Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Codec-C Malware


  • This topic is locked This topic is locked
26 replies to this topic

#1 nihsnek123

nihsnek123

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 26 March 2012 - 09:10 PM

Hello,

I've been looking on this forum and I've been seeing other posts with a problem pertaining to the Codec-C malware. I'm stuck on how to remove this one, especially since i've tried Malwarebyte, Avast, and AVG virus scans and got nothing. I haven't noticed any huge problems except that all my programs in my start menu are gone. The Codec-C program still shows up on my uninstall list but I can't uninstall it either. I think what i'm more worried about is whether this particular malware is doing more bad things to my computer without me knowing it.

Also, I don't have a GMER log because my computer is a Windows 7 64-bit!
If anyone could help me, I'd greatly appreciate it!!!

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Kenshin Okubo at 21:56:40 on 2012-03-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.1737 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=bf4
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Codec-C Class: {d339001b-c3f3-4167-a253-3e07d90e5c36} - C:\ProgramData\Codec-C\bhoclass.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [Google Update] "C:\Users\Kenshin Okubo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 128.197.253.183 128.197.253.120 128.197.253.254
TCP: Interfaces\{7E5B2CDC-E37C-4BC6-BC9C-B335E232B098} : DhcpNameServer = 128.197.253.183 128.197.253.120 128.197.253.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter EpePcNp64 scecli
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Codec-C Class: {D339001B-C3F3-4167-A253-3E07D90E5C36} - C:\ProgramData\Codec-C\bhoclass.dll
BHO-X64: Codec-C - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=bf4
FF - prefs.js: browser.search.selectedEngine - Search
FF - component: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\components\dpffcli36.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf4
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf4
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=
FF - user.js: extensions.funmoods_i.id - f474c0df00000000000068a3c4ccfdb0
FF - user.js: extensions.funmoods_i.instlDay - 15423
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.20:32:24
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - bf4
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MfeEpePc;MfeEpePc;C:\windows\system32\drivers\MfeEpePc.sys --> C:\windows\system32\drivers\MfeEpePc.sys [?]
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-8-11 89600]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-1-6 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-6 53920]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-24 44768]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\windows\system32\Hpservice.exe --> C:\windows\system32\Hpservice.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-31 13336]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-21 652360]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-3-29 1318912]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-5-2 113264]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-5-31 502464]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-31 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2011-3-24 2762032]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\system32\DRIVERS\ArcSoftVCapture.sys --> C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\system32\DRIVERS\btath_bus.sys --> C:\windows\system32\DRIVERS\btath_bus.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Andbus;LGE Android Platform Composite USB Device;C:\windows\system32\DRIVERS\lgandbus64.sys --> C:\windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\windows\system32\DRIVERS\lganddiag64.sys --> C:\windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\windows\system32\DRIVERS\lgandgps64.sys --> C:\windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\windows\system32\DRIVERS\lgandmodem64.sys --> C:\windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 andnetadb;ADB Interface DriverNet;C:\windows\system32\Drivers\lgandnetadb.sys --> C:\windows\system32\Drivers\lgandnetadb.sys [?]
S3 androidusb;ADB Interface Driver;C:\windows\system32\Drivers\lgandadb.sys --> C:\windows\system32\Drivers\lgandadb.sys [?]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\system32\DRIVERS\btath_flt.sys --> C:\windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\system32\drivers\btath_a2dp.sys --> C:\windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\system32\DRIVERS\btath_hcrp.sys --> C:\windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\system32\DRIVERS\btath_lwflt.sys --> C:\windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\system32\DRIVERS\btath_rcp.sys --> C:\windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-2-18 25832]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-3 135584]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\windows\system32\drivers\hitmanpro35.sys --> C:\windows\system32\drivers\hitmanpro35.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-26 18:38:04 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-24 14:37:36 53080 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2012-03-24 04:33:45 -------- d-----w- C:\ProgramData\Premium
2012-03-24 04:31:59 -------- d-----w- C:\ProgramData\Codec-C
2012-03-24 04:31:44 -------- d-----w- C:\codec-info
2012-03-24 04:31:32 -------- d-----w- C:\ProgramData\InstallMate
2012-03-22 14:06:26 -------- d-----w- C:\ProgramData\Synaptics
2012-03-21 23:03:50 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2012-03-21 23:03:50 144384 ----a-w- C:\windows\System32\cdd.dll
2012-03-21 23:03:49 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2012-03-19 12:16:01 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-19 12:15:58 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-19 12:15:56 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-18 18:34:00 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-18 18:33:56 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-18 18:33:54 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-18 18:33:38 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-18 18:33:37 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-18 18:33:36 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-18 18:32:50 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-18 18:32:47 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-18 18:32:45 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-18 18:32:44 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-07 01:33:23 -------- d-----w- C:\Users\Kenshin Okubo\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2012-03-22 12:16:19 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-03-06 23:15:19 41184 ----a-w- C:\windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2012-03-06 23:01:52 69976 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2012-02-01 21:54:58 91648 ----a-w- C:\windows\System32\drivers\nusb3hub.sys
2012-02-01 21:54:58 81920 ----a-w- C:\windows\System32\nusb3co2.dll
2012-02-01 21:54:58 208896 ----a-w- C:\windows\System32\drivers\nusb3xhc.sys
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48:42 354176 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26:08 515584 ----a-w- C:\windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\windows\System32\drivers\afd.sys
.
============= FINISH: 21:58:52.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 26 March 2012 - 11:23 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nihsnek123

nihsnek123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 March 2012 - 11:23 AM

Hello! Thank you so much for responding so quickly!!! I appreciate your work :)

Anyway, I ran combofix. First thing that worried me when I ran Combofix was that it took a really long time to finish scanning (close to an hour). Is that normal? Am i infected with other malware that I don't know of? Also when I began Combofix, it warned me that Ad-Aware Live watch was still on even though I was sure that it was uninstalled from my computer. I checked in my installed programs list and did not find it on there. On the safe side, I downloaded Ad-Aware live watch anyway so that I could manually switch it off before I began Combofix. I hope that was the correct way to go?

My problem is still occurring unfortunately, even after combofix. All my programs on my start menu are still gone and COdec-C still shows up in my installed program list. Is there a next step?

My combofix log:


ComboFix 12-03-27.02 - Kenshin Okubo 03/27/2012 9:47.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.1542 [GMT -4:00]
Running from: c:\users\Kenshin Okubo\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codec-C\bhOClass.dll
c:\users\KENSHI~1\AppData\Local\Temp\uttA986.tmp
c:\users\Kenshin Okubo\AppData\Local\Temp\uttA986.tmp
c:\users\Kenshin Okubo\AppData\Local\TempDIR
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 13:39 . 2012-03-27 13:39 -------- d-----w- c:\users\Kenshin Okubo\AppData\Local\adawarebp
2012-03-27 13:39 . 2012-03-27 13:39 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-03-27 13:39 . 2012-03-27 13:39 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-03-27 13:39 . 2012-03-27 13:39 -------- d-----w- c:\program files (x86)\adawaretb
2012-03-27 13:39 . 2012-03-20 17:41 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-26 18:38 . 2012-03-26 18:38 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-24 14:37 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-24 04:33 . 2012-03-24 04:33 -------- d-----w- c:\programdata\Premium
2012-03-24 04:32 . 2012-03-24 04:32 50 ----a-w- C:\user.js
2012-03-24 04:31 . 2012-03-27 14:46 -------- d-----w- c:\programdata\Codec-C
2012-03-24 04:31 . 2012-03-26 17:37 -------- d-----w- C:\codec-info
2012-03-24 04:31 . 2012-03-26 17:38 -------- d-----w- c:\programdata\InstallMate
2012-03-22 14:06 . 2012-03-22 14:06 -------- d-----w- c:\programdata\Synaptics
2012-03-22 12:16 . 2012-03-22 12:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-21 23:03 . 2011-07-15 05:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-21 23:03 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2012-03-21 23:03 . 2011-07-15 05:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-19 12:16 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-19 12:15 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-19 12:15 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-18 18:34 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 18:33 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-18 18:33 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-18 18:33 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 18:33 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 18:33 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-18 18:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-18 18:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-18 18:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 18:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-07 01:33 . 2012-03-07 01:33 -------- d-----w- c:\users\Kenshin Okubo\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-22 12:16 . 2011-08-16 15:39 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-06 23:15 . 2012-01-12 06:12 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-01-12 06:12 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2012-01-12 06:12 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-01-12 06:12 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-01-12 06:12 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2012-01-12 06:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-01-12 06:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-01-12 06:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 13:18 . 2011-08-09 17:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-01 22:06 . 2012-02-01 22:06 90112 ----a-w- c:\windows\system32\igfxCoIn_v2509.dll
2012-02-01 22:06 . 2012-02-01 22:06 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-01 22:06 . 2012-02-01 22:06 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-01 22:06 . 2012-02-01 22:06 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-01 22:06 . 2012-02-01 22:06 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-01 22:06 . 2012-02-01 22:06 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-01 22:06 . 2012-02-01 22:06 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-01 22:06 . 2012-02-01 22:06 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-01 22:06 . 2012-02-01 22:06 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-01 22:06 . 2012-02-01 22:06 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-01 22:06 . 2012-02-01 22:06 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-01 22:06 . 2012-02-01 22:06 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-01 22:06 . 2012-02-01 22:06 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-01 22:06 . 2011-03-26 03:39 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-01 22:06 . 2011-03-26 03:38 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-02-01 22:06 . 2012-02-01 22:06 416024 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-01 22:06 . 2012-02-01 22:06 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-01 22:06 . 2012-02-01 22:06 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-01 22:06 . 2012-02-01 22:06 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-01 22:06 . 2012-02-01 22:06 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-01 22:06 . 2012-02-01 22:06 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-01 22:06 . 2012-02-01 22:06 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-01 22:06 . 2012-02-01 22:06 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-01 22:06 . 2012-02-01 22:06 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-01 22:06 . 2012-02-01 22:06 390144 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-01 22:06 . 2012-02-01 22:06 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-01 22:06 . 2012-02-01 22:06 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-01 22:06 . 2012-02-01 22:06 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-01 22:06 . 2012-02-01 22:06 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-02-01 22:06 . 2012-02-01 22:06 216000 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-01 22:06 . 2012-02-01 22:06 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-01 22:06 . 2012-02-01 22:06 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-01 22:06 . 2012-02-01 22:06 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-01 22:06 . 2012-02-01 22:06 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-01 22:06 . 2011-03-26 04:08 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-02-01 22:06 . 2011-03-26 03:39 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-01 22:06 . 2012-02-01 22:06 75776 ----a-w- c:\windows\system32\igdde64.dll
2012-02-01 22:06 . 2012-02-01 22:06 56832 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-01 22:06 . 2012-02-01 22:06 12306848 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-01 22:06 . 2011-03-26 04:17 8312320 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-01 22:06 . 2011-03-26 04:12 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-01 22:06 . 2011-03-26 04:05 14598656 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-01 22:06 . 2012-02-01 22:06 18641408 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-01 22:06 . 2012-02-01 22:06 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-01 22:06 . 2011-03-26 04:02 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-01 22:06 . 2012-02-01 22:06 4378392 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-01 22:06 . 2012-02-01 22:06 392472 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-01 22:06 . 2012-02-01 22:06 179992 ----a-w- c:\windows\system32\difx64.exe
2012-02-01 22:06 . 2012-02-01 22:06 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-01 22:06 . 2011-03-26 03:39 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-02-01 21:54 . 2012-02-01 21:54 91648 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2012-02-01 21:54 . 2012-02-01 21:54 81920 ----a-w- c:\windows\system32\nusb3co2.dll
2012-02-01 21:54 . 2012-02-01 21:54 208896 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2012-01-04 10:44 . 2012-02-15 13:39 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 13:39 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26 . 2012-02-15 13:39 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 13:39 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-27 1242448]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-02-01 113288]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-02-28 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adawarebp"="reg.exe delete HKCU\Software\AppDataLow\Software\adawarebp" [X]
"adawarebp_XP"="reg.exe delete HKCU\Software\adawarebp" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
2;2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-27 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-09 17152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-08-11 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-03-29 1318912]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-03-24 3161904]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201420724-3268033714-2921668267-1001Core.job
- c:\users\Kenshin Okubo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 19:43]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201420724-3268033714-2921668267-1001UA.job
- c:\users\Kenshin Okubo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 19:43]
.
2012-03-21 c:\windows\Tasks\HPCeeScheduleForKenshin Okubo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-03-18 c:\windows\Tasks\HPCeeScheduleForKENSHINOKUBO-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-03-29 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-08-11 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-01 416024]
"combofix"="c:\combofix\CF3697.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=bf4
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 128.197.253.183 128.197.253.120 128.197.253.254
FF - ProfilePath - c:\users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=bf4
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf4
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf4
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=
FF - user.js: extensions.funmoods_i.id - f474c0df00000000000068a3c4ccfdb0
FF - user.js: extensions.funmoods_i.instlDay - 15423
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.20:32
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - bf4
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-201420724-3268033714-2921668267-1001\Software\SecuROM\License information*]
"datasecu"=hex:d6,f8,9e,1f,df,f1,74,c3,70,37,c2,a0,2b,d6,0c,94,6a,c0,10,97,67,
c4,8b,d2,b6,fc,b5,90,d6,a2,c0,d2,f9,e5,8c,dc,16,69,89,6c,a1,04,e1,5d,ed,90,\
"rkeysecu"=hex:be,b4,80,c2,fc,7b,ee,74,33,31,f4,22,26,a2,05,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-27 11:00:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 15:00
.
Pre-Run: 177,267,150,848 bytes free
Post-Run: 176,883,593,216 bytes free
.
- - End Of File - - A540B21D17EF81F75B2D146A0FF2D441

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 27 March 2012 - 01:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nihsnek123

nihsnek123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 March 2012 - 08:31 PM

TDSSKiller Report:


21:14:49.0402 1100 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:14:49.0667 1100 ============================================================
21:14:49.0667 1100 Current date / time: 2012/03/27 21:14:49.0667
21:14:49.0667 1100 SystemInfo:
21:14:49.0667 1100
21:14:49.0667 1100 OS Version: 6.1.7601 ServicePack: 1.0
21:14:49.0667 1100 Product type: Workstation
21:14:49.0667 1100 ComputerName: KENSHINOKUBO-HP
21:14:49.0667 1100 UserName: Kenshin Okubo
21:14:49.0667 1100 Windows directory: C:\windows
21:14:49.0667 1100 System windows directory: C:\windows
21:14:49.0667 1100 Running under WOW64
21:14:49.0667 1100 Processor architecture: Intel x64
21:14:49.0667 1100 Number of processors: 4
21:14:49.0667 1100 Page size: 0x1000
21:14:49.0667 1100 Boot type: Normal boot
21:14:49.0667 1100 ============================================================
21:14:50.0447 1100 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:14:50.0463 1100 \Device\Harddisk0\DR0:
21:14:50.0463 1100 MBR used
21:14:50.0463 1100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
21:14:50.0463 1100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x37701800
21:14:50.0463 1100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37798000, BlocksNum 0x21EC800
21:14:50.0463 1100 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x39984800, BlocksNum 0x9FD800
21:14:50.0541 1100 Initialize success
21:14:50.0541 1100 ============================================================
21:14:58.0560 5372 ============================================================
21:14:58.0560 5372 Scan started
21:14:58.0560 5372 Mode: Manual;
21:14:58.0560 5372 ============================================================
21:14:59.0402 5372 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:14:59.0418 5372 1394ohci - ok
21:14:59.0464 5372 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\windows\system32\DRIVERS\Accelerometer.sys
21:14:59.0464 5372 Accelerometer - ok
21:14:59.0589 5372 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:14:59.0605 5372 ACDaemon - ok
21:14:59.0730 5372 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:14:59.0745 5372 ACPI - ok
21:14:59.0792 5372 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:14:59.0792 5372 AcpiPmi - ok
21:14:59.0932 5372 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:14:59.0932 5372 AdobeARMservice - ok
21:15:00.0057 5372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
21:15:00.0073 5372 adp94xx - ok
21:15:00.0151 5372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
21:15:00.0151 5372 adpahci - ok
21:15:00.0182 5372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
21:15:00.0182 5372 adpu320 - ok
21:15:00.0213 5372 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:15:00.0213 5372 AeLookupSvc - ok
21:15:00.0369 5372 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
21:15:00.0369 5372 AESTFilters - ok
21:15:00.0478 5372 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\windows\syswow64\drivers\Afc.sys
21:15:00.0478 5372 Afc - ok
21:15:00.0572 5372 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:15:00.0588 5372 AFD - ok
21:15:00.0712 5372 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
21:15:00.0728 5372 AgereSoftModem - ok
21:15:00.0822 5372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:15:00.0822 5372 agp440 - ok
21:15:00.0900 5372 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:15:00.0900 5372 ALG - ok
21:15:00.0946 5372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:15:00.0962 5372 aliide - ok
21:15:00.0978 5372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:15:00.0978 5372 amdide - ok
21:15:01.0009 5372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
21:15:01.0024 5372 AmdK8 - ok
21:15:01.0040 5372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
21:15:01.0040 5372 AmdPPM - ok
21:15:01.0149 5372 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:15:01.0149 5372 amdsata - ok
21:15:01.0212 5372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
21:15:01.0212 5372 amdsbs - ok
21:15:01.0274 5372 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:15:01.0274 5372 amdxata - ok
21:15:01.0336 5372 Andbus (60257f0a7ed9781719a6b7b6f661a5b6) C:\windows\system32\DRIVERS\lgandbus64.sys
21:15:01.0336 5372 Andbus - ok
21:15:01.0399 5372 AndDiag (6487376cbbf73c7f72ba4f48162c7501) C:\windows\system32\DRIVERS\lganddiag64.sys
21:15:01.0399 5372 AndDiag - ok
21:15:01.0446 5372 AndGps (31c0b1139f5c893084c15b2436c9acd5) C:\windows\system32\DRIVERS\lgandgps64.sys
21:15:01.0446 5372 AndGps - ok
21:15:01.0461 5372 ANDModem (3927a2b72fcbcd05b38ae3a6f69203eb) C:\windows\system32\DRIVERS\lgandmodem64.sys
21:15:01.0461 5372 ANDModem - ok
21:15:01.0508 5372 andnetadb (5b086cd06931ded6e096cf43749a9d5b) C:\windows\system32\Drivers\lgandnetadb.sys
21:15:01.0508 5372 andnetadb - ok
21:15:01.0539 5372 androidusb (9c1751b2e733471ae07561028b7d2a9b) C:\windows\system32\Drivers\lgandadb.sys
21:15:01.0539 5372 androidusb - ok
21:15:01.0617 5372 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:15:01.0617 5372 AppID - ok
21:15:01.0664 5372 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:15:01.0664 5372 AppIDSvc - ok
21:15:01.0726 5372 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:15:01.0726 5372 Appinfo - ok
21:15:01.0836 5372 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:15:01.0851 5372 Apple Mobile Device - ok
21:15:01.0945 5372 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll
21:15:01.0960 5372 AppMgmt - ok
21:15:02.0007 5372 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
21:15:02.0007 5372 arc - ok
21:15:02.0038 5372 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
21:15:02.0038 5372 arcsas - ok
21:15:02.0101 5372 ARCVCAM (357635f16d28558c50870f4ef8aa4712) C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
21:15:02.0101 5372 ARCVCAM - ok
21:15:02.0210 5372 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:15:02.0210 5372 aspnet_state - ok
21:15:02.0304 5372 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\windows\system32\drivers\aswFsBlk.sys
21:15:02.0304 5372 aswFsBlk - ok
21:15:02.0413 5372 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\windows\system32\drivers\aswMonFlt.sys
21:15:02.0413 5372 aswMonFlt - ok
21:15:02.0491 5372 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\windows\System32\Drivers\aswrdr2.sys
21:15:02.0491 5372 aswRdr - ok
21:15:02.0616 5372 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\windows\system32\drivers\aswSnx.sys
21:15:02.0647 5372 aswSnx - ok
21:15:02.0725 5372 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\windows\system32\drivers\aswSP.sys
21:15:02.0725 5372 aswSP - ok
21:15:02.0772 5372 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\windows\system32\drivers\aswTdi.sys
21:15:02.0772 5372 aswTdi - ok
21:15:02.0865 5372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:15:02.0865 5372 AsyncMac - ok
21:15:02.0928 5372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:15:02.0928 5372 atapi - ok
21:15:02.0990 5372 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\windows\system32\DRIVERS\btath_flt.sys
21:15:02.0990 5372 AthBTPort - ok
21:15:03.0052 5372 Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
21:15:03.0068 5372 Atheros Bt&Wlan Coex Agent - ok
21:15:03.0068 5372 AtherosSvc (684b36ca4067da7000cf95771a3cf0e7) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:15:03.0068 5372 AtherosSvc - ok
21:15:03.0240 5372 athr (25463e0604f0608d926474e667bd7b76) C:\windows\system32\DRIVERS\athrx.sys
21:15:03.0302 5372 athr - ok
21:15:03.0380 5372 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:15:03.0396 5372 AudioEndpointBuilder - ok
21:15:03.0411 5372 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:15:03.0427 5372 AudioSrv - ok
21:15:03.0505 5372 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:15:03.0505 5372 avast! Antivirus - ok
21:15:03.0754 5372 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
21:15:03.0832 5372 AVGIDSAgent - ok
21:15:03.0973 5372 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
21:15:03.0988 5372 AVGIDSDriver - ok
21:15:04.0035 5372 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
21:15:04.0035 5372 AVGIDSEH - ok
21:15:04.0066 5372 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
21:15:04.0066 5372 AVGIDSFilter - ok
21:15:04.0113 5372 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
21:15:04.0113 5372 Avgldx64 - ok
21:15:04.0144 5372 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
21:15:04.0144 5372 Avgmfx64 - ok
21:15:04.0191 5372 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
21:15:04.0191 5372 Avgrkx64 - ok
21:15:04.0222 5372 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
21:15:04.0238 5372 Avgtdia - ok
21:15:04.0300 5372 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:15:04.0316 5372 avgwd - ok
21:15:04.0425 5372 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:15:04.0441 5372 AxInstSV - ok
21:15:04.0519 5372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
21:15:04.0534 5372 b06bdrv - ok
21:15:04.0644 5372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:15:04.0659 5372 b57nd60a - ok
21:15:04.0722 5372 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:15:04.0737 5372 BDESVC - ok
21:15:04.0753 5372 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:15:04.0753 5372 Beep - ok
21:15:04.0831 5372 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
21:15:04.0846 5372 BFE - ok
21:15:04.0924 5372 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
21:15:04.0956 5372 BITS - ok
21:15:04.0987 5372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:15:04.0987 5372 blbdrive - ok
21:15:05.0127 5372 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:15:05.0143 5372 Bonjour Service - ok
21:15:05.0283 5372 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:15:05.0283 5372 bowser - ok
21:15:05.0346 5372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:15:05.0346 5372 BrFiltLo - ok
21:15:05.0361 5372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:15:05.0361 5372 BrFiltUp - ok
21:15:05.0439 5372 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
21:15:05.0439 5372 BridgeMP - ok
21:15:05.0564 5372 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:15:05.0580 5372 Browser - ok
21:15:05.0658 5372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:15:05.0658 5372 Brserid - ok
21:15:05.0689 5372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:15:05.0689 5372 BrSerWdm - ok
21:15:05.0720 5372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:15:05.0720 5372 BrUsbMdm - ok
21:15:05.0736 5372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:15:05.0736 5372 BrUsbSer - ok
21:15:05.0814 5372 BTATH_A2DP (227c8f308de4af4808e587465ceab838) C:\windows\system32\drivers\btath_a2dp.sys
21:15:05.0814 5372 BTATH_A2DP - ok
21:15:05.0923 5372 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\windows\system32\DRIVERS\btath_bus.sys
21:15:05.0923 5372 BTATH_BUS - ok
21:15:05.0954 5372 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\windows\system32\DRIVERS\btath_hcrp.sys
21:15:05.0970 5372 BTATH_HCRP - ok
21:15:05.0985 5372 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\windows\system32\DRIVERS\btath_lwflt.sys
21:15:05.0985 5372 BTATH_LWFLT - ok
21:15:06.0016 5372 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\windows\system32\DRIVERS\btath_rcp.sys
21:15:06.0016 5372 BTATH_RCP - ok
21:15:06.0094 5372 BtFilter (ff8b065f96e4d9525aa7227299fbd05c) C:\windows\system32\DRIVERS\btfilter.sys
21:15:06.0110 5372 BtFilter - ok
21:15:06.0250 5372 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
21:15:06.0250 5372 BthEnum - ok
21:15:06.0282 5372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
21:15:06.0282 5372 BTHMODEM - ok
21:15:06.0344 5372 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
21:15:06.0344 5372 BthPan - ok
21:15:06.0406 5372 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
21:15:06.0422 5372 BTHPORT - ok
21:15:06.0500 5372 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:15:06.0500 5372 bthserv - ok
21:15:06.0594 5372 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
21:15:06.0594 5372 BTHUSB - ok
21:15:06.0656 5372 catchme - ok
21:15:06.0734 5372 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:15:06.0734 5372 cdfs - ok
21:15:06.0859 5372 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:15:06.0859 5372 cdrom - ok
21:15:06.0921 5372 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:15:06.0937 5372 CertPropSvc - ok
21:15:06.0968 5372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
21:15:06.0968 5372 circlass - ok
21:15:06.0999 5372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:15:07.0015 5372 CLFS - ok
21:15:07.0093 5372 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:15:07.0093 5372 clr_optimization_v2.0.50727_32 - ok
21:15:07.0124 5372 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:15:07.0140 5372 clr_optimization_v2.0.50727_64 - ok
21:15:07.0218 5372 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:15:07.0218 5372 clr_optimization_v4.0.30319_32 - ok
21:15:07.0264 5372 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:15:07.0280 5372 clr_optimization_v4.0.30319_64 - ok
21:15:07.0327 5372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:15:07.0327 5372 CmBatt - ok
21:15:07.0389 5372 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:15:07.0389 5372 cmdide - ok
21:15:07.0452 5372 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:15:07.0467 5372 CNG - ok
21:15:07.0561 5372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
21:15:07.0561 5372 Compbatt - ok
21:15:07.0623 5372 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
21:15:07.0623 5372 CompositeBus - ok
21:15:07.0654 5372 COMSysApp - ok
21:15:07.0701 5372 cpuz135 - ok
21:15:07.0717 5372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
21:15:07.0717 5372 crcdisk - ok
21:15:07.0795 5372 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
21:15:07.0795 5372 CryptSvc - ok
21:15:07.0888 5372 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys
21:15:07.0904 5372 CSC - ok
21:15:07.0951 5372 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll
21:15:07.0966 5372 CscService - ok
21:15:08.0060 5372 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:15:08.0076 5372 cvhsvc - ok
21:15:08.0185 5372 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
21:15:08.0185 5372 DAUpdaterSvc - ok
21:15:08.0310 5372 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:15:08.0325 5372 DcomLaunch - ok
21:15:08.0403 5372 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:15:08.0419 5372 defragsvc - ok
21:15:08.0481 5372 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:15:08.0481 5372 DfsC - ok
21:15:08.0544 5372 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:15:08.0544 5372 Dhcp - ok
21:15:08.0606 5372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:15:08.0606 5372 discache - ok
21:15:08.0684 5372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
21:15:08.0684 5372 Disk - ok
21:15:08.0746 5372 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:15:08.0762 5372 Dnscache - ok
21:15:08.0824 5372 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:15:08.0840 5372 dot3svc - ok
21:15:08.0934 5372 DpHost (0b9134a45e88dcf0657382f277242f62) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
21:15:08.0934 5372 DpHost - ok
21:15:09.0012 5372 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:15:09.0012 5372 DPS - ok
21:15:09.0105 5372 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:15:09.0105 5372 drmkaud - ok
21:15:09.0183 5372 DXGKrnl (209f1a92cb507b2c2eb9e28a1416590e) C:\windows\System32\drivers\dxgkrnl.sys
21:15:09.0199 5372 DXGKrnl - ok
21:15:09.0308 5372 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:15:09.0324 5372 EapHost - ok
21:15:09.0433 5372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
21:15:09.0495 5372 ebdrv - ok
21:15:09.0558 5372 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:15:09.0573 5372 EFS - ok
21:15:09.0636 5372 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:15:09.0651 5372 ehRecvr - ok
21:15:09.0682 5372 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:15:09.0698 5372 ehSched - ok
21:15:09.0745 5372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
21:15:09.0760 5372 elxstor - ok
21:15:09.0854 5372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:15:09.0854 5372 ErrDev - ok
21:15:09.0948 5372 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:15:09.0963 5372 EventSystem - ok
21:15:10.0026 5372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:15:10.0026 5372 exfat - ok
21:15:10.0057 5372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:15:10.0072 5372 fastfat - ok
21:15:10.0182 5372 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:15:10.0197 5372 Fax - ok
21:15:10.0275 5372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
21:15:10.0275 5372 fdc - ok
21:15:10.0338 5372 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:15:10.0353 5372 fdPHost - ok
21:15:10.0400 5372 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:15:10.0400 5372 FDResPub - ok
21:15:10.0447 5372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:15:10.0447 5372 FileInfo - ok
21:15:10.0462 5372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:15:10.0462 5372 Filetrace - ok
21:15:10.0525 5372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
21:15:10.0525 5372 flpydisk - ok
21:15:10.0587 5372 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:15:10.0603 5372 FltMgr - ok
21:15:10.0665 5372 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:15:10.0696 5372 FontCache - ok
21:15:10.0790 5372 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:15:10.0806 5372 FontCache3.0.0.0 - ok
21:15:10.0868 5372 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:15:10.0868 5372 FsDepends - ok
21:15:10.0915 5372 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
21:15:10.0915 5372 Fs_Rec - ok
21:15:11.0008 5372 Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
21:15:11.0024 5372 Futuremark SystemInfo Service - ok
21:15:11.0149 5372 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:15:11.0149 5372 fvevol - ok
21:15:11.0180 5372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
21:15:11.0180 5372 gagp30kx - ok
21:15:11.0258 5372 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
21:15:11.0258 5372 GameConsoleService - ok
21:15:11.0320 5372 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:15:11.0336 5372 GEARAspiWDM - ok
21:15:11.0461 5372 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:15:11.0476 5372 gpsvc - ok
21:15:11.0601 5372 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:15:11.0601 5372 hcw85cir - ok
21:15:11.0679 5372 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:15:11.0695 5372 HdAudAddService - ok
21:15:11.0742 5372 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
21:15:11.0742 5372 HDAudBus - ok
21:15:11.0773 5372 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
21:15:11.0773 5372 HidBatt - ok
21:15:11.0851 5372 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
21:15:11.0866 5372 HidBth - ok
21:15:11.0898 5372 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
21:15:11.0898 5372 HidIr - ok
21:15:11.0929 5372 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
21:15:11.0929 5372 hidserv - ok
21:15:11.0991 5372 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
21:15:12.0007 5372 HidUsb - ok
21:15:12.0132 5372 hitmanpro35 (c6ff685e2ea55c3ac5c90b9e7d6930c0) C:\windows\system32\drivers\hitmanpro35.sys
21:15:12.0132 5372 hitmanpro35 - ok
21:15:12.0194 5372 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:15:12.0210 5372 hkmsvc - ok
21:15:12.0256 5372 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:15:12.0272 5372 HomeGroupListener - ok
21:15:12.0319 5372 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:15:12.0334 5372 HomeGroupProvider - ok
21:15:12.0428 5372 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:15:12.0428 5372 HP Support Assistant Service - ok
21:15:12.0522 5372 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:15:12.0522 5372 HPDrvMntSvc.exe - ok
21:15:12.0646 5372 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\windows\system32\DRIVERS\hpdskflt.sys
21:15:12.0646 5372 hpdskflt - ok
21:15:12.0709 5372 HpqKbFiltr (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
21:15:12.0709 5372 HpqKbFiltr - ok
21:15:12.0802 5372 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:15:12.0818 5372 hpqwmiex - ok
21:15:12.0912 5372 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:15:12.0912 5372 HpSAMD - ok
21:15:12.0974 5372 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\windows\system32\Hpservice.exe
21:15:12.0974 5372 hpsrv - ok
21:15:13.0036 5372 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:15:13.0068 5372 HTTP - ok
21:15:13.0177 5372 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:15:13.0192 5372 hwpolicy - ok
21:15:13.0255 5372 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:15:13.0255 5372 i8042prt - ok
21:15:13.0333 5372 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
21:15:13.0348 5372 iaStor - ok
21:15:13.0442 5372 IAStorDataMgrSvc (117ff657e0d9bbd61b5c3e71e63d3919) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:15:13.0442 5372 IAStorDataMgrSvc - ok
21:15:13.0567 5372 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:15:13.0582 5372 iaStorV - ok
21:15:13.0676 5372 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:15:13.0692 5372 idsvc - ok
21:15:14.0082 5372 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
21:15:14.0394 5372 igfx - ok
21:15:14.0487 5372 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
21:15:14.0503 5372 iirsp - ok
21:15:14.0581 5372 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:15:14.0596 5372 IKEEXT - ok
21:15:14.0721 5372 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
21:15:14.0721 5372 IntcDAud - ok
21:15:14.0768 5372 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:15:14.0768 5372 intelide - ok
21:15:14.0830 5372 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:15:14.0830 5372 intelppm - ok
21:15:14.0877 5372 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:15:14.0893 5372 IPBusEnum - ok
21:15:15.0018 5372 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:15:15.0018 5372 IpFilterDriver - ok
21:15:15.0111 5372 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
21:15:15.0127 5372 iphlpsvc - ok
21:15:15.0220 5372 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:15:15.0220 5372 IPMIDRV - ok
21:15:15.0298 5372 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:15:15.0314 5372 IPNAT - ok
21:15:15.0408 5372 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
21:15:15.0439 5372 iPod Service - ok
21:15:15.0548 5372 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:15:15.0548 5372 IRENUM - ok
21:15:15.0610 5372 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:15:15.0626 5372 isapnp - ok
21:15:15.0673 5372 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:15:15.0688 5372 iScsiPrt - ok
21:15:15.0798 5372 jhi_service (3b794ca0de73790420deba3c759f1502) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
21:15:15.0798 5372 jhi_service - ok
21:15:15.0922 5372 JMCR (0b44199365a69696109ab9a5855e0841) C:\windows\system32\DRIVERS\jmcr.sys
21:15:15.0922 5372 JMCR - ok
21:15:15.0985 5372 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:15:15.0985 5372 kbdclass - ok
21:15:16.0047 5372 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
21:15:16.0063 5372 kbdhid - ok
21:15:16.0094 5372 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:15:16.0110 5372 KeyIso - ok
21:15:16.0172 5372 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:15:16.0172 5372 KSecDD - ok
21:15:16.0203 5372 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:15:16.0203 5372 KSecPkg - ok
21:15:16.0234 5372 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:15:16.0234 5372 ksthunk - ok
21:15:16.0312 5372 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:15:16.0328 5372 KtmRm - ok
21:15:16.0406 5372 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
21:15:16.0422 5372 LanmanServer - ok
21:15:16.0500 5372 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:15:16.0515 5372 LanmanWorkstation - ok
21:15:16.0656 5372 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
21:15:16.0702 5372 Lavasoft Ad-Aware Service - ok
21:15:16.0765 5372 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
21:15:16.0765 5372 Lavasoft Kernexplorer - ok
21:15:16.0905 5372 Lbd (c8b3131857931ae76798a741cc52b021) C:\windows\system32\DRIVERS\Lbd.sys
21:15:16.0905 5372 Lbd - ok
21:15:16.0999 5372 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:15:16.0999 5372 lltdio - ok
21:15:17.0077 5372 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:15:17.0092 5372 lltdsvc - ok
21:15:17.0139 5372 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:15:17.0139 5372 lmhosts - ok
21:15:17.0233 5372 LMS (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:15:17.0248 5372 LMS - ok
21:15:17.0311 5372 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
21:15:17.0326 5372 LSI_FC - ok
21:15:17.0358 5372 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
21:15:17.0373 5372 LSI_SAS - ok
21:15:17.0404 5372 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:15:17.0404 5372 LSI_SAS2 - ok
21:15:17.0482 5372 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:15:17.0482 5372 LSI_SCSI - ok
21:15:17.0576 5372 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:15:17.0576 5372 luafv - ok
21:15:17.0638 5372 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
21:15:17.0638 5372 MBAMProtector - ok
21:15:17.0732 5372 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:15:17.0748 5372 MBAMService - ok
21:15:17.0872 5372 McAfee Endpoint Encryption Agent (71d6d4b6d91bc39c07fac2f3d7d20e6b) C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
21:15:17.0888 5372 McAfee Endpoint Encryption Agent - ok
21:15:18.0028 5372 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys
21:15:18.0028 5372 mcdbus - ok
21:15:18.0075 5372 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:15:18.0091 5372 Mcx2Svc - ok
21:15:18.0122 5372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
21:15:18.0138 5372 megasas - ok
21:15:18.0184 5372 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
21:15:18.0200 5372 MegaSR - ok
21:15:18.0231 5372 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
21:15:18.0231 5372 MEIx64 - ok
21:15:18.0356 5372 MfeEpePc (8408edc29d98e0ec256daf57542c9268) C:\windows\system32\drivers\MfeEpePc.sys
21:15:18.0356 5372 MfeEpePc - ok
21:15:18.0481 5372 Microsoft SharePoint Workspace Audit Service - ok
21:15:18.0528 5372 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:15:18.0528 5372 MMCSS - ok
21:15:18.0574 5372 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:15:18.0574 5372 Modem - ok
21:15:18.0668 5372 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:15:18.0668 5372 monitor - ok
21:15:18.0746 5372 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:15:18.0746 5372 mouclass - ok
21:15:18.0808 5372 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:15:18.0808 5372 mouhid - ok
21:15:18.0902 5372 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:15:18.0918 5372 mountmgr - ok
21:15:18.0964 5372 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:15:18.0980 5372 mpio - ok
21:15:19.0058 5372 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:15:19.0058 5372 mpsdrv - ok
21:15:19.0167 5372 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
21:15:19.0198 5372 MpsSvc - ok
21:15:19.0276 5372 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:15:19.0292 5372 MRxDAV - ok
21:15:19.0339 5372 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:15:19.0339 5372 mrxsmb - ok
21:15:19.0370 5372 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:15:19.0370 5372 mrxsmb10 - ok
21:15:19.0401 5372 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:15:19.0401 5372 mrxsmb20 - ok
21:15:19.0464 5372 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
21:15:19.0464 5372 msahci - ok
21:15:19.0510 5372 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:15:19.0510 5372 msdsm - ok
21:15:19.0557 5372 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:15:19.0573 5372 MSDTC - ok
21:15:19.0698 5372 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:15:19.0698 5372 Msfs - ok
21:15:19.0760 5372 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:15:19.0760 5372 mshidkmdf - ok
21:15:19.0807 5372 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:15:19.0807 5372 msisadrv - ok
21:15:19.0854 5372 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:15:19.0854 5372 MSiSCSI - ok
21:15:19.0885 5372 msiserver - ok
21:15:19.0978 5372 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:15:19.0978 5372 MSKSSRV - ok
21:15:19.0994 5372 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:15:19.0994 5372 MSPCLOCK - ok
21:15:20.0025 5372 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:15:20.0025 5372 MSPQM - ok
21:15:20.0088 5372 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:15:20.0103 5372 MsRPC - ok
21:15:20.0150 5372 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
21:15:20.0150 5372 mssmbios - ok
21:15:20.0166 5372 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:15:20.0181 5372 MSTEE - ok
21:15:20.0212 5372 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
21:15:20.0212 5372 MTConfig - ok
21:15:20.0244 5372 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:15:20.0244 5372 Mup - ok
21:15:20.0337 5372 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:15:20.0353 5372 napagent - ok
21:15:20.0446 5372 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:15:20.0462 5372 NativeWifiP - ok
21:15:20.0602 5372 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:15:20.0618 5372 NDIS - ok
21:15:20.0696 5372 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:15:20.0696 5372 NdisCap - ok
21:15:20.0790 5372 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:15:20.0790 5372 NdisTapi - ok
21:15:20.0868 5372 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:15:20.0883 5372 Ndisuio - ok
21:15:20.0930 5372 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:15:20.0930 5372 NdisWan - ok
21:15:21.0039 5372 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:15:21.0039 5372 NDProxy - ok
21:15:21.0133 5372 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:15:21.0133 5372 NetBIOS - ok
21:15:21.0195 5372 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:15:21.0195 5372 NetBT - ok
21:15:21.0258 5372 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:15:21.0258 5372 Netlogon - ok
21:15:21.0336 5372 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:15:21.0351 5372 Netman - ok
21:15:21.0445 5372 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:15:21.0460 5372 NetMsmqActivator - ok
21:15:21.0476 5372 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:15:21.0492 5372 NetPipeActivator - ok
21:15:21.0538 5372 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:15:21.0554 5372 netprofm - ok
21:15:21.0601 5372 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:15:21.0601 5372 NetTcpActivator - ok
21:15:21.0616 5372 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:15:21.0616 5372 NetTcpPortSharing - ok
21:15:21.0648 5372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
21:15:21.0663 5372 nfrd960 - ok
21:15:21.0757 5372 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:15:21.0772 5372 NlaSvc - ok
21:15:21.0819 5372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:15:21.0819 5372 Npfs - ok
21:15:21.0866 5372 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:15:21.0866 5372 nsi - ok
21:15:21.0897 5372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:15:21.0913 5372 nsiproxy - ok
21:15:22.0006 5372 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:15:22.0038 5372 Ntfs - ok
21:15:22.0100 5372 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:15:22.0100 5372 Null - ok
21:15:22.0162 5372 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\windows\system32\DRIVERS\nusb3hub.sys
21:15:22.0178 5372 nusb3hub - ok
21:15:22.0209 5372 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\windows\system32\DRIVERS\nusb3xhc.sys
21:15:22.0209 5372 nusb3xhc - ok
21:15:22.0272 5372 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:15:22.0287 5372 nvraid - ok
21:15:22.0303 5372 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:15:22.0303 5372 nvstor - ok
21:15:22.0412 5372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:15:22.0412 5372 nv_agp - ok
21:15:22.0459 5372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:15:22.0459 5372 ohci1394 - ok
21:15:22.0521 5372 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:15:22.0537 5372 ose - ok
21:15:22.0724 5372 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:15:22.0818 5372 osppsvc - ok
21:15:22.0896 5372 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:15:22.0911 5372 p2pimsvc - ok
21:15:22.0927 5372 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:15:22.0942 5372 p2psvc - ok
21:15:23.0020 5372 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
21:15:23.0020 5372 Parport - ok
21:15:23.0083 5372 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
21:15:23.0083 5372 partmgr - ok
21:15:23.0145 5372 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:15:23.0161 5372 PcaSvc - ok
21:15:23.0208 5372 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:15:23.0223 5372 pci - ok
21:15:23.0254 5372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
21:15:23.0254 5372 pciide - ok
21:15:23.0270 5372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
21:15:23.0286 5372 pcmcia - ok
21:15:23.0317 5372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:15:23.0317 5372 pcw - ok
21:15:23.0395 5372 PdiService (8f924f00f2f81422fd7c340fda0e00d8) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
21:15:23.0410 5372 PdiService - ok
21:15:23.0488 5372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:15:23.0504 5372 PEAUTH - ok
21:15:23.0566 5372 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll
21:15:23.0598 5372 PeerDistSvc - ok
21:15:23.0691 5372 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:15:23.0707 5372 PerfHost - ok
21:15:23.0816 5372 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:15:23.0863 5372 pla - ok
21:15:23.0956 5372 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:15:23.0988 5372 PlugPlay - ok
21:15:24.0019 5372 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:15:24.0034 5372 PNRPAutoReg - ok
21:15:24.0066 5372 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:15:24.0066 5372 PNRPsvc - ok
21:15:24.0128 5372 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:15:24.0144 5372 PolicyAgent - ok
21:15:24.0253 5372 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:15:24.0268 5372 Power - ok
21:15:24.0346 5372 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:15:24.0362 5372 PptpMiniport - ok
21:15:24.0393 5372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
21:15:24.0393 5372 Processor - ok
21:15:24.0440 5372 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
21:15:24.0456 5372 ProfSvc - ok
21:15:24.0502 5372 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:15:24.0502 5372 ProtectedStorage - ok
21:15:24.0627 5372 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:15:24.0627 5372 Psched - ok
21:15:24.0736 5372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
21:15:24.0768 5372 ql2300 - ok
21:15:24.0799 5372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
21:15:24.0814 5372 ql40xx - ok
21:15:24.0877 5372 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:15:24.0892 5372 QWAVE - ok
21:15:24.0924 5372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:15:24.0939 5372 QWAVEdrv - ok
21:15:24.0955 5372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:15:24.0955 5372 RasAcd - ok
21:15:25.0017 5372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:15:25.0017 5372 RasAgileVpn - ok
21:15:25.0080 5372 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:15:25.0095 5372 RasAuto - ok
21:15:25.0142 5372 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:15:25.0158 5372 Rasl2tp - ok
21:15:25.0236 5372 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:15:25.0251 5372 RasMan - ok
21:15:25.0314 5372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:15:25.0329 5372 RasPppoe - ok
21:15:25.0360 5372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:15:25.0360 5372 RasSstp - ok
21:15:25.0423 5372 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:15:25.0423 5372 rdbss - ok
21:15:25.0454 5372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
21:15:25.0454 5372 rdpbus - ok
21:15:25.0485 5372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:15:25.0485 5372 RDPCDD - ok
21:15:25.0563 5372 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys
21:15:25.0563 5372 RDPDR - ok
21:15:25.0657 5372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:15:25.0657 5372 RDPENCDD - ok
21:15:25.0688 5372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:15:25.0688 5372 RDPREFMP - ok
21:15:25.0750 5372 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
21:15:25.0750 5372 RDPWD - ok
21:15:25.0828 5372 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:15:25.0828 5372 rdyboost - ok
21:15:25.0891 5372 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:15:25.0906 5372 RemoteAccess - ok
21:15:26.0000 5372 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:15:26.0016 5372 RemoteRegistry - ok
21:15:26.0078 5372 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
21:15:26.0078 5372 RFCOMM - ok
21:15:26.0094 5372 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:15:26.0109 5372 RpcEptMapper - ok
21:15:26.0140 5372 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:15:26.0140 5372 RpcLocator - ok
21:15:26.0203 5372 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:15:26.0218 5372 RpcSs - ok
21:15:26.0312 5372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:15:26.0328 5372 rspndr - ok
21:15:26.0390 5372 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
21:15:26.0406 5372 RTL8167 - ok
21:15:26.0468 5372 s3cap (e60c0a09f997826c7627b244195ab581) C:\windows\system32\drivers\vms3cap.sys
21:15:26.0468 5372 s3cap - ok
21:15:26.0530 5372 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:15:26.0530 5372 SamSs - ok
21:15:26.0577 5372 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:15:26.0593 5372 sbp2port - ok
21:15:26.0640 5372 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:15:26.0640 5372 SCardSvr - ok
21:15:26.0702 5372 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:15:26.0702 5372 scfilter - ok
21:15:26.0796 5372 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:15:26.0827 5372 Schedule - ok
21:15:26.0905 5372 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:15:26.0920 5372 SCPolicySvc - ok
21:15:27.0014 5372 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
21:15:27.0014 5372 sdbus - ok
21:15:27.0061 5372 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:15:27.0076 5372 SDRSVC - ok
21:15:27.0139 5372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:15:27.0139 5372 secdrv - ok
21:15:27.0170 5372 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:15:27.0170 5372 seclogon - ok
21:15:27.0264 5372 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
21:15:27.0264 5372 SENS - ok
21:15:27.0310 5372 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:15:27.0326 5372 SensrSvc - ok
21:15:27.0388 5372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
21:15:27.0388 5372 Serenum - ok
21:15:27.0404 5372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
21:15:27.0420 5372 Serial - ok
21:15:27.0482 5372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
21:15:27.0482 5372 sermouse - ok
21:15:27.0576 5372 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:15:27.0591 5372 SessionEnv - ok
21:15:27.0638 5372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:15:27.0638 5372 sffdisk - ok
21:15:27.0654 5372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:15:27.0669 5372 sffp_mmc - ok
21:15:27.0700 5372 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:15:27.0700 5372 sffp_sd - ok
21:15:27.0747 5372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
21:15:27.0747 5372 sfloppy - ok
21:15:27.0810 5372 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
21:15:27.0825 5372 Sftfs - ok
21:15:27.0903 5372 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:15:27.0903 5372 sftlist - ok
21:15:28.0012 5372 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:15:28.0012 5372 Sftplay - ok
21:15:28.0044 5372 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:15:28.0044 5372 Sftredir - ok
21:15:28.0059 5372 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
21:15:28.0059 5372 Sftvol - ok
21:15:28.0106 5372 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:15:28.0122 5372 sftvsa - ok
21:15:28.0184 5372 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:15:28.0200 5372 SharedAccess - ok
21:15:28.0278 5372 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:15:28.0293 5372 ShellHWDetection - ok
21:15:28.0340 5372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:15:28.0356 5372 SiSRaid2 - ok
21:15:28.0371 5372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
21:15:28.0371 5372 SiSRaid4 - ok
21:15:28.0434 5372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:15:28.0434 5372 Smb - ok
21:15:28.0512 5372 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:15:28.0527 5372 SNMPTRAP - ok
21:15:28.0621 5372 SNP2UVC (43fbaa2c9e6b01b6afc40b69019c27ec) C:\windows\system32\DRIVERS\snp2uvc.sys
21:15:28.0668 5372 SNP2UVC - ok
21:15:28.0730 5372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:15:28.0730 5372 spldr - ok
21:15:28.0777 5372 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:15:28.0808 5372 Spooler - ok
21:15:28.0995 5372 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:15:29.0073 5372 sppsvc - ok
21:15:29.0089 5372 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:15:29.0104 5372 sppuinotify - ok
21:15:29.0198 5372 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:15:29.0214 5372 srv - ok
21:15:29.0245 5372 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:15:29.0260 5372 srv2 - ok
21:15:29.0276 5372 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:15:29.0276 5372 srvnet - ok
21:15:29.0354 5372 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:15:29.0370 5372 SSDPSRV - ok
21:15:29.0416 5372 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:15:29.0432 5372 SstpSvc - ok
21:15:29.0557 5372 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
21:15:29.0572 5372 STacSV - ok
21:15:29.0650 5372 Steam Client Service - ok
21:15:29.0728 5372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
21:15:29.0728 5372 stexstor - ok
21:15:29.0853 5372 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\windows\system32\DRIVERS\stwrt64.sys
21:15:29.0869 5372 STHDA - ok
21:15:29.0962 5372 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:15:29.0978 5372 stisvc - ok
21:15:30.0087 5372 storflt (7785dc213270d2fc066538daf94087e7) C:\windows\system32\drivers\vmstorfl.sys
21:15:30.0087 5372 storflt - ok
21:15:30.0134 5372 StorSvc (c40841817ef57d491f22eb103da587cc) C:\windows\system32\storsvc.dll
21:15:30.0134 5372 StorSvc - ok
21:15:30.0181 5372 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\windows\system32\drivers\storvsc.sys
21:15:30.0181 5372 storvsc - ok
21:15:30.0228 5372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
21:15:30.0228 5372 swenum - ok
21:15:30.0274 5372 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:15:30.0290 5372 swprv - ok
21:15:30.0415 5372 SynTP (0b0ae2373ff3b31cd02f30bd71c7d14c) C:\windows\system32\DRIVERS\SynTP.sys
21:15:30.0430 5372 SynTP - ok
21:15:30.0508 5372 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:15:30.0555 5372 SysMain - ok
21:15:30.0649 5372 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:15:30.0664 5372 TabletInputService - ok
21:15:30.0711 5372 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:15:30.0727 5372 TapiSrv - ok
21:15:30.0758 5372 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:15:30.0774 5372 TBS - ok
21:15:30.0867 5372 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
21:15:30.0914 5372 Tcpip - ok
21:15:31.0008 5372 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
21:15:31.0039 5372 TCPIP6 - ok
21:15:31.0101 5372 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:15:31.0101 5372 tcpipreg - ok
21:15:31.0132 5372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:15:31.0148 5372 TDPIPE - ok
21:15:31.0195 5372 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:15:31.0195 5372 TDTCP - ok
21:15:31.0257 5372 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:15:31.0257 5372 tdx - ok
21:15:31.0320 5372 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
21:15:31.0320 5372 TermDD - ok
21:15:31.0398 5372 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:15:31.0429 5372 TermService - ok
21:15:31.0460 5372 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:15:31.0460 5372 Themes - ok
21:15:31.0507 5372 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:15:31.0507 5372 THREADORDER - ok
21:15:31.0569 5372 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
21:15:31.0585 5372 TPM - ok
21:15:31.0647 5372 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:15:31.0647 5372 TrkWks - ok
21:15:31.0710 5372 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:15:31.0710 5372 TrustedInstaller - ok
21:15:31.0772 5372 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:15:31.0772 5372 tssecsrv - ok
21:15:31.0819 5372 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:15:31.0834 5372 TsUsbFlt - ok
21:15:31.0912 5372 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:15:31.0928 5372 tunnel - ok
21:15:31.0959 5372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
21:15:31.0959 5372 uagp35 - ok
21:15:32.0100 5372 uArcCapture (d5994ab5c2b2d72d6320a7004d52617c) C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
21:15:32.0100 5372 uArcCapture - ok
21:15:32.0178 5372 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:15:32.0193 5372 udfs - ok
21:15:32.0271 5372 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:15:32.0271 5372 UI0Detect - ok
21:15:32.0349 5372 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:15:32.0349 5372 uliagpkx - ok
21:15:32.0427 5372 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
21:15:32.0427 5372 umbus - ok
21:15:32.0490 5372 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
21:15:32.0490 5372 UmPass - ok
21:15:32.0568 5372 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll
21:15:32.0583 5372 UmRdpService - ok
21:15:32.0739 5372 UNS (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:15:32.0786 5372 UNS - ok
21:15:32.0864 5372 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:15:32.0880 5372 upnphost - ok
21:15:32.0942 5372 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
21:15:32.0942 5372 USBAAPL64 - ok
21:15:32.0989 5372 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:15:33.0004 5372 usbccgp - ok
21:15:33.0036 5372 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:15:33.0036 5372 usbcir - ok
21:15:33.0067 5372 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
21:15:33.0067 5372 usbehci - ok
21:15:33.0129 5372 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:15:33.0145 5372 usbhub - ok
21:15:33.0160 5372 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
21:15:33.0176 5372 usbohci - ok
21:15:33.0285 5372 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
21:15:33.0285 5372 usbprint - ok
21:15:33.0348 5372 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
21:15:33.0348 5372 usbscan - ok
21:15:33.0410 5372 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:15:33.0410 5372 USBSTOR - ok
21:15:33.0426 5372 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:15:33.0426 5372 usbuhci - ok
21:15:33.0457 5372 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
21:15:33.0472 5372 usbvideo - ok
21:15:33.0504 5372 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:15:33.0519 5372 UxSms - ok
21:15:33.0582 5372 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:15:33.0582 5372 VaultSvc - ok
21:15:33.0722 5372 vcsFPService (48e21e9aab80a25e3920daa75a00caa1) C:\windows\system32\vcsFPService.exe
21:15:33.0784 5372 vcsFPService - ok
21:15:33.0909 5372 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:15:33.0909 5372 vdrvroot - ok
21:15:33.0972 5372 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:15:34.0003 5372 vds - ok
21:15:34.0065 5372 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:15:34.0065 5372 vga - ok
21:15:34.0128 5372 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:15:34.0128 5372 VgaSave - ok
21:15:34.0174 5372 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:15:34.0174 5372 vhdmp - ok
21:15:34.0221 5372 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:15:34.0237 5372 viaide - ok
21:15:34.0268 5372 vmbus (86ea3e79ae350fea5331a1303054005f) C:\windows\system32\drivers\vmbus.sys
21:15:34.0268 5372 vmbus - ok
21:15:34.0299 5372 VMBusHID (7de90b48f210d29649380545db45a187) C:\windows\system32\drivers\VMBusHID.sys
21:15:34.0299 5372 VMBusHID - ok
21:15:34.0362 5372 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:15:34.0362 5372 volmgr - ok
21:15:34.0424 5372 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:15:34.0440 5372 volmgrx - ok
21:15:34.0533 5372 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
21:15:34.0549 5372 volsnap - ok
21:15:34.0627 5372 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\windows\system32\DRIVERS\vpchbus.sys
21:15:34.0627 5372 vpcbus - ok
21:15:34.0674 5372 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\windows\system32\DRIVERS\vpcnfltr.sys
21:15:34.0674 5372 vpcnfltr - ok
21:15:34.0736 5372 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\windows\system32\DRIVERS\vpcusb.sys
21:15:34.0736 5372 vpcusb - ok
21:15:34.0798 5372 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\windows\system32\drivers\vpcvmm.sys
21:15:34.0814 5372 vpcvmm - ok
21:15:34.0892 5372 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
21:15:34.0908 5372 vsmraid - ok
21:15:34.0970 5372 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:15:35.0001 5372 VSS - ok
21:15:35.0032 5372 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:15:35.0032 5372 vwifibus - ok
21:15:35.0126 5372 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:15:35.0126 5372 vwififlt - ok
21:15:35.0204 5372 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:15:35.0220 5372 W32Time - ok
21:15:35.0266 5372 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
21:15:35.0266 5372 WacomPen - ok
21:15:35.0344 5372 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:15:35.0344 5372 WANARP - ok
21:15:35.0360 5372 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:15:35.0376 5372 Wanarpv6 - ok
21:15:35.0578 5372 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:15:35.0610 5372 WatAdminSvc - ok
21:15:35.0719 5372 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:15:35.0750 5372 wbengine - ok
21:15:35.0828 5372 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:15:35.0844 5372 WbioSrvc - ok
21:15:35.0906 5372 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:15:35.0922 5372 wcncsvc - ok
21:15:35.0953 5372 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:15:35.0968 5372 WcsPlugInService - ok
21:15:35.0984 5372 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
21:15:36.0000 5372 Wd - ok
21:15:36.0046 5372 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:15:36.0062 5372 Wdf01000 - ok
21:15:36.0124 5372 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:15:36.0140 5372 WdiServiceHost - ok
21:15:36.0140 5372 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:15:36.0156 5372 WdiSystemHost - ok
21:15:36.0218 5372 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:15:36.0234 5372 WebClient - ok
21:15:36.0249 5372 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:15:36.0265 5372 Wecsvc - ok
21:15:36.0296 5372 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:15:36.0312 5372 wercplsupport - ok
21:15:36.0358 5372 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:15:36.0374 5372 WerSvc - ok
21:15:36.0436 5372 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:15:36.0436 5372 WfpLwf - ok
21:15:36.0468 5372 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:15:36.0468 5372 WIMMount - ok
21:15:36.0546 5372 WinDefend - ok
21:15:36.0577 5372 WinHttpAutoProxySvc - ok
21:15:36.0670 5372 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:15:36.0670 5372 Winmgmt - ok
21:15:36.0764 5372 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:15:36.0811 5372 WinRM - ok
21:15:36.0951 5372 WinUSB (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys
21:15:36.0967 5372 WinUSB - ok
21:15:37.0014 5372 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:15:37.0045 5372 Wlansvc - ok
21:15:37.0216 5372 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:15:37.0263 5372 wlidsvc - ok
21:15:37.0388 5372 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
21:15:37.0388 5372 WmiAcpi - ok
21:15:37.0450 5372 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:15:37.0450 5372 wmiApSrv - ok
21:15:37.0513 5372 WMPNetworkSvc - ok
21:15:37.0575 5372 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:15:37.0591 5372 WPCSvc - ok
21:15:37.0669 5372 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:15:37.0684 5372 WPDBusEnum - ok
21:15:37.0731 5372 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:15:37.0731 5372 ws2ifsl - ok
21:15:37.0794 5372 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
21:15:37.0809 5372 wscsvc - ok
21:15:37.0825 5372 WSearch - ok
21:15:37.0950 5372 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
21:15:37.0996 5372 wuauserv - ok
21:15:38.0090 5372 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:15:38.0090 5372 WudfPf - ok
21:15:38.0152 5372 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:15:38.0152 5372 WUDFRd - ok
21:15:38.0215 5372 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:15:38.0215 5372 wudfsvc - ok
21:15:38.0262 5372 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\windows\System32\wwansvc.dll
21:15:38.0277 5372 WwanSvc - ok
21:15:38.0371 5372 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:15:38.0433 5372 \Device\Harddisk0\DR0 - ok
21:15:38.0433 5372 Boot (0x1200) (5f721bd2d1a12dc4478a6709804ab247) \Device\Harddisk0\DR0\Partition0
21:15:38.0433 5372 \Device\Harddisk0\DR0\Partition0 - ok
21:15:38.0449 5372 Boot (0x1200) (f3ab6c136b712180a1cd8b0da4e4e1fa) \Device\Harddisk0\DR0\Partition1
21:15:38.0449 5372 \Device\Harddisk0\DR0\Partition1 - ok
21:15:38.0480 5372 Boot (0x1200) (456c2ce7b42c1393d77a890c66166128) \Device\Harddisk0\DR0\Partition2
21:15:38.0480 5372 \Device\Harddisk0\DR0\Partition2 - ok
21:15:38.0496 5372 Boot (0x1200) (2acb5a319f593232378c137ad8e2a41a) \Device\Harddisk0\DR0\Partition3
21:15:38.0496 5372 \Device\Harddisk0\DR0\Partition3 - ok
21:15:38.0496 5372 ============================================================
21:15:38.0496 5372 Scan finished
21:15:38.0496 5372 ============================================================
21:15:38.0527 6340 Detected object count: 0
21:15:38.0527 6340 Actual detected object count: 0

aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 21:17:03
-----------------------------
21:17:03.065 OS Version: Windows x64 6.1.7601 Service Pack 1
21:17:03.065 Number of processors: 4 586 0x2A07
21:17:03.065 ComputerName: KENSHINOKUBO-HP UserName: Kenshin Okubo
21:17:04.141 Initialize success
21:17:04.328 AVAST engine defs: 12032702
21:17:15.545 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:17:15.545 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
21:17:15.560 Disk 0 MBR read successfully
21:17:15.560 Disk 0 MBR scan
21:17:15.576 Disk 0 Windows 7 default MBR code
21:17:15.592 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
21:17:15.607 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 454147 MB offset 616448
21:17:15.638 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17369 MB offset 930709504
21:17:15.670 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 5115 MB offset 966281216
21:17:15.701 Disk 0 scanning C:\windows\system32\drivers
21:17:27.666 Service scanning
21:17:54.405 Modules scanning
21:17:54.420 Disk 0 trace - called modules:
21:17:54.951 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys
21:17:54.966 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066c5060]
21:17:54.982 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8004c94b10]
21:17:54.997 5 hpdskflt.sys[fffff88001bb5189] -> nt!IofCallDriver -> [0xfffffa800481bdb0]
21:17:54.997 7 ACPI.sys[fffff88000f977a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004899050]
21:17:55.933 AVAST engine scan C:\windows
21:17:58.741 AVAST engine scan C:\windows\system32
21:19:37.582 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
21:19:40.515 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
21:21:13.108 AVAST engine scan C:\windows\system32\drivers
21:21:31.078 AVAST engine scan C:\Users\Kenshin Okubo
21:23:33.471 File: C:\Users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe **INFECTED** Win32:Malware-gen
21:23:33.799 File: C:\Users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\GoogleUpdate.exe **INFECTED** Win32:Trojan-gen
21:30:27.376 Disk 0 MBR has been saved successfully to "C:\Users\Kenshin Okubo\Desktop\MBR.dat"
21:30:27.407 The log file has been saved successfully to "C:\Users\Kenshin Okubo\Desktop\aswMBR.txt"

#6 nihsnek123

nihsnek123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 March 2012 - 08:32 PM

Also, was I supposed to click fixMBR after the aswMBR scan finished?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 27 March 2012 - 09:10 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\programdata\Premium
c:\programdata\Codec-C
C:\codec-info
c:\programdata\InstallMate

File::
C:\user.js
C:\windows\assembly\GAC_32\Desktop.ini
C:\windows\assembly\GAC_64\Desktop.ini 
C:\Users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe 
C:\Users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\GoogleUpdate.exe

DDS::
uStart Page = hxxp://start.funmoods.com/?f=1&a=bf4

FireFox::
FF - ProfilePath - c:\users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=bf4
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf4
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf4
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=
FF - user.js: extensions.funmoods_i.id - f474c0df00000000000068a3c4ccfdb0
FF - user.js: extensions.funmoods_i.instlDay - 15423
FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.20:32
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - bf4
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 nihsnek123

nihsnek123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 March 2012 - 09:55 PM

No problems yet with Combofix yet!

My computer seems slow but that might be because it just rebooted.

anyway, Combofix report:

ComboFix 12-03-27.02 - Kenshin Okubo 03/27/2012 22:17:21.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2191 [GMT -4:00]
Running from: c:\users\Kenshin Okubo\Downloads\ComboFix.exe
Command switches used :: c:\users\Kenshin Okubo\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\user.js"
"c:\users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe"
"c:\users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\GoogleUpdate.exe"
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\codec-info
c:\codec-info\codec_info.html
c:\programdata\Codec-C
c:\programdata\Codec-C\background.html
c:\programdata\Codec-C\content.js
c:\programdata\Codec-C\hpilclpacieflhmobalmaccogiioldoo.crx
c:\programdata\Codec-C\settings.ini
c:\programdata\Codec-C\uninstall.exe
c:\programdata\InstallMate
c:\programdata\Premium
C:\user.js
c:\users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\GoogleUpdate.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 02:32 . 2012-03-28 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 16:12 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1948ACC7-E38F-47B9-B75C-2D812B8107E9}\mpengine.dll
2012-03-27 13:39 . 2012-03-27 13:39 -------- d-----w- c:\users\Kenshin Okubo\AppData\Local\adawarebp
2012-03-27 13:39 . 2012-03-27 13:39 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-03-27 13:39 . 2012-03-27 13:39 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-03-27 13:39 . 2012-03-27 13:39 -------- d-----w- c:\program files (x86)\adawaretb
2012-03-27 13:39 . 2012-03-20 17:41 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-26 18:38 . 2012-03-26 18:38 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-24 14:37 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-22 14:06 . 2012-03-22 14:06 -------- d-----w- c:\programdata\Synaptics
2012-03-22 12:16 . 2012-03-22 12:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-21 23:03 . 2011-07-15 05:38 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-03-21 23:03 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2012-03-21 23:03 . 2011-07-15 05:38 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-19 12:16 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-19 12:15 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-19 12:15 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-18 18:34 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-18 18:33 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-18 18:33 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-18 18:33 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 18:33 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-18 18:33 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-18 18:32 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-18 18:32 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-18 18:32 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 18:32 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-07 01:33 . 2012-03-07 01:33 -------- d-----w- c:\users\Kenshin Okubo\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-22 12:16 . 2011-08-16 15:39 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-06 23:15 . 2012-01-12 06:12 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-01-12 06:12 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2012-01-12 06:12 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-01-12 06:12 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-01-12 06:12 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:01 . 2012-01-12 06:12 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-01-12 06:12 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-01-12 06:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 13:18 . 2011-08-09 17:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-01 22:06 . 2012-02-01 22:06 90112 ----a-w- c:\windows\system32\igfxCoIn_v2509.dll
2012-02-01 22:06 . 2012-02-01 22:06 376832 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-01 22:06 . 2012-02-01 22:06 376832 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-01 22:06 . 2012-02-01 22:06 98304 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-01 22:06 . 2012-02-01 22:06 98304 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-01 22:06 . 2012-02-01 22:06 510232 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-01 22:06 . 2012-02-01 22:06 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-01 22:06 . 2012-02-01 22:06 167704 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-01 22:06 . 2012-02-01 22:06 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-01 22:06 . 2012-02-01 22:06 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-01 22:06 . 2012-02-01 22:06 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-01 22:06 . 2012-02-01 22:06 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-01 22:06 . 2012-02-01 22:06 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-01 22:06 . 2011-03-26 03:39 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-01 22:06 . 2011-03-26 03:38 9014784 ----a-w- c:\windows\system32\igfxress.dll
2012-02-01 22:06 . 2012-02-01 22:06 416024 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-01 22:06 . 2012-02-01 22:06 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-01 22:06 . 2012-02-01 22:06 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-01 22:06 . 2012-02-01 22:06 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-01 22:06 . 2012-02-01 22:06 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-01 22:06 . 2012-02-01 22:06 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-01 22:06 . 2012-02-01 22:06 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-01 22:06 . 2012-02-01 22:06 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-01 22:06 . 2012-02-01 22:06 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-01 22:06 . 2012-02-01 22:06 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-01 22:06 . 2012-02-01 22:06 390144 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-01 22:06 . 2012-02-01 22:06 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-01 22:06 . 2012-02-01 22:06 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-01 22:06 . 2012-02-01 22:06 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-01 22:06 . 2012-02-01 22:06 239896 ----a-w- c:\windows\system32\igfxext.exe
2012-02-01 22:06 . 2012-02-01 22:06 216000 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-01 22:06 . 2012-02-01 22:06 162816 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-01 22:06 . 2012-02-01 22:06 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-01 22:06 . 2012-02-01 22:06 140288 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-01 22:06 . 2012-02-01 22:06 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-01 22:06 . 2011-03-26 04:08 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-02-01 22:06 . 2011-03-26 03:39 375808 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-01 22:06 . 2012-02-01 22:06 75776 ----a-w- c:\windows\system32\igdde64.dll
2012-02-01 22:06 . 2012-02-01 22:06 56832 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-01 22:06 . 2012-02-01 22:06 12306848 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-01 22:06 . 2011-03-26 04:17 8312320 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-01 22:06 . 2011-03-26 04:12 6322688 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-01 22:06 . 2011-03-26 04:05 14598656 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-01 22:06 . 2012-02-01 22:06 18641408 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-01 22:06 . 2012-02-01 22:06 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-01 22:06 . 2011-03-26 04:02 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-01 22:06 . 2012-02-01 22:06 4378392 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-01 22:06 . 2012-02-01 22:06 392472 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-01 22:06 . 2012-02-01 22:06 179992 ----a-w- c:\windows\system32\difx64.exe
2012-02-01 22:06 . 2012-02-01 22:06 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-01 22:06 . 2011-03-26 03:39 110080 ----a-w- c:\windows\system32\hccutils.dll
2012-02-01 21:54 . 2012-02-01 21:54 91648 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2012-02-01 21:54 . 2012-02-01 21:54 81920 ----a-w- c:\windows\system32\nusb3co2.dll
2012-02-01 21:54 . 2012-02-01 21:54 208896 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2012-01-04 10:44 . 2012-02-15 13:39 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 13:39 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26 . 2012-02-15 13:39 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 13:39 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_14.52.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-03-28 02:38 39834 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-08-09 22:29 . 2012-03-27 14:50 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-09 22:29 . 2012-03-28 02:35 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-09 22:29 . 2012-03-27 14:50 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-09 22:29 . 2012-03-28 02:35 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-27 14:50 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 02:35 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-09 17:59 . 2012-03-27 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-09 17:59 . 2012-03-28 02:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-09 17:59 . 2012-03-28 02:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-09 17:59 . 2012-03-27 14:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-09 17:59 . 2012-03-27 14:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-09 17:59 . 2012-03-28 02:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-09 19:12 . 2012-03-27 14:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-09 19:12 . 2012-03-28 02:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-09 19:12 . 2012-03-28 02:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-09 19:12 . 2012-03-27 14:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-09 18:00 . 2012-03-28 02:38 9228 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-201420724-3268033714-2921668267-1001_UserData.bin
- 2012-03-27 14:50 . 2012-03-27 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-28 02:35 . 2012-03-28 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-27 14:50 . 2012-03-27 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-28 02:35 . 2012-03-28 02:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-09 18:42 . 2012-03-28 01:52 298460 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-03-27 16:16 662594 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-03-26 17:09 662594 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-27 16:16 122222 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-03-26 17:09 122222 c:\windows\system64\perfc009.dat
+ 2009-07-14 04:46 . 2012-03-27 16:20 110688 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2012-03-28 02:34 433256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-27 14:49 433256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-03-28 02:36 6160384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-27 14:53 6160384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 02:36 2048000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-27 14:53 2048000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-03-22 12:12 7458319 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-27 14:58 7458319 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-08-09 20:07 . 2012-03-28 02:34 36269092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-201420724-3268033714-2921668267-1001-8192.dat
- 2011-08-09 20:07 . 2012-03-27 14:49 36269092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-201420724-3268033714-2921668267-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-27 1242448]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-02-01 113288]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 517456]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-02-28 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adawarebp"="reg.exe delete HKCU\Software\AppDataLow\Software\adawarebp" [X]
"adawarebp_XP"="reg.exe delete HKCU\Software\adawarebp" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
2;2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-27 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-09 17152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-08-11 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-07 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-07 53920]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-03-29 1318912]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-03-24 3161904]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201420724-3268033714-2921668267-1001Core.job
- c:\users\Kenshin Okubo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 19:43]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-201420724-3268033714-2921668267-1001UA.job
- c:\users\Kenshin Okubo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 19:43]
.
2012-03-21 c:\windows\Tasks\HPCeeScheduleForKenshin Okubo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-03-18 c:\windows\Tasks\HPCeeScheduleForKENSHINOKUBO-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-07 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-07 379040]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-03-29 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-08-11 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-01 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 128.197.253.183 128.197.253.120 128.197.253.254
FF - ProfilePath - c:\users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codec-C\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-201420724-3268033714-2921668267-1001\Software\SecuROM\License information*]
"datasecu"=hex:d6,f8,9e,1f,df,f1,74,c3,70,37,c2,a0,2b,d6,0c,94,6a,c0,10,97,67,
c4,8b,d2,b6,fc,b5,90,d6,a2,c0,d2,f9,e5,8c,dc,16,69,89,6c,a1,04,e1,5d,ed,90,\
"rkeysecu"=hex:be,b4,80,c2,fc,7b,ee,74,33,31,f4,22,26,a2,05,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-27 22:43:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-28 02:43
ComboFix2.txt 2012-03-27 15:00
.
Pre-Run: 176,822,960,128 bytes free
Post-Run: 176,583,950,336 bytes free
.
- - End Of File - - 64601A442E45D1F7EBBE2C013C80E066

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 27 March 2012 - 10:24 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
Java™ 6 Update 22
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 nihsnek123

nihsnek123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 27 March 2012 - 10:58 PM

MBAM Log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kenshin Okubo :: KENSHINOKUBO-HP [administrator]

Protection: Disabled

3/27/2012 11:46:15 PM
mbam-log-2012-03-27 (23-46-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195918
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:11 PM, on 3/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKUS\S-1-5-18\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14148 bytes


Hey Gringo, still having some trouble. Codec-C still shows up in my install program list. Also when I search something on firefox, it automatically searches with Funmoods. Please help! You've been extremely helpful so far :)

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 27 March 2012 - 11:36 PM

Hello

try using revo to remove codec c

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 nihsnek123

nihsnek123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 28 March 2012 - 12:02 AM

OTL Log:


OTL logfile created on: 3/28/2012 12:48:12 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kenshin Okubo\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.94 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 41.86% Memory free
7.87 Gb Paging File | 5.26 Gb Available in Paging File | 66.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443.50 Gb Total Space | 166.65 Gb Free Space | 37.58% Space Free | Partition Type: NTFS
Drive E: | 16.96 Gb Total Space | 2.57 Gb Free Space | 15.15% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 4.97 Gb Free Space | 99.77% Space Free | Partition Type: FAT32

Computer Name: KENSHINOKUBO-HP | User Name: Kenshin Okubo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kenshin Okubo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Last.fm\LastFM.exe (Last.fm)


========== Modules (No Company Name) ==========

MOD - C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll ()
MOD - C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\libglesv2.dll ()
MOD - C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\libegl.dll ()
MOD - C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\avutil-51.dll ()
MOD - C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\avformat-53.dll ()
MOD - C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\avcodec-53.dll ()
MOD - C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\83fe46ae33b8fd827015387fb6efcd13\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\8173871e08b1253e32a30c899310f32a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll ()
MOD - C:\Program Files (x86)\Last.fm\ext_messengernotify.dll ()
MOD - C:\Program Files (x86)\Last.fm\ext_skypenotify.dll ()
MOD - C:\Program Files (x86)\Last.fm\srv_madtranscode.dll ()
MOD - C:\Program Files (x86)\Last.fm\srv_httpinput.dll ()
MOD - C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll ()
MOD - C:\Program Files (x86)\Last.fm\breakpad.dll ()
MOD - C:\Program Files (x86)\Last.fm\Moose1.dll ()
MOD - C:\Program Files (x86)\Last.fm\LastFmTools1.dll ()
MOD - C:\Program Files (x86)\Last.fm\libfftw3f-3.dll ()
MOD - C:\Program Files (x86)\Last.fm\zlibwapi.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Last.fm\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Last.fm\QtSql4.dll ()
MOD - C:\Program Files (x86)\Last.fm\QtGui4.dll ()
MOD - C:\Program Files (x86)\Last.fm\QtXml4.dll ()
MOD - C:\Program Files (x86)\Last.fm\QtCore4.dll ()
MOD - C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (McAfee Endpoint Encryption Agent) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe ()
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (jhi_service) Intel® -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (uArcCapture) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (hitmanpro35) -- C:\Windows\SysNative\drivers\hitmanpro35.sys ()
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MfeEpePc) -- C:\windows\SysNative\drivers\MfeEpePc.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (andnetadb) -- C:\Windows\SysNative\drivers\lgandnetadb.sys (Google Inc)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
IE - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\..\SearchScopes\{37CAB0C8-A1D2-4840-8059-6F59BE83C155}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
IE - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
IE - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 09:55:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/24 10:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/02/01 18:16:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/10 11:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/21 01:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/21 01:47:59 | 000,000,000 | ---D | M]

[2012/02/15 00:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Extensions
[2012/02/15 00:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/09 23:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable
[2011/08/09 23:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/03/27 22:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions
[2012/02/21 15:42:24 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/03/27 09:39:27 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/03/27 22:48:57 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\[email protected]
[2012/03/27 22:48:58 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\[email protected]
[2012/03/22 08:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/22 08:16:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/15 00:27:27 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/02/15 00:27:27 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/02/15 00:27:27 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/02/15 00:27:27 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/02/15 00:27:27 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/02/15 00:27:27 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/02/15 00:27:27 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/01/10 21:27:12 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/22 08:16:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/10 21:27:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/10 21:27:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kenshin Okubo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: avast! WebRep = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: AVG Safe Search = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Kenshin Okubo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/27 22:36:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-201420724-3268033714-2921668267-1001..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-201420724-3268033714-2921668267-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.197.253.183 128.197.253.120 128.197.253.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E5B2CDC-E37C-4BC6-BC9C-B335E232B098}: DhcpNameServer = 128.197.253.183 128.197.253.120 128.197.253.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 00:44:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Kenshin Okubo\Desktop\OTL.exe
[2012/03/27 23:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/03/27 23:53:59 | 000,000,000 | ---D | C] -- C:\Users\Kenshin Okubo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/27 23:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/27 23:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/03/27 23:30:41 | 000,000,000 | ---D | C] -- C:\Users\Kenshin Okubo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/03/27 22:44:03 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/03/27 22:36:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/27 21:13:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kenshin Okubo\Desktop\aswMBR.exe
[2012/03/27 21:12:49 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kenshin Okubo\Desktop\tdsskiller.exe
[2012/03/27 09:45:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/03/27 09:45:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/03/27 09:45:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/03/27 09:45:37 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/03/27 09:39:30 | 000,000,000 | ---D | C] -- C:\Users\Kenshin Okubo\AppData\Local\adawarebp
[2012/03/27 09:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/03/27 09:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/03/27 09:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/03/27 09:39:17 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\windows\SysNative\drivers\Lbd.sys
[2012/03/27 09:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/03/27 09:33:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/26 21:56:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/26 21:56:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/26 21:46:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kenshin Okubo\Desktop\dds.com
[2012/03/26 14:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/03/24 10:37:36 | 000,053,080 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2012/03/22 10:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2012/03/22 08:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/21 19:03:50 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2012/03/21 19:03:50 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2012/03/19 08:16:01 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/03/19 08:15:58 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/03/19 08:15:56 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/03/18 14:33:56 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/18 14:33:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/03/18 14:33:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/03/18 14:33:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/03/18 14:32:50 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/03/18 14:32:47 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/03/06 21:33:23 | 000,000,000 | ---D | C] -- C:\Users\Kenshin Okubo\AppData\Local\ElevatedDiagnostics

========== Files - Modified Within 30 Days ==========

[2012/03/28 00:54:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-201420724-3268033714-2921668267-1001UA.job
[2012/03/28 00:44:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kenshin Okubo\Desktop\OTL.exe
[2012/03/28 00:29:27 | 000,780,156 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/28 00:29:27 | 000,662,594 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/28 00:29:27 | 000,122,222 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/27 23:54:00 | 000,003,011 | ---- | M] () -- C:\Users\Kenshin Okubo\Desktop\HiJackThis.lnk
[2012/03/27 23:30:42 | 000,001,264 | ---- | M] () -- C:\Users\Kenshin Okubo\Desktop\Revo Uninstaller.lnk
[2012/03/27 22:55:40 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 22:55:40 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 22:46:57 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/03/27 22:46:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/27 22:46:01 | 4226,146,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/27 22:36:54 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/03/27 22:13:53 | 000,001,209 | ---- | M] () -- C:\Users\Kenshin Okubo\Desktop\ComboFix - Shortcut.lnk
[2012/03/27 21:30:27 | 000,000,512 | ---- | M] () -- C:\Users\Kenshin Okubo\Desktop\MBR.dat
[2012/03/27 21:13:23 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kenshin Okubo\Desktop\aswMBR.exe
[2012/03/27 21:12:52 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kenshin Okubo\Desktop\tdsskiller.exe
[2012/03/27 21:08:55 | 092,834,270 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/03/27 09:39:53 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2012/03/27 09:39:53 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
[2012/03/27 09:39:18 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/03/27 09:30:42 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-201420724-3268033714-2921668267-1001Core.job
[2012/03/26 21:46:23 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kenshin Okubo\Desktop\dds.com
[2012/03/26 21:43:28 | 000,000,000 | ---- | M] () -- C:\Users\Kenshin Okubo\defogger_reenable
[2012/03/24 20:50:51 | 000,383,780 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/24 10:37:35 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/03/22 08:16:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2012/03/22 08:16:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2012/03/22 08:16:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2012/03/22 08:16:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2012/03/21 19:03:19 | 000,000,000 | RHS- | M] () -- C:\windows\SysWow64\drivers\103C_HP_bNB_ProBook 4530s_Y5336AN_0U_QCNU1220NP6_E636603-002_4A_I167C_SHP_V22.1F_B68SRR F.0A_T110718_W748-1_L409_M4031_J500_7Intel_86A7_92.30_#110502_N10EC8168;168C002B_(XU018UT#ABA)_XMOBILE_CN10_Z_2A0001D02.MRK
[2012/03/21 19:03:19 | 000,000,000 | RHS- | M] () -- C:\windows\SysNative\drivers\103C_HP_bNB_ProBook 4530s_Y5336AN_0U_QCNU1220NP6_E636603-002_4A_I167C_SHP_V22.1F_B68SRR F.0A_T110718_W748-1_L409_M4031_J500_7Intel_86A7_92.30_#110502_N10EC8168;168C002B_(XU018UT#ABA)_XMOBILE_CN10_Z_2A0001D02.MRK
[2012/03/21 18:24:21 | 000,000,364 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForKenshin Okubo.job
[2012/03/21 18:24:02 | 000,434,912 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/20 13:41:18 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\windows\SysNative\drivers\Lbd.sys
[2012/03/18 12:53:23 | 000,000,356 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForKENSHINOKUBO-HP$.job
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2012/03/06 19:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2012/03/06 10:35:36 | 000,776,626 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/03/27 23:54:00 | 000,003,011 | ---- | C] () -- C:\Users\Kenshin Okubo\Desktop\HiJackThis.lnk
[2012/03/27 23:30:42 | 000,001,264 | ---- | C] () -- C:\Users\Kenshin Okubo\Desktop\Revo Uninstaller.lnk
[2012/03/27 22:13:19 | 000,001,209 | ---- | C] () -- C:\Users\Kenshin Okubo\Desktop\ComboFix - Shortcut.lnk
[2012/03/27 21:30:27 | 000,000,512 | ---- | C] () -- C:\Users\Kenshin Okubo\Desktop\MBR.dat
[2012/03/27 09:45:42 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/27 09:45:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/27 09:45:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/27 09:45:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/27 09:45:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/03/27 09:39:18 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/03/26 21:43:28 | 000,000,000 | ---- | C] () -- C:\Users\Kenshin Okubo\defogger_reenable
[2012/02/01 18:06:52 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/02/01 18:06:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/02/01 18:06:51 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/12/08 12:25:17 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\0Bw7u6Mb.com.b
[2011/12/08 11:00:03 | 000,000,112 | ---- | C] () -- C:\ProgramData\6y42wxKA.dat
[2011/08/30 11:08:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign
[2011/08/30 11:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign
[2011/08/30 11:08:48 | 000,021,840 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll
[2011/08/24 22:31:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/08/24 16:30:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2011/08/24 15:55:46 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011/08/24 15:55:46 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011/08/24 15:55:30 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2011/08/24 15:53:44 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2011/08/24 15:53:44 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2011/08/24 15:53:42 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2011/08/12 22:22:27 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2011/08/12 22:22:27 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2011/05/31 04:48:15 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdebged.sys
[2011/05/31 04:35:08 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/05/31 04:35:08 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011/05/02 15:37:42 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdebcdf.sys
[2011/05/02 15:15:57 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdebcch.sys
[2011/05/02 14:48:37 | 000,776,626 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/26 00:16:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/03/26 00:16:10 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/03/25 05:37:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2011/02/25 18:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011/02/21 10:37:16 | 000,038,224 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe
[2011/01/10 21:03:08 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat
[2010/12/07 01:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2010/12/07 01:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign

< End of report >


Also! Revo uninstalled Codec-C!!! At least, it doesn't show up on my install list anymore :) Thank you!!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 28 March 2012 - 12:10 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF>
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF>
    IE - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF>
    IE - HKU\S-1-5-21-201420724-3268033714-2921668267-1001\..\SearchScopes\{37CAB0C8-A1D2-4840-8059-6F59BE83C155}: "URL" = <http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}>
    [2012/03/27 22:48:57 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\[email protected]
    [2012/03/27 22:48:58 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\[email protected]
    [2012/02/15 00:27:27 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
    [2012/02/15 00:27:27 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
    [2012/02/15 00:27:27 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
    [2012/02/15 00:27:27 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
    [2012/02/15 00:27:27 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
    [2012/02/15 00:27:27 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
    [2012/02/15 00:27:27 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 nihsnek123

nihsnek123
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 28 March 2012 - 08:21 AM

Hello

Mozilla still searches in Funmood. I don't particularly use firefox anymore since I always use Google Chrome but it still bothers me that it searches in Funmood. I feel like there are traces of this malware in my system still?

Anyway OTL log for custom fix:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-201420724-3268033714-2921668267-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-201420724-3268033714-2921668267-1001\Software\Microsoft\Internet Explorer\SearchScopes\{37CAB0C8-A1D2-4840-8059-6F59BE83C155}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37CAB0C8-A1D2-4840-8059-6F59BE83C155}\ not found.
C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\[email protected] folder moved successfully.
C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Kenshin Okubo\AppData\Roaming\Mozilla\Firefox\Profiles\jhjnxwwb.default\extensions\[email protected] folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\defaults\preferences folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\defaults folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\WINNT\chrome\icons\default folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\WINNT\chrome\icons folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\WINNT\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\WINNT folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\OS2\chrome\icons\default folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\OS2\chrome\icons folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\OS2\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\OS2 folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\Linux\chrome\icons\default folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\Linux\chrome\icons folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\Linux\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform\Linux folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\platform folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\defaults\preferences folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\defaults folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\components folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kenshin Okubo\Desktop\cmd.bat deleted successfully.
C:\Users\Kenshin Okubo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kenshin Okubo
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kenshin Okubo
->Flash cache emptied: 947 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03282012_091733

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:58 AM

Posted 28 March 2012 - 01:02 PM

Hello


Uninstall firefox and reinstall the latest version - if asked about user data remove that also


let me know if it is still a problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users