Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Router Security Logs

Started by JackieBrown , Jun 10 2012 02:07 PM

  • This topic is locked This topic is locked
25 replies to this topic

#1 JackieBrown

JackieBrown

    Member

  • Members
  • PipPip
  • 35 posts
  • Gender:Male
  • Location:Earth

Posted 10 June 2012 - 02:07 PM

Hi :)

My Sagem F@st 1500WG Ver. 2.3.20.a has this security log that i paste fragmentary mentioned below:

06/10/2012 18:44:15 192.168.xxx.xxx login success
06/10/2012 18:34:56 **TCP FIN Scan** 192.168.xxx.xxx, 52755->> 173.194.35.15, 80 (from PPPoE1 Outbound)
06/10/2012 18:34:56 **TCP FIN Scan** 192.168.xxx.xxx, 53019->> 173.194.35.55, 80 (from PPPoE1 Outbound)
06/10/2012 18:34:56 **TCP FIN Scan** 192.168.xxx.xxx, 53191->> 173.194.35.12, 80 (from PPPoE1 Outbound)
06/10/2012 18:34:36 **TCP FIN Scan** 192.168.xxx.xxx, 52730->> 173.194.35.18, 80 (from PPPoE1 Outbound)
06/10/2012 18:34:36 **TCP FIN Scan** 192.168.xxx.xxx, 52860->> 173.194.35.15, 80 (from PPPoE1 Outbound)
06/10/2012 18:34:36 **TCP FIN Scan** 192.168.xxx.xxx, 52804->> 173.194.35.12, 80 (from PPPoE1 Outbound)
..................................................................................................................................................................................
06/10/2012 18:30:32 **SYN Flood to Host** 192.168.xxx.xxx, 52806->> 173.194.35.10, 80 (from PPPoE1 Outbound)
..................................................................................................................................................................................
06/10/2012 18:00:56 **SYN Flood to Host** 192.168.xxx.xxx, 50254->> 108.59.9.2, 80 (from PPPoE1 Outbound)
06/10/2012 18:00:36 **LAND** xxx.xxx.xxx.xxx, 49721->> xxx.xxx.xxx.xxx, 80 (from PPPoE1 Inbound)
06/10/2012 18:00:30 **LAND** xxx.xxx.xxx.xxx, 49721->> xxx.xxx.xxx.xxx, 80 (from PPPoE1 Inbound)
..................................................................................................................................................................................
06/10/2012 09:27:09 **UDP Flood to Host** 192.168.xxx.xxx, 59280->> 176.92.129.155, 53642 (from PPPoE1 Outbound)
06/10/2012 09:08:53 **UDP Flood to Host** 192.168.xxx.xxx, 23218->> 176.92.129.155, 49139 (from PPPoE1 Outbound)
06/10/2012 09:07:08 **UDP Flood to Host** 192.168.xxx.xxx, 44810->> 176.92.129.155, 47658 (from PPPoE1 Outbound)
06/10/2012 08:59:49 **UDP Flood to Host** 192.168.xxx.xxx, 29703->> 176.92.129.155, 4323 (from PPPoE1 Outbound)
06/10/2012 03:40:41 **UDP Flood to Host** 192.168.xxx.xxx, 38089->> 79.107.95.238, 45597 (from PPPoE1 Outbound)
06/10/2012 03:37:45 **UDP Flood to Host** 192.168.xxx.xxx, 60997->> 79.107.95.238, 11206 (from PPPoE1 Outbound)
06/10/2012 03:34:30 **UDP Flood to Host** 192.168.xxx.xxx, 6191->> 79.107.95.238, 50840 (from PPPoE1 Outbound)

My apologies for used xxx.xxx for my internal IP and xxx.xxx.xxx.xxx for my external IP,
but i thought that is not necessary to be displayed.

I have found these same topics but without solutions:

http://www.bleepingcomputer.com/forums/topic389508.html
http://www.bleepingcomputer.com/forums/topic324615.html

and this from google about LAND (attack)*:
http://insecure.org/sploits/land.ip.DOS.html

I followed these steps: http://www.bleepingcomputer.com/forums/topic34773.html
and my DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by RedOne at 21:48:56 on 2012-06-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1253.30.1032.18.3327.1885 [GMT 3:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\SpybotSearch&Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page =
uSearch Page =
uStart Page = about:blank
mStart Page = about:blank
mDefault_Search_URL =
mDefault_Page_URL =
mLocal Page =
mSearch Page =
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: AutorunsDisabled - No File
BHO: link filter bho - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybotsearch&destroy\TeaTimer.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
StartupFolder: c:\users\redone\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\dropbox.lnk - c:\users\redone\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\redone\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\kasper~1.lnk - m:\portableapps\kasperskyvirusremovaltool\kasperskyvirusremovaltool_9.0.0.722_03.10.2011_04-41\startup.exe
uPolicies-explorer: NoSecurityTab = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: FilterAdministratorToken = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ξαγωγή στο Microsoft Excel - c:\program files\micros~1\office12\EXCEL.EXE/3000
IE: Προσθήκη στη λειτουργία Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\micros~1\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TCP: Interfaces\{5C5160B5-5CF5-4164-96E7-FB49A818AF7B} : NameServer = 8.8.8.8,8.8.4.4
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoftoffice\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\redone\appdata\roaming\mozilla\firefox\profiles\jfnsjmp5.default\
FF - prefs.js: browser.search.selectedEngine - AppBrain.com
FF - plugin: c:\program files\adobe\reader10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader10.0\reader\browser\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 26449322;26449322 Boot Guard Driver;c:\windows\system32\drivers\26449322.sys [2011-10-3 37392]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-5-8 51144]
R1 26449321;26449321;c:\windows\system32\drivers\26449321.sys [2011-10-3 128016]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R1 SASDIFSV;SASDIFSV;c:\users\redone\appdata\local\temp\superantispyware\sasdifsv.sys [2012-6-10 12872]
R2 AVP;Υπηρεσία Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe -r --> c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe -r [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-9 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybotsearch&destroy\SDWinSec.exe [2011-5-30 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-1-24 62464]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-3 40776]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-1-24 15872]
S3 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-4-24 584224]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-1-24 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-1-24 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-1-24 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2011-1-24 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-1-24 112640]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 gupdate;Υπηρεσία Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-5 136176]
S4 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-5 136176]
S4 KKWAHXZYADXY;KKWAHXZYADXY;c:\users\redone\appdata\local\temp\kkwahxzyadxy.exe --> c:\users\redone\appdata\local\temp\KKWAHXZYADXY.exe [?]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S4 VHHILNQ;VHHILNQ;c:\users\redone\appdata\local\temp\vhhilnq.exe --> c:\users\redone\appdata\local\temp\VHHILNQ.exe [?]
.
=============== Created Last 30 ================
.
2012-06-10 14:36:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-10 14:35:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-10 14:35:31 -------- d-----w- c:\programdata\Malwarebytes
2012-06-10 13:36:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-10 13:36:51 -------- d-----w- c:\users\redone\appdata\roaming\SUPERAntiSpyware.com
2012-06-10 13:32:36 1397248 ----a-w- c:\windows\system32\utilman.exe.bak
2012-06-09 15:51:02 -------- d-----w- c:\program files\GIMP
2012-05-25 09:42:59 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-25 09:42:59 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-25 09:42:59 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-25 09:42:58 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-25 09:42:58 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-25 09:42:58 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-25 09:42:58 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-24 21:18:40 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-05-19 11:13:53 -------- d-----w- c:\users\redone\Doctor Web
2012-05-17 00:53:04 -------- d-----w- c:\program files\Realtek
2012-05-14 23:21:50 423744 ----a-w- c:\windows\system32\nvStreaming.exe
.
==================== Find3M ====================
.
2012-06-10 14:46:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-10 13:32:36 669184 ----a-w- c:\windows\system32\Utilman.exe
2012-06-09 15:26:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 15:26:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 15:54:57 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-05-15 10:26:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26:00 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26:00 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:28:50 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:28:49 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28:49 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28:49 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27:28 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-04-24 14:13:24 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-24 10:02:03 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36:11 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27:18 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
============= FINISH: 21:49:58,64 ===============

 

  • BC Ads
  • BleepingComputer.com

#2 JackieBrown

JackieBrown

    Member

  • Members
  • PipPip
  • 35 posts
  • Gender:Male
  • Location:Earth

Posted 10 June 2012 - 02:47 PM

My attach file i upload again, because i didn't correct,
but GMER file i can't to upload it because i am not permitted to upload this kind of file...

I look forward to your instructions :)

Attached Files


Edited by JackieBrown, 10 June 2012 - 02:49 PM.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot

  • Bots
  • PipPipPipPipPipPip
  • 7,060 posts
  • Gender:Male

Posted 15 June 2012 - 02:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/456568 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 JackieBrown

JackieBrown

    Member

  • Members
  • PipPip
  • 35 posts
  • Gender:Male
  • Location:Earth

Posted 17 June 2012 - 02:09 AM

Yes, i still need help and instructions...

My pc's OS is windows 7 32bit ultimate SP1 updated
I have unusual router security logs like:

06/15/2012 16:43:38 **TCP FIN Scan** 95.211.xxx.xxx, 53324->> 192.168.xxx.xxx, 51126 (from PPPoE1 Inbound)
06/15/2012 18:02:52 **SYN Flood to Host** 192.168.xxx.xxx, 63755->> 94.75.xxx.xxx, 80 (from PPPoE1 Outbound)
06/15/2012 18:14:21 **LAND** 46.190.xxx.xxx, 50622->> 46.190.xxx.xxx, 80 (from PPPoE1 Inbound)
06/15/2012 18:15:38 **Vecna Scan** 192.168.xxx.xxx, 51183->> 79.131.xxx.xxx, 51413 (from PPPoE1 Outbound)
06/16/2012 23:57:53 **TCP FIN Scan** 192.168.xxx.xxx, 63097->> 173.194.xxx.xxx, 80 (from PPPoE1 Outbound)
06/17/2012 00:38:44 **SYN Flood to Host** 192.168.xxx.xxx, 65017->> 173.194.xxx.xxx, 80 (from PPPoE1 Outbound)
06/17/2012 00:43:13 **TCP FIN Scan** 192.168.xxx.xxx, 65077->> 173.194.xxx.xxx, 80 (from PPPoE1 Outbound)
06/17/2012 06:19:55 **LAND** 46.190.xxx.xxx, 59014->> 46.190.xxx.xxx, 80 (from PPPoE1 Inbound)

I don't run any security-hacker tool to have this logs and i think that my pc has been compromised.

#5 JackieBrown

JackieBrown

    Member

  • Members
  • PipPip
  • 35 posts
  • Gender:Male
  • Location:Earth

Posted 17 June 2012 - 02:15 AM

Several buttons for attaching and i have not accustomed to this way from other forums, sorry...
Here is my logs:

Attached File  DDS.002.txt   13.23K   0 downloads
Attached File  GMER.002.log   26.26K   1 downloads

#6 nasdaq

nasdaq

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 10,816 posts
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 22 June 2012 - 06:23 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 JackieBrown

JackieBrown

    Member

  • Members
  • PipPip
  • 35 posts
  • Gender:Male
  • Location:Earth

Posted 23 June 2012 - 10:25 AM

Hi nasdaq, i followed your instructions and here is the results:

TDSS log
17:37:47.0932 3172 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
17:37:48.0317 3172 ============================================================
17:37:48.0317 3172 Current date / time: 2012/06/23 17:37:48.0317
17:37:48.0317 3172 SystemInfo:
17:37:48.0317 3172
17:37:48.0317 3172 OS Version: 6.1.7601 ServicePack: 1.0
17:37:48.0317 3172 Product type: Workstation
17:37:48.0317 3172 ComputerName: REDONEDESK
17:37:48.0318 3172 UserName: RedOne
17:37:48.0318 3172 Windows directory: C:\Windows
17:37:48.0318 3172 System windows directory: C:\Windows
17:37:48.0318 3172 Processor architecture: Intel x86
17:37:48.0318 3172 Number of processors: 3
17:37:48.0318 3172 Page size: 0x1000
17:37:48.0318 3172 Boot type: Normal boot
17:37:48.0318 3172 ============================================================
17:37:54.0498 3172 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:37:54.0519 3172 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:37:54.0690 3172 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:37:54.0727 3172 Drive \Device\Harddisk3\DR3 - Size: 0xEEE00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:37:54.0729 3172 ============================================================
17:37:54.0729 3172 \Device\Harddisk1\DR1:
17:37:54.0731 3172 MBR partitions:
17:37:54.0731 3172 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
17:37:54.0731 3172 \Device\Harddisk0\DR0:
17:37:54.0759 3172 MBR partitions:
17:37:54.0759 3172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BF23082
17:37:54.0759 3172 \Device\Harddisk2\DR4:
17:37:54.0761 3172 MBR partitions:
17:37:54.0761 3172 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
17:37:54.0761 3172 \Device\Harddisk3\DR3:
17:37:54.0762 3172 MBR partitions:
17:37:54.0762 3172 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xB, StartLBA 0x18, BlocksNum 0x776FE8
17:37:54.0762 3172 ============================================================
17:37:54.0972 3172 C: <-> \Device\Harddisk0\DR0\Partition0
17:37:55.0296 3172 H: <-> \Device\Harddisk2\DR4\Partition0
17:37:55.0308 3172 D: <-> \Device\Harddisk1\DR1\Partition0
17:37:55.0308 3172 ============================================================
17:37:55.0308 3172 Initialize success
17:37:55.0308 3172 ============================================================
17:38:58.0862 3960 ============================================================
17:38:58.0862 3960 Scan started
17:38:58.0862 3960 Mode: Manual;
17:38:58.0862 3960 ============================================================
17:39:00.0886 3960 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:39:00.0926 3960 1394ohci - ok
17:39:01.0036 3960 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:39:01.0051 3960 ACDaemon - ok
17:39:01.0094 3960 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\DRIVERS\ACPI.sys
17:39:01.0106 3960 ACPI - ok
17:39:01.0138 3960 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\DRIVERS\acpipmi.sys
17:39:01.0166 3960 AcpiPmi - ok
17:39:01.0248 3960 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:39:01.0252 3960 AdobeARMservice - ok
17:39:01.0311 3960 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:39:01.0407 3960 adp94xx - ok
17:39:01.0440 3960 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:39:01.0502 3960 adpahci - ok
17:39:01.0531 3960 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:39:01.0570 3960 adpu320 - ok
17:39:01.0607 3960 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:39:01.0610 3960 AeLookupSvc - ok
17:39:01.0646 3960 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
17:39:01.0685 3960 Afc - ok
17:39:01.0744 3960 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:39:01.0762 3960 AFD - ok
17:39:01.0797 3960 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
17:39:01.0819 3960 agp440 - ok
17:39:01.0863 3960 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:39:01.0913 3960 aic78xx - ok
17:39:01.0945 3960 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:39:01.0948 3960 ALG - ok
17:39:01.0967 3960 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
17:39:01.0985 3960 aliide - ok
17:39:02.0011 3960 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
17:39:02.0052 3960 amdagp - ok
17:39:02.0069 3960 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
17:39:02.0090 3960 amdide - ok
17:39:02.0122 3960 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:39:02.0143 3960 AmdK8 - ok
17:39:02.0209 3960 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:39:02.0230 3960 AmdPPM - ok
17:39:02.0271 3960 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:39:02.0294 3960 amdsata - ok
17:39:02.0318 3960 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:39:02.0355 3960 amdsbs - ok
17:39:02.0388 3960 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:39:02.0391 3960 amdxata - ok
17:39:02.0433 3960 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:39:02.0438 3960 AppID - ok
17:39:02.0479 3960 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:39:02.0483 3960 AppIDSvc - ok
17:39:02.0514 3960 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:39:02.0517 3960 Appinfo - ok
17:39:02.0565 3960 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
17:39:02.0580 3960 AppMgmt - ok
17:39:02.0618 3960 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:39:02.0648 3960 arc - ok
17:39:02.0674 3960 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:39:02.0695 3960 arcsas - ok
17:39:02.0723 3960 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:39:02.0725 3960 AsyncMac - ok
17:39:02.0740 3960 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
17:39:02.0741 3960 atapi - ok
17:39:02.0787 3960 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:39:02.0804 3960 AudioEndpointBuilder - ok
17:39:02.0813 3960 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:39:02.0817 3960 Audiosrv - ok
17:39:02.0886 3960 AVP - ok
17:39:02.0912 3960 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:39:02.0919 3960 AxInstSV - ok
17:39:02.0975 3960 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:39:03.0043 3960 b06bdrv - ok
17:39:03.0086 3960 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:39:03.0144 3960 b57nd60x - ok
17:39:03.0185 3960 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:39:03.0190 3960 BDESVC - ok
17:39:03.0215 3960 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:39:03.0217 3960 Beep - ok
17:39:03.0278 3960 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:39:03.0294 3960 BFE - ok
17:39:03.0338 3960 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
17:39:03.0358 3960 BITS - ok
17:39:03.0377 3960 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:39:03.0408 3960 blbdrive - ok
17:39:03.0454 3960 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:39:03.0457 3960 bowser - ok
17:39:03.0471 3960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:39:03.0512 3960 BrFiltLo - ok
17:39:03.0538 3960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:39:03.0563 3960 BrFiltUp - ok
17:39:03.0579 3960 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:39:03.0586 3960 Browser - ok
17:39:03.0603 3960 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:39:03.0641 3960 Brserid - ok
17:39:03.0664 3960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:39:03.0693 3960 BrSerWdm - ok
17:39:03.0707 3960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:39:03.0729 3960 BrUsbMdm - ok
17:39:03.0733 3960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:39:03.0756 3960 BrUsbSer - ok
17:39:03.0786 3960 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
17:39:03.0799 3960 BthEnum - ok
17:39:03.0814 3960 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:39:03.0831 3960 BTHMODEM - ok
17:39:03.0869 3960 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
17:39:03.0894 3960 BthPan - ok
17:39:03.0948 3960 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
17:39:03.0978 3960 BTHPORT - ok
17:39:04.0027 3960 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:39:04.0031 3960 bthserv - ok
17:39:04.0051 3960 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
17:39:04.0068 3960 BTHUSB - ok
17:39:04.0111 3960 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:39:04.0115 3960 cdfs - ok
17:39:04.0147 3960 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:39:04.0189 3960 cdrom - ok
17:39:04.0242 3960 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:39:04.0244 3960 CertPropSvc - ok
17:39:04.0271 3960 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:39:04.0288 3960 circlass - ok
17:39:04.0315 3960 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:39:04.0329 3960 CLFS - ok
17:39:04.0412 3960 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:39:04.0444 3960 clr_optimization_v2.0.50727_32 - ok
17:39:04.0542 3960 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:39:04.0582 3960 clr_optimization_v4.0.30319_32 - ok
17:39:04.0614 3960 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:39:04.0630 3960 CmBatt - ok
17:39:04.0654 3960 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
17:39:04.0667 3960 cmdide - ok
17:39:04.0721 3960 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:39:04.0731 3960 CNG - ok
17:39:04.0750 3960 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:39:04.0764 3960 Compbatt - ok
17:39:04.0781 3960 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:39:04.0796 3960 CompositeBus - ok
17:39:04.0808 3960 COMSysApp - ok
17:39:04.0829 3960 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:39:04.0846 3960 crcdisk - ok
17:39:04.0899 3960 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
17:39:04.0906 3960 CryptSvc - ok
17:39:04.0952 3960 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
17:39:04.0962 3960 CSC - ok
17:39:05.0012 3960 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
17:39:05.0027 3960 CscService - ok
17:39:05.0074 3960 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:39:05.0085 3960 DcomLaunch - ok
17:39:05.0121 3960 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:39:05.0134 3960 defragsvc - ok
17:39:05.0177 3960 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:39:05.0180 3960 DfsC - ok
17:39:05.0227 3960 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:39:05.0239 3960 Dhcp - ok
17:39:05.0270 3960 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:39:05.0289 3960 discache - ok
17:39:05.0329 3960 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:39:05.0331 3960 Disk - ok
17:39:05.0350 3960 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\DRIVERS\dmvsc.sys
17:39:05.0385 3960 dmvsc - ok
17:39:05.0427 3960 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:39:05.0433 3960 Dnscache - ok
17:39:05.0454 3960 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:39:05.0501 3960 dot3svc - ok
17:39:05.0521 3960 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:39:05.0535 3960 DPS - ok
17:39:05.0576 3960 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:39:05.0597 3960 drmkaud - ok
17:39:05.0649 3960 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:39:05.0671 3960 DXGKrnl - ok
17:39:05.0703 3960 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:39:05.0709 3960 EapHost - ok
17:39:05.0905 3960 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:39:06.0050 3960 ebdrv - ok
17:39:06.0162 3960 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:39:06.0166 3960 EFS - ok
17:39:06.0221 3960 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:39:06.0282 3960 elxstor - ok
17:39:06.0306 3960 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
17:39:06.0333 3960 ErrDev - ok
17:39:06.0386 3960 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\Windows\system32\drivers\es1371mp.sys
17:39:06.0422 3960 es1371 - ok
17:39:06.0478 3960 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:39:06.0491 3960 EventSystem - ok
17:39:06.0514 3960 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:39:06.0554 3960 exfat - ok
17:39:06.0574 3960 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:39:06.0588 3960 fastfat - ok
17:39:06.0649 3960 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:39:06.0663 3960 Fax - ok
17:39:06.0683 3960 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:39:06.0727 3960 fdc - ok
17:39:06.0755 3960 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:39:06.0757 3960 fdPHost - ok
17:39:06.0771 3960 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:39:06.0774 3960 FDResPub - ok
17:39:06.0792 3960 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:39:06.0796 3960 FileInfo - ok
17:39:06.0815 3960 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:39:06.0818 3960 Filetrace - ok
17:39:06.0827 3960 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:39:06.0841 3960 flpydisk - ok
17:39:06.0884 3960 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:39:06.0892 3960 FltMgr - ok
17:39:06.0947 3960 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:39:06.0969 3960 FontCache - ok
17:39:07.0071 3960 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:39:07.0073 3960 FontCache3.0.0.0 - ok
17:39:07.0142 3960 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:39:07.0198 3960 FsDepends - ok
17:39:07.0253 3960 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:39:07.0316 3960 Fs_Rec - ok
17:39:07.0364 3960 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:39:07.0376 3960 fvevol - ok
17:39:07.0404 3960 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:39:07.0433 3960 gagp30kx - ok
17:39:07.0483 3960 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:39:07.0505 3960 gpsvc - ok
17:39:07.0621 3960 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:39:07.0634 3960 gupdate - ok
17:39:07.0654 3960 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:39:07.0657 3960 gupdatem - ok
17:39:07.0699 3960 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:39:07.0745 3960 gusvc - ok
17:39:07.0776 3960 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:39:07.0800 3960 hcw85cir - ok
17:39:07.0841 3960 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:39:07.0924 3960 HdAudAddService - ok
17:39:07.0963 3960 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:39:07.0985 3960 HDAudBus - ok
17:39:08.0005 3960 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:39:08.0019 3960 HidBatt - ok
17:39:08.0052 3960 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:39:08.0081 3960 HidBth - ok
17:39:08.0121 3960 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:39:08.0142 3960 HidIr - ok
17:39:08.0194 3960 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
17:39:08.0198 3960 hidserv - ok
17:39:08.0228 3960 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:39:08.0246 3960 HidUsb - ok
17:39:08.0277 3960 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:39:08.0281 3960 hkmsvc - ok
17:39:08.0308 3960 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:39:08.0321 3960 HomeGroupListener - ok
17:39:08.0359 3960 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:39:08.0373 3960 HomeGroupProvider - ok
17:39:08.0421 3960 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:39:08.0448 3960 HpSAMD - ok
17:39:08.0493 3960 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:39:08.0509 3960 HTTP - ok
17:39:08.0526 3960 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:39:08.0530 3960 hwpolicy - ok
17:39:08.0563 3960 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
17:39:08.0601 3960 i8042prt - ok
17:39:08.0695 3960 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:39:08.0763 3960 iaStorV - ok
17:39:08.0881 3960 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:39:08.0911 3960 idsvc - ok
17:39:08.0942 3960 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:39:08.0980 3960 iirsp - ok
17:39:09.0048 3960 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:39:09.0068 3960 IKEEXT - ok
17:39:09.0094 3960 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
17:39:09.0110 3960 intelide - ok
17:39:09.0140 3960 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:39:09.0157 3960 intelppm - ok
17:39:09.0202 3960 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:39:09.0208 3960 IPBusEnum - ok
17:39:09.0223 3960 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:39:09.0226 3960 IpFilterDriver - ok
17:39:09.0268 3960 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:39:09.0286 3960 iphlpsvc - ok
17:39:09.0311 3960 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:39:09.0496 3960 IPMIDRV - ok
17:39:09.0522 3960 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:39:09.0529 3960 IPNAT - ok
17:39:09.0558 3960 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:39:09.0562 3960 IRENUM - ok
17:39:09.0591 3960 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
17:39:09.0612 3960 isapnp - ok
17:39:09.0638 3960 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\DRIVERS\msiscsi.sys
17:39:09.0690 3960 iScsiPrt - ok
17:39:09.0723 3960 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:39:09.0742 3960 kbdclass - ok
17:39:09.0771 3960 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
17:39:09.0786 3960 kbdhid - ok
17:39:09.0817 3960 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:39:09.0819 3960 KeyIso - ok
17:39:09.0888 3960 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
17:39:09.0894 3960 KL1 - ok
17:39:09.0904 3960 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
17:39:09.0907 3960 kl2 - ok
17:39:09.0957 3960 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
17:39:09.0987 3960 KLIF - ok
17:39:10.0035 3960 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
17:39:10.0040 3960 KLIM6 - ok
17:39:10.0054 3960 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
17:39:10.0057 3960 klmouflt - ok
17:39:10.0087 3960 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:39:10.0090 3960 KSecDD - ok
17:39:10.0120 3960 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:39:10.0127 3960 KSecPkg - ok
17:39:10.0175 3960 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:39:10.0186 3960 KtmRm - ok
17:39:10.0232 3960 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
17:39:10.0247 3960 LanmanServer - ok
17:39:10.0279 3960 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:39:10.0286 3960 LanmanWorkstation - ok
17:39:10.0327 3960 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:39:10.0331 3960 lltdio - ok
17:39:10.0351 3960 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:39:10.0362 3960 lltdsvc - ok
17:39:10.0373 3960 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:39:10.0376 3960 lmhosts - ok
17:39:10.0416 3960 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:39:10.0445 3960 LSI_FC - ok
17:39:10.0462 3960 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:39:10.0488 3960 LSI_SAS - ok
17:39:10.0523 3960 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:39:10.0544 3960 LSI_SAS2 - ok
17:39:10.0555 3960 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:39:10.0584 3960 LSI_SCSI - ok
17:39:10.0601 3960 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:39:10.0609 3960 luafv - ok
17:39:10.0742 3960 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
17:39:10.0760 3960 MDM - ok
17:39:10.0794 3960 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:39:10.0817 3960 megasas - ok
17:39:10.0846 3960 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:39:10.0885 3960 MegaSR - ok
17:39:10.0944 3960 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\MicrosoftOffice\Office12\GrooveAuditService.exe
17:39:10.0950 3960 Microsoft Office Groove Audit Service - ok
17:39:10.0986 3960 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:39:10.0990 3960 MMCSS - ok
17:39:11.0009 3960 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:39:11.0013 3960 Modem - ok
17:39:11.0037 3960 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:39:11.0057 3960 monitor - ok
17:39:11.0094 3960 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:39:11.0122 3960 mouclass - ok
17:39:11.0141 3960 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:39:11.0162 3960 mouhid - ok
17:39:11.0194 3960 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:39:11.0198 3960 mountmgr - ok
17:39:11.0270 3960 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:39:11.0286 3960 MozillaMaintenance - ok
17:39:11.0312 3960 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\DRIVERS\mpio.sys
17:39:11.0353 3960 mpio - ok
17:39:11.0403 3960 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:39:11.0407 3960 mpsdrv - ok
17:39:11.0474 3960 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:39:11.0490 3960 MpsSvc - ok
17:39:11.0520 3960 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:39:11.0528 3960 MRxDAV - ok
17:39:11.0578 3960 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:39:11.0585 3960 mrxsmb - ok
17:39:11.0618 3960 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:39:11.0631 3960 mrxsmb10 - ok
17:39:11.0644 3960 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:39:11.0651 3960 mrxsmb20 - ok
17:39:11.0668 3960 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\DRIVERS\msahci.sys
17:39:11.0671 3960 msahci - ok
17:39:11.0682 3960 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\DRIVERS\msdsm.sys
17:39:11.0701 3960 msdsm - ok
17:39:11.0731 3960 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:39:11.0746 3960 MSDTC - ok
17:39:11.0800 3960 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:39:11.0802 3960 Msfs - ok
17:39:11.0822 3960 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:39:11.0825 3960 mshidkmdf - ok
17:39:12.0098 3960 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
17:39:12.0102 3960 msisadrv - ok
17:39:12.0147 3960 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:39:12.0161 3960 MSiSCSI - ok
17:39:12.0167 3960 msiserver - ok
17:39:12.0224 3960 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:39:12.0248 3960 MSKSSRV - ok
17:39:12.0272 3960 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:39:12.0274 3960 MSPCLOCK - ok
17:39:12.0292 3960 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:39:12.0295 3960 MSPQM - ok
17:39:12.0314 3960 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:39:12.0327 3960 MsRPC - ok
17:39:12.0351 3960 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
17:39:12.0370 3960 mssmbios - ok
17:39:12.0376 3960 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:39:12.0378 3960 MSTEE - ok
17:39:12.0384 3960 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:39:12.0397 3960 MTConfig - ok
17:39:12.0445 3960 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
17:39:12.0463 3960 MTsensor - ok
17:39:12.0492 3960 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:39:12.0496 3960 Mup - ok
17:39:12.0583 3960 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:39:12.0601 3960 napagent - ok
17:39:12.0640 3960 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:39:12.0652 3960 NativeWifiP - ok
17:39:12.0711 3960 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:39:12.0771 3960 NDIS - ok
17:39:12.0885 3960 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:39:12.0888 3960 NdisCap - ok
17:39:12.0915 3960 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:39:12.0917 3960 NdisTapi - ok
17:39:12.0948 3960 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:39:12.0952 3960 Ndisuio - ok
17:39:12.0988 3960 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:39:12.0995 3960 NdisWan - ok
17:39:13.0010 3960 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:39:13.0014 3960 NDProxy - ok
17:39:13.0050 3960 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:39:13.0053 3960 NetBIOS - ok
17:39:13.0074 3960 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:39:13.0087 3960 NetBT - ok
17:39:13.0126 3960 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:39:13.0130 3960 Netlogon - ok
17:39:13.0189 3960 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:39:13.0200 3960 Netman - ok
17:39:13.0229 3960 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:39:13.0250 3960 netprofm - ok
17:39:13.0342 3960 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:39:13.0356 3960 NetTcpPortSharing - ok
17:39:13.0402 3960 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:39:13.0444 3960 nfrd960 - ok
17:39:13.0505 3960 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:39:13.0518 3960 NlaSvc - ok
17:39:13.0574 3960 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
17:39:13.0615 3960 NPF - ok
17:39:13.0633 3960 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:39:13.0637 3960 Npfs - ok
17:39:13.0674 3960 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:39:13.0679 3960 nsi - ok
17:39:13.0692 3960 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:39:13.0696 3960 nsiproxy - ok
17:39:13.0772 3960 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:39:13.0809 3960 Ntfs - ok
17:39:13.0834 3960 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:39:13.0839 3960 Null - ok
17:39:14.0367 3960 nvlddmkm (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:39:14.0730 3960 nvlddmkm - ok
17:39:14.0858 3960 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:39:14.0894 3960 nvraid - ok
17:39:14.0934 3960 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:39:14.0966 3960 nvstor - ok
17:39:15.0032 3960 nvsvc (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe
17:39:15.0041 3960 nvsvc - ok
17:39:15.0195 3960 nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:39:15.0204 3960 nvUpdatusService - ok
17:39:15.0319 3960 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
17:39:15.0351 3960 nv_agp - ok
17:39:15.0458 3960 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:39:15.0474 3960 odserv - ok
17:39:15.0502 3960 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
17:39:15.0527 3960 ohci1394 - ok
17:39:15.0569 3960 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:39:15.0583 3960 ose - ok
17:39:15.0626 3960 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:39:15.0645 3960 p2pimsvc - ok
17:39:15.0690 3960 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:39:15.0708 3960 p2psvc - ok
17:39:15.0735 3960 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:39:15.0755 3960 Parport - ok
17:39:15.0789 3960 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:39:15.0792 3960 partmgr - ok
17:39:15.0810 3960 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:39:15.0823 3960 Parvdm - ok
17:39:15.0836 3960 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:39:15.0854 3960 PcaSvc - ok
17:39:15.0895 3960 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\DRIVERS\pci.sys
17:39:15.0901 3960 pci - ok
17:39:15.0909 3960 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
17:39:15.0912 3960 pciide - ok
17:39:15.0928 3960 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:39:15.0964 3960 pcmcia - ok
17:39:15.0979 3960 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:39:15.0982 3960 pcw - ok
17:39:16.0022 3960 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:39:16.0053 3960 PEAUTH - ok
17:39:16.0136 3960 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
17:39:16.0183 3960 PeerDistSvc - ok
17:39:16.0296 3960 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:39:16.0331 3960 pla - ok
17:39:16.0362 3960 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:39:16.0373 3960 PlugPlay - ok
17:39:16.0402 3960 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:39:16.0406 3960 PNRPAutoReg - ok
17:39:16.0435 3960 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:39:16.0439 3960 PNRPsvc - ok
17:39:16.0513 3960 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
17:39:16.0538 3960 Point32 - ok
17:39:16.0562 3960 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:39:16.0573 3960 PolicyAgent - ok
17:39:16.0705 3960 PORTMON - ok
17:39:16.0753 3960 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:39:16.0767 3960 Power - ok
17:39:16.0808 3960 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:39:16.0813 3960 PptpMiniport - ok
17:39:16.0832 3960 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:39:16.0854 3960 Processor - ok
17:39:16.0876 3960 PROCEXP150 - ok
17:39:16.0890 3960 PROCEXP151 - ok
17:39:16.0940 3960 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
17:39:16.0954 3960 ProfSvc - ok
17:39:16.0989 3960 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:39:16.0991 3960 ProtectedStorage - ok
17:39:17.0022 3960 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:39:17.0029 3960 Psched - ok
17:39:17.0071 3960 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\Windows\system32\DRIVERS\psi_mf.sys
17:39:17.0075 3960 PSI - ok
17:39:17.0149 3960 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:39:17.0250 3960 ql2300 - ok
17:39:17.0380 3960 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:39:17.0468 3960 ql40xx - ok
17:39:17.0523 3960 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:39:17.0584 3960 QWAVE - ok
17:39:17.0607 3960 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:39:17.0611 3960 QWAVEdrv - ok
17:39:17.0623 3960 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:39:17.0626 3960 RasAcd - ok
17:39:17.0670 3960 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:39:17.0675 3960 RasAgileVpn - ok
17:39:17.0703 3960 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:39:17.0718 3960 RasAuto - ok
17:39:17.0738 3960 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:39:17.0743 3960 Rasl2tp - ok
17:39:17.0801 3960 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:39:17.0837 3960 RasMan - ok
17:39:17.0875 3960 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:39:17.0878 3960 RasPppoe - ok
17:39:17.0894 3960 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:39:17.0897 3960 RasSstp - ok
17:39:17.0939 3960 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:39:17.0952 3960 rdbss - ok
17:39:17.0968 3960 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:39:17.0984 3960 rdpbus - ok
17:39:18.0008 3960 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:39:18.0010 3960 RDPCDD - ok
17:39:18.0037 3960 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
17:39:18.0051 3960 RDPDR - ok
17:39:18.0078 3960 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:39:18.0082 3960 RDPENCDD - ok
17:39:18.0112 3960 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:39:18.0115 3960 RDPREFMP - ok
17:39:18.0157 3960 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
17:39:18.0159 3960 RdpVideoMiniport - ok
17:39:18.0190 3960 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
17:39:18.0248 3960 RDPWD - ok
17:39:18.0292 3960 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:39:18.0305 3960 rdyboost - ok
17:39:18.0337 3960 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:39:18.0345 3960 RemoteAccess - ok
17:39:18.0381 3960 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:39:18.0395 3960 RemoteRegistry - ok
17:39:18.0446 3960 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
17:39:18.0501 3960 RFCOMM - ok
17:39:18.0597 3960 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
17:39:18.0611 3960 rpcapd - ok
17:39:18.0643 3960 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:39:18.0650 3960 RpcEptMapper - ok
17:39:18.0678 3960 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:39:18.0684 3960 RpcLocator - ok
17:39:18.0724 3960 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:39:18.0733 3960 RpcSs - ok
17:39:18.0774 3960 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:39:18.0778 3960 rspndr - ok
17:39:18.0821 3960 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
17:39:18.0836 3960 RTL8167 - ok
17:39:18.0861 3960 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\DRIVERS\vms3cap.sys
17:39:18.0881 3960 s3cap - ok
17:39:18.0912 3960 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:39:18.0914 3960 SamSs - ok
17:39:18.0948 3960 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\DRIVERS\sbp2port.sys
17:39:18.0969 3960 sbp2port - ok
17:39:19.0117 3960 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\SpybotSearch&Destroy\SDWinSec.exe
17:39:19.0129 3960 SBSDWSCService - ok
17:39:19.0162 3960 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:39:19.0177 3960 SCardSvr - ok
17:39:19.0193 3960 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:39:19.0198 3960 scfilter - ok
17:39:19.0252 3960 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:39:19.0273 3960 Schedule - ok
17:39:19.0297 3960 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:39:19.0298 3960 SCPolicySvc - ok
17:39:19.0333 3960 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:39:19.0347 3960 SDRSVC - ok
17:39:19.0390 3960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:39:19.0420 3960 secdrv - ok
17:39:19.0436 3960 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:39:19.0440 3960 seclogon - ok
17:39:19.0457 3960 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
17:39:19.0461 3960 SENS - ok
17:39:19.0496 3960 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:39:19.0504 3960 SensrSvc - ok
17:39:19.0537 3960 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:39:19.0551 3960 Serenum - ok
17:39:19.0570 3960 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:39:19.0591 3960 Serial - ok
17:39:19.0609 3960 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:39:19.0623 3960 sermouse - ok
17:39:19.0662 3960 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:39:19.0668 3960 SessionEnv - ok
17:39:19.0686 3960 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
17:39:19.0699 3960 sffdisk - ok
17:39:19.0703 3960 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:39:19.0717 3960 sffp_mmc - ok
17:39:19.0749 3960 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:39:19.0766 3960 sffp_sd - ok
17:39:19.0789 3960 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:39:19.0808 3960 sfloppy - ok
17:39:19.0844 3960 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:39:19.0857 3960 SharedAccess - ok
17:39:19.0890 3960 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:39:19.0928 3960 ShellHWDetection - ok
17:39:19.0954 3960 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
17:39:19.0973 3960 sisagp - ok
17:39:20.0032 3960 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:39:20.0055 3960 SiSRaid2 - ok
17:39:20.0074 3960 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:39:20.0101 3960 SiSRaid4 - ok
17:39:20.0133 3960 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:39:20.0136 3960 Smb - ok
17:39:20.0192 3960 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:39:20.0196 3960 SNMPTRAP - ok
17:39:20.0261 3960 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\Windows\system32\DRIVERS\Soluto.sys
17:39:20.0264 3960 Soluto - ok
17:39:20.0355 3960 SolutoService (ed8397986be35c11bfb321636d6991ee) C:\Program Files\Soluto\SolutoService.exe
17:39:20.0375 3960 SolutoService - ok
17:39:20.0408 3960 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:39:20.0411 3960 spldr - ok
17:39:20.0446 3960 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:39:20.0451 3960 Spooler - ok
17:39:20.0577 3960 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:39:20.0656 3960 sppsvc - ok
17:39:20.0733 3960 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:39:20.0738 3960 sppuinotify - ok
17:39:20.0802 3960 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:39:20.0813 3960 srv - ok
17:39:20.0862 3960 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:39:20.0879 3960 srv2 - ok
17:39:20.0901 3960 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:39:20.0907 3960 srvnet - ok
17:39:20.0955 3960 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:39:20.0968 3960 SSDPSRV - ok
17:39:20.0986 3960 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:39:21.0001 3960 SstpSvc - ok
17:39:21.0120 3960 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:39:21.0126 3960 Stereo Service - ok
17:39:21.0161 3960 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:39:21.0183 3960 stexstor - ok
17:39:21.0222 3960 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
17:39:21.0234 3960 StillCam - ok
17:39:21.0283 3960 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:39:21.0301 3960 StiSvc - ok
17:39:21.0331 3960 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\DRIVERS\vmstorfl.sys
17:39:21.0334 3960 storflt - ok
17:39:21.0352 3960 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\DRIVERS\storvsc.sys
17:39:21.0375 3960 storvsc - ok
17:39:21.0394 3960 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
17:39:21.0407 3960 swenum - ok
17:39:21.0444 3960 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:39:21.0463 3960 swprv - ok
17:39:21.0482 3960 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
17:39:21.0502 3960 Synth3dVsc - ok
17:39:21.0557 3960 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:39:21.0591 3960 SysMain - ok
17:39:21.0620 3960 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:39:21.0625 3960 TabletInputService - ok
17:39:21.0647 3960 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:39:21.0660 3960 TapiSrv - ok
17:39:21.0678 3960 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:39:21.0683 3960 TBS - ok
17:39:21.0796 3960 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
17:39:21.0829 3960 Tcpip - ok
17:39:21.0849 3960 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
17:39:21.0860 3960 TCPIP6 - ok
17:39:21.0890 3960 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:39:21.0893 3960 tcpipreg - ok
17:39:21.0911 3960 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:39:21.0914 3960 TDPIPE - ok
17:39:21.0941 3960 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:39:21.0944 3960 TDTCP - ok
17:39:21.0959 3960 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:39:21.0962 3960 tdx - ok
17:39:21.0978 3960 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
17:39:21.0997 3960 TermDD - ok
17:39:22.0017 3960 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\DRIVERS\terminpt.sys
17:39:22.0031 3960 terminpt - ok
17:39:22.0076 3960 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:39:22.0094 3960 TermService - ok
17:39:22.0125 3960 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:39:22.0129 3960 Themes - ok
17:39:22.0168 3960 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:39:22.0171 3960 THREADORDER - ok
17:39:22.0201 3960 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:39:22.0205 3960 TrkWks - ok
17:39:22.0262 3960 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:39:22.0276 3960 TrustedInstaller - ok
17:39:22.0298 3960 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:39:22.0303 3960 tssecsrv - ok
17:39:22.0318 3960 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:39:22.0342 3960 TsUsbFlt - ok
17:39:22.0358 3960 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\DRIVERS\TsUsbGD.sys
17:39:22.0383 3960 TsUsbGD - ok
17:39:22.0403 3960 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
17:39:22.0410 3960 tsusbhub - ok
17:39:22.0448 3960 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:39:22.0456 3960 tunnel - ok
17:39:22.0514 3960 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:39:22.0532 3960 uagp35 - ok
17:39:22.0676 3960 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:39:22.0687 3960 udfs - ok
17:39:22.0724 3960 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:39:22.0734 3960 UI0Detect - ok
17:39:22.0758 3960 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:39:22.0772 3960 uliagpkx - ok
17:39:22.0832 3960 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
17:39:22.0849 3960 umbus - ok
17:39:22.0876 3960 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:39:22.0895 3960 UmPass - ok
17:39:22.0925 3960 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
17:39:22.0939 3960 UmRdpService - ok
17:39:23.0032 3960 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
17:39:23.0035 3960 UnlockerDriver5 - ok
17:39:23.0100 3960 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:39:23.0127 3960 upnphost - ok
17:39:23.0158 3960 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:39:23.0190 3960 usbccgp - ok
17:39:23.0235 3960 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
17:39:23.0255 3960 usbcir - ok
17:39:23.0317 3960 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
17:39:23.0333 3960 usbehci - ok
17:39:23.0390 3960 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:39:23.0417 3960 usbhub - ok
17:39:23.0432 3960 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
17:39:23.0445 3960 usbohci - ok
17:39:23.0462 3960 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:39:23.0475 3960 usbprint - ok
17:39:23.0497 3960 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:39:23.0515 3960 USBSTOR - ok
17:39:23.0535 3960 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
17:39:23.0548 3960 usbuhci - ok
17:39:23.0582 3960 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:39:23.0586 3960 UxSms - ok
17:39:23.0678 3960 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:39:23.0680 3960 VaultSvc - ok
17:39:23.0698 3960 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:39:23.0701 3960 vdrvroot - ok
17:39:23.0750 3960 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:39:23.0807 3960 vds - ok
17:39:23.0840 3960 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:39:23.0857 3960 vga - ok
17:39:23.0875 3960 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:39:23.0879 3960 VgaSave - ok
17:39:23.0918 3960 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\DRIVERS\vhdmp.sys
17:39:23.0948 3960 vhdmp - ok
17:39:23.0983 3960 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
17:39:24.0017 3960 viaagp - ok
17:39:24.0051 3960 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:39:24.0064 3960 ViaC7 - ok
17:39:24.0075 3960 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
17:39:24.0087 3960 viaide - ok
17:39:24.0113 3960 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\DRIVERS\vmbus.sys
17:39:24.0143 3960 vmbus - ok
17:39:24.0169 3960 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\DRIVERS\VMBusHID.sys
17:39:24.0212 3960 VMBusHID - ok
17:39:24.0348 3960 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\DRIVERS\volmgr.sys
17:39:24.0352 3960 volmgr - ok
17:39:24.0409 3960 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:39:24.0428 3960 volmgrx - ok
17:39:24.0480 3960 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\DRIVERS\volsnap.sys
17:39:24.0493 3960 volsnap - ok
17:39:24.0519 3960 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:39:24.0541 3960 vsmraid - ok
17:39:24.0597 3960 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:39:24.0638 3960 VSS - ok
17:39:24.0664 3960 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:39:24.0666 3960 vwifibus - ok
17:39:24.0705 3960 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:39:24.0757 3960 W32Time - ok
17:39:24.0812 3960 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:39:24.0843 3960 WacomPen - ok
17:39:24.0875 3960 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:39:24.0878 3960 WANARP - ok
17:39:24.0882 3960 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:39:24.0884 3960 Wanarpv6 - ok
17:39:24.0955 3960 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:39:25.0025 3960 wbengine - ok
17:39:25.0047 3960 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:39:25.0062 3960 WbioSrvc - ok
17:39:25.0085 3960 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:39:25.0097 3960 wcncsvc - ok
17:39:25.0115 3960 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:39:25.0120 3960 WcsPlugInService - ok
17:39:25.0158 3960 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:39:25.0177 3960 Wd - ok
17:39:25.0213 3960 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:39:25.0230 3960 Wdf01000 - ok
17:39:25.0261 3960 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:39:25.0266 3960 WdiServiceHost - ok
17:39:25.0269 3960 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:39:25.0273 3960 WdiSystemHost - ok
17:39:25.0302 3960 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:39:25.0316 3960 WebClient - ok
17:39:25.0335 3960 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:39:25.0349 3960 Wecsvc - ok
17:39:25.0398 3960 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:39:25.0420 3960 wercplsupport - ok
17:39:25.0457 3960 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:39:25.0462 3960 WerSvc - ok
17:39:25.0492 3960 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:39:25.0495 3960 WfpLwf - ok
17:39:25.0529 3960 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:39:25.0532 3960 WIMMount - ok
17:39:25.0643 3960 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:39:25.0693 3960 WinDefend - ok
17:39:25.0701 3960 WinHttpAutoProxySvc - ok
17:39:25.0781 3960 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:39:25.0794 3960 Winmgmt - ok
17:39:25.0884 3960 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:39:25.0935 3960 WinRM - ok
17:39:26.0042 3960 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:39:26.0070 3960 WinUsb - ok
17:39:26.0139 3960 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:39:26.0174 3960 Wlansvc - ok
17:39:26.0210 3960 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:39:26.0233 3960 WmiAcpi - ok
17:39:26.0317 3960 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:39:26.0323 3960 wmiApSrv - ok
17:39:26.0337 3960 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:39:26.0341 3960 WPCSvc - ok
17:39:26.0378 3960 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:39:26.0393 3960 WPDBusEnum - ok
17:39:26.0411 3960 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:39:26.0414 3960 ws2ifsl - ok
17:39:26.0436 3960 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
17:39:26.0440 3960 wscsvc - ok
17:39:26.0445 3960 WSearch - ok
17:39:26.0563 3960 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:39:26.0623 3960 wuauserv - ok
17:39:26.0737 3960 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:39:26.0752 3960 WudfPf - ok
17:39:26.0791 3960 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:39:26.0805 3960 WUDFRd - ok
17:39:26.0850 3960 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:39:26.0859 3960 wudfsvc - ok
17:39:26.0902 3960 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:39:26.0915 3960 WwanSvc - ok
17:39:26.0958 3960 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk1\DR1
17:39:26.0975 3960 \Device\Harddisk1\DR1 - ok
17:39:26.0993 3960 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:39:27.0397 3960 \Device\Harddisk0\DR0 - ok
17:39:27.0419 3960 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk2\DR4
17:39:27.0424 3960 \Device\Harddisk2\DR4 - ok
17:39:27.0432 3960 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
17:39:30.0634 3960 \Device\Harddisk3\DR3 - ok
17:39:30.0660 3960 Boot (0x1200) (c60d65528c7dd9ca05fa968a9ea56e26) \Device\Harddisk1\DR1\Partition0
17:39:30.0662 3960 \Device\Harddisk1\DR1\Partition0 - ok
17:39:30.0683 3960 Boot (0x1200) (0894370a102b0ac99950c3d7c96de650) \Device\Harddisk0\DR0\Partition0
17:39:30.0684 3960 \Device\Harddisk0\DR0\Partition0 - ok
17:39:30.0690 3960 Boot (0x1200) (f14f09237f66c96c77013162152ca211) \Device\Harddisk2\DR4\Partition0
17:39:30.0715 3960 \Device\Harddisk2\DR4\Partition0 - ok
17:39:30.0721 3960 Boot (0x1200) (92eb1d59105b73a317039a096861ecff) \Device\Harddisk3\DR3\Partition0
17:39:30.0722 3960 \Device\Harddisk3\DR3\Partition0 - ok
17:39:30.0723 3960 ============================================================
17:39:30.0723 3960 Scan finished
17:39:30.0723 3960 ============================================================
17:39:30.0742 5204 Detected object count: 0
17:39:30.0742 5204 Actual detected object count: 0
17:40:10.0043 4764 Deinitialize success

aswMBR log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 17:43:19
-----------------------------
17:43:19.427 OS Version: Windows 6.1.7601 Service Pack 1
17:43:19.427 Number of processors: 3 586 0x203
17:43:19.431 ComputerName: REDONEDESK UserName: RedOne
17:43:31.331 Initialize success
17:44:04.539 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:44:04.557 Disk 0 Vendor: ST3320620A 3.AAE Size: 305245MB BusType: 3
17:44:04.564 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
17:44:04.573 Disk 1 Vendor: ST3160815AS 3.CHF Size: 152627MB BusType: 11
17:44:04.614 Disk 0 MBR read successfully
17:44:04.626 Disk 0 MBR scan
17:44:04.636 Disk 0 Windows 7 default MBR code
17:44:04.647 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228934 MB offset 63
17:44:04.681 Disk 0 Partition 2 00 83 Linux 75286 MB offset 468858880
17:44:04.724 Disk 0 Partition 3 00 82 Linux swap 1024 MB offset 623044608
17:44:04.756 Disk 0 scanning sectors +625141760
17:44:04.876 Disk 0 scanning C:\Windows\system32\drivers
17:44:19.496 Service scanning
17:44:26.516 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
17:44:26.603 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
17:44:26.959 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
17:44:27.077 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
17:44:38.315 Modules scanning
17:45:01.233 Disk 0 trace - called modules:
17:45:01.274 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:45:01.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bba030]
17:45:01.298 3 CLASSPNP.SYS[8be1b59e] -> nt!IofCallDriver -> [0x84d868a8]
17:45:01.310 5 ACPI.sys[823a63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8568e610]
17:45:01.326 Scan finished successfully
17:48:37.588 Disk 0 MBR has been saved successfully to "C:\Users\RedTwo\Documents\BleepingComputer\Avast.Logs\MBR.dat"
17:48:37.597 The log file has been saved successfully to "C:\Users\RedTwo\Documents\BleepingComputer\Avast.Logs\aswMBR.txt"

Attached File  MBR.zip   608bytes   0 downloads

ps: As long as waiting for help i did something by myself can I attach the log file now? It's from malwarebytes' anti-malware.

#8 nasdaq

nasdaq

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 10,816 posts
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 23 June 2012 - 10:39 AM

If you have cleaned all the Malwarebytes has found, no need to see the log.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

#9 JackieBrown

JackieBrown

    Member

  • Members
  • PipPip
  • 35 posts
  • Gender:Male
  • Location:Earth

Posted 23 June 2012 - 10:56 AM

No i haven't cleaned but i have put it in quarantine..it's a backdoor.bot

Edited by JackieBrown, 23 June 2012 - 11:00 AM.

#10 nasdaq

nasdaq

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 10,816 posts
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 23 June 2012 - 12:31 PM

Good. Run ComboFix and post the log.

#11 JackieBrown

JackieBrown

    Member

  • Members
  • PipPip
  • 35 posts
  • Gender:Male
  • Location:Earth

Posted 23 June 2012 - 01:42 PM

I deleted the bot from the malwarebytes before run combo...

My combo log:
ComboFix 12-06-23.05 - RedOne 23/06/2012 20:35:29.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1253.30.1032.18.3327.2351 [GMT 3:00]
Running from: c:\users\RedTwo\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\RedTwo\KBDUZB.DLL
H:\autorun.inf
H:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 17:43 . 2012-06-23 18:28 -------- d-----w- c:\users\RedOne\AppData\Local\temp
2012-06-23 17:43 . 2012-06-23 17:56 -------- d-----w- c:\users\RedTwo\AppData\Local\temp
2012-06-22 21:43 . 2012-06-22 21:43 -------- d-----w- c:\program files\VirusTotalUploader2
2012-06-22 06:42 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 06:42 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 06:42 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 06:42 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 06:42 . 2012-06-02 12:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 06:42 . 2012-06-02 12:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 19:14 . 2012-06-20 19:14 -------- d---a-w- c:\windows\VDLL.DLL
2012-06-20 19:14 . 2012-06-20 19:14 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-06-20 19:14 . 2012-06-20 19:14 -------- d---a-w- c:\windows\system32\runouce.exe
2012-06-20 19:14 . 2012-06-20 19:14 -------- d---a-w- c:\windows\rundll16.exe
2012-06-20 19:14 . 2012-06-20 19:14 -------- d---a-w- c:\windows\logo1_.exe
2012-06-20 19:14 . 2012-06-20 19:14 -------- d---a-w- c:\windows\logo_1.exe
2012-06-20 19:08 . 2012-06-20 19:08 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-06-20 19:08 . 2012-06-20 19:08 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-06-20 19:08 . 2012-06-20 19:08 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-06-20 19:08 . 2012-06-20 19:08 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-06-20 19:08 . 2012-06-20 19:08 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-06-20 19:08 . 2012-06-20 19:08 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-06-20 19:07 . 2012-06-20 19:08 -------- d-----w- c:\programdata\MicroWorld
2012-06-19 14:27 . 2012-06-19 14:27 -------- d-----w- c:\users\RedOne\AppData\Roaming\f-secure
2012-06-19 14:26 . 2012-06-19 14:26 -------- d-----w- c:\programdata\F-Secure
2012-06-19 14:13 . 2012-06-19 14:13 -------- d-----w- c:\program files\Common Files\Java
2012-06-19 14:11 . 2012-06-19 14:11 -------- d-----w- c:\program files\Oracle
2012-06-19 14:10 . 2012-05-04 16:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-19 14:10 . 2012-05-04 16:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-19 14:10 . 2012-06-19 14:10 -------- d-----w- c:\program files\Java
2012-06-14 15:57 . 2012-06-14 15:57 -------- d-----w- c:\programdata\Sophos
2012-06-13 17:03 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 17:01 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 17:01 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 17:01 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 16:57 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 16:57 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 16:25 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 16:25 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 16:25 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 16:25 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 16:25 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-12 22:43 . 2012-06-12 22:43 -------- d-----w- c:\users\RedOne\Pavark
2012-06-12 22:34 . 2012-06-12 23:06 131344 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-06-12 22:34 . 2012-06-14 16:40 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-06-10 14:36 . 2012-06-10 14:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-10 14:35 . 2012-04-04 12:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-10 14:35 . 2012-06-10 14:35 -------- d-----w- c:\programdata\Malwarebytes
2012-06-10 13:36 . 2012-06-10 13:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-10 13:36 . 2012-06-10 14:31 -------- d-----w- c:\users\RedOne\AppData\Roaming\SUPERAntiSpyware.com
2012-06-10 13:32 . 2009-07-14 01:14 1397248 ----a-w- c:\windows\system32\utilman.exe.bak
2012-06-09 17:36 . 2012-06-09 17:36 -------- d-----w- c:\users\RedTwo\AppData\Local\Macromedia
2012-06-09 15:51 . 2012-06-09 15:52 -------- d-----w- c:\program files\GIMP
2012-05-25 09:42 . 2012-05-15 10:26 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-25 09:42 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-25 09:42 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-25 09:42 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-25 09:42 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-25 09:42 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-25 09:42 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 13:32 . 2009-07-14 00:13 669184 ----a-w- c:\windows\system32\Utilman.exe
2012-06-09 15:26 . 2012-04-04 20:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 15:26 . 2011-09-29 21:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 15:54 . 2011-12-21 16:56 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2012-05-15 10:26 . 2012-04-09 14:30 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2012-02-29 15:12 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-02-29 15:12 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26 . 2012-02-29 15:12 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2010-07-10 02:37 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 09:28 . 2011-06-30 16:02 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:28 . 2011-02-22 22:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2011-02-22 22:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2010-07-09 13:37 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2011-02-22 22:40 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2011-02-22 22:39 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-14 23:21 . 2012-05-14 23:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-04-24 14:13 . 2012-05-08 03:11 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-24 10:02 . 2012-04-08 09:53 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2012-04-13 07:36 . 2012-05-11 15:28 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19039170-FE43-47DF-97C8-AB418F03822B}\mpengine.dll
2012-03-31 04:39 . 2012-05-11 16:47 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 16:47 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 16:50 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2007-11-06 23:19 . 2011-11-25 00:56 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-06 23:19 . 2011-11-25 00:56 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\SpybotSearch&Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\RedOne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
KasperskyVirusRemovalTool_9.0.0.722_03.10.2011_04-41.lnk - m:\portableapps\KasperskyVirusRemovalTool\KasperskyVirusRemovalTool_9.0.0.722_03.10.2011_04-41\startup.exe [N/A]
.
c:\users\RedTwo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\RedOne\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
Dropbox.lnk.disabled [2012-3-15 1014]
.
c:\users\RedTwo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Dropbox.lnk - c:\users\RedOne\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe\0pgdfgsvc C 1
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autopoll]
2008-07-16 17:09 237568 ----a-w- c:\program files\AUTOPO~1\autopoll.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C3E8CE5E03567CE21CBE7E2EA3C75C3E30FF4D._service_run]
2012-05-23 01:56 1240088 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\MicrosoftOffice\Office12\GrooveMonitor.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" /MINIMIZED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DVAPTray"=c:\windows\System32\DVAPTray.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-01-24 62464]
R3 PORTMON;PORTMON;c:\program files\PortApps\PortableApps\WSCCPortable\SysInternals\PORTMSYS.SYS [x]
R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-07-07 14904]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-01-24 15872]
R3 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-01-24 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-01-24 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-01-24 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-01-24 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-01-24 112640]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 gupdate;Υπηρεσία Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 136176]
R4 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 136176]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-24 51144]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\SpybotSearch&Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 22:17]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ξαγωγή στο Microsoft Excel - c:\program files\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{5C5160B5-5CF5-4164-96E7-FB49A818AF7B}: NameServer = 62.169.194.47,62.169.194.48
FF - ProfilePath - c:\users\RedOne\AppData\Roaming\Mozilla\Firefox\Profiles\jfnsjmp5.default\
FF - prefs.js: browser.search.selectedEngine - AppBrain.com
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
MSConfigStartUp-IntelliPoint - c:\program files\Microsoft IntelliPoint\ipoint.exe
AddRemove-HijackThis - m:\documents\DownJohns\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-19565554-1200009186-679263753-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StuckRects2]
@Denied: (A B 1 4 5) (Everyone)
"Settings"=hex:28,00,00,00,ff,ff,ff,ff,02,00,00,00,01,00,00,00,59,00,00,00,22,
00,00,00,fe,ff,ff,ff,fe,ff,ff,ff,82,07,00,00,20,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\users\RedTwo\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Secunia\psi.exe
.
**************************************************************************
.
Completion time: 2012-06-23 21:30:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 18:30
.
Pre-Run: 7 Κατάλογοι 161.924.284.416 διαθέσιμα byte
Post-Run: 13 Κατάλογοι 161.722.515.456 διαθέσιμα byte
.
- - End Of File - - 601A0B61BDEFE2943079193D826BE94C



Plus some extra notes - personal thoughts:
I check router after all and still have all these strange traffic
and one more is that i have iexplore.exe at this location
C:\iexplore.exe
i've uploaded to virus total and finds clean, but it is in the right location???!!!???
I ask because malwarebytes had found this Backdoor.Bot at
C:\Windows\System32\iexplore.exe and in registry
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEXPLORE.EXE

Edited by JackieBrown, 23 June 2012 - 02:05 PM.

#12 nasdaq

nasdaq

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 10,816 posts
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 24 June 2012 - 07:42 AM

Nothing suspicious on your ComboFix log.

I check router after all and still have all these strange traffic
and one more is that i have iexplore.exe at this location
C:\iexplore.exe
i've uploaded to virus total and finds clean, but it is in the right location???!!!???
I ask because malwarebytes had found this Backdoor.Bot at
C:\Windows\System32\iexplore.exe and in registry
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEXPLORE.EXE


Good catch.

Lets find out about these iexplore.exe files.
I will also check on this file that was removed KBDUZB.DLL

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    iexplore.exe
    KBDUZB.DLL

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#13 JackieBrown

JackieBrown

    Member

  • Members
  • PipPip
  • 35 posts
  • Gender:Male
  • Location:Earth

Posted 24 June 2012 - 09:26 AM

The log file is ready:
SystemLook 30.07.11 by jpshortstuff
Log created at 17:04 on 24/06/2012 by RedOne
Administrator - Elevation successful

========== filefind ==========

Searching for "iexplore.exe"
C:\iexplore.exe --a---- 0 bytes [23:26 15/02/2012] [23:26 15/02/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Program Files\Internet Explorer\iexplore.exe --a---- 748664 bytes [16:59 13/06/2012] [23:21 17/05/2012] 0129BB16161C2FD9A6B19111AB047198
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe --a---- 199240 bytes [14:36 10/06/2012] [12:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D
C:\Windows\erdnt\cache\iexplore.exe --a---- 748664 bytes [18:29 23/06/2012] [23:21 17/05/2012] 0129BB16161C2FD9A6B19111AB047198
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe --a---- 673048 bytes [23:43 13/07/2009] [01:17 14/07/2009] 2C32E3E596CFE660353753EABEFB0540
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_b384dff685ed56b3\iexplore.exe --a---- 673040 bytes [16:49 28/05/2011] [05:33 18/12/2010] AA08B68EF4E35EFA170CF85A44B23B70
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_b3e23cc79f2c4cea\iexplore.exe --a---- 673040 bytes [16:49 28/05/2011] [05:32 18/12/2010] 9321CF0D023528C71E3645F8433C86C8
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe --a---- 673040 bytes [15:05 24/01/2011] [15:05 24/01/2011] C613E69C3B191BB02C7A191741A1D024
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe --a---- 748336 bytes [18:22 29/05/2011] [18:22 29/05/2011] 904E13BA41AF2E353A32CF351CA53639
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_b12560b1c817cfde\iexplore.exe --a---- 748664 bytes [16:59 13/06/2012] [23:21 17/05/2012] 0129BB16161C2FD9A6B19111AB047198
C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_b19f2c1ee1420ce6\iexplore.exe --a---- 748664 bytes [16:59 13/06/2012] [22:59 17/05/2012] 268982F1FD671A077C6A2AF41E351436

Searching for "KBDUZB.DLL"
C:\Windows\System32\KBDUZB.DLL --a---- 6144 bytes [23:25 13/07/2009] [01:06 14/07/2009] 066765AC6BD4A684215AB80304D88B4C
C:\Windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000843_31bf3856ad364e35_6.1.7600.16385_none_e7ff2ed2c4f623e9\KBDUZB.DLL --a---- 6144 bytes [23:25 13/07/2009] [01:06 14/07/2009] 066765AC6BD4A684215AB80304D88B4C

-= EOF =-


Plus some extra action that i did is to checked services and turned off all those who have relation to remote access
then i checked again my router and still has this unusual traffic unfortunately :(

#14 nasdaq

nasdaq

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 10,816 posts
  • Gender:Male
  • Location:Montreal, QC. Canada

Posted 24 June 2012 - 09:52 AM

This is the good location and file.
C:\Program Files\Internet Explorer\iexplore.exe --a---- 748664 bytes [16:59 13/06/2012] [23:21 17/05/2012] 0129BB16161C2FD9A6B19111AB047198

Delete this one.
C:\iexplore.exe
It has Zero byte so do not think it's causing any problem.

===

Lets see what I can find in this log.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#15 JackieBrown

JackieBrown

    Member

  • Members
  • PipPip
  • 35 posts
  • Gender:Male
  • Location:Earth

Posted 24 June 2012 - 02:08 PM

C:\iexplore.exe deleted ok...

No Extras.txt opened, did i did something wrong?

Here is otl.txt log:
OTL logfile created on: 24/6/2012 8:44:32 μμ - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\RedTwo\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000408 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

3,25 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 62,94% Memory free
6,50 Gb Paging File | 5,17 Gb Available in Paging File | 79,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,57 Gb Total Space | 150,17 Gb Free Space | 67,17% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 148,96 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 9,93 Gb Free Space | 1,07% Space Free | Partition Type: FAT32

Computer Name: REDONEDESK | User Name: RedOne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\RedTwo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\SpybotSearch&Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\SpybotSearch&Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\TeraCopy\TeraCopyExt.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\MicrosoftOffice\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\SpybotSearch&Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (PROCEXP151) -- C:\Windows\system32\Drivers\PROCEXP151.SYS File not found
DRV - (PROCEXP150) -- C:\Windows\system32\Drivers\PROCEXP150.SYS File not found
DRV - (PORTMON) -- C:\Program Files\PortApps\PortableApps\WSCCPortable\SysInternals\PORTMSYS.SYS File not found
DRV - (cpuz135) -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (catchme) -- C:\Users\RedOne\AppData\Local\Temp\catchme.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Soluto) -- C:\Windows\System32\drivers\Soluto.sys (Soluto LTD.)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\Windows\System32\drivers\es1371mp.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AppBrain.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/05/07 14:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/05/07 14:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/05/07 14:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Firefox\components [2012/06/18 02:13:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins

[2011/05/28 20:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedOne\AppData\Roaming\mozilla\Extensions
[2012/06/09 16:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RedOne\AppData\Roaming\mozilla\Firefox\Profiles\jfnsjmp5.default\extensions
[2012/01/18 21:02:46 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\RedOne\AppData\Roaming\mozilla\Firefox\Profiles\jfnsjmp5.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/06/09 16:59:25 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\RedOne\AppData\Roaming\mozilla\Firefox\Profiles\jfnsjmp5.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2012/05/20 13:26:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\RedOne\AppData\Roaming\mozilla\Firefox\Profiles\jfnsjmp5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/13 04:47:35 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\RedOne\AppData\Roaming\mozilla\Firefox\Profiles\jfnsjmp5.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2011/08/13 04:47:35 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\RedOne\AppData\Roaming\mozilla\Firefox\Profiles\jfnsjmp5.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012/03/29 12:49:22 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\RedOne\AppData\Roaming\mozilla\Firefox\Profiles\jfnsjmp5.default\extensions\firefox@ghostery.com
[2012/03/29 12:49:50 | 000,000,000 | ---D | M] (Wappalyzer) -- C:\Users\RedOne\AppData\Roaming\mozilla\Firefox\Profiles\jfnsjmp5.default\extensions\wappalyzer@crunchlabz.com
[2011/06/26 20:37:10 | 000,001,642 | ---- | M] () -- C:\Users\RedOne\AppData\Roaming\Mozilla\Firefox\Profiles\jfnsjmp5.default\searchplugins\-firefox-.xml
[2011/10/04 05:02:25 | 000,001,061 | ---- | M] () -- C:\Users\RedOne\AppData\Roaming\Mozilla\Firefox\Profiles\jfnsjmp5.default\searchplugins\100searchengines.xml
[2011/11/01 20:33:27 | 000,001,558 | ---- | M] () -- C:\Users\RedOne\AppData\Roaming\Mozilla\Firefox\Profiles\jfnsjmp5.default\searchplugins\appbraincom.xml
[2011/10/04 03:47:44 | 000,002,254 | ---- | M] () -- C:\Users\RedOne\AppData\Roaming\Mozilla\Firefox\Profiles\jfnsjmp5.default\searchplugins\encryptedgoogle.xml
[2011/10/04 03:16:15 | 000,001,750 | ---- | M] () -- C:\Users\RedOne\AppData\Roaming\Mozilla\Firefox\Profiles\jfnsjmp5.default\searchplugins\firefox.xml
[2011/08/01 20:46:08 | 000,000,888 | ---- | M] () -- C:\Users\RedOne\AppData\Roaming\Mozilla\Firefox\Profiles\jfnsjmp5.default\searchplugins\torrentsto.xml
[2011/06/14 18:05:39 | 000,001,330 | ---- | M] () -- C:\Users\RedOne\AppData\Roaming\Mozilla\Firefox\Profiles\jfnsjmp5.default\searchplugins\wikipedia-en.xml
[2012/05/14 16:52:20 | 000,439,720 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2011/10/04 02:48:44 | 000,020,628 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{0C8FBD76-BDEB-4C52-9B24-D587CE7B9DC3}.XPI
[2011/08/13 16:29:38 | 000,060,609 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{3335F91D-2AEF-4097-B831-C96C60349822}.XPI
[2011/08/13 03:57:10 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/06/09 16:59:20 | 000,049,301 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{3E9BB2A7-62CA-4EFA-A4E6-F6F6168A652D}.XPI
[2011/10/23 23:19:17 | 000,372,140 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
[2012/05/14 16:52:21 | 000,107,232 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{6005D9B1-D115-485A-A92A-3F6453CA3FE2}.XPI
[2012/06/09 16:59:20 | 000,525,079 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/03/29 12:49:51 | 000,277,913 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{8B8A525A-CFCA-44CF-81C3-3969E6CB96E0}.XPI
[2012/05/14 16:52:21 | 000,377,615 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/06/09 16:59:20 | 000,140,898 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{C4D362EC-1CFF-4CA0-9031-99A8FAD7995A}.XPI
[2012/02/05 19:11:43 | 000,061,700 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{CD617375-6743-4EE8-BAC4-FBF10F35729E}.XPI
[2012/01/18 20:58:03 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/20 13:26:30 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2011/08/13 03:57:11 | 000,105,386 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
[2012/01/03 20:54:23 | 000,118,971 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2011/10/04 02:48:44 | 000,025,781 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
[2012/06/09 16:59:20 | 000,138,110 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\BETTERFACEBOOK@MATTKRUSE.COM.XPI
[2011/08/13 03:57:09 | 000,276,952 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\BETTERGMAIL2@GINATRAPANI.ORG.XPI
[2011/09/20 20:00:27 | 000,071,383 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\BETTERGREADER@GINATRAPANI.ORG.XPI
[2011/08/13 03:57:09 | 000,021,992 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\CACHE@STATUS.ORG.XPI
[2012/01/03 20:58:16 | 000,072,719 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\COMPACTMENUCE@MERCI.CHAO.XPI
[2011/11/20 23:17:43 | 000,008,010 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\GOOGLEIMAGEHELP@SHIVAM.ORG.XPI
[2011/10/23 23:19:16 | 000,174,405 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\GUICONFIG@SLOSD.NET.XPI
[2011/11/20 23:17:43 | 000,018,894 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\HISTORYBLOCK@KAIN.XPI
[2012/01/03 20:58:16 | 000,003,323 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\MOVABLEAPPBUTTON@MERCI.CHAO.XPI
[2012/02/16 00:35:00 | 000,113,603 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
[2011/11/20 23:17:43 | 000,236,088 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\OPTIMIZEGOOGLE@OPTIMIZEGOOGLE.COM.XPI
[2011/10/04 05:48:02 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\REDONE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JFNSJMP5.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: NPCIG.dll (Disabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VLC\npvlc.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Disabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: NVIDIA 3D Vision (Disabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Disabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: \u03A3\u03CD\u03BC\u03B2\u03BF\u03C5\u03BB\u03BF\u03C2 URL Kaspersky = C:\Users\RedOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Google Finance = C:\Users\RedOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: \u0395\u03B9\u03BA\u03BF\u03BD\u03B9\u03BA\u03CC \u03C0\u03BB\u03B7\u03BA\u03C4\u03C1\u03BF\u03BB\u03CC\u03B3\u03B9\u03BF = C:\Users\RedOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Shareking Chart = C:\Users\RedOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnngpcpedmpmdkpakplhpdoeapkhmgja\1_0\
CHR - Extension: Picasa = C:\Users\RedOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Wikinvest Portfolio Manager = C:\Users\RedOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbpkgmnajebobcebngnagdabphfmooej\1.0_0\
CHR - Extension: Greyscale = C:\Users\RedOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0_0\
CHR - Extension: \uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD Anti-Banner = C:\Users\RedOne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/06/24 01:51:08 | 000,442,125 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 -h-n7y15mc.firoli-sys.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 15215 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\SpybotSearch&Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\Program Files\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Εικονικό πληκτρολόγιο - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Έλεγ&χος URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C5160B5-5CF5-4164-96E7-FB49A818AF7B}: NameServer = 62.169.194.47,62.169.194.48
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\MicrosoftOffice\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011/09/22 13:59:34 | 000,000,128 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/20 14:23:36 | 000,000,000 | ---D | M] - H:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O34 - HKLM BootExecute: (pgdfgsvc C 1)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 21:30:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/23 21:29:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/23 20:43:32 | 000,000,000 | ---D | C] -- C:\Users\RedOne\AppData\Local\temp
[2012/06/23 20:33:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/23 20:33:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/23 20:33:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/23 20:32:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/23 20:32:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/23 20:32:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/23 00:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2012/06/23 00:43:26 | 000,000,000 | ---D | C] -- C:\Users\RedOne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2012/06/22 09:42:36 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 09:42:36 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 09:42:13 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 09:42:13 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/20 22:14:41 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2012/06/20 22:14:41 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2012/06/20 22:14:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\runouce.exe
[2012/06/20 22:14:40 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012/06/20 22:14:40 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012/06/20 22:14:40 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2012/06/20 22:08:26 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2012/06/20 22:08:25 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2012/06/20 22:08:24 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp90.dll
[2012/06/20 22:08:23 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr90.dll
[2012/06/20 22:08:22 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2012/06/20 22:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2012/06/20 22:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2012/06/19 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\RedOne\AppData\Roaming\f-secure
[2012/06/19 17:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/06/19 17:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/19 17:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/19 17:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/19 17:10:54 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/19 17:10:54 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/06/19 17:10:54 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/19 17:10:19 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/19 17:10:19 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/19 17:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/14 18:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/06/13 20:03:49 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 20:01:25 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/13 20:01:25 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/13 20:01:25 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/13 19:59:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 19:59:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 19:59:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/13 19:59:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 19:59:10 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/13 19:59:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 19:59:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 19:57:11 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/06/13 01:43:27 | 000,000,000 | ---D | C] -- C:\Users\RedOne\Pavark
[2012/06/13 01:34:30 | 000,131,344 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2012/06/13 01:34:24 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/06/10 17:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/10 17:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/10 17:35:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/10 17:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/10 16:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/10 16:36:51 | 000,000,000 | ---D | C] -- C:\Users\RedOne\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/10 16:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/10 16:32:36 | 001,397,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utilman.exe.bak
[2012/06/09 18:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP

========== Files - Modified Within 30 Days ==========

[2012/06/24 21:11:23 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/24 21:11:23 | 000,559,722 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2012/06/24 21:11:23 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/24 21:11:23 | 000,089,380 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2012/06/24 13:27:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/24 13:27:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/24 12:11:39 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 12:11:39 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 12:04:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/24 12:04:12 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/24 02:25:15 | 000,404,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/24 02:22:41 | 000,007,619 | ---- | M] () -- C:\Users\RedOne\AppData\Local\Resmon.ResmonCfg
[2012/06/24 01:51:08 | 000,442,125 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/24 01:49:15 | 000,442,125 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120624-015108.backup
[2012/06/23 21:27:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120624-014915.backup
[2012/06/21 14:33:09 | 000,000,736 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120621-173527.backup
[2012/06/20 22:13:48 | 000,000,056 | ---- | M] () -- C:\Windows\Lic.xxx
[2012/06/20 22:08:25 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2012/06/20 22:08:24 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2012/06/20 22:08:23 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp90.dll
[2012/06/20 22:08:22 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr90.dll
[2012/06/20 22:08:21 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\eEmpty.exe
[2012/06/19 17:10:08 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/19 17:10:08 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/19 03:38:35 | 000,443,021 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.74546271
[2012/06/19 03:31:33 | 000,443,021 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120619-033835.backup
[2012/06/14 21:54:38 | 000,443,021 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120619-033133.backup
[2012/06/14 19:40:53 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/06/13 02:06:50 | 000,131,344 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2012/06/10 21:46:48 | 000,000,000 | ---- | M] () -- C:\Users\RedOne\defogger_reenable
[2012/06/10 16:32:36 | 000,669,184 | ---- | M] () -- C:\Windows\System32\Utilman.exe
[2012/06/09 16:48:07 | 000,000,950 | ---- | M] () -- C:\Users\RedOne\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/03 01:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/03 01:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

========== Files Created - No Company Name ==========

[2012/06/24 02:24:59 | 000,404,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/23 20:33:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/23 20:33:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/23 20:33:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/23 20:33:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/23 20:33:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/20 22:10:37 | 000,000,056 | ---- | C] () -- C:\Windows\Lic.xxx
[2012/06/10 21:46:48 | 000,000,000 | ---- | C] () -- C:\Users\RedOne\defogger_reenable
[2012/06/09 18:52:50 | 000,001,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/08 06:13:49 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/03/29 12:57:05 | 000,000,036 | ---- | C] () -- C:\Users\RedOne\AppData\Local\housecall.guid.cache
[2012/03/01 21:56:07 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/01/12 15:52:16 | 000,000,099 | ---- | C] () -- C:\Windows\Lexicon.ini
[2011/10/15 15:21:16 | 000,000,844 | ---- | C] () -- C:\Users\RedOne\.recently-used.xbel
[2011/10/11 11:47:42 | 000,000,581 | ---- | C] () -- C:\Users\RedOne\AppData\Roaming\Network Monitor II_Settings.ini
[2011/10/10 22:51:40 | 000,001,693 | ---- | C] () -- C:\Users\RedOne\AppData\Roaming\System Monitor II_Settings.ini
[2011/09/22 13:59:34 | 000,000,321 | ---- | C] () -- C:\Windows\SBWIN.INI
[2011/07/18 10:50:58 | 000,001,635 | ---- | C] () -- C:\Windows\System32\AUTPLSET.INI
[2011/06/18 23:35:26 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/06/18 23:35:26 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/05/29 20:40:39 | 000,018,392 | ---- | C] () -- C:\Users\RedOne\AppData\Roaming\UserTile.png
[2011/05/19 22:37:32 | 000,002,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/19 22:08:48 | 000,007,619 | ---- | C] () -- C:\Users\RedOne\AppData\Local\Resmon.ResmonCfg
[2011/05/19 21:01:08 | 003,248,128 | ---- | C] () -- C:\Windows\System32\DVAPfg.exe
[2011/05/19 21:00:58 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/05/19 20:59:42 | 000,000,236 | ---- | C] () -- C:\Windows\BIOLOGIN.EXE
[2011/03/11 13:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011/01/24 18:05:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/01/24 18:05:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2011/05/31 21:29:58 | 000,000,000 | ---D | M] -- C:\Users\RedOne\AppData\Roaming\Canneverbe Limited
[2011/10/01 00:31:04 | 000,000,000 | ---D | M] -- C:\Users\RedOne\AppData\Roaming\Canon
[2012/01/27 10:09:26 | 000,000,000 | ---D | M] -- C:\Users\RedOne\AppData\Roaming\Dropbox
[2012/06/19 17:27:11 | 000,000,000 | ---D | M] -- C:\Users\RedOne\AppData\Roaming\f-secure
[2011/09/13 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\RedOne\AppData\Roaming\gtk-2.0
[2011/10/23 23:10:03 | 000,000,000 | ---D | M] -- C:\Users\RedOne\AppData\Roaming\Opera
[2012/03/29 13:05:54 | 000,000,000 | ---D | M] -- C:\Users\RedOne\AppData\Roaming\QuickScan
[2012/04/20 00:41:29 | 000,000,000 | ---D | M] -- C:\Users\RedOne\AppData\Roaming\TeraCopy
[2012/06/19 03:35:27 | 000,000,000 | ---D | M] -- C:\Users\RedOne\AppData\Roaming\uTorrent
[2012/06/21 15:40:24 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/05/15 13:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvlddmkm.sys
[2012/04/24 13:02:03 | 000,014,088 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\system32\drivers\PROCEXP141.SYS
[2012/04/28 06:17:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys
[2012/04/24 17:13:24 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\Windows\system32\drivers\Soluto.sys
[2012/03/30 13:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
[2012/06/14 19:40:53 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\system32\drivers\tmcomm.sys
[2012/06/13 02:06:50 | 000,131,344 | ---- | M] (trend_company_name) -- C:\Windows\system32\drivers\tmrkb.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/06/23 21:29:53 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-19565554-1200009186-679263753-1000\desktop.ini
[2012/06/23 21:33:37 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-19565554-1200009186-679263753-1006\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-13 16:26:22

< MD5 for: AGP440.SYS >
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 04:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2011/01/24 18:03:35 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2011/01/24 18:03:35 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: BEEP.SYS >
[2009/07/14 02:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\erdnt\cache\beep.sys
[2009/07/14 02:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009/07/14 02:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009/07/14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 08:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011/02/26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/01/24 18:04:39 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: IASTORV.SYS >
[2011/03/11 08:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 08:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 08:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 08:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 04:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011/01/24 18:03:17 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2011/01/24 18:03:17 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 08:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2011/05/14 09:26:31 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=02D5E2D9D9497F314C97E082A1CB9808 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll
[2011/06/03 09:01:43 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=11826814AA8C1177CBF6BC40105E9A87 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll
[2011/07/16 07:25:25 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=12DD18C6ECADEDB922E40B494D315206 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll
[2009/07/14 04:15:35 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=4605F7EE9805F7E1C98D6C959DD2949C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll
[2011/05/14 09:35:39 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=4F9C07F0D68E135F1E07C20647FC54F9 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll
[2011/01/24 18:04:28 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=5553784D774CA845380650E010BBDA2C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll
[2011/05/14 10:40:52 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=5717FC9D2A1DAA0596DC7D940F2D613C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll
[2011/07/16 07:34:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=7E99A20C758ABB5AE89C7AEEA3A9AEB2 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll
[2011/07/16 07:54:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=921F8B3FF01501C9934CCB3C270833D7 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
[2011/07/16 07:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E570CBD732848438EAC574EB3442A2A8 -- C:\Windows\erdnt\cache\kernel32.dll
[2011/07/16 07:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E570CBD732848438EAC574EB3442A2A8 -- C:\Windows\System32\kernel32.dll
[2011/07/16 07:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E570CBD732848438EAC574EB3442A2A8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/14 04:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2011/01/24 18:04:14 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache\mswsock.dll
[2011/01/24 18:04:14 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2011/01/24 18:04:14 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NDIS.SYS >
[2009/07/14 04:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2011/01/24 18:04:09 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\erdnt\cache\ndis.sys
[2011/01/24 18:04:09 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2011/01/24 18:04:09 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2011/01/24 18:04:18 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll
[2011/01/24 18:04:18 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2011/01/24 18:04:18 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NTFS.SYS >
[2011/03/11 08:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys
[2011/01/24 18:04:09 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2009/07/14 04:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
[2011/03/11 08:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\erdnt\cache\ntfs.sys
[2011/03/11 08:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\System32\drivers\ntfs.sys
[2011/03/11 08:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[2011/03/11 08:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
[2011/03/11 08:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys

< MD5 for: NVSTOR.SYS >
[2011/03/11 08:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 08:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 08:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 08:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2011/01/24 18:03:17 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2011/01/24 18:03:17 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2011/01/24 18:04:47 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\System32\proquota.exe
[2011/01/24 18:04:47 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2009/07/14 04:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_279d4dfaf3b8bd5a\proquota.exe

< MD5 for: QMGR.DLL >
[2009/07/14 04:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2011/01/24 18:03:51 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
[2011/01/24 18:03:51 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2011/01/24 18:03:51 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SCECLI.DLL >
[2009/07/14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2011/01/24 18:03:44 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2011/01/24 18:03:44 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2011/01/24 18:03:44 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2009/07/14 04:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2011/01/24 18:03:34 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\erdnt\cache\spoolsv.exe
[2011/01/24 18:03:34 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\System32\spoolsv.exe
[2011/01/24 18:03:34 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 04:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TERMSRV.DLL >
[2011/01/24 18:04:27 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\erdnt\cache\termsrv.dll
[2011/01/24 18:04:27 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\System32\termsrv.dll
[2011/01/24 18:04:27 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[2009/07/14 04:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation) MD5=A01E50A04D7B1960B33E92B9080E6A94 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll

< MD5 for: USERINIT.EXE >
[2011/01/24 18:03:41 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2011/01/24 18:03:41 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2011/01/24 18:03:41 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·