Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Welcome to nginx google error


  • This topic is locked This topic is locked
22 replies to this topic

#1 sheps

sheps

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 28 April 2012 - 10:54 AM

I cannot access google because of the Welcome to nginx google error. Here are my logs. Any recommmendations?
Help is greatly appreciated.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:33 AM, on 4/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Henry\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallBrain Updater Service (InstallBrainService) - Unknown owner - C:\Program Files (x86)\InstallBrainService\InstallBrainService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7849 bytes

*Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 28 April 2012 - 11:37 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,340 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 28 April 2012 - 11:35 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sheps

sheps
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 29 April 2012 - 04:10 PM

for some reson DDS by sUBs won't open a .txt with the logs. I followed all other instructions. Any suggestions?
Thanks for the help!

Edited by sheps, 29 April 2012 - 04:11 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,340 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 29 April 2012 - 05:02 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sheps

sheps
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 30 April 2012 - 06:08 PM

Here is the OTL.txt contents...
OTL logfile created on: 4/30/2012 6:02:58 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Henry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 13.95 Gb Available Physical Memory | 87.51% Memory free
31.89 Gb Paging File | 29.73 Gb Available in Paging File | 93.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 818.11 Gb Free Space | 87.84% Space Free | Partition Type: NTFS

Computer Name: HENRY-PC | User Name: Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Henry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\IBUpdaterService\ibsvc.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=141111&systemid=426&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=141111&systemid=426&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E FC 7C 26 DF E6 CC 01 [binary data]
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=142dece50000000000005404a64967d1
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120212AB0C4201BE743234F4FF3FE5&q={searchTerms}
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=141111&systemid=426&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3713007220-401280677-1441858500-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3713007220-401280677-1441858500-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C840680-3F7E-4C7A-A8A2-4A92B6C966EF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/27 20:23:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 18:01:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.exe
[2012/04/29 10:44:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Henry\Desktop\dds.scr
[2012/04/29 10:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012/04/27 20:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/04/27 16:16:29 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/27 16:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/26 23:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/04/26 23:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/04/26 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\NPE
[2012/04/26 19:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/04/25 12:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/04/25 12:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/04/25 12:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/04/24 19:04:10 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\WinZip
[2012/04/24 19:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/04/24 19:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/04/24 19:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/04/24 19:03:09 | 000,000,000 | ---D | C] -- C:\Users\Henry\Desktop\New folder
[2012/04/24 10:31:42 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\SynthMaker
[2012/04/24 10:31:36 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\Windows\SysWow64\Wnaspint.dll
[2012/04/24 10:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 5
[2012/04/24 10:31:36 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\Acoustica
[2012/04/24 10:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acoustica Shared Effects
[2012/04/24 10:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VST
[2012/04/24 10:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acoustica Mixcraft 5
[2012/04/24 10:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Acoustica
[2012/04/24 10:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/04/24 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\Babylon
[2012/04/24 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\Babylon
[2012/04/24 10:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/04/15 16:04:46 | 000,000,000 | ---D | C] -- C:\Users\Henry\Documents\school
[2012/04/10 22:14:31 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/10 22:14:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/10 22:14:30 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/10 22:14:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/10 22:14:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/10 22:14:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/10 22:14:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/10 22:14:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/10 22:14:29 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/10 22:14:29 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/10 22:14:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/10 22:14:20 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/10 22:14:20 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/10 22:14:19 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/10 22:14:02 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/10 22:14:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/10 22:14:02 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 18:01:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.exe
[2012/04/30 18:01:29 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/30 18:01:29 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/30 18:01:29 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/30 17:57:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 17:57:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 17:56:55 | 4251,983,870 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 21:31:54 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/29 15:41:32 | 000,000,474 | ---- | M] () -- C:\Users\Henry\Desktop\defogger_disable.exe
[2012/04/29 10:44:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Henry\Desktop\dds.scr
[2012/04/29 10:40:55 | 000,879,714 | ---- | M] () -- C:\Users\Henry\Desktop\SecurityCheck.exe
[2012/04/29 10:36:54 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 10:36:54 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 10:33:30 | 000,000,000 | ---- | M] () -- C:\Users\Henry\defogger_reenable
[2012/04/27 20:38:29 | 000,008,278 | ---- | M] () -- C:\Users\Henry\Desktop\stickmanwk.fla
[2012/04/27 20:37:14 | 000,002,094 | ---- | M] () -- C:\Users\Henry\Desktop\stickmanwk_Scene 1.swf
[2012/04/27 18:42:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 19:35:09 | 000,000,560 | ---- | M] () -- C:\Users\Henry\AppData\Roaming\SMRResults250.dat
[2012/04/26 19:23:51 | 000,001,179 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2012/04/24 19:03:59 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/04/24 19:02:21 | 136,113,456 | ---- | M] () -- C:\Users\Henry\Desktop\all320kbps.com_Gorillaz-TheSinglesCollection2001-2011(2011).rar
[2012/04/24 10:42:20 | 001,404,065 | ---- | M] () -- C:\Users\Henry\Desktop\animation_music (New).mp3
[2012/04/24 10:40:18 | 002,106,809 | ---- | M] () -- C:\Users\Henry\Desktop\animation_music.mp3
[2012/04/24 10:38:48 | 002,072,051 | ---- | M] () -- C:\Users\Henry\Desktop\Gaetano Donizetti - Maria Stuarda Overture (Donizetti).mp3
[2012/04/24 10:31:36 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk
[2012/04/24 10:22:47 | 004,229,120 | ---- | M] () -- C:\Users\Henry\Desktop\01 - Good Feeling.mpeg
[2012/04/24 10:18:28 | 094,863,356 | ---- | M] () -- C:\Users\Henry\Desktop\01 - Good Feeling.wav
[2012/04/24 10:17:33 | 000,001,491 | ---- | M] () -- C:\user.js
[2012/04/24 10:12:32 | 008,227,569 | ---- | M] () -- C:\Users\Henry\Desktop\01 - Good Feeling.mp3
[2012/04/15 21:11:53 | 000,020,501 | ---- | M] () -- C:\Users\Henry\Desktop\lab.odt
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 18:27:10 | 000,001,990 | ---- | M] () -- C:\Users\Henry\Desktop\stickmanwk_stick man.swf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/29 15:41:32 | 000,000,474 | ---- | C] () -- C:\Users\Henry\Desktop\defogger_disable.exe
[2012/04/29 10:40:49 | 000,879,714 | ---- | C] () -- C:\Users\Henry\Desktop\SecurityCheck.exe
[2012/04/29 10:33:30 | 000,000,000 | ---- | C] () -- C:\Users\Henry\defogger_reenable
[2012/04/26 19:35:09 | 000,000,560 | ---- | C] () -- C:\Users\Henry\AppData\Roaming\SMRResults250.dat
[2012/04/24 19:03:59 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/04/24 17:07:53 | 136,113,456 | ---- | C] () -- C:\Users\Henry\Desktop\all320kbps.com_Gorillaz-TheSinglesCollection2001-2011(2011).rar
[2012/04/24 10:42:17 | 001,404,065 | ---- | C] () -- C:\Users\Henry\Desktop\animation_music (New).mp3
[2012/04/24 10:40:13 | 002,106,809 | ---- | C] () -- C:\Users\Henry\Desktop\animation_music.mp3
[2012/04/24 10:38:48 | 002,072,051 | ---- | C] () -- C:\Users\Henry\Desktop\Gaetano Donizetti - Maria Stuarda Overture (Donizetti).mp3
[2012/04/24 10:31:36 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk
[2012/04/24 10:22:34 | 004,229,120 | ---- | C] () -- C:\Users\Henry\Desktop\01 - Good Feeling.mpeg
[2012/04/24 10:18:26 | 094,863,356 | ---- | C] () -- C:\Users\Henry\Desktop\01 - Good Feeling.wav
[2012/04/24 10:17:32 | 000,001,491 | ---- | C] () -- C:\user.js
[2012/04/24 10:12:32 | 008,227,569 | ---- | C] () -- C:\Users\Henry\Desktop\01 - Good Feeling.mp3
[2012/04/15 21:11:48 | 000,020,501 | ---- | C] () -- C:\Users\Henry\Desktop\lab.odt
[2012/04/03 17:33:16 | 000,001,990 | ---- | C] () -- C:\Users\Henry\Desktop\stickmanwk_stick man.swf
[2012/04/03 17:25:50 | 000,002,094 | ---- | C] () -- C:\Users\Henry\Desktop\stickmanwk_Scene 1.swf
[2012/02/21 20:34:27 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/12 15:37:33 | 000,002,034 | ---- | C] () -- C:\ProgramData\repository.xml
[2012/02/08 10:18:26 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/08 10:18:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012/02/08 10:18:00 | 000,000,457 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini

< End of report >


Thanks for the help!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,340 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 30 April 2012 - 08:37 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = <http://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=142dece50000000000005404a64967d1>
    IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = <http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120212AB0C4201BE743234F4FF3FE5&q={searchTerms}>
    IE - HKU\S-1-5-21-3713007220-401280677-1441858500-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}: "URL" = <http://dts.search-results.com/sr?src=ieb&appid=141111&systemid=426&sr=0&q={searchTerms}>
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    [2012/04/24 10:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
    [2012/04/24 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Roaming\Babylon
    [2012/04/24 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Henry\AppData\Local\Babylon
    [2012/04/24 10:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sheps

sheps
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 01 May 2012 - 05:24 PM

========== OTL ==========
HKEY_USERS\S-1-5-21-3713007220-401280677-1441858500-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3713007220-401280677-1441858500-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3713007220-401280677-1441858500-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3713007220-401280677-1441858500-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Users\Henry\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Henry\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Henry\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Henry\AppData\Local\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Henry\Desktop\cmd.bat deleted successfully.
C:\Users\Henry\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Henry

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


Thanks

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,340 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 01 May 2012 - 10:13 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sheps

sheps
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 02 May 2012 - 04:38 PM

Everything seemed to work fine, however, I still am getting the nginx error from google. Here is my log...


ComboFix 12-05-02.03 - Henry 05/02/2012 16:02:30.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16329.14512 [GMT -5:00]
Running from: c:\users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8QVDX0QK\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 21:06 . 2012-05-02 21:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-02 21:06 . 2012-05-02 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-01 22:24 . 2012-05-01 22:24 -------- d-----w- C:\_OTL
2012-05-01 22:21 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21E29783-25A7-4B29-8B86-1417A8484506}\mpengine.dll
2012-05-01 01:11 . 2012-05-01 01:12 -------- d-----w- c:\users\Henry\AppData\Local\CrashDumps
2012-04-29 15:29 . 2012-04-29 15:29 -------- d-----w- c:\programdata\IBUpdaterService
2012-04-28 01:49 . 2012-04-28 01:49 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-27 21:16 . 2012-04-28 00:00 -------- d-----w- C:\sh4ldr
2012-04-27 21:16 . 2012-04-27 21:16 -------- d-----w- c:\program files\Enigma Software Group
2012-04-27 21:16 . 2012-04-28 00:00 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-27 04:05 . 2012-04-28 00:06 -------- d-----w- c:\program files\HitmanPro
2012-04-27 04:04 . 2012-04-27 04:05 -------- d-----w- c:\programdata\HitmanPro
2012-04-27 00:26 . 2012-04-27 00:31 -------- d-----w- c:\users\Henry\AppData\Local\NPE
2012-04-27 00:26 . 2012-04-27 00:26 -------- d-----w- c:\programdata\Norton
2012-04-26 03:01 . 2012-04-26 03:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-25 17:29 . 2012-04-25 17:29 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-25 17:29 . 2012-04-25 17:29 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-25 00:04 . 2012-04-25 00:04 -------- d-----w- c:\users\Henry\AppData\Local\WinZip
2012-04-25 00:03 . 2012-04-25 00:03 -------- d-----w- c:\programdata\WinZip
2012-04-24 15:31 . 2012-04-24 15:31 -------- d-----w- c:\users\Henry\AppData\Roaming\SynthMaker
2012-04-24 15:31 . 2012-04-24 15:31 -------- d-----w- c:\users\Henry\AppData\Roaming\Acoustica
2012-04-24 15:31 . 2009-12-14 20:25 57344 ----a-w- c:\windows\SysWow64\Wnaspint.dll
2012-04-24 15:31 . 2012-04-24 15:31 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
2012-04-24 15:30 . 2012-04-24 15:31 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 5
2012-04-24 15:30 . 2012-04-24 15:30 -------- d-----w- c:\programdata\Acoustica
2012-04-24 15:30 . 2012-04-24 15:30 -------- d-----w- c:\program files (x86)\VST
2012-04-24 15:30 . 2009-12-14 20:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-24 15:17 . 2012-05-01 22:24 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-04-24 15:17 . 2012-04-24 15:17 1491 ----a-w- C:\user.js
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2012-02-09 03:39 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 22:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 22:53 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 22:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 22:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-12 14:32 . 2012-02-12 14:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 06:36 . 2012-03-13 22:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 22:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-09 03:38 . 2012-02-09 03:38 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-09 03:38 . 2012-02-09 03:38 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-09 03:38 . 2012-02-09 03:38 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-09 03:38 . 2012-02-09 03:38 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-09 03:38 . 2012-02-09 03:38 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-09 03:38 . 2012-02-09 03:38 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-09 03:38 . 2012-02-09 03:38 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-09 03:38 . 2012-02-09 03:38 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-09 03:38 . 2012-02-09 03:38 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-09 03:38 . 2012-02-09 03:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-09 03:38 . 2012-02-09 03:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-09 03:38 . 2012-02-09 03:38 448512 ----a-w- c:\windows\system32\html.iec
2012-02-09 03:38 . 2012-02-09 03:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-09 03:38 . 2012-02-09 03:38 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-09 03:38 . 2012-02-09 03:38 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-09 03:38 . 2012-02-09 03:38 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-09 03:38 . 2012-02-09 03:38 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-09 03:38 . 2012-02-09 03:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-09 03:38 . 2012-02-09 03:38 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-09 03:38 . 2012-02-09 03:38 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-09 03:38 . 2012-02-09 03:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-09 03:38 . 2012-02-09 03:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-09 03:38 . 2012-02-09 03:38 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-09 03:38 . 2012-02-09 03:38 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-09 03:38 . 2012-02-09 03:38 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-09 03:38 . 2012-02-09 03:38 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-09 03:38 . 2012-02-09 03:38 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-09 03:38 . 2012-02-09 03:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-09 03:38 . 2012-02-09 03:38 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-09 03:38 . 2012-02-09 03:38 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-09 03:38 . 2012-02-09 03:38 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-09 03:38 . 2012-02-09 03:38 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-09 03:38 . 2012-02-09 03:38 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-09 03:38 . 2012-02-09 03:38 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-03 04:34 . 2012-03-13 22:54 3145728 ----a-w- c:\windows\system32\win32k.sys
2009-05-15 04:15 . 2009-05-15 04:15 5719400 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 04:15 . 2009-05-15 04:15 4397928 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-12 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-04-29 397848]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2010-06-21 211296]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-16 378984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:00]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Ralink\Common\RaRegistry.exe
.
**************************************************************************
.
Completion time: 2012-05-02 16:10:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 21:10
.
Pre-Run: 891,284,979,712 bytes free
Post-Run: 891,413,803,008 bytes free
.
- - End Of File - - 9D0CCAEE7D4DF274BA3A39FB7C16362A

Thanks

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,340 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 02 May 2012 - 10:12 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sheps

sheps
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 03 May 2012 - 06:01 PM

Kaspersky...
17:49:50.0213 3976 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:49:50.0478 3976 ============================================================
17:49:50.0478 3976 Current date / time: 2012/05/03 17:49:50.0478
17:49:50.0478 3976 SystemInfo:
17:49:50.0478 3976
17:49:50.0478 3976 OS Version: 6.1.7601 ServicePack: 1.0
17:49:50.0478 3976 Product type: Workstation
17:49:50.0478 3976 ComputerName: HENRY-PC
17:49:50.0478 3976 UserName: Henry
17:49:50.0478 3976 Windows directory: C:\Windows
17:49:50.0478 3976 System windows directory: C:\Windows
17:49:50.0478 3976 Running under WOW64
17:49:50.0478 3976 Processor architecture: Intel x64
17:49:50.0478 3976 Number of processors: 8
17:49:50.0493 3976 Page size: 0x1000
17:49:50.0493 3976 Boot type: Normal boot
17:49:50.0493 3976 ============================================================
17:49:51.0149 3976 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:49:51.0164 3976 ============================================================
17:49:51.0164 3976 \Device\Harddisk0\DR0:
17:49:51.0164 3976 MBR partitions:
17:49:51.0164 3976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:49:51.0164 3976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
17:49:51.0164 3976 ============================================================
17:49:51.0164 3976 C: <-> \Device\Harddisk0\DR0\Partition1
17:49:51.0164 3976 ============================================================
17:49:51.0164 3976 Initialize success
17:49:51.0164 3976 ============================================================
17:49:52.0397 0992 ============================================================
17:49:52.0397 0992 Scan started
17:49:52.0397 0992 Mode: Manual;
17:49:52.0397 0992 ============================================================
17:49:53.0567 0992 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
17:49:53.0567 0992 1394ohci - ok
17:49:53.0598 0992 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:49:53.0598 0992 ACPI - ok
17:49:53.0598 0992 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:49:53.0598 0992 AcpiPmi - ok
17:49:53.0691 0992 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:49:53.0691 0992 AdobeARMservice - ok
17:49:53.0707 0992 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:49:53.0707 0992 adp94xx - ok
17:49:53.0723 0992 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:49:53.0738 0992 adpahci - ok
17:49:53.0754 0992 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:49:53.0754 0992 adpu320 - ok
17:49:53.0769 0992 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:49:53.0769 0992 AeLookupSvc - ok
17:49:53.0816 0992 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:49:53.0816 0992 AFD - ok
17:49:53.0832 0992 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:49:53.0832 0992 agp440 - ok
17:49:53.0832 0992 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:49:53.0832 0992 ALG - ok
17:49:53.0847 0992 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:49:53.0847 0992 aliide - ok
17:49:53.0847 0992 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:49:53.0847 0992 amdide - ok
17:49:53.0863 0992 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:49:53.0863 0992 AmdK8 - ok
17:49:53.0910 0992 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:49:53.0910 0992 AmdPPM - ok
17:49:53.0925 0992 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:49:53.0925 0992 amdsata - ok
17:49:53.0941 0992 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:49:53.0957 0992 amdsbs - ok
17:49:54.0113 0992 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:49:54.0113 0992 amdxata - ok
17:49:54.0113 0992 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:49:54.0113 0992 AppID - ok
17:49:54.0128 0992 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:49:54.0128 0992 AppIDSvc - ok
17:49:54.0144 0992 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:49:54.0144 0992 Appinfo - ok
17:49:54.0159 0992 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:49:54.0175 0992 arc - ok
17:49:54.0175 0992 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:49:54.0175 0992 arcsas - ok
17:49:54.0284 0992 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:49:54.0284 0992 aspnet_state - ok
17:49:54.0315 0992 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:49:54.0315 0992 AsyncMac - ok
17:49:54.0315 0992 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:49:54.0315 0992 atapi - ok
17:49:54.0347 0992 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:49:54.0347 0992 AudioEndpointBuilder - ok
17:49:54.0347 0992 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:49:54.0362 0992 AudioSrv - ok
17:49:54.0362 0992 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:49:54.0362 0992 AxInstSV - ok
17:49:54.0378 0992 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:49:54.0393 0992 b06bdrv - ok
17:49:54.0409 0992 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:49:54.0409 0992 b57nd60a - ok
17:49:54.0409 0992 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:49:54.0409 0992 BDESVC - ok
17:49:54.0425 0992 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:49:54.0425 0992 Beep - ok
17:49:54.0456 0992 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:49:54.0456 0992 BFE - ok
17:49:54.0503 0992 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:49:54.0503 0992 BITS - ok
17:49:54.0534 0992 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:49:54.0534 0992 blbdrive - ok
17:49:54.0549 0992 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:49:54.0549 0992 bowser - ok
17:49:54.0565 0992 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:49:54.0565 0992 BrFiltLo - ok
17:49:54.0581 0992 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:49:54.0581 0992 BrFiltUp - ok
17:49:54.0612 0992 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:49:54.0612 0992 BridgeMP - ok
17:49:54.0612 0992 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:49:54.0627 0992 Browser - ok
17:49:54.0643 0992 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:49:54.0643 0992 Brserid - ok
17:49:54.0643 0992 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:49:54.0643 0992 BrSerWdm - ok
17:49:54.0659 0992 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:49:54.0659 0992 BrUsbMdm - ok
17:49:54.0659 0992 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:49:54.0659 0992 BrUsbSer - ok
17:49:54.0674 0992 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
17:49:54.0674 0992 BTHMODEM - ok
17:49:54.0690 0992 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:49:54.0690 0992 bthserv - ok
17:49:54.0705 0992 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:49:54.0705 0992 cdfs - ok
17:49:54.0737 0992 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:49:54.0737 0992 cdrom - ok
17:49:54.0768 0992 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:49:54.0768 0992 CertPropSvc - ok
17:49:54.0768 0992 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:49:54.0768 0992 circlass - ok
17:49:54.0783 0992 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:49:54.0783 0992 CLFS - ok
17:49:54.0861 0992 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:49:54.0861 0992 clr_optimization_v2.0.50727_32 - ok
17:49:54.0877 0992 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:49:54.0877 0992 clr_optimization_v2.0.50727_64 - ok
17:49:54.0986 0992 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:49:54.0986 0992 clr_optimization_v4.0.30319_32 - ok
17:49:55.0002 0992 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:49:55.0002 0992 clr_optimization_v4.0.30319_64 - ok
17:49:55.0017 0992 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
17:49:55.0017 0992 CmBatt - ok
17:49:55.0033 0992 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:49:55.0033 0992 cmdide - ok
17:49:55.0064 0992 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:49:55.0064 0992 CNG - ok
17:49:55.0064 0992 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
17:49:55.0064 0992 Compbatt - ok
17:49:55.0064 0992 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:49:55.0080 0992 CompositeBus - ok
17:49:55.0080 0992 COMSysApp - ok
17:49:55.0080 0992 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:49:55.0080 0992 crcdisk - ok
17:49:55.0111 0992 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:49:55.0111 0992 CryptSvc - ok
17:49:55.0142 0992 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:49:55.0142 0992 DcomLaunch - ok
17:49:55.0158 0992 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:49:55.0158 0992 defragsvc - ok
17:49:55.0173 0992 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:49:55.0173 0992 DfsC - ok
17:49:55.0189 0992 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:49:55.0189 0992 Dhcp - ok
17:49:55.0205 0992 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:49:55.0205 0992 discache - ok
17:49:55.0251 0992 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:49:55.0251 0992 Disk - ok
17:49:55.0267 0992 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:49:55.0267 0992 Dnscache - ok
17:49:55.0298 0992 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:49:55.0298 0992 dot3svc - ok
17:49:55.0314 0992 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:49:55.0314 0992 DPS - ok
17:49:55.0345 0992 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:49:55.0345 0992 drmkaud - ok
17:49:55.0376 0992 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:49:55.0376 0992 DXGKrnl - ok
17:49:55.0407 0992 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:49:55.0407 0992 EapHost - ok
17:49:55.0501 0992 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:49:55.0548 0992 ebdrv - ok
17:49:55.0610 0992 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:49:55.0610 0992 EFS - ok
17:49:55.0688 0992 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:49:55.0688 0992 ehRecvr - ok
17:49:55.0704 0992 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:49:55.0704 0992 ehSched - ok
17:49:55.0735 0992 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:49:55.0735 0992 elxstor - ok
17:49:55.0751 0992 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:49:55.0751 0992 ErrDev - ok
17:49:55.0844 0992 esgiguard - ok
17:49:55.0860 0992 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:49:55.0860 0992 EventSystem - ok
17:49:55.0875 0992 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:49:55.0891 0992 exfat - ok
17:49:55.0907 0992 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:49:55.0907 0992 fastfat - ok
17:49:55.0938 0992 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:49:55.0938 0992 Fax - ok
17:49:55.0953 0992 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:49:55.0953 0992 fdc - ok
17:49:55.0985 0992 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:49:55.0985 0992 fdPHost - ok
17:49:56.0000 0992 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:49:56.0000 0992 FDResPub - ok
17:49:56.0000 0992 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:49:56.0000 0992 FileInfo - ok
17:49:56.0016 0992 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:49:56.0016 0992 Filetrace - ok
17:49:56.0063 0992 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:49:56.0078 0992 FLEXnet Licensing Service 64 - ok
17:49:56.0125 0992 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:49:56.0125 0992 flpydisk - ok
17:49:56.0172 0992 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:49:56.0172 0992 FltMgr - ok
17:49:56.0234 0992 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:49:56.0265 0992 FontCache - ok
17:49:56.0328 0992 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:49:56.0328 0992 FontCache3.0.0.0 - ok
17:49:56.0359 0992 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:49:56.0359 0992 FsDepends - ok
17:49:56.0390 0992 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:49:56.0390 0992 Fs_Rec - ok
17:49:56.0406 0992 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:49:56.0421 0992 fvevol - ok
17:49:56.0421 0992 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:49:56.0421 0992 gagp30kx - ok
17:49:56.0640 0992 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:49:56.0655 0992 gpsvc - ok
17:49:56.0733 0992 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:49:56.0749 0992 gupdate - ok
17:49:56.0749 0992 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:49:56.0749 0992 gupdatem - ok
17:49:56.0796 0992 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:49:56.0796 0992 gusvc - ok
17:49:56.0796 0992 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:49:56.0796 0992 hcw85cir - ok
17:49:56.0843 0992 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:49:56.0858 0992 HdAudAddService - ok
17:49:56.0874 0992 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:49:56.0874 0992 HDAudBus - ok
17:49:56.0889 0992 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:49:56.0889 0992 HidBatt - ok
17:49:56.0905 0992 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:49:56.0905 0992 HidBth - ok
17:49:56.0921 0992 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:49:56.0921 0992 HidIr - ok
17:49:56.0921 0992 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:49:56.0936 0992 hidserv - ok
17:49:56.0952 0992 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:49:56.0952 0992 HidUsb - ok
17:49:56.0967 0992 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:49:56.0967 0992 hkmsvc - ok
17:49:56.0983 0992 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:49:56.0999 0992 HomeGroupListener - ok
17:49:57.0014 0992 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:49:57.0030 0992 HomeGroupProvider - ok
17:49:57.0030 0992 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:49:57.0045 0992 HpSAMD - ok
17:49:57.0092 0992 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:49:57.0108 0992 HTTP - ok
17:49:57.0139 0992 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:49:57.0139 0992 hwpolicy - ok
17:49:57.0155 0992 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:49:57.0170 0992 i8042prt - ok
17:49:57.0201 0992 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:49:57.0201 0992 iaStorV - ok
17:49:57.0279 0992 IBUpdaterService (2fa1bee0891fb9f3a0c2ed31b882f184) C:\ProgramData\IBUpdaterService\ibsvc.exe
17:49:57.0279 0992 IBUpdaterService - ok
17:49:57.0357 0992 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:49:57.0373 0992 idsvc - ok
17:49:57.0420 0992 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:49:57.0420 0992 iirsp - ok
17:49:57.0467 0992 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:49:57.0467 0992 IKEEXT - ok
17:49:57.0482 0992 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:49:57.0482 0992 intelide - ok
17:49:57.0513 0992 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
17:49:57.0513 0992 intelppm - ok
17:49:57.0529 0992 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:49:57.0529 0992 IPBusEnum - ok
17:49:57.0545 0992 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:49:57.0545 0992 IpFilterDriver - ok
17:49:57.0576 0992 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:49:57.0591 0992 iphlpsvc - ok
17:49:57.0607 0992 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:49:57.0607 0992 IPMIDRV - ok
17:49:57.0623 0992 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:49:57.0623 0992 IPNAT - ok
17:49:57.0638 0992 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:49:57.0638 0992 IRENUM - ok
17:49:57.0638 0992 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:49:57.0638 0992 isapnp - ok
17:49:57.0654 0992 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:49:57.0669 0992 iScsiPrt - ok
17:49:57.0669 0992 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:49:57.0669 0992 kbdclass - ok
17:49:57.0685 0992 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:49:57.0685 0992 kbdhid - ok
17:49:57.0701 0992 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:49:57.0701 0992 KeyIso - ok
17:49:57.0716 0992 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:49:57.0716 0992 KSecDD - ok
17:49:57.0732 0992 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:49:57.0732 0992 KSecPkg - ok
17:49:57.0747 0992 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:49:57.0747 0992 ksthunk - ok
17:49:57.0779 0992 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:49:57.0779 0992 KtmRm - ok
17:49:57.0810 0992 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:49:57.0825 0992 LanmanServer - ok
17:49:57.0841 0992 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:49:57.0841 0992 LanmanWorkstation - ok
17:49:57.0872 0992 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:49:57.0872 0992 lltdio - ok
17:49:57.0888 0992 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:49:57.0903 0992 lltdsvc - ok
17:49:57.0903 0992 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:49:57.0903 0992 lmhosts - ok
17:49:57.0935 0992 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:49:57.0935 0992 LSI_FC - ok
17:49:57.0950 0992 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:49:57.0950 0992 LSI_SAS - ok
17:49:57.0966 0992 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:49:57.0966 0992 LSI_SAS2 - ok
17:49:57.0966 0992 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:49:57.0966 0992 LSI_SCSI - ok
17:49:57.0981 0992 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:49:57.0997 0992 luafv - ok
17:49:58.0028 0992 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:49:58.0028 0992 MBAMProtector - ok
17:49:58.0122 0992 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:49:58.0137 0992 MBAMService - ok
17:49:58.0153 0992 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:49:58.0153 0992 Mcx2Svc - ok
17:49:58.0169 0992 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:49:58.0169 0992 megasas - ok
17:49:58.0184 0992 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:49:58.0200 0992 MegaSR - ok
17:49:58.0215 0992 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:49:58.0215 0992 MMCSS - ok
17:49:58.0247 0992 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:49:58.0247 0992 Modem - ok
17:49:58.0262 0992 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:49:58.0262 0992 monitor - ok
17:49:58.0293 0992 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:49:58.0293 0992 mouclass - ok
17:49:58.0309 0992 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:49:58.0309 0992 mouhid - ok
17:49:58.0325 0992 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:49:58.0325 0992 mountmgr - ok
17:49:58.0340 0992 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:49:58.0340 0992 mpio - ok
17:49:58.0371 0992 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:49:58.0371 0992 mpsdrv - ok
17:49:58.0418 0992 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:49:58.0434 0992 MpsSvc - ok
17:49:58.0449 0992 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:49:58.0449 0992 MRxDAV - ok
17:49:58.0465 0992 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:49:58.0465 0992 mrxsmb - ok
17:49:58.0481 0992 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:49:58.0481 0992 mrxsmb10 - ok
17:49:58.0496 0992 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:49:58.0496 0992 mrxsmb20 - ok
17:49:58.0512 0992 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:49:58.0512 0992 msahci - ok
17:49:58.0512 0992 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:49:58.0527 0992 msdsm - ok
17:49:58.0543 0992 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:49:58.0543 0992 MSDTC - ok
17:49:58.0559 0992 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:49:58.0559 0992 Msfs - ok
17:49:58.0559 0992 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:49:58.0559 0992 mshidkmdf - ok
17:49:58.0574 0992 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:49:58.0574 0992 msisadrv - ok
17:49:58.0590 0992 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:49:58.0590 0992 MSiSCSI - ok
17:49:58.0590 0992 msiserver - ok
17:49:58.0605 0992 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:49:58.0605 0992 MSKSSRV - ok
17:49:58.0621 0992 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:49:58.0621 0992 MSPCLOCK - ok
17:49:58.0637 0992 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:49:58.0637 0992 MSPQM - ok
17:49:58.0652 0992 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:49:58.0652 0992 MsRPC - ok
17:49:58.0668 0992 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:49:58.0668 0992 mssmbios - ok
17:49:58.0668 0992 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:49:58.0668 0992 MSTEE - ok
17:49:58.0683 0992 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:49:58.0683 0992 MTConfig - ok
17:49:58.0699 0992 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:49:58.0699 0992 Mup - ok
17:49:58.0715 0992 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:49:58.0730 0992 napagent - ok
17:49:58.0761 0992 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:49:58.0777 0992 NativeWifiP - ok
17:49:58.0824 0992 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:49:58.0855 0992 NDIS - ok
17:49:58.0871 0992 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:49:58.0871 0992 NdisCap - ok
17:49:58.0886 0992 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:49:58.0886 0992 NdisTapi - ok
17:49:58.0902 0992 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:49:58.0902 0992 Ndisuio - ok
17:49:58.0917 0992 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:49:58.0917 0992 NdisWan - ok
17:49:58.0949 0992 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:49:58.0949 0992 NDProxy - ok
17:49:58.0949 0992 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:49:58.0949 0992 NetBIOS - ok
17:49:58.0980 0992 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:49:58.0980 0992 NetBT - ok
17:49:58.0995 0992 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:49:58.0995 0992 Netlogon - ok
17:49:59.0042 0992 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:49:59.0042 0992 Netman - ok
17:49:59.0136 0992 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:49:59.0136 0992 NetMsmqActivator - ok
17:49:59.0136 0992 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:49:59.0136 0992 NetPipeActivator - ok
17:49:59.0167 0992 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:49:59.0183 0992 netprofm - ok
17:49:59.0198 0992 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:49:59.0198 0992 NetTcpActivator - ok
17:49:59.0198 0992 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:49:59.0198 0992 NetTcpPortSharing - ok
17:49:59.0229 0992 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:49:59.0229 0992 nfrd960 - ok
17:49:59.0245 0992 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:49:59.0245 0992 NlaSvc - ok
17:49:59.0261 0992 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:49:59.0261 0992 Npfs - ok
17:49:59.0276 0992 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:49:59.0276 0992 nsi - ok
17:49:59.0292 0992 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:49:59.0292 0992 nsiproxy - ok
17:49:59.0385 0992 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:49:59.0417 0992 Ntfs - ok
17:49:59.0479 0992 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:49:59.0479 0992 Null - ok
17:49:59.0510 0992 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
17:49:59.0526 0992 NVHDA - ok
17:49:59.0994 0992 nvlddmkm (d073e9149bb89d1dbafc32d5db9b13f9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:50:00.0056 0992 nvlddmkm - ok
17:50:00.0134 0992 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:50:00.0134 0992 nvraid - ok
17:50:00.0150 0992 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:50:00.0150 0992 nvstor - ok
17:50:00.0197 0992 nvsvc (9167ca90c975c31374f258aaa98b9098) C:\Windows\system32\nvvsvc.exe
17:50:00.0212 0992 nvsvc - ok
17:50:00.0321 0992 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:50:00.0337 0992 nvUpdatusService - ok
17:50:00.0384 0992 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:50:00.0384 0992 nv_agp - ok
17:50:00.0399 0992 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:50:00.0399 0992 ohci1394 - ok
17:50:00.0462 0992 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:50:00.0462 0992 ose - ok
17:50:00.0696 0992 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:50:00.0711 0992 osppsvc - ok
17:50:00.0774 0992 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:50:00.0789 0992 p2pimsvc - ok
17:50:00.0821 0992 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:50:00.0821 0992 p2psvc - ok
17:50:00.0852 0992 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:50:00.0852 0992 Parport - ok
17:50:00.0899 0992 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:50:00.0899 0992 partmgr - ok
17:50:00.0914 0992 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:50:00.0930 0992 PcaSvc - ok
17:50:00.0945 0992 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:50:00.0945 0992 pci - ok
17:50:00.0961 0992 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:50:00.0961 0992 pciide - ok
17:50:00.0977 0992 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:50:00.0977 0992 pcmcia - ok
17:50:00.0992 0992 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:50:00.0992 0992 pcw - ok
17:50:01.0023 0992 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:50:01.0023 0992 PEAUTH - ok
17:50:01.0086 0992 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:50:01.0086 0992 PerfHost - ok
17:50:01.0164 0992 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:50:01.0179 0992 pla - ok
17:50:01.0211 0992 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:50:01.0211 0992 PlugPlay - ok
17:50:01.0226 0992 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:50:01.0242 0992 PNRPAutoReg - ok
17:50:01.0257 0992 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:50:01.0257 0992 PNRPsvc - ok
17:50:01.0289 0992 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:50:01.0289 0992 PolicyAgent - ok
17:50:01.0320 0992 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:50:01.0320 0992 Power - ok
17:50:01.0367 0992 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:50:01.0367 0992 PptpMiniport - ok
17:50:01.0382 0992 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:50:01.0382 0992 Processor - ok
17:50:01.0413 0992 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:50:01.0413 0992 ProfSvc - ok
17:50:01.0429 0992 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:50:01.0429 0992 ProtectedStorage - ok
17:50:01.0460 0992 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:50:01.0460 0992 Psched - ok
17:50:01.0507 0992 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:50:01.0538 0992 ql2300 - ok
17:50:01.0601 0992 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:50:01.0601 0992 ql40xx - ok
17:50:01.0757 0992 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:50:01.0772 0992 QWAVE - ok
17:50:01.0772 0992 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:50:01.0788 0992 QWAVEdrv - ok
17:50:01.0835 0992 RalinkRegistryWriter (d319343661f7febfb6f43c453c26e779) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
17:50:01.0835 0992 RalinkRegistryWriter - ok
17:50:01.0850 0992 RalinkRegistryWriter64 (c0e618f5a0d643f71fdd96cdc0c561c3) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
17:50:01.0850 0992 RalinkRegistryWriter64 - ok
17:50:01.0850 0992 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:50:01.0866 0992 RasAcd - ok
17:50:01.0897 0992 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:50:01.0897 0992 RasAgileVpn - ok
17:50:01.0975 0992 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:50:01.0991 0992 RasAuto - ok
17:50:02.0006 0992 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:50:02.0006 0992 Rasl2tp - ok
17:50:02.0037 0992 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:50:02.0037 0992 RasMan - ok
17:50:02.0053 0992 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:50:02.0053 0992 RasPppoe - ok
17:50:02.0084 0992 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:50:02.0084 0992 RasSstp - ok
17:50:02.0100 0992 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:50:02.0100 0992 rdbss - ok
17:50:02.0115 0992 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:50:02.0115 0992 rdpbus - ok
17:50:02.0115 0992 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:50:02.0115 0992 RDPCDD - ok
17:50:02.0131 0992 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:50:02.0131 0992 RDPENCDD - ok
17:50:02.0147 0992 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:50:02.0147 0992 RDPREFMP - ok
17:50:02.0178 0992 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:50:02.0178 0992 RDPWD - ok
17:50:02.0193 0992 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:50:02.0193 0992 rdyboost - ok
17:50:02.0225 0992 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:50:02.0225 0992 RemoteAccess - ok
17:50:02.0240 0992 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:50:02.0240 0992 RemoteRegistry - ok
17:50:02.0256 0992 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:50:02.0256 0992 RpcEptMapper - ok
17:50:02.0287 0992 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:50:02.0287 0992 RpcLocator - ok
17:50:02.0303 0992 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
17:50:02.0318 0992 RpcSs - ok
17:50:02.0334 0992 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:50:02.0334 0992 rspndr - ok
17:50:02.0365 0992 rt61x64 (ec7f0030d58886b0fcd3eefb1c51f8e2) C:\Windows\system32\DRIVERS\netr6164.sys
17:50:02.0365 0992 rt61x64 - ok
17:50:02.0459 0992 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:50:02.0459 0992 RTL8167 - ok
17:50:02.0474 0992 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:50:02.0474 0992 SamSs - ok
17:50:02.0490 0992 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:50:02.0490 0992 sbp2port - ok
17:50:02.0505 0992 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:50:02.0505 0992 SCardSvr - ok
17:50:02.0537 0992 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:50:02.0537 0992 scfilter - ok
17:50:02.0583 0992 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:50:02.0615 0992 Schedule - ok
17:50:02.0646 0992 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:50:02.0646 0992 SCPolicySvc - ok
17:50:02.0661 0992 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:50:02.0661 0992 SDRSVC - ok
17:50:02.0677 0992 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:50:02.0693 0992 secdrv - ok
17:50:02.0693 0992 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:50:02.0693 0992 seclogon - ok
17:50:02.0724 0992 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:50:02.0724 0992 SENS - ok
17:50:02.0739 0992 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:50:02.0739 0992 SensrSvc - ok
17:50:02.0755 0992 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:50:02.0755 0992 Serenum - ok
17:50:02.0771 0992 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:50:02.0771 0992 Serial - ok
17:50:02.0786 0992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:50:02.0786 0992 sermouse - ok
17:50:02.0802 0992 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:50:02.0802 0992 SessionEnv - ok
17:50:02.0817 0992 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:50:02.0817 0992 sffdisk - ok
17:50:02.0817 0992 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:50:02.0817 0992 sffp_mmc - ok
17:50:02.0817 0992 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:50:02.0817 0992 sffp_sd - ok
17:50:02.0817 0992 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:50:02.0817 0992 sfloppy - ok
17:50:02.0849 0992 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:50:02.0864 0992 SharedAccess - ok
17:50:02.0880 0992 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:50:02.0880 0992 ShellHWDetection - ok
17:50:02.0895 0992 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:50:02.0895 0992 SiSRaid2 - ok
17:50:02.0911 0992 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:50:02.0911 0992 SiSRaid4 - ok
17:50:02.0927 0992 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:50:02.0927 0992 Smb - ok
17:50:02.0942 0992 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:50:02.0942 0992 SNMPTRAP - ok
17:50:03.0005 0992 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
17:50:03.0005 0992 speedfan - ok
17:50:03.0020 0992 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:50:03.0020 0992 spldr - ok
17:50:03.0051 0992 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:50:03.0051 0992 Spooler - ok
17:50:03.0192 0992 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:50:03.0270 0992 sppsvc - ok
17:50:03.0317 0992 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:50:03.0317 0992 sppuinotify - ok
17:50:03.0379 0992 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:50:03.0379 0992 srv - ok
17:50:03.0410 0992 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:50:03.0426 0992 srv2 - ok
17:50:03.0441 0992 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:50:03.0441 0992 srvnet - ok
17:50:03.0457 0992 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:50:03.0473 0992 SSDPSRV - ok
17:50:03.0473 0992 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:50:03.0488 0992 SstpSvc - ok
17:50:03.0535 0992 Steam Client Service - ok
17:50:03.0613 0992 Stereo Service (1d76e2260dc13b1d6b870b0bc4af76d3) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:50:03.0613 0992 Stereo Service - ok
17:50:03.0629 0992 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:50:03.0629 0992 stexstor - ok
17:50:03.0660 0992 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:50:03.0675 0992 stisvc - ok
17:50:03.0691 0992 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:50:03.0691 0992 swenum - ok
17:50:03.0753 0992 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:50:03.0769 0992 SwitchBoard - ok
17:50:03.0800 0992 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:50:03.0816 0992 swprv - ok
17:50:03.0941 0992 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:50:03.0972 0992 SysMain - ok
17:50:04.0003 0992 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:50:04.0019 0992 TabletInputService - ok
17:50:04.0034 0992 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:50:04.0034 0992 TapiSrv - ok
17:50:04.0050 0992 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:50:04.0050 0992 TBS - ok
17:50:04.0159 0992 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:50:04.0190 0992 Tcpip - ok
17:50:04.0299 0992 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:50:04.0315 0992 TCPIP6 - ok
17:50:04.0362 0992 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:50:04.0362 0992 tcpipreg - ok
17:50:04.0377 0992 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:50:04.0377 0992 TDPIPE - ok
17:50:04.0409 0992 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:50:04.0409 0992 TDTCP - ok
17:50:04.0440 0992 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:50:04.0440 0992 tdx - ok
17:50:04.0455 0992 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:50:04.0455 0992 TermDD - ok
17:50:04.0502 0992 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:50:04.0518 0992 TermService - ok
17:50:04.0533 0992 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:50:04.0533 0992 Themes - ok
17:50:04.0549 0992 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:50:04.0549 0992 THREADORDER - ok
17:50:04.0611 0992 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
17:50:04.0611 0992 TIEHDUSB - ok
17:50:04.0627 0992 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:50:04.0627 0992 TrkWks - ok
17:50:04.0658 0992 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:50:04.0658 0992 TrustedInstaller - ok
17:50:04.0674 0992 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:50:04.0674 0992 tssecsrv - ok
17:50:04.0674 0992 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:50:04.0674 0992 TsUsbFlt - ok
17:50:04.0689 0992 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:50:04.0689 0992 TsUsbGD - ok
17:50:04.0705 0992 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:50:04.0705 0992 tunnel - ok
17:50:04.0721 0992 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:50:04.0721 0992 uagp35 - ok
17:50:04.0736 0992 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:50:04.0736 0992 udfs - ok
17:50:04.0752 0992 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:50:04.0752 0992 UI0Detect - ok
17:50:04.0767 0992 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:50:04.0767 0992 uliagpkx - ok
17:50:04.0783 0992 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:50:04.0783 0992 umbus - ok
17:50:04.0799 0992 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:50:04.0799 0992 UmPass - ok
17:50:04.0814 0992 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:50:04.0830 0992 upnphost - ok
17:50:04.0861 0992 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:50:04.0861 0992 usbccgp - ok
17:50:04.0877 0992 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:50:04.0877 0992 usbcir - ok
17:50:04.0892 0992 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:50:04.0892 0992 usbehci - ok
17:50:04.0908 0992 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:50:04.0908 0992 usbhub - ok
17:50:04.0923 0992 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:50:04.0923 0992 usbohci - ok
17:50:04.0923 0992 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:50:04.0923 0992 usbprint - ok
17:50:04.0939 0992 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:50:04.0939 0992 USBSTOR - ok
17:50:04.0939 0992 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:50:04.0939 0992 usbuhci - ok
17:50:04.0955 0992 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:50:04.0955 0992 UxSms - ok
17:50:04.0986 0992 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:50:04.0986 0992 VaultSvc - ok
17:50:05.0001 0992 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:50:05.0001 0992 vdrvroot - ok
17:50:05.0017 0992 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:50:05.0017 0992 vds - ok
17:50:05.0033 0992 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:50:05.0033 0992 vga - ok
17:50:05.0048 0992 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:50:05.0048 0992 VgaSave - ok
17:50:05.0048 0992 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:50:05.0064 0992 vhdmp - ok
17:50:05.0064 0992 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:50:05.0064 0992 viaide - ok
17:50:05.0079 0992 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:50:05.0079 0992 volmgr - ok
17:50:05.0095 0992 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:50:05.0095 0992 volmgrx - ok
17:50:05.0111 0992 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:50:05.0126 0992 volsnap - ok
17:50:05.0142 0992 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:50:05.0142 0992 vsmraid - ok
17:50:05.0204 0992 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:50:05.0235 0992 VSS - ok
17:50:05.0298 0992 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:50:05.0298 0992 vwifibus - ok
17:50:05.0345 0992 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:50:05.0345 0992 vwififlt - ok
17:50:05.0376 0992 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:50:05.0376 0992 W32Time - ok
17:50:05.0391 0992 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:50:05.0391 0992 WacomPen - ok
17:50:05.0423 0992 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:50:05.0423 0992 WANARP - ok
17:50:05.0423 0992 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:50:05.0423 0992 Wanarpv6 - ok
17:50:05.0532 0992 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:50:05.0563 0992 WatAdminSvc - ok
17:50:05.0625 0992 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:50:05.0641 0992 wbengine - ok
17:50:05.0688 0992 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:50:05.0688 0992 WbioSrvc - ok
17:50:05.0719 0992 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:50:05.0719 0992 wcncsvc - ok
17:50:05.0735 0992 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:50:05.0735 0992 WcsPlugInService - ok
17:50:05.0735 0992 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:50:05.0750 0992 Wd - ok
17:50:05.0766 0992 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:50:05.0781 0992 Wdf01000 - ok
17:50:05.0781 0992 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:50:05.0781 0992 WdiServiceHost - ok
17:50:05.0797 0992 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:50:05.0797 0992 WdiSystemHost - ok
17:50:05.0813 0992 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:50:05.0813 0992 WebClient - ok
17:50:05.0828 0992 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:50:05.0844 0992 Wecsvc - ok
17:50:05.0859 0992 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:50:05.0859 0992 wercplsupport - ok
17:50:05.0891 0992 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:50:05.0906 0992 WerSvc - ok
17:50:05.0922 0992 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:50:05.0922 0992 WfpLwf - ok
17:50:05.0922 0992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:50:05.0922 0992 WIMMount - ok
17:50:05.0937 0992 WinDefend - ok
17:50:05.0953 0992 WinHttpAutoProxySvc - ok
17:50:06.0000 0992 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:50:06.0000 0992 Winmgmt - ok
17:50:06.0062 0992 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:50:06.0093 0992 WinRM - ok
17:50:06.0171 0992 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:50:06.0171 0992 Wlansvc - ok
17:50:06.0203 0992 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:50:06.0203 0992 WmiAcpi - ok
17:50:06.0218 0992 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:50:06.0218 0992 wmiApSrv - ok
17:50:06.0234 0992 WMPNetworkSvc - ok
17:50:06.0234 0992 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:50:06.0249 0992 WPCSvc - ok
17:50:06.0249 0992 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:50:06.0249 0992 WPDBusEnum - ok
17:50:06.0265 0992 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:50:06.0265 0992 ws2ifsl - ok
17:50:06.0281 0992 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:50:06.0281 0992 wscsvc - ok
17:50:06.0281 0992 WSearch - ok
17:50:06.0343 0992 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:50:06.0390 0992 wuauserv - ok
17:50:06.0421 0992 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:50:06.0421 0992 WudfPf - ok
17:50:06.0452 0992 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:06.0452 0992 WUDFRd - ok
17:50:06.0468 0992 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:50:06.0468 0992 wudfsvc - ok
17:50:06.0483 0992 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:50:06.0483 0992 WwanSvc - ok
17:50:06.0499 0992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:50:06.0546 0992 \Device\Harddisk0\DR0 - ok
17:50:06.0561 0992 Boot (0x1200) (dc952430ed27330a22377b42b860bd90) \Device\Harddisk0\DR0\Partition0
17:50:06.0561 0992 \Device\Harddisk0\DR0\Partition0 - ok
17:50:06.0577 0992 Boot (0x1200) (6160bad0a32e367b0f913f821f4235e9) \Device\Harddisk0\DR0\Partition1
17:50:06.0577 0992 \Device\Harddisk0\DR0\Partition1 - ok
17:50:06.0577 0992 ============================================================
17:50:06.0577 0992 Scan finished
17:50:06.0577 0992 ============================================================
17:50:06.0577 1652 Detected object count: 0
17:50:06.0577 1652 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 17:50:59
-----------------------------
17:50:59.480 OS Version: Windows x64 6.1.7601 Service Pack 1
17:50:59.480 Number of processors: 8 586 0x102
17:50:59.480 ComputerName: HENRY-PC UserName: Henry
17:51:04.893 Initialize success
17:51:34.323 AVAST engine defs: 12050301
17:51:43.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP6T0L0-c
17:51:43.683 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 11
17:51:43.714 Disk 0 MBR read successfully
17:51:43.714 Disk 0 MBR scan
17:51:43.714 Disk 0 Windows 7 default MBR code
17:51:43.730 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:51:43.730 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
17:51:43.761 Disk 0 scanning C:\Windows\system32\drivers
17:51:50.886 Service scanning
17:52:02.976 Modules scanning
17:52:02.976 Disk 0 trace - called modules:
17:52:02.992 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:52:03.008 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dbd8790]
17:52:03.008 3 CLASSPNP.SYS[fffff880019ae43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP6T0L0-c[0xfffffa800d982060]
17:52:09.138 AVAST engine scan C:\Windows
17:52:11.806 AVAST engine scan C:\Windows\system32
17:54:11.777 AVAST engine scan C:\Windows\system32\drivers
17:54:20.528 AVAST engine scan C:\Users\Henry
17:58:51.651 AVAST engine scan C:\ProgramData
17:59:28.799 Scan finished successfully
18:00:25.598 Disk 0 MBR has been saved successfully to "C:\Users\Henry\Desktop\MBR.dat"
18:00:25.598 The log file has been saved successfully to "C:\Users\Henry\Desktop\aswMBR.txt"


thanks

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,340 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 03 May 2012 - 09:01 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\BabylonToolbar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sheps

sheps
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 04 May 2012 - 04:20 PM

1. ComboFix 12-05-04.03 - Henry 05/04/2012 16:07:55.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16329.14291 [GMT -5:00]
Running from: c:\users\Henry\Desktop\ComboFix.exe
Command switches used :: c:\users\Henry\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BabylonToolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 21:10 . 2012-05-04 21:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-04 21:10 . 2012-05-04 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 21:00 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{705E3603-C738-4EAB-832A-C860D57AA8C7}\mpengine.dll
2012-05-01 22:24 . 2012-05-01 22:24 -------- d-----w- C:\_OTL
2012-05-01 01:11 . 2012-05-01 01:12 -------- d-----w- c:\users\Henry\AppData\Local\CrashDumps
2012-04-29 15:29 . 2012-04-29 15:29 -------- d-----w- c:\programdata\IBUpdaterService
2012-04-28 01:49 . 2012-04-28 01:49 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-27 21:16 . 2012-04-28 00:00 -------- d-----w- C:\sh4ldr
2012-04-27 21:16 . 2012-04-27 21:16 -------- d-----w- c:\program files\Enigma Software Group
2012-04-27 21:16 . 2012-04-28 00:00 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-27 04:05 . 2012-04-28 00:06 -------- d-----w- c:\program files\HitmanPro
2012-04-27 04:04 . 2012-04-27 04:05 -------- d-----w- c:\programdata\HitmanPro
2012-04-27 00:26 . 2012-04-27 00:31 -------- d-----w- c:\users\Henry\AppData\Local\NPE
2012-04-27 00:26 . 2012-04-27 00:26 -------- d-----w- c:\programdata\Norton
2012-04-26 03:01 . 2012-04-26 03:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-25 17:29 . 2012-04-25 17:29 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-25 17:29 . 2012-04-25 17:29 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-25 00:04 . 2012-04-25 00:04 -------- d-----w- c:\users\Henry\AppData\Local\WinZip
2012-04-25 00:03 . 2012-04-25 00:03 -------- d-----w- c:\programdata\WinZip
2012-04-24 15:31 . 2012-04-24 15:31 -------- d-----w- c:\users\Henry\AppData\Roaming\SynthMaker
2012-04-24 15:31 . 2012-04-24 15:31 -------- d-----w- c:\users\Henry\AppData\Roaming\Acoustica
2012-04-24 15:31 . 2009-12-14 20:25 57344 ----a-w- c:\windows\SysWow64\Wnaspint.dll
2012-04-24 15:31 . 2012-04-24 15:31 -------- d-----w- c:\program files (x86)\Acoustica Shared Effects
2012-04-24 15:30 . 2012-04-24 15:31 -------- d-----w- c:\program files (x86)\Acoustica Mixcraft 5
2012-04-24 15:30 . 2012-04-24 15:30 -------- d-----w- c:\programdata\Acoustica
2012-04-24 15:30 . 2012-04-24 15:30 -------- d-----w- c:\program files (x86)\VST
2012-04-24 15:30 . 2009-12-14 20:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-24 15:17 . 2012-04-24 15:17 1491 ----a-w- C:\user.js
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2012-02-09 03:39 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 22:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 22:53 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 22:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 22:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-12 14:32 . 2012-02-12 14:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 06:36 . 2012-03-13 22:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 22:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-09 03:38 . 2012-02-09 03:38 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-09 03:38 . 2012-02-09 03:38 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-09 03:38 . 2012-02-09 03:38 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-09 03:38 . 2012-02-09 03:38 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-09 03:38 . 2012-02-09 03:38 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-09 03:38 . 2012-02-09 03:38 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-09 03:38 . 2012-02-09 03:38 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-09 03:38 . 2012-02-09 03:38 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-09 03:38 . 2012-02-09 03:38 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-09 03:38 . 2012-02-09 03:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-09 03:38 . 2012-02-09 03:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-09 03:38 . 2012-02-09 03:38 448512 ----a-w- c:\windows\system32\html.iec
2012-02-09 03:38 . 2012-02-09 03:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-09 03:38 . 2012-02-09 03:38 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-09 03:38 . 2012-02-09 03:38 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-09 03:38 . 2012-02-09 03:38 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-09 03:38 . 2012-02-09 03:38 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-09 03:38 . 2012-02-09 03:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-09 03:38 . 2012-02-09 03:38 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-09 03:38 . 2012-02-09 03:38 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-09 03:38 . 2012-02-09 03:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-09 03:38 . 2012-02-09 03:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-09 03:38 . 2012-02-09 03:38 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-09 03:38 . 2012-02-09 03:38 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-09 03:38 . 2012-02-09 03:38 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-09 03:38 . 2012-02-09 03:38 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-09 03:38 . 2012-02-09 03:38 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-09 03:38 . 2012-02-09 03:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-09 03:38 . 2012-02-09 03:38 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-09 03:38 . 2012-02-09 03:38 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-09 03:38 . 2012-02-09 03:38 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-09 03:38 . 2012-02-09 03:38 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-09 03:38 . 2012-02-09 03:38 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-09 03:38 . 2012-02-09 03:38 160256 ----a-w- c:\windows\system32\wextract.exe
2009-05-15 04:15 . 2009-05-15 04:15 5719400 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 04:15 . 2009-05-15 04:15 4397928 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-02_21.08.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-05-04 20:58 27476 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-04 20:58 35338 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-08 15:34 . 2012-05-04 20:58 7858 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3713007220-401280677-1441858500-1000_UserData.bin
- 2012-05-02 21:07 . 2012-05-02 21:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 21:11 . 2012-05-04 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-02 21:07 . 2012-05-02 21:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-04 21:11 . 2012-05-04 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-12 17:03 . 2012-05-04 01:23 269138 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-05-02 21:02 660068 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-04 21:03 660068 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-04 21:03 120996 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-02 21:02 120996 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-02 21:06 332244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-04 21:10 332244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-09 04:19 . 2012-05-04 21:10 15892360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3713007220-401280677-1441858500-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-12 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-04-29 397848]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2010-06-21 211296]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-16 378984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:00]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Ralink\Common\RaRegistry.exe
.
**************************************************************************
.
Completion time: 2012-05-04 16:15:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 21:15
ComboFix2.txt 2012-05-02 21:10
.
Pre-Run: 901,369,417,728 bytes free
Post-Run: 901,393,575,936 bytes free
.
- - End Of File - - 5B6E58174138A0C74678FAD08432655F


2. No problems with combo fix


3. Still getting the nginx error from google.com

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,340 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 PM

Posted 04 May 2012 - 09:17 PM

Hello


I would like you to go here and press the fixit button - http://support.microsoft.com/kb/923737


let me know if it fixed the problem



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sheps

sheps
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 05 May 2012 - 09:08 PM

Still getting the error...
Thanks for all the help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users