Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Adobe Flash Player update and suspicious pop-up


  • This topic is locked This topic is locked
13 replies to this topic

#1 Zippy316

Zippy316

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 16 June 2012 - 09:59 AM

Well, I had this pop-up that frequently opened up whenever I started my computer. I never took a screenshot of it, but I found a picture of it, but it's small. It masked itself as an Adobe Flash Player update and because it came up when I started my computer, I figured it was reputable. I clicked it maybe six or so days ago, and since then I've been getting these suspicious pop-ups and when I check task manager, I find my CPU usage spiked up to like 80 percent when I am not doing much and then come right back down to like 1 or 5 percent. I've gotten increasingly suspicious and I ran some scanning tests, but none of them have been able to get rid of the suspicious pop-up. Nevertheless,

This is the "update" that I believe installed the virus/trojan/whatever it was:

Posted Image

I found this picture on a facebook note, which further cemented my theory of this downloading something harmful to my computer, http://www.facebook.com/note.php?note_id=276813992337786.

The suspicious pop-up looks like this:

Posted Image

It doesn't look like an actual Adobe warning, and it's been happening since I've clicked on the "update."

I ran some tests and deleted some trojans/adware directed by boopme in a different topic, it's here if you need to see anything: http://www.bleepingcomputer.com/forums/topic456984.html

The two logs created by DDS, are attached.

Thank You, the help is much appreciated.

Attached Files

  • Attached File  DDS.txt   11.23KB   2 downloads

Edited by Zippy316, 16 June 2012 - 10:26 AM.


BC AdBot (Login to Remove)

 


#2 Zippy316

Zippy316
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 16 June 2012 - 02:05 PM

Any thoughts?

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 18 June 2012 - 12:10 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Zippy316

Zippy316
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 19 June 2012 - 08:17 PM

Sorry about the late reply, I've been busy. I just got on and malware bytes said it blocked some kind of malware like 10 minutes ago, so I went into today's log, and this is what I found, what is the last one, is it an outside IP trying to get onto my computer? I am going to do the above tomorrow morning, but I just wanted to know what this was first. Thanks a lot Gringo.

2012/06/19 11:22:02 -0400 CONNER-PC Conner MESSAGE Starting protection
2012/06/19 11:22:05 -0400 CONNER-PC Conner MESSAGE Protection started successfully
2012/06/19 11:22:08 -0400 CONNER-PC Conner MESSAGE Starting IP protection
2012/06/19 11:22:11 -0400 CONNER-PC Conner MESSAGE IP Protection started successfully
2012/06/19 11:29:23 -0400 CONNER-PC Conner MESSAGE Executing scheduled update: Daily
2012/06/19 11:29:27 -0400 CONNER-PC Conner MESSAGE Scheduled update executed successfully: database updated from version v2012.06.18.05 to version v2012.06.19.05
2012/06/19 11:29:27 -0400 CONNER-PC Conner MESSAGE Starting database refresh
2012/06/19 11:29:27 -0400 CONNER-PC Conner MESSAGE Stopping IP protection
2012/06/19 11:35:13 -0400 CONNER-PC Conner MESSAGE IP Protection stopped
2012/06/19 11:35:17 -0400 CONNER-PC Conner MESSAGE Database refreshed successfully
2012/06/19 11:35:17 -0400 CONNER-PC Conner MESSAGE Starting IP protection
2012/06/19 11:35:21 -0400 CONNER-PC Conner MESSAGE IP Protection started successfully
2012/06/19 15:50:49 -0400 CONNER-PC Conner MESSAGE Starting protection
2012/06/19 15:50:52 -0400 CONNER-PC Conner MESSAGE Protection started successfully
2012/06/19 15:50:55 -0400 CONNER-PC Conner MESSAGE Starting IP protection
2012/06/19 15:50:59 -0400 CONNER-PC Conner MESSAGE IP Protection started successfully
2012/06/19 20:52:22 -0400 CONNER-PC Conner MESSAGE Starting protection
2012/06/19 20:52:26 -0400 CONNER-PC Conner MESSAGE Protection started successfully
2012/06/19 20:52:29 -0400 CONNER-PC Conner MESSAGE Starting IP protection
2012/06/19 20:52:34 -0400 CONNER-PC Conner MESSAGE IP Protection started successfully
2012/06/19 21:14:10 -0400 CONNER-PC Conner IP-BLOCK 64.34.127.185 (Type: outgoing, Port: 51051, Process: firefox.exe)

Edited by Zippy316, 19 June 2012 - 08:18 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 19 June 2012 - 08:29 PM

Greetings


Go ahead and run combofix and we will find out what is going on sooner or later


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Zippy316

Zippy316
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 20 June 2012 - 08:52 AM

Results of screen317's Security Check version 0.99.42
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
Toolbar Cleaner 1.0
JavaFX 2.1.0
Java™ 6 Update 29
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.3.300.257
Adobe Reader X (10.1.2)
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


ComboFix 12-06-20.01 - Conner 06/20/2012 9:34.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1447 [GMT -4:00]
Running from: c:\users\Conner\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Conner\Documents\~WRL3883.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-20 13:42 . 2012-06-20 13:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-20 13:21 . 2012-06-20 13:21 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D13970B8-22CB-4C0E-AE57-AB71AD36FBA2}\offreg.dll
2012-06-15 04:25 . 2012-06-15 04:25 -------- d-----w- c:\program files\ESET
2012-06-14 21:20 . 2012-06-14 21:20 -------- d-----w- c:\users\Conner\AppData\Roaming\Malwarebytes
2012-06-14 21:20 . 2012-06-14 21:20 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 21:20 . 2012-06-14 21:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-14 21:20 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 20:10 . 2012-06-14 20:10 -------- d-----w- c:\users\Conner\AppData\Roaming\SUPERAntiSpyware.com
2012-06-14 20:10 . 2012-06-14 20:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-14 20:10 . 2012-06-14 20:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-10 21:05 . 2012-06-10 21:05 -------- d-----w- c:\users\Conner\AppData\Local\Macromedia
2012-06-10 15:55 . 2012-06-10 16:47 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-08 14:41 . 2012-06-08 14:41 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 14:41 . 2012-06-08 14:41 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-03 16:39 . 2012-06-14 03:07 -------- d-----w- c:\program files\Common Files\Java
2012-06-03 16:39 . 2012-06-03 16:39 -------- d-----w- c:\program files\Oracle
2012-06-03 16:38 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 16:47 . 2011-06-14 13:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 22:47 . 2011-10-24 23:28 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 02:16 . 2011-07-12 16:46 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2011-06-24 17:37 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 3905408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Conner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Conner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security URL Filtering]
2011-05-17 14:25 231592 ----a-w- c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-01 23:27 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 16:47]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-11 20:16]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-11 20:16]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-183399825-1810263444-2488447323-1001Core.job
- c:\users\Conner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-20 20:46]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-183399825-1810263444-2488447323-1001UA.job
- c:\users\Conner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-20 20:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
FF - ProfilePath - c:\users\Conner\AppData\Roaming\Mozilla\Firefox\Profiles\f83d5n3e.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-blinkx beat - c:\program files\Blinkx\templates\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-20 09:48:58
ComboFix-quarantined-files.txt 2012-06-20 13:48
.
Pre-Run: 57,416,679,424 bytes free
Post-Run: 57,209,544,704 bytes free
.
- - End Of File - - E6B4C2A28C9BE59AD6BF88AB9055B285

The computer hasn't changed. Just still getting the same pop-up.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 20 June 2012 - 12:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Zippy316

Zippy316
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 20 June 2012 - 01:29 PM

14:15:24.0445 3320 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
14:15:24.0748 3320 ============================================================
14:15:24.0748 3320 Current date / time: 2012/06/20 14:15:24.0748
14:15:24.0749 3320 SystemInfo:
14:15:24.0749 3320
14:15:24.0749 3320 OS Version: 6.1.7600 ServicePack: 0.0
14:15:24.0749 3320 Product type: Workstation
14:15:24.0749 3320 ComputerName: CONNER-PC
14:15:24.0749 3320 UserName: Conner
14:15:24.0749 3320 Windows directory: C:\Windows
14:15:24.0749 3320 System windows directory: C:\Windows
14:15:24.0749 3320 Processor architecture: Intel x86
14:15:24.0749 3320 Number of processors: 2
14:15:24.0749 3320 Page size: 0x1000
14:15:24.0749 3320 Boot type: Normal boot
14:15:24.0749 3320 ============================================================
14:15:25.0906 3320 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
14:15:25.0923 3320 ============================================================
14:15:25.0923 3320 \Device\Harddisk0\DR0:
14:15:25.0923 3320 MBR partitions:
14:15:25.0923 3320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:15:25.0923 3320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
14:15:25.0923 3320 ============================================================
14:15:25.0941 3320 C: <-> \Device\Harddisk0\DR0\Partition1
14:15:25.0942 3320 ============================================================
14:15:25.0942 3320 Initialize success
14:15:25.0942 3320 ============================================================
14:15:35.0514 2056 ============================================================
14:15:35.0515 2056 Scan started
14:15:35.0515 2056 Mode: Manual;
14:15:35.0515 2056 ============================================================
14:15:36.0463 2056 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:15:36.0467 2056 !SASCORE - ok
14:15:36.0629 2056 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
14:15:36.0633 2056 1394ohci - ok
14:15:36.0700 2056 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
14:15:36.0705 2056 ACPI - ok
14:15:36.0728 2056 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
14:15:36.0729 2056 AcpiPmi - ok
14:15:36.0821 2056 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:15:36.0823 2056 AdobeARMservice - ok
14:15:36.0918 2056 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:15:36.0925 2056 AdobeFlashPlayerUpdateSvc - ok
14:15:36.0981 2056 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:15:36.0999 2056 adp94xx - ok
14:15:37.0027 2056 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:15:37.0035 2056 adpahci - ok
14:15:37.0066 2056 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:15:37.0071 2056 adpu320 - ok
14:15:37.0101 2056 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:15:37.0103 2056 AeLookupSvc - ok
14:15:37.0148 2056 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
14:15:37.0160 2056 AFD - ok
14:15:37.0190 2056 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
14:15:37.0192 2056 agp440 - ok
14:15:37.0220 2056 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:15:37.0223 2056 aic78xx - ok
14:15:37.0259 2056 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:15:37.0261 2056 ALG - ok
14:15:37.0289 2056 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
14:15:37.0290 2056 aliide - ok
14:15:37.0322 2056 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
14:15:37.0324 2056 amdagp - ok
14:15:37.0339 2056 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
14:15:37.0340 2056 amdide - ok
14:15:37.0367 2056 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:15:37.0369 2056 AmdK8 - ok
14:15:37.0382 2056 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:15:37.0384 2056 AmdPPM - ok
14:15:37.0424 2056 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\DRIVERS\amdsata.sys
14:15:37.0426 2056 amdsata - ok
14:15:37.0468 2056 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:15:37.0472 2056 amdsbs - ok
14:15:37.0487 2056 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\DRIVERS\amdxata.sys
14:15:37.0488 2056 amdxata - ok
14:15:37.0522 2056 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
14:15:37.0524 2056 AppID - ok
14:15:37.0555 2056 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:15:37.0557 2056 AppIDSvc - ok
14:15:37.0567 2056 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
14:15:37.0568 2056 Appinfo - ok
14:15:37.0675 2056 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:15:37.0677 2056 Apple Mobile Device - ok
14:15:37.0709 2056 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
14:15:37.0713 2056 AppMgmt - ok
14:15:37.0746 2056 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:15:37.0749 2056 arc - ok
14:15:37.0769 2056 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:15:37.0772 2056 arcsas - ok
14:15:37.0795 2056 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:15:37.0796 2056 AsyncMac - ok
14:15:37.0804 2056 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
14:15:37.0805 2056 atapi - ok
14:15:37.0848 2056 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
14:15:37.0852 2056 AudioEndpointBuilder - ok
14:15:37.0861 2056 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
14:15:37.0865 2056 Audiosrv - ok
14:15:37.0885 2056 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
14:15:37.0888 2056 AxInstSV - ok
14:15:37.0936 2056 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:15:37.0953 2056 b06bdrv - ok
14:15:37.0985 2056 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:15:37.0991 2056 b57nd60x - ok
14:15:38.0030 2056 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:15:38.0033 2056 BDESVC - ok
14:15:38.0054 2056 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:15:38.0055 2056 Beep - ok
14:15:38.0099 2056 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
14:15:38.0104 2056 BFE - ok
14:15:38.0145 2056 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
14:15:38.0177 2056 BITS - ok
14:15:38.0204 2056 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:15:38.0205 2056 blbdrive - ok
14:15:38.0320 2056 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:15:38.0339 2056 Bonjour Service - ok
14:15:38.0375 2056 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
14:15:38.0378 2056 bowser - ok
14:15:38.0393 2056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:15:38.0395 2056 BrFiltLo - ok
14:15:38.0420 2056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:15:38.0422 2056 BrFiltUp - ok
14:15:38.0453 2056 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
14:15:38.0456 2056 BridgeMP - ok
14:15:38.0478 2056 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
14:15:38.0480 2056 Browser - ok
14:15:38.0507 2056 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:15:38.0514 2056 Brserid - ok
14:15:38.0532 2056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:15:38.0535 2056 BrSerWdm - ok
14:15:38.0561 2056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:15:38.0562 2056 BrUsbMdm - ok
14:15:38.0576 2056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:15:38.0577 2056 BrUsbSer - ok
14:15:38.0588 2056 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:15:38.0590 2056 BTHMODEM - ok
14:15:38.0626 2056 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:15:38.0628 2056 bthserv - ok
14:15:38.0725 2056 catchme - ok
14:15:38.0757 2056 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:15:38.0760 2056 cdfs - ok
14:15:38.0790 2056 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
14:15:38.0794 2056 cdrom - ok
14:15:38.0828 2056 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
14:15:38.0829 2056 CertPropSvc - ok
14:15:38.0862 2056 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:15:38.0864 2056 circlass - ok
14:15:38.0893 2056 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:15:38.0899 2056 CLFS - ok
14:15:38.0973 2056 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:15:38.0976 2056 clr_optimization_v2.0.50727_32 - ok
14:15:38.0999 2056 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:15:39.0000 2056 CmBatt - ok
14:15:39.0007 2056 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
14:15:39.0009 2056 cmdide - ok
14:15:39.0038 2056 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
14:15:39.0048 2056 CNG - ok
14:15:39.0063 2056 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:15:39.0065 2056 Compbatt - ok
14:15:39.0091 2056 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:15:39.0092 2056 CompositeBus - ok
14:15:39.0109 2056 COMSysApp - ok
14:15:39.0125 2056 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:15:39.0126 2056 crcdisk - ok
14:15:39.0181 2056 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
14:15:39.0183 2056 CryptSvc - ok
14:15:39.0223 2056 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
14:15:39.0242 2056 CSC - ok
14:15:39.0279 2056 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
14:15:39.0302 2056 CscService - ok
14:15:39.0339 2056 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
14:15:39.0357 2056 DcomLaunch - ok
14:15:39.0385 2056 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:15:39.0392 2056 defragsvc - ok
14:15:39.0443 2056 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
14:15:39.0445 2056 DfsC - ok
14:15:39.0499 2056 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
14:15:39.0505 2056 Dhcp - ok
14:15:39.0535 2056 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:15:39.0537 2056 discache - ok
14:15:39.0564 2056 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:15:39.0566 2056 Disk - ok
14:15:39.0599 2056 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
14:15:39.0602 2056 Dnscache - ok
14:15:39.0630 2056 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
14:15:39.0635 2056 dot3svc - ok
14:15:39.0651 2056 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
14:15:39.0653 2056 DPS - ok
14:15:39.0689 2056 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:15:39.0690 2056 drmkaud - ok
14:15:39.0738 2056 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
14:15:39.0776 2056 DXGKrnl - ok
14:15:39.0807 2056 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:15:39.0809 2056 EapHost - ok
14:15:39.0961 2056 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:15:40.0056 2056 ebdrv - ok
14:15:40.0161 2056 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
14:15:40.0164 2056 EFS - ok
14:15:40.0226 2056 ehRecvr (3a74a6e33685662b125a3269b1f2114f) C:\Windows\ehome\ehRecvr.exe
14:15:40.0251 2056 ehRecvr - ok
14:15:40.0266 2056 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
14:15:40.0270 2056 ehSched - ok
14:15:40.0339 2056 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:15:40.0357 2056 elxstor - ok
14:15:40.0372 2056 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
14:15:40.0373 2056 ErrDev - ok
14:15:40.0428 2056 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:15:40.0436 2056 EventSystem - ok
14:15:40.0477 2056 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:15:40.0481 2056 exfat - ok
14:15:40.0503 2056 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:15:40.0507 2056 fastfat - ok
14:15:40.0566 2056 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
14:15:40.0573 2056 Fax - ok
14:15:40.0607 2056 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:15:40.0609 2056 fdc - ok
14:15:40.0634 2056 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:15:40.0636 2056 fdPHost - ok
14:15:40.0648 2056 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:15:40.0650 2056 FDResPub - ok
14:15:40.0664 2056 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:15:40.0666 2056 FileInfo - ok
14:15:40.0694 2056 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:15:40.0695 2056 Filetrace - ok
14:15:40.0703 2056 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:15:40.0704 2056 flpydisk - ok
14:15:40.0737 2056 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:15:40.0741 2056 FltMgr - ok
14:15:40.0792 2056 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
14:15:40.0828 2056 FontCache - ok
14:15:40.0869 2056 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:15:40.0872 2056 FontCache3.0.0.0 - ok
14:15:40.0884 2056 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:15:40.0887 2056 FsDepends - ok
14:15:40.0912 2056 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:15:40.0914 2056 Fs_Rec - ok
14:15:40.0943 2056 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
14:15:40.0947 2056 fvevol - ok
14:15:40.0978 2056 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:15:40.0980 2056 gagp30kx - ok
14:15:41.0018 2056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:15:41.0020 2056 GEARAspiWDM - ok
14:15:41.0064 2056 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
14:15:41.0088 2056 gpsvc - ok
14:15:41.0211 2056 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:15:41.0214 2056 gupdate - ok
14:15:41.0234 2056 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:15:41.0236 2056 gupdatem - ok
14:15:41.0267 2056 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:15:41.0269 2056 hcw85cir - ok
14:15:41.0313 2056 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
14:15:41.0320 2056 HdAudAddService - ok
14:15:41.0362 2056 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:15:41.0364 2056 HDAudBus - ok
14:15:41.0376 2056 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:15:41.0378 2056 HidBatt - ok
14:15:41.0392 2056 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:15:41.0395 2056 HidBth - ok
14:15:41.0429 2056 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:15:41.0430 2056 HidIr - ok
14:15:41.0451 2056 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
14:15:41.0453 2056 hidserv - ok
14:15:41.0514 2056 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
14:15:41.0515 2056 HidUsb - ok
14:15:41.0545 2056 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
14:15:41.0547 2056 hkmsvc - ok
14:15:41.0567 2056 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
14:15:41.0572 2056 HomeGroupListener - ok
14:15:41.0601 2056 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
14:15:41.0606 2056 HomeGroupProvider - ok
14:15:41.0642 2056 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:15:41.0645 2056 HpSAMD - ok
14:15:41.0686 2056 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
14:15:41.0712 2056 HTTP - ok
14:15:41.0727 2056 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
14:15:41.0729 2056 hwpolicy - ok
14:15:41.0758 2056 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
14:15:41.0761 2056 i8042prt - ok
14:15:41.0806 2056 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\DRIVERS\iaStorV.sys
14:15:41.0817 2056 iaStorV - ok
14:15:41.0903 2056 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:15:41.0947 2056 idsvc - ok
14:15:41.0985 2056 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:15:41.0987 2056 iirsp - ok
14:15:42.0052 2056 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
14:15:42.0061 2056 IKEEXT - ok
14:15:42.0088 2056 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
14:15:42.0089 2056 intelide - ok
14:15:42.0117 2056 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:15:42.0120 2056 intelppm - ok
14:15:42.0149 2056 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:15:42.0153 2056 IPBusEnum - ok
14:15:42.0176 2056 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:15:42.0178 2056 IpFilterDriver - ok
14:15:42.0227 2056 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
14:15:42.0244 2056 iphlpsvc - ok
14:15:42.0261 2056 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:15:42.0263 2056 IPMIDRV - ok
14:15:42.0282 2056 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:15:42.0285 2056 IPNAT - ok
14:15:42.0391 2056 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:15:42.0428 2056 iPod Service - ok
14:15:42.0467 2056 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:15:42.0469 2056 IRENUM - ok
14:15:42.0485 2056 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
14:15:42.0488 2056 isapnp - ok
14:15:42.0513 2056 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
14:15:42.0518 2056 iScsiPrt - ok
14:15:42.0631 2056 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:15:42.0690 2056 kbdclass - ok
14:15:42.0744 2056 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
14:15:42.0746 2056 kbdhid - ok
14:15:42.0766 2056 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
14:15:42.0769 2056 KeyIso - ok
14:15:42.0782 2056 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
14:15:42.0785 2056 KSecDD - ok
14:15:42.0802 2056 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
14:15:42.0806 2056 KSecPkg - ok
14:15:42.0832 2056 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:15:42.0840 2056 KtmRm - ok
14:15:42.0877 2056 LanmanServer (bca92cb047a4326925ecef759dbaa233) C:\Windows\System32\srvsvc.dll
14:15:42.0881 2056 LanmanServer - ok
14:15:42.0909 2056 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
14:15:42.0913 2056 LanmanWorkstation - ok
14:15:42.0957 2056 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:15:42.0959 2056 lltdio - ok
14:15:42.0987 2056 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:15:42.0992 2056 lltdsvc - ok
14:15:43.0010 2056 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:15:43.0012 2056 lmhosts - ok
14:15:43.0047 2056 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:15:43.0049 2056 LSI_FC - ok
14:15:43.0063 2056 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:15:43.0066 2056 LSI_SAS - ok
14:15:43.0078 2056 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:15:43.0080 2056 LSI_SAS2 - ok
14:15:43.0101 2056 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:15:43.0104 2056 LSI_SCSI - ok
14:15:43.0119 2056 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:15:43.0122 2056 luafv - ok
14:15:43.0157 2056 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:15:43.0158 2056 MBAMProtector - ok
14:15:43.0259 2056 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:15:43.0292 2056 MBAMService - ok
14:15:43.0386 2056 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
14:15:43.0392 2056 McComponentHostService - ok
14:15:43.0421 2056 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
14:15:43.0426 2056 Mcx2Svc - ok
14:15:43.0452 2056 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:15:43.0454 2056 megasas - ok
14:15:43.0487 2056 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:15:43.0492 2056 MegaSR - ok
14:15:43.0559 2056 Microsoft Office Groove Audit Service (033b947af4a997820e86fcb070b1f450) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:15:43.0562 2056 Microsoft Office Groove Audit Service - ok
14:15:43.0587 2056 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:15:43.0590 2056 MMCSS - ok
14:15:43.0607 2056 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:15:43.0609 2056 Modem - ok
14:15:43.0650 2056 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:15:43.0652 2056 monitor - ok
14:15:43.0701 2056 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:15:43.0703 2056 mouclass - ok
14:15:43.0730 2056 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:15:43.0732 2056 mouhid - ok
14:15:43.0761 2056 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
14:15:43.0763 2056 mountmgr - ok
14:15:43.0856 2056 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:15:43.0859 2056 MozillaMaintenance - ok
14:15:43.0891 2056 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
14:15:43.0895 2056 mpio - ok
14:15:43.0914 2056 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:15:43.0916 2056 mpsdrv - ok
14:15:43.0968 2056 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
14:15:43.0974 2056 MpsSvc - ok
14:15:44.0002 2056 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
14:15:44.0005 2056 MRxDAV - ok
14:15:44.0037 2056 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:15:44.0040 2056 mrxsmb - ok
14:15:44.0073 2056 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:15:44.0078 2056 mrxsmb10 - ok
14:15:44.0094 2056 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:15:44.0096 2056 mrxsmb20 - ok
14:15:44.0128 2056 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
14:15:44.0130 2056 msahci - ok
14:15:44.0144 2056 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
14:15:44.0147 2056 msdsm - ok
14:15:44.0175 2056 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:15:44.0180 2056 MSDTC - ok
14:15:44.0193 2056 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:15:44.0194 2056 Msfs - ok
14:15:44.0208 2056 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:15:44.0209 2056 mshidkmdf - ok
14:15:44.0220 2056 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
14:15:44.0221 2056 msisadrv - ok
14:15:44.0252 2056 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:15:44.0256 2056 MSiSCSI - ok
14:15:44.0260 2056 msiserver - ok
14:15:44.0296 2056 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:15:44.0297 2056 MSKSSRV - ok
14:15:44.0310 2056 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:15:44.0311 2056 MSPCLOCK - ok
14:15:44.0321 2056 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:15:44.0323 2056 MSPQM - ok
14:15:44.0339 2056 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:15:44.0343 2056 MsRPC - ok
14:15:44.0358 2056 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
14:15:44.0359 2056 mssmbios - ok
14:15:44.0372 2056 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:15:44.0374 2056 MSTEE - ok
14:15:44.0387 2056 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:15:44.0388 2056 MTConfig - ok
14:15:44.0425 2056 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
14:15:44.0426 2056 MTsensor - ok
14:15:44.0446 2056 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:15:44.0448 2056 Mup - ok
14:15:44.0479 2056 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
14:15:44.0484 2056 napagent - ok
14:15:44.0539 2056 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:15:44.0544 2056 NativeWifiP - ok
14:15:44.0591 2056 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
14:15:44.0620 2056 NDIS - ok
14:15:44.0653 2056 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:15:44.0655 2056 NdisCap - ok
14:15:44.0674 2056 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:15:44.0676 2056 NdisTapi - ok
14:15:44.0733 2056 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
14:15:44.0735 2056 Ndisuio - ok
14:15:44.0760 2056 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:44.0764 2056 NdisWan - ok
14:15:44.0781 2056 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
14:15:44.0783 2056 NDProxy - ok
14:15:44.0802 2056 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:15:44.0804 2056 NetBIOS - ok
14:15:44.0826 2056 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
14:15:44.0831 2056 NetBT - ok
14:15:44.0856 2056 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
14:15:44.0858 2056 Netlogon - ok
14:15:44.0912 2056 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
14:15:44.0917 2056 Netman - ok
14:15:44.0943 2056 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
14:15:44.0954 2056 netprofm - ok
14:15:45.0017 2056 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
14:15:45.0047 2056 netr28u - ok
14:15:45.0088 2056 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:15:45.0091 2056 NetTcpPortSharing - ok
14:15:45.0131 2056 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:15:45.0133 2056 nfrd960 - ok
14:15:45.0164 2056 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
14:15:45.0168 2056 NlaSvc - ok
14:15:45.0181 2056 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:15:45.0183 2056 Npfs - ok
14:15:45.0204 2056 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
14:15:45.0207 2056 nsi - ok
14:15:45.0215 2056 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:15:45.0217 2056 nsiproxy - ok
14:15:45.0292 2056 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
14:15:45.0341 2056 Ntfs - ok
14:15:45.0364 2056 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:15:45.0366 2056 Null - ok
14:15:45.0783 2056 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:15:46.0044 2056 nvlddmkm - ok
14:15:46.0175 2056 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\DRIVERS\nvraid.sys
14:15:46.0179 2056 nvraid - ok
14:15:46.0201 2056 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\DRIVERS\nvstor.sys
14:15:46.0205 2056 nvstor - ok
14:15:46.0234 2056 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
14:15:46.0237 2056 nv_agp - ok
14:15:46.0328 2056 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:15:46.0346 2056 odserv - ok
14:15:46.0369 2056 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
14:15:46.0372 2056 ohci1394 - ok
14:15:46.0419 2056 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:15:46.0422 2056 ose - ok
14:15:46.0454 2056 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:15:46.0461 2056 p2pimsvc - ok
14:15:46.0493 2056 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
14:15:46.0502 2056 p2psvc - ok
14:15:46.0536 2056 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:15:46.0538 2056 Parport - ok
14:15:46.0555 2056 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
14:15:46.0557 2056 partmgr - ok
14:15:46.0569 2056 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:15:46.0571 2056 Parvdm - ok
14:15:46.0602 2056 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
14:15:46.0607 2056 PcaSvc - ok
14:15:46.0626 2056 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
14:15:46.0629 2056 pci - ok
14:15:46.0643 2056 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
14:15:46.0644 2056 pciide - ok
14:15:46.0663 2056 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:15:46.0668 2056 pcmcia - ok
14:15:46.0684 2056 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:15:46.0685 2056 pcw - ok
14:15:46.0727 2056 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:15:46.0752 2056 PEAUTH - ok
14:15:46.0816 2056 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
14:15:46.0858 2056 PeerDistSvc - ok
14:15:46.0944 2056 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
14:15:46.0998 2056 pla - ok
14:15:47.0125 2056 PlugPlay (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll
14:15:47.0132 2056 PlugPlay - ok
14:15:47.0185 2056 PnkBstrA (831883b107684301f48ace752c963984) C:\Windows\system32\PnkBstrA.exe
14:15:47.0189 2056 PnkBstrA - ok
14:15:47.0216 2056 PnkBstrB (e24106a5eaecddff00b25497049dd65f) C:\Windows\system32\PnkBstrB.exe
14:15:47.0221 2056 PnkBstrB - ok
14:15:47.0248 2056 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
14:15:47.0252 2056 PNRPAutoReg - ok
14:15:47.0287 2056 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:15:47.0291 2056 PNRPsvc - ok
14:15:47.0351 2056 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
14:15:47.0353 2056 Point32 - ok
14:15:47.0389 2056 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
14:15:47.0401 2056 PolicyAgent - ok
14:15:47.0422 2056 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
14:15:47.0427 2056 Power - ok
14:15:47.0466 2056 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:15:47.0468 2056 PptpMiniport - ok
14:15:47.0476 2056 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:15:47.0478 2056 Processor - ok
14:15:47.0514 2056 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
14:15:47.0519 2056 ProfSvc - ok
14:15:47.0545 2056 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
14:15:47.0547 2056 ProtectedStorage - ok
14:15:47.0587 2056 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:15:47.0589 2056 Psched - ok
14:15:47.0658 2056 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:15:47.0704 2056 ql2300 - ok
14:15:47.0826 2056 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:15:47.0829 2056 ql40xx - ok
14:15:47.0862 2056 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
14:15:47.0871 2056 QWAVE - ok
14:15:47.0887 2056 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:15:47.0889 2056 QWAVEdrv - ok
14:15:47.0902 2056 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:15:47.0904 2056 RasAcd - ok
14:15:47.0936 2056 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:47.0938 2056 RasAgileVpn - ok
14:15:47.0970 2056 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
14:15:47.0974 2056 RasAuto - ok
14:15:48.0001 2056 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:48.0004 2056 Rasl2tp - ok
14:15:48.0033 2056 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
14:15:48.0042 2056 RasMan - ok
14:15:48.0069 2056 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:48.0072 2056 RasPppoe - ok
14:15:48.0114 2056 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:15:48.0116 2056 RasSstp - ok
14:15:48.0135 2056 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
14:15:48.0141 2056 rdbss - ok
14:15:48.0156 2056 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:15:48.0157 2056 rdpbus - ok
14:15:48.0165 2056 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:48.0166 2056 RDPCDD - ok
14:15:48.0190 2056 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
14:15:48.0194 2056 RDPDR - ok
14:15:48.0218 2056 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:15:48.0220 2056 RDPENCDD - ok
14:15:48.0230 2056 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:15:48.0232 2056 RDPREFMP - ok
14:15:48.0258 2056 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
14:15:48.0262 2056 RDPWD - ok
14:15:48.0290 2056 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
14:15:48.0294 2056 rdyboost - ok
14:15:48.0319 2056 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
14:15:48.0323 2056 RemoteAccess - ok
14:15:48.0354 2056 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
14:15:48.0359 2056 RemoteRegistry - ok
14:15:48.0381 2056 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
14:15:48.0385 2056 RpcEptMapper - ok
14:15:48.0407 2056 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
14:15:48.0409 2056 RpcLocator - ok
14:15:48.0436 2056 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
14:15:48.0442 2056 RpcSs - ok
14:15:48.0483 2056 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:15:48.0485 2056 rspndr - ok
14:15:48.0517 2056 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
14:15:48.0519 2056 s3cap - ok
14:15:48.0544 2056 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
14:15:48.0547 2056 SamSs - ok
14:15:48.0639 2056 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:15:48.0640 2056 SASDIFSV - ok
14:15:48.0686 2056 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:15:48.0689 2056 SASKUTIL - ok
14:15:48.0730 2056 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
14:15:48.0733 2056 sbp2port - ok
14:15:48.0768 2056 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
14:15:48.0776 2056 SCardSvr - ok
14:15:48.0792 2056 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
14:15:48.0794 2056 scfilter - ok
14:15:48.0842 2056 Schedule (3e8b0c453e25613a1f59762a5c42aa75) C:\Windows\system32\schedsvc.dll
14:15:48.0882 2056 Schedule - ok
14:15:48.0909 2056 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
14:15:48.0910 2056 SCPolicySvc - ok
14:15:48.0935 2056 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
14:15:48.0941 2056 SDRSVC - ok
14:15:48.0970 2056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:15:48.0972 2056 secdrv - ok
14:15:48.0985 2056 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
14:15:48.0989 2056 seclogon - ok
14:15:49.0013 2056 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
14:15:49.0016 2056 SENS - ok
14:15:49.0030 2056 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
14:15:49.0034 2056 SensrSvc - ok
14:15:49.0064 2056 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:15:49.0066 2056 Serenum - ok
14:15:49.0078 2056 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:15:49.0080 2056 Serial - ok
14:15:49.0096 2056 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:15:49.0098 2056 sermouse - ok
14:15:49.0137 2056 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
14:15:49.0141 2056 SessionEnv - ok
14:15:49.0153 2056 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
14:15:49.0155 2056 sffdisk - ok
14:15:49.0167 2056 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:15:49.0168 2056 sffp_mmc - ok
14:15:49.0180 2056 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:15:49.0182 2056 sffp_sd - ok
14:15:49.0189 2056 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:15:49.0191 2056 sfloppy - ok
14:15:49.0232 2056 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
14:15:49.0240 2056 SharedAccess - ok
14:15:49.0282 2056 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
14:15:49.0287 2056 ShellHWDetection - ok
14:15:49.0299 2056 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
14:15:49.0301 2056 sisagp - ok
14:15:49.0341 2056 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:15:49.0343 2056 SiSRaid2 - ok
14:15:49.0359 2056 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:15:49.0361 2056 SiSRaid4 - ok
14:15:49.0387 2056 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:15:49.0390 2056 Smb - ok
14:15:49.0425 2056 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
14:15:49.0429 2056 SNMPTRAP - ok
14:15:49.0436 2056 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:15:49.0438 2056 spldr - ok
14:15:49.0472 2056 Spooler (49b6dd6ab3715b7a67965f17194e98a9) C:\Windows\System32\spoolsv.exe
14:15:49.0481 2056 Spooler - ok
14:15:49.0620 2056 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
14:15:49.0719 2056 sppsvc - ok
14:15:49.0826 2056 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
14:15:49.0831 2056 sppuinotify - ok
14:15:49.0888 2056 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
14:15:49.0896 2056 srv - ok
14:15:49.0921 2056 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
14:15:49.0930 2056 srv2 - ok
14:15:49.0958 2056 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
14:15:49.0961 2056 srvnet - ok
14:15:49.0995 2056 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
14:15:50.0001 2056 SSDPSRV - ok
14:15:50.0017 2056 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
14:15:50.0021 2056 SstpSvc - ok
14:15:50.0072 2056 Steam Client Service - ok
14:15:50.0098 2056 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:15:50.0100 2056 stexstor - ok
14:15:50.0143 2056 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
14:15:50.0169 2056 StiSvc - ok
14:15:50.0199 2056 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
14:15:50.0201 2056 storflt - ok
14:15:50.0224 2056 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
14:15:50.0226 2056 storvsc - ok
14:15:50.0238 2056 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
14:15:50.0239 2056 swenum - ok
14:15:50.0277 2056 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
14:15:50.0286 2056 swprv - ok
14:15:50.0346 2056 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
14:15:50.0394 2056 SysMain - ok
14:15:50.0420 2056 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
14:15:50.0425 2056 TabletInputService - ok
14:15:50.0451 2056 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
14:15:50.0459 2056 TapiSrv - ok
14:15:50.0476 2056 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
14:15:50.0479 2056 TBS - ok
14:15:50.0570 2056 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
14:15:50.0615 2056 Tcpip - ok
14:15:50.0639 2056 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
14:15:50.0648 2056 TCPIP6 - ok
14:15:50.0665 2056 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
14:15:50.0666 2056 tcpipreg - ok
14:15:50.0697 2056 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
14:15:50.0699 2056 TDPIPE - ok
14:15:50.0709 2056 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
14:15:50.0711 2056 TDTCP - ok
14:15:50.0724 2056 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
14:15:50.0727 2056 tdx - ok
14:15:50.0740 2056 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
14:15:50.0742 2056 TermDD - ok
14:15:50.0781 2056 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
14:15:50.0788 2056 TermService - ok
14:15:50.0801 2056 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
14:15:50.0806 2056 Themes - ok
14:15:50.0830 2056 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:15:50.0832 2056 THREADORDER - ok
14:15:50.0869 2056 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
14:15:50.0873 2056 TrkWks - ok
14:15:50.0924 2056 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
14:15:50.0929 2056 TrustedInstaller - ok
14:15:50.0956 2056 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:15:50.0958 2056 tssecsrv - ok
14:15:50.0991 2056 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
14:15:50.0994 2056 tunnel - ok
14:15:51.0010 2056 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:15:51.0013 2056 uagp35 - ok
14:15:51.0035 2056 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
14:15:51.0041 2056 udfs - ok
14:15:51.0070 2056 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
14:15:51.0075 2056 UI0Detect - ok
14:15:51.0101 2056 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:15:51.0104 2056 uliagpkx - ok
14:15:51.0130 2056 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
14:15:51.0132 2056 umbus - ok
14:15:51.0156 2056 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:15:51.0157 2056 UmPass - ok
14:15:51.0193 2056 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
14:15:51.0197 2056 UmRdpService - ok
14:15:51.0235 2056 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
14:15:51.0243 2056 upnphost - ok
14:15:51.0274 2056 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
14:15:51.0276 2056 USBAAPL - ok
14:15:51.0316 2056 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
14:15:51.0317 2056 usbaudio - ok
14:15:51.0347 2056 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
14:15:51.0350 2056 usbccgp - ok
14:15:51.0381 2056 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
14:15:51.0384 2056 usbcir - ok
14:15:51.0400 2056 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
14:15:51.0402 2056 usbehci - ok
14:15:51.0436 2056 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
14:15:51.0442 2056 usbhub - ok
14:15:51.0456 2056 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
14:15:51.0458 2056 usbohci - ok
14:15:51.0478 2056 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:15:51.0480 2056 usbprint - ok
14:15:51.0507 2056 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:15:51.0509 2056 USBSTOR - ok
14:15:51.0521 2056 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
14:15:51.0522 2056 usbuhci - ok
14:15:51.0550 2056 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
14:15:51.0553 2056 UxSms - ok
14:15:51.0575 2056 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
14:15:51.0577 2056 VaultSvc - ok
14:15:51.0606 2056 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:15:51.0608 2056 vdrvroot - ok
14:15:51.0640 2056 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
14:15:51.0657 2056 vds - ok
14:15:51.0685 2056 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:15:51.0687 2056 vga - ok
14:15:51.0700 2056 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:15:51.0701 2056 VgaSave - ok
14:15:51.0722 2056 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
14:15:51.0725 2056 vhdmp - ok
14:15:51.0754 2056 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
14:15:51.0756 2056 viaagp - ok
14:15:51.0769 2056 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:15:51.0771 2056 ViaC7 - ok
14:15:51.0792 2056 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
14:15:51.0793 2056 viaide - ok
14:15:51.0816 2056 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
14:15:51.0820 2056 vmbus - ok
14:15:51.0837 2056 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
14:15:51.0839 2056 VMBusHID - ok
14:15:51.0854 2056 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
14:15:51.0856 2056 volmgr - ok
14:15:51.0880 2056 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:15:51.0886 2056 volmgrx - ok
14:15:51.0906 2056 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
14:15:51.0911 2056 volsnap - ok
14:15:51.0969 2056 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:15:51.0974 2056 vsmraid - ok
14:15:52.0229 2056 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
14:15:52.0296 2056 VSS - ok
14:15:52.0306 2056 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:15:52.0308 2056 vwifibus - ok
14:15:52.0336 2056 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:15:52.0338 2056 vwififlt - ok
14:15:52.0376 2056 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
14:15:52.0382 2056 W32Time - ok
14:15:52.0429 2056 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:15:52.0431 2056 WacomPen - ok
14:15:52.0456 2056 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:52.0458 2056 WANARP - ok
14:15:52.0463 2056 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
14:15:52.0464 2056 Wanarpv6 - ok
14:15:52.0541 2056 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
14:15:52.0597 2056 wbengine - ok
14:15:52.0619 2056 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
14:15:52.0625 2056 WbioSrvc - ok
14:15:52.0722 2056 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
14:15:52.0733 2056 wcncsvc - ok
14:15:52.0780 2056 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
14:15:52.0786 2056 WcsPlugInService - ok
14:15:52.0833 2056 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:15:52.0834 2056 Wd - ok
14:15:52.0866 2056 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:15:52.0884 2056 Wdf01000 - ok
14:15:52.0909 2056 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:15:52.0913 2056 WdiServiceHost - ok
14:15:52.0918 2056 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:15:52.0925 2056 WdiSystemHost - ok
14:15:52.0946 2056 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
14:15:52.0954 2056 WebClient - ok
14:15:52.0972 2056 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
14:15:52.0978 2056 Wecsvc - ok
14:15:52.0993 2056 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
14:15:52.0998 2056 wercplsupport - ok
14:15:53.0025 2056 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
14:15:53.0029 2056 WerSvc - ok
14:15:53.0056 2056 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:15:53.0057 2056 WfpLwf - ok
14:15:53.0068 2056 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:15:53.0070 2056 WIMMount - ok
14:15:53.0164 2056 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
14:15:53.0195 2056 WinDefend - ok
14:15:53.0205 2056 WinHttpAutoProxySvc - ok
14:15:53.0300 2056 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
14:15:53.0305 2056 Winmgmt - ok
14:15:53.0413 2056 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
14:15:53.0431 2056 WinRM - ok
14:15:53.0527 2056 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
14:15:53.0529 2056 WinUsb - ok
14:15:53.0604 2056 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
14:15:53.0651 2056 Wlansvc - ok
14:15:53.0675 2056 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:15:53.0676 2056 WmiAcpi - ok
14:15:53.0733 2056 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
14:15:53.0737 2056 wmiApSrv - ok
14:15:53.0864 2056 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:15:53.0916 2056 WMPNetworkSvc - ok
14:15:53.0944 2056 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
14:15:53.0948 2056 WPCSvc - ok
14:15:53.0967 2056 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
14:15:53.0972 2056 WPDBusEnum - ok
14:15:54.0021 2056 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:15:54.0023 2056 ws2ifsl - ok
14:15:54.0037 2056 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
14:15:54.0043 2056 wscsvc - ok
14:15:54.0050 2056 WSearch - ok
14:15:54.0149 2056 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
14:15:54.0214 2056 wuauserv - ok
14:15:54.0331 2056 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
14:15:54.0334 2056 WudfPf - ok
14:15:54.0359 2056 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:15:54.0364 2056 WUDFRd - ok
14:15:54.0399 2056 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
14:15:54.0406 2056 wudfsvc - ok
14:15:54.0426 2056 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
14:15:54.0434 2056 WwanSvc - ok
14:15:54.0487 2056 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
14:15:54.0490 2056 xusb21 - ok
14:15:54.0535 2056 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
14:15:54.0541 2056 yukonw7 - ok
14:15:54.0562 2056 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:15:54.0664 2056 \Device\Harddisk0\DR0 - ok
14:15:54.0670 2056 Boot (0x1200) (2392982d891bf61a22f5c4f0d6276304) \Device\Harddisk0\DR0\Partition0
14:15:54.0672 2056 \Device\Harddisk0\DR0\Partition0 - ok
14:15:54.0681 2056 Boot (0x1200) (ae4291912f4f809c12c596733282b22d) \Device\Harddisk0\DR0\Partition1
14:15:54.0684 2056 \Device\Harddisk0\DR0\Partition1 - ok
14:15:54.0684 2056 ============================================================
14:15:54.0684 2056 Scan finished
14:15:54.0684 2056 ============================================================
14:15:54.0701 5812 Detected object count: 0
14:15:54.0701 5812 Actual detected object count: 0
14:17:25.0691 3616 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 14:17:38
-----------------------------
14:17:38.243 OS Version: Windows 6.1.7600
14:17:38.244 Number of processors: 2 586 0xF02
14:17:38.248 ComputerName: CONNER-PC UserName: Conner
14:17:39.236 Initialize success
14:18:09.092 AVAST engine defs: 12062001
14:18:14.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:18:14.395 Disk 0 Vendor: WDC_WD1200BB-00GUA0 08.02D08 Size: 114473MB BusType: 3
14:18:14.417 Disk 0 MBR read successfully
14:18:14.422 Disk 0 MBR scan
14:18:14.444 Disk 0 Windows 7 default MBR code
14:18:14.457 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:18:14.469 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
14:18:14.481 Disk 0 scanning sectors +234438656
14:18:14.539 Disk 0 scanning C:\Windows\system32\drivers
14:18:26.694 Service scanning
14:19:08.864 Modules scanning
14:19:26.837 Disk 0 trace - called modules:
14:19:26.861 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
14:19:26.869 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8566b068]
14:19:26.876 3 CLASSPNP.SYS[88db459e] -> nt!IofCallDriver -> [0x85582918]
14:19:26.883 5 ACPI.sys[8888b3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8556c908]
14:19:27.604 AVAST engine scan C:\Windows
14:19:30.127 AVAST engine scan C:\Windows\system32
14:22:18.986 AVAST engine scan C:\Windows\system32\drivers
14:22:29.747 AVAST engine scan C:\Users\Conner
14:27:08.154 AVAST engine scan C:\ProgramData
14:27:33.837 Scan finished successfully
14:28:34.724 Disk 0 MBR has been saved successfully to "C:\Users\Conner\Documents\MBR.dat"
14:28:34.732 The log file has been saved successfully to "C:\Users\Conner\Documents\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 20 June 2012 - 01:43 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Zippy316

Zippy316
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 20 June 2012 - 08:56 PM

OTL logfile created on: 6/20/2012 9:46:04 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Conner\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.52% Memory free
4.00 Gb Paging File | 2.93 Gb Available in Paging File | 73.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 53.34 Gb Free Space | 47.75% Space Free | Partition Type: NTFS

Computer Name: CONNER-PC | User Name: Conner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Conner\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (catchme) -- C:\Users\Conner\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\Conner\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=pandasecuritytb&v=2_0
IE - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 05 34 27 8D 63 CC 01 [binary data]
IE - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
IE - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Conner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Conner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Conner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Conner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Conner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 22:16:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/14 09:54:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conner\AppData\Roaming\Mozilla\Extensions
[2012/05/17 00:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conner\AppData\Roaming\Mozilla\Firefox\Profiles\f83d5n3e.default\extensions
[2012/05/17 00:10:42 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Conner\AppData\Roaming\Mozilla\Firefox\Profiles\f83d5n3e.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/31 00:17:11 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Conner\AppData\Roaming\Mozilla\Firefox\Profiles\f83d5n3e.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/08/31 00:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conner\AppData\Roaming\Mozilla\Firefox\Profiles\f83d5n3e.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/08/31 00:17:11 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Conner\AppData\Roaming\Mozilla\Firefox\Profiles\f83d5n3e.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/01/07 21:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 22:16:48 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/08 10:41:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/08 10:41:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Conner\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Conner\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Conner\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Vizzed Retro Game Room Plugin (Enabled) = C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Conner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Conner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Conner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Conner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/20 09:42:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-183399825-1810263444-2488447323-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{602BEF5D-1608-4348-A2C9-5776D6FF2DA7}: DhcpNameServer = 167.206.245.130 167.206.245.129 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75961B4C-93CF-4812-8062-287B3AA1A0F4}: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/20 09:49:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/20 09:49:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/20 09:32:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/20 09:32:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/20 09:32:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/20 09:32:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/20 09:32:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/15 00:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/14 17:20:46 | 000,000,000 | ---D | C] -- C:\Users\Conner\AppData\Roaming\Malwarebytes
[2012/06/14 17:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/14 17:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/14 17:20:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/14 17:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/14 16:10:42 | 000,000,000 | ---D | C] -- C:\Users\Conner\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/14 16:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/14 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/14 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/14 16:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/10 17:05:12 | 000,000,000 | ---D | C] -- C:\Users\Conner\AppData\Local\Macromedia
[2012/06/10 11:55:49 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/03 12:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/03 12:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/03 12:38:51 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/03 12:38:51 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

========== Files - Modified Within 30 Days ==========

[2012/06/20 21:47:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 21:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/20 20:56:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183399825-1810263444-2488447323-1001UA.job
[2012/06/20 14:56:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183399825-1810263444-2488447323-1001Core.job
[2012/06/20 14:28:34 | 000,000,512 | ---- | M] () -- C:\Users\Conner\Documents\MBR.dat
[2012/06/20 09:42:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/20 09:24:11 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 09:24:11 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 09:19:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/20 09:19:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/20 09:18:56 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/16 10:00:47 | 000,000,000 | ---- | M] () -- C:\Users\Conner\defogger_reenable
[2012/06/14 17:20:19 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 16:10:39 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/14 16:05:04 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/06/14 16:05:04 | 000,002,040 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/14 11:56:38 | 000,002,403 | ---- | M] () -- C:\Users\Conner\Desktop\Google Chrome.lnk
[2012/06/10 12:47:02 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/10 12:47:02 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/06 16:13:06 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/06/03 12:38:29 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/03 12:38:29 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

========== Files Created - No Company Name ==========

[2012/06/20 14:28:34 | 000,000,512 | ---- | C] () -- C:\Users\Conner\Documents\MBR.dat
[2012/06/20 09:32:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/20 09:32:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/20 09:32:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/20 09:32:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/20 09:32:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/16 10:00:47 | 000,000,000 | ---- | C] () -- C:\Users\Conner\defogger_reenable
[2012/06/14 17:20:19 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 16:10:39 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/10 11:55:50 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/06 16:13:06 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_xusb21_01009.Wdf
[2011/11/30 09:14:23 | 000,000,000 | ---- | C] () -- C:\Users\Conner\AppData\Local\{B2057736-08D3-4147-BBE0-A37C1A7F5479}
[2011/08/31 21:25:57 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/08/31 21:25:57 | 000,022,328 | ---- | C] () -- C:\Users\Conner\AppData\Roaming\PnkBstrK.sys
[2011/08/31 21:25:30 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/08/31 21:25:29 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/08/31 21:25:28 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/06/14 09:54:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 22 June 2012 - 02:05 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O3 - HKU\S-1-5-21-183399825-1810263444-2488447323-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 24 June 2012 - 11:19 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 27 June 2012 - 11:27 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 30 June 2012 - 11:58 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users