktop\look.txt"
    dir /a /s C:\AdwCleaner >> "%userprofile%\desktop\look.txt"
    dir /a /s C:\TDSSKiller_Quarantine >> "%userprofile%\desktop\look.txt"
    dir /a /s C:\Windows\erdnt >> "%userprofile%\desktop\look.txt"
    dir /a /s C:\Qoobox >> "%userprofile%\desktop\look.txt"
    dir /a /s C:\Users\bamf\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs >> "%userprofile%\desktop\look.txt"
    dir /a C:\Users >> "%userprofile%\desktop\look.txt"
    notepad %userprofile%\desktop\look.txt
    del %userprofile%\desktop\look.txt
    del %userprofile%\desktop\look.bat
  • Save the Notepad file on your desktop...as look.bat... save type as "All Files"
    Image
    look.bat<<------------- you should see this on your desktop.
    Right click on look.bat select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    A black CMD window will flash, then disappear...this is normal.
  • A file should appear on your Desktop. Please post the contents of this file.


Step 2.
Farbar Service Scanner (FSS)
SCAN Option
Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  1. Right click on FSS.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Make sure the following options are checked:
    • Internet Services (checked by default)
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  3. Press the "Scan" button.
    When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
  4. Please copy and paste the contents of the FSS.txt log to your reply.
    Note: If you receive an AutoIt error indicating: Error: Variable must be of type "Object", please UNCHECK the "Report Windows Version Fully" option and run the scan again.


Please include in your next reply:
  1. Contents of look.txt
  2. Contents of FSS.txt
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 29th, 2014, 5:56 pm

Here is the look.txt:

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\bamf\AppData\Roaming
asl.log=Destination=file
CLASSPATH=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=PC-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\bamf
LOCALAPPDATA=C:\Users\bamf\AppData\Local
LOGONSERVER=\\PC-PC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Common Files\Intel\WirelessCommon;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Live\Shared;;C:\Program Files (x86)\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=2505
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\bamf\AppData\Local\Temp
TMP=C:\Users\bamf\AppData\Local\Temp
USERDOMAIN=pc-PC
USERNAME=bamf
USERPROFILE=C:\Users\bamf
windir=C:\Windows
Volume in drive C is OS
Volume Serial Number is 7C4E-86D4

Directory of C:\AdwCleaner

06/26/2014 02:27 PM <DIR> .
06/26/2014 02:27 PM <DIR> ..
06/25/2014 12:30 AM 689 AdwCleaner[R0].txt
06/26/2014 01:27 PM 884 AdwCleaner[R1].txt
06/26/2014 02:27 PM 943 AdwCleaner[R2].txt
06/25/2014 12:31 AM 751 AdwCleaner[S0].txt
06/25/2014 12:29 AM <DIR> Quarantine
4 File(s) 3,267 bytes

Directory of C:\AdwCleaner\Quarantine

06/25/2014 12:29 AM <DIR> .
06/25/2014 12:29 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
4 File(s) 3,267 bytes
5 Dir(s) 11,819,388,928 bytes free
Volume in drive C is OS
Volume Serial Number is 7C4E-86D4

Directory of C:\TDSSKiller_Quarantine

06/24/2014 10:57 PM <DIR> .
06/24/2014 10:57 PM <DIR> ..
06/24/2014 10:52 PM <DIR> 25.06.2014_14.48.18
06/24/2014 10:57 PM <DIR> 25.06.2014_14.55.00
0 File(s) 0 bytes

Directory of C:\TDSSKiller_Quarantine\25.06.2014_14.48.18

06/24/2014 10:52 PM <DIR> .
06/24/2014 10:52 PM <DIR> ..
06/24/2014 10:52 PM <DIR> mbr0000
06/24/2014 10:52 PM <DIR> tdlfs0000
0 File(s) 0 bytes

Directory of C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000

06/24/2014 10:52 PM <DIR> .
06/24/2014 10:52 PM <DIR> ..
06/24/2014 10:52 PM <DIR> mbr0000
06/24/2014 10:52 PM 100 object.ini
06/24/2014 10:52 PM <DIR> tdlfs0000
1 File(s) 100 bytes

Directory of C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\mbr0000

06/24/2014 10:52 PM <DIR> .
06/24/2014 10:52 PM <DIR> ..
06/24/2014 10:52 PM 118 object.ini
06/24/2014 10:52 PM 32,768 tsk0000.dta
06/24/2014 10:52 PM 68 tsk0000.ini
06/24/2014 10:52 PM 417,168 tsk0001.dta
06/24/2014 10:52 PM 74 tsk0001.ini
06/24/2014 10:52 PM 32,768 tsk0002.dta
06/24/2014 10:52 PM 68 tsk0002.ini
7 File(s) 483,032 bytes

Directory of C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000

06/24/2014 10:52 PM <DIR> .
06/24/2014 10:52 PM <DIR> ..
06/24/2014 10:52 PM 150 object.ini
06/24/2014 10:52 PM 51,712 tsk0000.dta
06/24/2014 10:52 PM 164 tsk0000.ini
06/24/2014 10:52 PM 6,144 tsk0001.dta
06/24/2014 10:52 PM 166 tsk0001.ini
06/24/2014 10:52 PM 43,520 tsk0002.dta
06/24/2014 10:52 PM 160 tsk0002.ini
06/24/2014 10:52 PM 22,528 tsk0003.dta
06/24/2014 10:52 PM 160 tsk0003.ini
06/24/2014 10:52 PM 266 tsk0004.dta
06/24/2014 10:52 PM 168 tsk0004.ini
06/24/2014 10:52 PM 194 tsk0005.dta
06/24/2014 10:52 PM 166 tsk0005.ini
06/24/2014 10:52 PM 1,233 tsk0006.dta
06/24/2014 10:52 PM 158 tsk0006.ini
06/24/2014 10:52 PM 3,142 tsk0007.dta
06/24/2014 10:52 PM 158 tsk0007.ini
06/24/2014 10:52 PM 3,656 tsk0008.dta
06/24/2014 10:52 PM 158 tsk0008.ini
06/24/2014 10:52 PM 72 tsk0009.dta
06/24/2014 10:52 PM 146 tsk0009.ini
06/24/2014 10:52 PM 512 tsk0010.dta
06/24/2014 10:52 PM 154 tsk0010.ini
06/24/2014 10:52 PM 28 tsk0011.dta
06/24/2014 10:52 PM 146 tsk0011.ini
06/24/2014 10:52 PM 7,168 tsk0012.dta
06/24/2014 10:52 PM 166 tsk0012.ini
06/24/2014 10:52 PM 71 tsk0013.dta
06/24/2014 10:52 PM 148 tsk0013.ini
06/24/2014 10:52 PM 78 tsk0014.dta
06/24/2014 10:52 PM 148 tsk0014.ini
31 File(s) 142,840 bytes

Directory of C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000

06/24/2014 10:52 PM <DIR> .
06/24/2014 10:52 PM <DIR> ..
06/24/2014 10:52 PM 150 object.ini
06/24/2014 10:52 PM 51,712 tsk0000.dta
06/24/2014 10:52 PM 164 tsk0000.ini
06/24/2014 10:52 PM 6,144 tsk0001.dta
06/24/2014 10:52 PM 166 tsk0001.ini
06/24/2014 10:52 PM 43,520 tsk0002.dta
06/24/2014 10:52 PM 160 tsk0002.ini
06/24/2014 10:52 PM 22,528 tsk0003.dta
06/24/2014 10:52 PM 160 tsk0003.ini
06/24/2014 10:52 PM 266 tsk0004.dta
06/24/2014 10:52 PM 168 tsk0004.ini
06/24/2014 10:52 PM 194 tsk0005.dta
06/24/2014 10:52 PM 166 tsk0005.ini
06/24/2014 10:52 PM 1,233 tsk0006.dta
06/24/2014 10:52 PM 158 tsk0006.ini
06/24/2014 10:52 PM 3,142 tsk0007.dta
06/24/2014 10:52 PM 158 tsk0007.ini
06/24/2014 10:52 PM 3,656 tsk0008.dta
06/24/2014 10:52 PM 158 tsk0008.ini
06/24/2014 10:52 PM 72 tsk0009.dta
06/24/2014 10:52 PM 146 tsk0009.ini
06/24/2014 10:52 PM 512 tsk0010.dta
06/24/2014 10:52 PM 154 tsk0010.ini
06/24/2014 10:52 PM 28 tsk0011.dta
06/24/2014 10:52 PM 146 tsk0011.ini
06/24/2014 10:52 PM 7,168 tsk0012.dta
06/24/2014 10:52 PM 166 tsk0012.ini
06/24/2014 10:52 PM 71 tsk0013.dta
06/24/2014 10:52 PM 148 tsk0013.ini
06/24/2014 10:52 PM 78 tsk0014.dta
06/24/2014 10:52 PM 148 tsk0014.ini
31 File(s) 142,840 bytes

Directory of C:\TDSSKiller_Quarantine\25.06.2014_14.55.00

06/24/2014 10:57 PM <DIR> .
06/24/2014 10:57 PM <DIR> ..
06/24/2014 10:57 PM <DIR> tdlfs0000
0 File(s) 0 bytes

Directory of C:\TDSSKiller_Quarantine\25.06.2014_14.55.00\tdlfs0000

06/24/2014 10:57 PM <DIR> .
06/24/2014 10:57 PM <DIR> ..
06/24/2014 10:57 PM 150 object.ini
1 File(s) 150 bytes

Total Files Listed:
71 File(s) 768,962 bytes
23 Dir(s) 11,819,376,640 bytes free
Volume in drive C is OS
Volume Serial Number is 7C4E-86D4

Directory of C:\Windows\erdnt

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> cache64
06/25/2014 12:21 AM <DIR> cache86
06/24/2014 11:54 PM <DIR> Hiv-backup
0 File(s) 0 bytes

Directory of C:\Windows\erdnt\cache64

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
07/13/2009 05:10 PM 23,040 asyncmac.sys
07/13/2009 06:52 PM 24,128 atapi.sys
07/04/2012 03:13 PM 136,704 browser.dll
07/13/2009 06:40 PM 18,944 cngaudit.dll
11/20/2010 06:25 AM 633,856 comctl32.dll
07/13/2009 06:26 PM 1,297,408 comres.dll
06/01/2012 10:41 PM 184,320 cryptsvc.dll
07/13/2009 06:39 PM 9,728 ctfmon.exe
07/13/2009 06:40 PM 402,944 es.dll
06/25/2014 12:21 AM 3,332 FD_Cache.md5
07/13/2009 06:41 PM 424,448 hnetcfg.dll
07/13/2009 06:41 PM 167,424 imm32.dll
07/13/2009 06:48 PM 50,768 kbdclass.sys
11/29/2012 10:41 PM 1,161,216 kernel32.dll
07/13/2009 06:41 PM 5,120 ksuser.dll
07/13/2009 06:41 PM 29,696 linkinfo.dll
07/13/2009 06:41 PM 41,984 lpk.dll
11/16/2011 11:33 PM 31,232 lsass.exe
05/05/2013 02:36 PM 17,818,624 mshtml.dll
07/13/2009 06:41 PM 8,192 msimg32.dll
12/16/2011 01:46 AM 634,880 msvcrt.dll
11/20/2010 06:27 AM 326,144 mswsock.dll
08/22/2012 11:12 AM 950,128 ndis.sys
11/20/2010 06:27 AM 695,808 netlogon.dll
07/13/2009 06:41 PM 360,448 netman.dll
04/12/2013 07:45 AM 1,656,680 ntfs.sys
08/30/2012 11:03 AM 5,559,664 ntoskrnl.exe
07/13/2009 04:19 PM 6,144 null.sys
11/20/2010 06:27 AM 2,086,912 ole32.dll
07/13/2009 06:41 PM 167,424 powrprof.dll
11/20/2010 06:27 AM 849,920 qmgr.dll
07/13/2009 06:41 PM 159,232 regsvc.dll
11/20/2010 06:27 AM 232,960 scecli.dll
11/20/2010 06:27 AM 1,110,016 schedsvc.dll
07/13/2009 06:39 PM 328,704 services.exe
07/13/2009 06:33 PM 3,072 sfc.dll
11/20/2010 06:27 AM 370,688 shsvcs.dll
02/10/2012 11:36 PM 559,104 spoolsv.exe
07/13/2009 06:41 PM 193,024 ssdpsrv.dll
07/13/2009 06:39 PM 27,136 svchost.exe
11/20/2010 06:27 AM 316,928 tapisrv.dll
01/02/2013 11:00 PM 1,913,192 tcpip.sys
11/20/2010 02:21 AM 119,296 tdx.sys
11/20/2010 06:27 AM 680,960 termsrv.dll
11/20/2010 06:27 AM 1,008,128 user32.dll
11/20/2010 06:25 AM 30,720 userinit.exe
11/21/2012 10:44 PM 800,768 usp10.dll
04/04/2013 06:00 PM 1,392,128 wininet.dll
07/13/2009 06:39 PM 129,024 wininit.exe
11/20/2010 06:25 AM 390,656 winlogon.exe
07/13/2009 06:34 PM 4,608 ws2help.dll
11/20/2010 06:27 AM 297,984 ws2_32.dll
06/02/2012 03:19 PM 57,880 wuauclt.exe
53 File(s) 45,893,468 bytes

Directory of C:\Windows\erdnt\cache86

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
07/13/2009 06:15 PM 12,288 cngaudit.dll
11/20/2010 05:18 AM 530,432 comctl32.dll
06/01/2012 09:36 PM 140,288 cryptsvc.dll
07/13/2009 06:14 PM 8,704 ctfmon.exe
11/20/2010 05:18 AM 1,828,352 d3d9.dll
07/13/2009 06:15 PM 531,968 ddraw.dll
07/13/2009 06:15 PM 453,632 dsound.dll
07/13/2009 06:15 PM 271,360 es.dll
02/24/2011 11:19 PM 2,871,808 explorer.exe
07/13/2009 06:15 PM 19,456 ias.dll
04/04/2013 03:47 PM 757,360 iexplore.exe
11/20/2010 05:08 AM 119,808 imm32.dll
11/29/2012 09:53 PM 1,114,112 kernel32.dll
07/13/2009 06:15 PM 4,608 ksuser.dll
07/13/2009 06:15 PM 22,016 linkinfo.dll
07/13/2009 06:11 PM 25,600 lpk.dll
11/20/2010 05:19 AM 954,288 mfc40u.dll
07/13/2009 06:15 PM 16,896 midimap.dll
05/05/2013 12:25 PM 12,324,864 mshtml.dll
07/13/2009 06:15 PM 4,608 msimg32.dll
12/16/2011 12:52 AM 690,688 msvcrt.dll
11/20/2010 05:19 AM 232,448 mswsock.dll
11/20/2010 05:20 AM 563,712 netlogon.dll
08/30/2012 10:12 AM 3,968,880 ntkrnlpa.exe
08/30/2012 10:12 AM 3,914,096 ntoskrnl.exe
11/20/2010 05:20 AM 1,414,144 ole32.dll
11/20/2010 05:20 AM 90,112 olepro32.dll
07/13/2009 06:16 PM 39,424 perfctrs.dll
07/13/2009 06:16 PM 145,408 powrprof.dll
07/13/2009 06:16 PM 11,776 rasadhlp.dll
07/13/2009 06:39 PM 427,008 regedit.exe
11/20/2010 05:21 AM 175,616 scecli.dll
07/13/2009 06:10 PM 2,560 sfc.dll
11/20/2010 05:21 AM 328,192 shsvcs.dll
07/13/2009 06:14 PM 20,992 svchost.exe
11/20/2010 05:21 AM 242,176 tapisrv.dll
07/13/2009 06:16 PM 266,752 upnphost.dll
11/20/2010 05:08 AM 833,024 user32.dll
11/20/2010 05:17 AM 26,624 userinit.exe
11/21/2012 09:45 PM 626,688 usp10.dll
07/13/2009 06:16 PM 21,504 version.dll
04/04/2013 03:02 PM 1,129,472 wininet.dll
07/13/2009 06:14 PM 96,256 wininit.exe
07/13/2009 06:11 PM 4,608 ws2help.dll
11/20/2010 05:21 AM 206,848 ws2_32.dll
07/13/2009 06:16 PM 9,216 WSHTCPIP.DLL
46 File(s) 37,500,672 bytes

Directory of C:\Windows\erdnt\Hiv-backup

06/24/2014 11:54 PM <DIR> .
06/24/2014 11:54 PM <DIR> ..
06/24/2014 11:54 PM 5,828,608 default
06/24/2014 11:54 PM 673 ERDNT.CON
10/20/2005 05:02 AM 163,328 ERDNT.EXE
06/24/2014 11:54 PM 962 ERDNT.INF
08/30/2000 05:00 PM 2,815 ERDNTDOS.LOC
08/30/2000 05:00 PM 3,275 ERDNTWIN.LOC
06/24/2014 11:54 PM 167,936 sam
06/24/2014 11:54 PM 28,672 security
06/24/2014 11:54 PM 72,224,768 software
06/24/2014 11:54 PM 19,398,656 system
06/24/2014 11:54 PM <DIR> Users
10 File(s) 97,819,693 bytes

Directory of C:\Windows\erdnt\Hiv-backup\Users

06/24/2014 11:54 PM <DIR> .
06/24/2014 11:54 PM <DIR> ..
06/24/2014 11:54 PM <DIR> 00000001
06/24/2014 11:54 PM <DIR> 00000002
06/24/2014 11:54 PM <DIR> 00000003
06/24/2014 11:54 PM <DIR> 00000004
0 File(s) 0 bytes

Directory of C:\Windows\erdnt\Hiv-backup\Users\00000001

06/24/2014 11:54 PM <DIR> .
06/24/2014 11:54 PM <DIR> ..
06/24/2014 11:54 PM 274,432 ntuser.dat
1 File(s) 274,432 bytes

Directory of C:\Windows\erdnt\Hiv-backup\Users\00000002

06/24/2014 11:54 PM <DIR> .
06/24/2014 11:54 PM <DIR> ..
06/24/2014 11:54 PM 253,952 ntuser.dat
1 File(s) 253,952 bytes

Directory of C:\Windows\erdnt\Hiv-backup\Users\00000003

06/24/2014 11:54 PM <DIR> .
06/24/2014 11:54 PM <DIR> ..
06/24/2014 11:54 PM 5,840,896 ntuser.dat
1 File(s) 5,840,896 bytes

Directory of C:\Windows\erdnt\Hiv-backup\Users\00000004

06/24/2014 11:54 PM <DIR> .
06/24/2014 11:54 PM <DIR> ..
06/24/2014 11:54 PM 2,289,664 UsrClass.dat
1 File(s) 2,289,664 bytes

Total Files Listed:
113 File(s) 189,872,777 bytes
26 Dir(s) 11,819,368,448 bytes free
Volume in drive C is OS
Volume Serial Number is 7C4E-86D4

Directory of C:\Qoobox

06/25/2014 12:22 AM <DIR> .
06/25/2014 12:22 AM <DIR> ..
06/25/2014 12:22 AM 3,981 Add-Remove Programs.txt
06/25/2014 12:02 AM <DIR> BackEnv
06/25/2014 12:22 AM 1,437 ComboFix-quarantined-files.txt
06/25/2014 12:22 AM <DIR> Quarantine
2 File(s) 5,418 bytes

Directory of C:\Qoobox\Quarantine

06/25/2014 12:22 AM <DIR> .
06/25/2014 12:22 AM <DIR> ..
06/25/2014 12:21 AM <DIR> C
06/24/2014 11:59 PM 51 catchme.log
06/25/2014 12:22 AM 0 MBR_HardDisk0.mbr
06/25/2014 12:22 AM <DIR> Registry_backups
2 File(s) 51 bytes

Directory of C:\Qoobox\Quarantine\C

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Users
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> bamf
06/25/2014 12:21 AM <DIR> Default User
06/25/2014 12:21 AM <DIR> Guest
06/25/2014 12:21 AM <DIR> Satan
06/25/2014 12:21 AM <DIR> SHITSHOW
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\bamf

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> AppData
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\bamf\AppData

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Roaming
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\bamf\AppData\Roaming

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\bamf\AppData\Roaming\Microsoft

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Windows
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\bamf\AppData\Roaming\Microsoft\Windows

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Start Menu
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\bamf\AppData\Roaming\Microsoft\Windows\Start Menu

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Programs
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\bamf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Startup
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\bamf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
10/23/2013 08:06 AM 1,984 Dell Dock.lnk.vir
1 File(s) 1,984 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Default User

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> AppData
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Default User\AppData

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Roaming
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Default User\AppData\Roaming

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Default User\AppData\Roaming\Microsoft

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Windows
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Default User\AppData\Roaming\Microsoft\Windows

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Start Menu
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Programs
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Startup
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
01/16/2011 02:35 PM 2,000 Dell Dock First Run.lnk.vir
1 File(s) 2,000 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Guest

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> AppData
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Guest\AppData

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Roaming
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Microsoft

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Windows
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Microsoft\Windows

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Start Menu
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Programs
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Startup
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
02/21/2012 10:49 PM 1,980 Dell Dock.lnk.vir
1 File(s) 1,980 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Satan

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> AppData
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Satan\AppData

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Roaming
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Satan\AppData\Roaming

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Satan\AppData\Roaming\Microsoft

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Windows
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Satan\AppData\Roaming\Microsoft\Windows

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Start Menu
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Satan\AppData\Roaming\Microsoft\Windows\Start Menu

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Programs
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Satan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Startup
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\Satan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
09/16/2013 02:37 AM 1,984 Dell Dock.lnk.vir
1 File(s) 1,984 bytes

Directory of C:\Qoobox\Quarantine\C\Users\SHITSHOW

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> AppData
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\SHITSHOW\AppData

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Roaming
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\SHITSHOW\AppData\Roaming

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Microsoft
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\SHITSHOW\AppData\Roaming\Microsoft

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Windows
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\SHITSHOW\AppData\Roaming\Microsoft\Windows

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Start Menu
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\SHITSHOW\AppData\Roaming\Microsoft\Windows\Start Menu

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Programs
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\SHITSHOW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
06/25/2014 12:21 AM <DIR> Startup
0 File(s) 0 bytes

Directory of C:\Qoobox\Quarantine\C\Users\SHITSHOW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

06/25/2014 12:21 AM <DIR> .
06/25/2014 12:21 AM <DIR> ..
01/29/2014 03:02 AM 1,984 Dell Dock.lnk.vir
1 File(s) 1,984 bytes

Directory of C:\Qoobox\Quarantine\Registry_backups

06/25/2014 12:22 AM <DIR> .
06/25/2014 12:22 AM <DIR> ..
06/25/2014 12:22 AM 80 HKLM-Run-SynTPEnh.reg.dat
06/25/2014 12:22 AM 558 SafeBoot-96545283.sys.reg.dat
06/25/2014 12:11 AM 16,219 tcpip.reg
3 File(s) 16,857 bytes

Total Files Listed:
12 File(s) 32,258 bytes
135 Dir(s) 11,819,360,256 bytes free
Volume in drive C is OS
Volume Serial Number is 7C4E-86D4

Directory of C:\Users

06/24/2014 03:18 PM <DIR> .
06/24/2014 03:18 PM <DIR> ..
04/04/2011 01:35 PM <SYMLINKD> All Users [C:\ProgramData]
06/24/2014 03:18 PM <DIR> bamf
06/25/2014 12:22 AM <DIR> Default
04/04/2011 01:35 PM <JUNCTION> Default User [C:\Users\Default]
07/13/2009 09:54 PM 174 desktop.ini
06/24/2014 03:18 PM <DIR> Guest
06/24/2014 03:18 PM <DIR> pc
06/25/2014 12:22 AM <DIR> Public
06/24/2014 03:18 PM <DIR> Satan
06/24/2014 03:18 PM <DIR> SHITSHOW
1 File(s) 174 bytes
11 Dir(s) 11,819,360,256 bytes free
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 29th, 2014, 5:58 pm

And the Farbar log:

Farbar Service Scanner Version: 10-06-2014
Ran by bamf (administrator) on 29-06-2014 at 14:57:41
Running from "C:\Users\bamf\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2011-06-25 09:26] - [2010-11-20 06:27] - 0528384 ____A (Microsoft Corporation) D042E5FE276874195047E9872DE6A14D



**** End of log ****
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 29th, 2014, 6:09 pm

Also, I keep getting a pop-up from Malwarebytes in the lower right hand corner of the screen saying:

Malicious Website Blocked
Domain: forteen-meters7.me
IP: 5.45.68.199
Port: 58097
Type: Outbound
Process: C:\Windows\System32\svchost.exe
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » June 29th, 2014, 6:31 pm

Hi sturdman.

Step 1.
Please post the contents of these 2 files. They should open with notepad.
C:\Qoobox\Add-Remove Programs.txt

C:\Qoobox\ComboFix-quarantined-files.txt



Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Windows\System32\rpcss.dll

Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.


I will get back to you about the Malicious Website Blocked

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » June 29th, 2014, 6:39 pm

Here are the two txt logs. Next post will contain Step 2's results:

Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Advanced Audio FX Engine
Age of Empires III
Apple Application Support
Apple Software Update
Best Buy pc app
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
Dell Product Registration
Diablo II
Empire Earth II
Facebook Video Calling 1.2.0.287
GameSpy Arcade
GoToAssist 8.0.0.514
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Internet Explorer
IObit Malware Fighter
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Line 6 Uninstaller
Live 7.0.10
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Rise Of Nations
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Motorola Device Manager
Motorola Device Software Update
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MSXML4 Parser
OpenOffice.org 3.3
Origin
PowerDVD DX
QuickTime
RiffWorks T4
Roxio Burn
RSDLite
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Skype Click to Call
Skype™ 5.10
Spybot - Search & Destroy
The Sims™ 3
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZTE USB Drivers

2014-06-25 07:22:06 . 2014-06-25 07:22:06 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2014-06-25 07:22:00 . 2014-06-25 07:22:00 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-96545283.sys.reg.dat
2014-06-25 07:11:36 . 2014-06-25 07:11:36 16,219 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-06-25 06:59:11 . 2014-06-25 06:59:12 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2014-01-29 10:02:55 . 2014-01-29 10:02:55 1,984 ----a-w- C:\Qoobox\Quarantine\C\Users\SHITSHOW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk.vir
2013-10-23 15:06:52 . 2013-10-23 15:06:52 1,984 ----a-w- C:\Qoobox\Quarantine\C\Users\bamf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk.vir
2013-09-16 09:37:57 . 2013-09-16 09:37:57 1,984 ----a-w- C:\Qoobox\Quarantine\C\Users\Satan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk.vir
2012-02-22 05:49:00 . 2012-02-22 05:49:00 1,980 ----a-w- C:\Qoobox\Quarantine\C\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk.vir
2011-01-16 21:35:09 . 2011-01-16 21:35:09 2,000 ----a-w- C:\Qoobox\Quarantine\C\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk.vir
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware