Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

babylone toolbar


  • This topic is locked This topic is locked
26 replies to this topic

#1 twerkman

twerkman

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:16 AM

Posted 30 January 2012 - 04:30 AM

Dear freinds,
I cannot remove the babylone search engine from my explorer.
I downloaded hijackthis and this is my log.
can you help me?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:18, on 30-1-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Manager for Voipbuster\ManagerForVoipbuster.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/7
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQCON/7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/clipextractor/{E7DCA26F-5ACC-41A4-AF40-CBA2CD20B9E5}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://217.64.59.190:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [C:\Windows\SysWOW64\V0470Cvw.dll] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0470Cvw.dll
O4 - HKLM\..\Run: [C:\Windows\SysWOW64\V0470Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0470Ext.ax
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - Startup: Manager for Skype.lnk = C:\Program Files (x86)\Manager for Skype\Manager For Skype.exe
O4 - Startup: Manager for Voipbuster.lnk = C:\Program Files (x86)\Manager for Voipbuster\ManagerForVoipbuster.exe
O4 - Global Startup: Wi-Fi MediaConnect.lnk = C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://list1.111222.cn
O15 - Trusted Zone: http://kan.pps.tv
O15 - Trusted Zone: http://list1.pps.tv
O15 - Trusted Zone: http://tvguide.pps.tv
O15 - Trusted Zone: http://vodguide.pps.tv
O15 - Trusted Zone: http://list1.ppstream.com
O15 - Trusted Zone: http://notice.ppstream.com
O15 - Trusted Zone: http://xml1.ppstream.com
O15 - Trusted Zone: http://xml2.ppstream.com
O15 - Trusted Zone: http://xml3.ppstream.com
O15 - Trusted Zone: http://list1.ppstream.net
O15 - Trusted Zone: http://list1.ppstv.com
O15 - Trusted Zone: http://list1.ppstv.net
O15 - ESC Trusted Zone: http://list1.111222.cn
O15 - ESC Trusted Zone: http://kan.pps.tv
O15 - ESC Trusted Zone: http://list1.pps.tv
O15 - ESC Trusted Zone: http://tvguide.pps.tv
O15 - ESC Trusted Zone: http://vodguide.pps.tv
O15 - ESC Trusted Zone: http://list1.ppstream.com
O15 - ESC Trusted Zone: http://notice.ppstream.com
O15 - ESC Trusted Zone: http://xml1.ppstream.com
O15 - ESC Trusted Zone: http://xml2.ppstream.com
O15 - ESC Trusted Zone: http://xml3.ppstream.com
O15 - ESC Trusted Zone: http://list1.ppstream.net
O15 - ESC Trusted Zone: http://list1.ppstv.com
O15 - ESC Trusted Zone: http://list1.ppstv.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} (CeWe Color AG & Co. OHG Control) - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://62.177.146.89/cab/OCXChecker_8120.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 13346 bytes

Edited by hamluis, 30 January 2012 - 08:07 AM.
Moved from Win 7 to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 AM

Posted 31 January 2012 - 01:49 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 AM

Posted 03 February 2012 - 01:39 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 AM

Posted 05 February 2012 - 11:11 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 AM

Posted 13 February 2012 - 12:45 PM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 twerkman

twerkman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:16 AM

Posted 13 February 2012 - 01:24 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo




I put the DDS file as an attachment.

Thanks for helping.

Regards
Tanya

#7 twerkman

twerkman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:16 AM

Posted 13 February 2012 - 07:16 PM

This is the DDS log file.
Thank you for your help!







.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Tanya at 17:20:12 on 2012-02-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.1857 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Manager for Voipbuster\ManagerForVoipbuster.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uSearch Page =
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{E7DCA26F-5ACC-41A4-AF40-CBA2CD20B9E5}
uInternet Settings,ProxyServer = hxxp://217.64.59.190:80
uInternet Settings,ProxyOverride = local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {00000000-5736-4205-0008-F7ED0776FB27} - No File
TB: {851552F5-B878-4B03-904F-2AD6A4CC8994} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [C:\Windows\SysWOW64\V0470Cvw.dll] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0470Cvw.dll
mRun: [C:\Windows\SysWOW64\V0470Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0470Ext.ax
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Tanya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MANAGE~2.LNK - C:\Program Files (x86)\Manager for Skype\Manager For Skype.exe
StartupFolder: C:\Users\Tanya\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MANAGE~1.LNK - C:\Program Files (x86)\Manager for Voipbuster\ManagerForVoipbuster.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WI-FIM~1.LNK - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://62.177.146.89/cab/OCXChecker_8120.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E733AE63-B4E8-468B-A7F6-6EF9B7C96652} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E733AE63-B4E8-468B-A7F6-6EF9B7C96652}\26E6762613 : DhcpNameServer = 192.168.4.254
TCP: Interfaces\{E733AE63-B4E8-468B-A7F6-6EF9B7C96652}\3596475636F6D6144443237383 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E733AE63-B4E8-468B-A7F6-6EF9B7C96652}\E4544574541425 : DhcpNameServer = 10.0.0.1
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{043C5167-00BB-4324-AF7E-62013FAEDACF}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{043C5167-00BB-4324-AF7E-62013FAEDACF}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {00000000-5736-4205-0008-F7ED0776FB27} - No File
TB-X64: {851552F5-B878-4B03-904F-2AD6A4CC8994} - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [C:\Windows\SysWOW64\V0470Cvw.dll] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0470Cvw.dll
mRun-x64: [C:\Windows\SysWOW64\V0470Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0470Ext.ax
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(standaard)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\nt5x4yao.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=74a9f0920000000000000a60768242f4&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=74a9f0920000000000000a60768242f4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.hardId - 74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15357
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:56:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-12 89600]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-5 92592]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-13 227896]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 WFMC_VAD;WFMCVAD (WDM);C:\Windows\system32\DRIVERS\wfmcvad.sys --> C:\Windows\system32\DRIVERS\wfmcvad.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-19 135664]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-19 135664]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-15 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StkTMini;Syntek AVStream USB2.0 ATV;C:\Windows\system32\Drivers\StkTMini.sys --> C:\Windows\system32\Drivers\StkTMini.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VF0470Vid;Live! Cam Notebook (VF0470);C:\Windows\system32\DRIVERS\V0470Vid.sys --> C:\Windows\system32\DRIVERS\V0470Vid.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
.
=============== Created Last 30 ================
.
13-2-2012 8:42 -------- d-----w- C:\Users\Tanya\AppData\Local\{22BDBF63-3D62-498D-B96A-F72BB6D02C13}
13-2-2012 8:41 -------- d-----w- C:\Users\Tanya\AppData\Local\{EDD7142C-9AB4-4F62-B594-ECAA312BE2DE}
13-2-2012 8:34 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E11834B-8284-43A1-9D6C-69DEDC38D3EB}\mpengine.dll
12-2-2012 20:41 -------- d-----w- C:\Users\Tanya\AppData\Local\{9028772E-48E3-4644-9401-5FC17DB8256D}
12-2-2012 20:41 -------- d-----w- C:\Users\Tanya\AppData\Local\{F887479D-E0D4-4614-AFF9-A2FAA9FBBC82}
12-2-2012 8:40 -------- d-----w- C:\Users\Tanya\AppData\Local\{C9B9A162-078B-47CD-876E-AEBE53E61B77}
12-2-2012 8:37 -------- d-----w- C:\Users\Tanya\AppData\Local\{1656C97D-B78E-4C13-ADDB-BED15FC578EC}
12-2-2012 8:36 -------- d-----w- C:\Users\Tanya\AppData\Local\{688B7798-AACD-470D-B655-C5CDE3AB528A}
12-2-2012 8:36 -------- d-----w- C:\Users\Tanya\AppData\Local\{3BD93D13-ED9E-46EF-9991-664704F4ACCB}
11-2-2012 20:36 -------- d-----w- C:\Users\Tanya\AppData\Local\{C0EDF992-E1DE-4C3F-BF9A-5CF7C57B2821}
11-2-2012 20:36 -------- d-----w- C:\Users\Tanya\AppData\Local\{943DE7D8-DAF4-4BE9-B974-3E28A41DF5E7}
11-2-2012 20:35 -------- d-----w- C:\Users\Tanya\AppData\Local\{751B5145-35A2-4109-97F4-9553886ED9C2}
11-2-2012 20:35 -------- d-----w- C:\Users\Tanya\AppData\Local\{540AC5FF-6743-43F9-BD93-1763419C2A52}
11-2-2012 8:35 -------- d-----w- C:\Users\Tanya\AppData\Local\{B4C4BC33-5BC1-49F4-9A5B-15444E765A5B}
11-2-2012 8:34 -------- d-----w- C:\Users\Tanya\AppData\Local\{498A552B-CF58-4D52-9DD5-778E6A8A02BC}
10-2-2012 20:34 -------- d-----w- C:\Users\Tanya\AppData\Local\{F6081016-00A2-476E-AFC0-E1D8E7CA23A1}
10-2-2012 20:34 -------- d-----w- C:\Users\Tanya\AppData\Local\{B02DF548-F042-450F-AC44-6A13107B1BEF}
10-2-2012 8:35 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E677F84-CB9D-44D1-90E3-75750F2044BC}\gapaengine.dll
10-2-2012 8:33 -------- d-----w- C:\Users\Tanya\AppData\Local\{69B15BC3-3E87-49F5-8640-2C78CC0CB0B4}
10-2-2012 8:33 -------- d-----w- C:\Users\Tanya\AppData\Local\{04C77401-739E-4597-AFFA-DD2C7D631421}
9-2-2012 20:33 -------- d-----w- C:\Users\Tanya\AppData\Local\{D53617FF-E83D-4564-ABBF-B1B441BD75B7}
9-2-2012 20:33 -------- d-----w- C:\Users\Tanya\AppData\Local\{85DA47B9-C090-44E0-A3E2-3801FFCAECCD}
9-2-2012 8:32 -------- d-----w- C:\Users\Tanya\AppData\Local\{C3F870BD-9B41-4D04-9446-836D8D8D7A28}
9-2-2012 8:32 -------- d-----w- C:\Users\Tanya\AppData\Local\{0962D6EA-31F4-41B7-898D-57CC11AB8C85}
8-2-2012 20:32 -------- d-----w- C:\Users\Tanya\AppData\Local\{B46126E4-3C7B-4310-86E4-6133249952EA}
8-2-2012 20:31 -------- d-----w- C:\Users\Tanya\AppData\Local\{5B79F332-E1E5-4265-BE6C-04A607B784B6}
8-2-2012 8:31 -------- d-----w- C:\Users\Tanya\AppData\Local\{29F3E5E8-420D-4822-AB6E-597FB24324D3}
8-2-2012 8:31 -------- d-----w- C:\Users\Tanya\AppData\Local\{31B4F552-223A-4B80-A509-358B99600D6F}
7-2-2012 20:31 -------- d-----w- C:\Users\Tanya\AppData\Local\{69F3B3DC-3989-4D29-9558-EAC5AAA34AAC}
7-2-2012 20:30 -------- d-----w- C:\Users\Tanya\AppData\Local\{E9BE24CA-C422-49F1-8B01-1BABEB12A6AC}
7-2-2012 8:30 -------- d-----w- C:\Users\Tanya\AppData\Local\{7D7F7B77-CC89-4435-A08E-524F0DBA10DB}
7-2-2012 8:30 -------- d-----w- C:\Users\Tanya\AppData\Local\{6B895D03-4301-4722-9F0B-8D2A2FB05953}
6-2-2012 20:30 -------- d-----w- C:\Users\Tanya\AppData\Local\{47B91747-965E-41E1-AB5A-786358F01FDA}
6-2-2012 20:29 -------- d-----w- C:\Users\Tanya\AppData\Local\{8DAB1365-DF6A-4EE5-897E-6C96BEDC5946}
6-2-2012 8:29 -------- d-----w- C:\Users\Tanya\AppData\Local\{03EB9CD5-F724-4B9B-A8E2-54ED56F0C652}
6-2-2012 8:29 -------- d-----w- C:\Users\Tanya\AppData\Local\{D55B1090-2E8D-4173-A5A1-FCF525712BED}
5-2-2012 11:55 -------- d-----w- C:\Users\Tanya\AppData\Local\{8A25A1D8-8D0C-4E1D-B34B-5B90DA95B531}
5-2-2012 11:55 -------- d-----w- C:\Users\Tanya\AppData\Local\{F0F58228-4C53-44B6-904C-264D8298EF83}
4-2-2012 20:19 -------- d-----w- C:\Users\Tanya\AppData\Local\{3C154420-1E2D-4F1E-95FC-34EDABA5C2E4}
4-2-2012 20:18 -------- d-----w- C:\Users\Tanya\AppData\Local\{9F51CAB8-3F66-4FA0-84F3-667C4B65DA59}
4-2-2012 8:18 -------- d-----w- C:\Users\Tanya\AppData\Local\{0B45AEE9-04AE-4ACE-9D1A-4E4B08D3879F}
4-2-2012 8:14 -------- d-----w- C:\Users\Tanya\AppData\Local\{1ED0A7AA-CB34-4623-AF21-99CE4D9B763F}
3-2-2012 19:23 -------- d-----w- C:\Users\Tanya\AppData\Local\{62429886-6576-4B92-9EBA-F2287E9B44D7}
3-2-2012 19:23 -------- d-----w- C:\Users\Tanya\AppData\Local\{F8C94F25-EA90-4361-B3AE-300025272B27}
3-2-2012 7:22 -------- d-----w- C:\Users\Tanya\AppData\Local\{BEA8D052-D28D-40BA-A74E-B8DCD09992A9}
3-2-2012 7:22 -------- d-----w- C:\Users\Tanya\AppData\Local\{DF79E2FE-55C7-4997-B78C-7A8DB1F90D07}
2-2-2012 15:40 -------- d-----w- C:\Users\Tanya\AppData\Local\{011B7785-9B9D-412B-A0B5-AC4A87E1F818}
2-2-2012 15:39 -------- d-----w- C:\Users\Tanya\AppData\Local\{1D3C60AF-63D6-423B-995A-77D2722C02BA}
2-2-2012 12:41 -------- d-----w- C:\Users\Tanya\AppData\Local\{92C24A34-C7D7-4355-B0AE-ED1935898E01}
2-2-2012 12:40 -------- d-----w- C:\Users\Tanya\AppData\Local\{6339B5DA-8414-491A-A087-964E0A13F4E0}
2-2-2012 0:25 -------- d-----w- C:\Users\Tanya\AppData\Local\{273A3DCA-E425-420E-BE55-31B394902B83}
2-2-2012 0:25 -------- d-----w- C:\Users\Tanya\AppData\Local\{24B84140-2975-4C87-BD36-84546ADA033A}
1-2-2012 7:31 -------- d-----w- C:\Users\Tanya\AppData\Local\{D43BC8CB-EE68-4F41-8660-7CE076C50C08}
1-2-2012 7:30 -------- d-----w- C:\Users\Tanya\AppData\Local\{1062A35A-D003-4A66-BF4E-FBDF30BF071A}
31-1-2012 19:30 -------- d-----w- C:\Users\Tanya\AppData\Local\{083898CB-0AEC-481C-AE15-4A72B1FA42DF}
31-1-2012 19:30 -------- d-----w- C:\Users\Tanya\AppData\Local\{0DCF3CF9-FD9A-44D5-B52F-EBCEA1509823}
31-1-2012 7:29 -------- d-----w- C:\Users\Tanya\AppData\Local\{8246B83A-3857-4FD3-9133-054423C59409}
30-1-2012 19:29 -------- d-----w- C:\Users\Tanya\AppData\Local\{6FDCA5CF-D9B7-4EF1-B7DB-FA42FA4DAD28}
30-1-2012 19:29 -------- d-----w- C:\Users\Tanya\AppData\Local\{5EE11621-1EA7-44A1-A664-7136D11581B7}
30-1-2012 19:28 -------- d-----w- C:\Users\Tanya\AppData\Local\{00FACA75-7057-4267-A0E4-91EBE831CFFA}
30-1-2012 9:25 388096 ----a-r- C:\Users\Tanya\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
30-1-2012 9:25 -------- d-----w- C:\Program Files (x86)\Trend Micro
30-1-2012 7:28 -------- d-----w- C:\Users\Tanya\AppData\Local\{C4F2683A-990B-44D6-985E-CAA9A00EE13F}
30-1-2012 7:28 -------- d-----w- C:\Users\Tanya\AppData\Local\{8F365678-4C58-4817-A201-C411DF638BE1}
29-1-2012 19:27 -------- d-----w- C:\Users\Tanya\AppData\Local\{A40BD6ED-CAA6-4413-BC43-CED298B70E36}
29-1-2012 19:27 -------- d-----w- C:\Users\Tanya\AppData\Local\{C3B33B04-D7B8-4407-A825-AE1ABC7218F0}
29-1-2012 19:27 -------- d-----w- C:\Users\Tanya\AppData\Local\{76493783-3819-441F-AC8F-38252F6927D7}
29-1-2012 19:26 -------- d-----w- C:\Users\Tanya\AppData\Local\{A46C5EAF-55B6-4959-8516-B78E237A6D59}
29-1-2012 7:26 -------- d-----w- C:\Users\Tanya\AppData\Local\{39429CA0-8344-4496-A8E6-C23D71AAB419}
29-1-2012 7:26 -------- d-----w- C:\Users\Tanya\AppData\Local\{71AFA793-B935-4341-BA15-0A94B27DF103}
28-1-2012 9:23 -------- d-----w- C:\Users\Tanya\AppData\Local\{77FAA3E9-BD6C-4E36-B507-4D92FF13AE81}
28-1-2012 9:23 -------- d-----w- C:\Users\Tanya\AppData\Local\{C54DA175-785A-4E57-9CE4-9590D00EC88A}
27-1-2012 21:05 -------- d-----w- C:\Users\Tanya\AppData\Local\{764F3B8A-0962-48F9-9596-56146E29EA0E}
27-1-2012 21:05 -------- d-----w- C:\Users\Tanya\AppData\Local\{814810E9-5D97-4F4B-B458-3A35259DD202}
27-1-2012 8:23 -------- d-----w- C:\Users\Tanya\AppData\Local\{07F49EB1-9D98-48B4-96C7-358B62442CA4}
27-1-2012 8:22 -------- d-----w- C:\Users\Tanya\AppData\Local\{0A498CD3-2535-4F58-AD24-E73ACF365B97}
26-1-2012 20:22 -------- d-----w- C:\Users\Tanya\AppData\Local\{87FE00F3-E64B-4A99-9532-43525FCD97B4}
26-1-2012 20:21 -------- d-----w- C:\Users\Tanya\AppData\Local\{06C4E46A-9D44-473E-8682-185490512086}
26-1-2012 8:21 -------- d-----w- C:\Users\Tanya\AppData\Local\{2561AF56-6FBE-4A69-B1EF-EAD4A0315D22}
26-1-2012 8:21 -------- d-----w- C:\Users\Tanya\AppData\Local\{68BD46B9-6A8B-43F4-8097-767F17C2CEFB}
25-1-2012 15:44 -------- d-----w- C:\Users\Tanya\AppData\Local\{110A79EF-1294-4ECC-871D-4097FCC220C8}
25-1-2012 15:44 -------- d-----w- C:\Users\Tanya\AppData\Local\{09D7865A-DA08-4F61-98EC-F084189CE2E3}
25-1-2012 3:36 -------- d-----w- C:\Users\Tanya\AppData\Local\{DFE67A4F-9E90-435E-B720-4DF94E9B1BA9}
25-1-2012 3:35 -------- d-----w- C:\Users\Tanya\AppData\Local\{26E79073-7AF3-40ED-AD73-D392A29BE782}
24-1-2012 9:45 -------- d-----w- C:\Users\Tanya\AppData\Local\{CCD9967F-0D41-4576-8B9D-6FEDE63282FB}
24-1-2012 9:45 -------- d-----w- C:\Users\Tanya\AppData\Local\{662C7377-100A-4C24-97D0-9DB6513BB4FB}
24-1-2012 9:45 -------- d-----w- C:\Users\Tanya\AppData\Local\{70FE484B-EF11-46A0-B74E-F71D131C5847}
23-1-2012 21:44 -------- d-----w- C:\Users\Tanya\AppData\Local\{F69B0962-58DA-4307-8BF7-55DE649A66A7}
23-1-2012 21:44 -------- d-----w- C:\Users\Tanya\AppData\Local\{79452882-4555-4595-A7DF-9148768D09EB}
23-1-2012 21:44 -------- d-----w- C:\Users\Tanya\AppData\Local\{74A52B35-595D-4E6F-9719-E6B762D85C9B}
23-1-2012 21:44 -------- d-----w- C:\Users\Tanya\AppData\Local\{A7618C61-6699-4D17-9883-52A862BA3BA7}
23-1-2012 9:44 -------- d-----w- C:\Users\Tanya\AppData\Local\{0F1DF1AD-FB84-4A9A-8FB9-5B910D028B66}
23-1-2012 9:43 -------- d-----w- C:\Users\Tanya\AppData\Local\{DD907B09-2180-41FC-9063-E55A6E7D3A52}
22-1-2012 21:43 -------- d-----w- C:\Users\Tanya\AppData\Local\{99396592-E447-4237-A4E7-7658904CE71A}
22-1-2012 21:43 -------- d-----w- C:\Users\Tanya\AppData\Local\{C8F9E8A7-07D9-44B0-AFDF-762D12B52D8B}
22-1-2012 21:43 -------- d-----w- C:\Users\Tanya\AppData\Local\{B8FD885C-AF0E-442B-9561-37B48BE7E6D7}
22-1-2012 21:42 -------- d-----w- C:\Users\Tanya\AppData\Local\{DCFF2645-E2E9-4ABB-B90E-29DFB5C37990}
22-1-2012 9:42 -------- d-----w- C:\Users\Tanya\AppData\Local\{3AF3A309-7F51-4A08-A2B0-A9E3682B67E5}
22-1-2012 9:41 -------- d-----w- C:\Users\Tanya\AppData\Local\{17C9102D-D953-45CD-A8F0-DA95F5EE1EA2}
21-1-2012 21:41 -------- d-----w- C:\Users\Tanya\AppData\Local\{904E5319-BC0C-4124-8E05-91D5F656D01E}
21-1-2012 21:41 -------- d-----w- C:\Users\Tanya\AppData\Local\{0C68F330-B3AC-4BB4-B98C-C1CEE042FAB8}
21-1-2012 21:41 -------- d-----w- C:\Users\Tanya\AppData\Local\{639C93E3-F16F-4B89-9284-DF87F05F9974}
21-1-2012 21:40 -------- d-----w- C:\Users\Tanya\AppData\Local\{3C89C5AB-683E-4A0D-85E9-C8136756D46C}
21-1-2012 9:40 -------- d-----w- C:\Users\Tanya\AppData\Local\{33B31599-BE7E-4166-A67B-DB7C99666BA5}
21-1-2012 9:40 -------- d-----w- C:\Users\Tanya\AppData\Local\{8EC4D1D2-5AAC-4660-AB1E-E1B355F0A9BE}
20-1-2012 11:24 -------- d-----w- C:\Users\Tanya\AppData\Local\{8554675E-A0FA-47ED-BD9D-D1E3AF9FD207}
20-1-2012 11:24 -------- d-----w- C:\Users\Tanya\AppData\Local\{46FF1DB1-F354-47DF-8222-3BCDB1E057CB}
20-1-2012 11:24 -------- d-----w- C:\Users\Tanya\AppData\Local\{C569E477-133D-4E61-BB6D-B7E2FA2CBD13}
19-1-2012 23:24 -------- d-----w- C:\Users\Tanya\AppData\Local\{2CEBF289-DA43-46F7-883B-BDAB38EE0AE7}
19-1-2012 23:23 -------- d-----w- C:\Users\Tanya\AppData\Local\{0CF8CE05-E73C-4DDF-9FF2-15FC4C814A08}
19-1-2012 23:23 -------- d-----w- C:\Users\Tanya\AppData\Local\{95BE796E-A61E-427C-AF51-0C5999ECAFD1}
19-1-2012 23:23 -------- d-----w- C:\Users\Tanya\AppData\Local\{A533D7A1-96D8-484E-8460-D49687A80E9F}
19-1-2012 11:23 -------- d-----w- C:\Users\Tanya\AppData\Local\{BE234913-7C73-431A-9185-62B97A976DFA}
19-1-2012 11:22 -------- d-----w- C:\Users\Tanya\AppData\Local\{94F9FF50-F7F0-435D-82D7-BC9C5F8F4BD0}
18-1-2012 23:22 -------- d-----w- C:\Users\Tanya\AppData\Local\{32446C64-37A8-450B-93D8-F9F13C8E0652}
18-1-2012 23:22 -------- d-----w- C:\Users\Tanya\AppData\Local\{E91DA65C-7F5F-4C88-98B7-0335A75B5610}
18-1-2012 14:56 -------- d-----w- C:\Users\Tanya\AppData\Local\Babylon
18-1-2012 14:56 -------- d-----w- C:\Users\Tanya\AppData\Roaming\Babylon
18-1-2012 14:56 -------- d-----w- C:\ProgramData\Babylon
18-1-2012 14:56 -------- d-----w- C:\Program Files (x86)\PDFReader
18-1-2012 11:21 -------- d-----w- C:\Users\Tanya\AppData\Local\{80A4CCCA-513B-485C-B2F6-AED598985CA6}
17-1-2012 23:21 -------- d-----w- C:\Users\Tanya\AppData\Local\{D334902E-9BE5-4508-A1E7-DB5D26377D79}
17-1-2012 10:04 -------- d-----w- C:\Users\Tanya\AppData\Local\{308F0EB7-BDCA-4A6B-9663-6D91833A76DD}
17-1-2012 10:03 -------- d-----w- C:\Users\Tanya\AppData\Local\{99AEF16A-96BA-4F4D-AF54-F49D3BF3167C}
16-1-2012 22:03 -------- d-----w- C:\Users\Tanya\AppData\Local\{86052603-14DC-487C-A2A2-0AE3D671DFA2}
16-1-2012 10:02 -------- d-----w- C:\Users\Tanya\AppData\Local\{D71FB0E1-3207-41FF-89A7-1ED4B9F60837}
15-1-2012 22:02 -------- d-----w- C:\Users\Tanya\AppData\Local\{79C2865B-BE35-4FA6-B690-FBFB7D61BE69}
15-1-2012 10:01 -------- d-----w- C:\Users\Tanya\AppData\Local\{32710DF6-5186-4E2E-97F8-BB6853D296B4}
15-1-2012 10:01 -------- d-----w- C:\Users\Tanya\AppData\Local\{11053CE3-D631-498D-98DD-2D22B0FDC536}
14-1-2012 22:00 -------- d-----w- C:\Users\Tanya\AppData\Local\{EBCCD45F-1E07-4A24-8DA7-21BC10AE5AA9}
14-1-2012 22:00 -------- d-----w- C:\Users\Tanya\AppData\Local\{38B14820-FF8B-4279-B695-3BA27FED3670}
14-1-2012 22:00 -------- d-----w- C:\Users\Tanya\AppData\Local\{E97E8708-24DF-4D10-927E-A0AB287A2906}
14-1-2012 22:00 -------- d-----w- C:\Users\Tanya\AppData\Local\{DA64E5F7-CEAC-45A4-A9CB-22CC3BCC1F6C}
.
==================== Find3M ====================
.
31-1-2012 12:44 279656 ------w- C:\Windows\System32\MpSigStub.exe
24-11-2011 4:52 3145216 ----a-w- C:\Windows\System32\win32k.sys
19-11-2011 14:58 77312 ----a-w- C:\Windows\System32\packager.dll
19-11-2011 14:01 67072 ----a-w- C:\Windows\SysWow64\packager.dll
17-11-2011 6:49 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
17-11-2011 6:49 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
17-11-2011 6:44 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
17-11-2011 6:41 1731920 ----a-w- C:\Windows\System32\ntdll.dll
17-11-2011 6:35 395776 ----a-w- C:\Windows\System32\webio.dll
17-11-2011 6:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
17-11-2011 6:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
17-11-2011 6:35 340992 ----a-w- C:\Windows\System32\schannel.dll
17-11-2011 6:35 28160 ----a-w- C:\Windows\System32\secur32.dll
17-11-2011 6:35 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
17-11-2011 6:33 31232 ----a-w- C:\Windows\System32\lsass.exe
17-11-2011 5:38 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
17-11-2011 5:35 314880 ----a-w- C:\Windows\SysWow64\webio.dll
17-11-2011 5:34 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
17-11-2011 5:34 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
17-11-2011 5:28 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 17:22:47,49 ===============

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 AM

Posted 13 February 2012 - 08:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 twerkman

twerkman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:16 AM

Posted 14 February 2012 - 06:10 AM

Here is the log of the combofix:

ComboFix 12-02-13.01 - Tanya 14-02-2012 9:18.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.1374 [GMT 1:00]
Gestart vanuit: c:\users\Tanya\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tanya\AppData\Roaming\inst.exe
c:\users\Tanya\AppData\Roaming\vso_ts_preview.xml
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-14 to 2012-02-14 ))))))))))))))))))))))))))))))
.
.
2012-02-14 08:25 . 2012-02-14 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 16:30 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C7AF210-22D9-4F50-A15F-AF35F0A52A43}\mpengine.dll
2012-02-10 08:35 . 2012-02-10 08:34 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E677F84-CB9D-44D1-90E3-75750F2044BC}\gapaengine.dll
2012-01-30 09:25 . 2012-01-30 09:25 388096 ----a-r- c:\users\Tanya\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-30 09:25 . 2012-01-30 09:25 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-18 14:56 . 2012-01-18 14:56 237 ----a-w- C:\user.js
2012-01-18 14:56 . 2012-01-18 14:56 -------- d-----w- c:\users\Tanya\AppData\Local\Babylon
2012-01-18 14:56 . 2012-01-18 14:56 -------- d-----w- c:\users\Tanya\AppData\Roaming\Babylon
2012-01-18 14:56 . 2012-01-18 14:56 -------- d-----w- c:\programdata\Babylon
2012-01-18 14:56 . 2012-01-18 14:56 -------- d-----w- c:\program files (x86)\PDFReader
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-02-15 07:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 05:15 . 2010-04-18 07:01 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-15 21:30 . 2010-06-23 06:09 882512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-05 09:11 . 2010-06-23 06:09 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-11-24 04:52 . 2011-12-14 06:36 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 21:52 . 2010-02-28 13:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-11-23 21:52 . 2010-02-28 13:10 882496 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-19 14:58 . 2012-01-11 09:42 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 09:42 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-13 00:19 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:49 . 2012-01-13 00:19 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:44 . 2012-01-13 00:19 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-11 09:42 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-13 00:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-13 00:19 29184 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-13 00:19 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-13 00:19 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-13 00:19 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-13 00:19 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-13 00:19 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-11 09:42 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-13 00:19 314880 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-13 00:19 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-13 00:19 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-13 00:19 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-12-05 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"c:\windows\SysWOW64\V0470Cvw.dll"="c:\windows\system32\RegSvr32.exe" [2009-07-14 14848]
"c:\windows\SysWOW64\V0470Ext.ax"="c:\windows\system32\RegSvr32.exe" [2009-07-14 14848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Manager for Skype.lnk - c:\program files (x86)\Manager for Skype\Manager For Skype.exe [2010-12-14 670720]
Manager for Voipbuster.lnk - c:\program files (x86)\Manager for Voipbuster\ManagerForVoipbuster.exe [2007-9-29 425984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wi-Fi MediaConnect.lnk - c:\program files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe [2011-2-25 2345984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\DRIVERS\wfmcvad.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-19 16:30]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-19 16:30]
.
2012-02-07 c:\windows\Tasks\HPCeeScheduleForTanya.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-10 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 365592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-13 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-05-13 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"c:\windows\system32\V0470Ext.ax"="c:\windows\system32\RegSvr32.exe" [2009-07-14 19456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{E7DCA26F-5ACC-41A4-AF40-CBA2CD20B9E5}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = hxxp://217.64.59.190:80
uInternet Settings,ProxyOverride = local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
TCP: DhcpNameServer = 192.168.1.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\nt5x4yao.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=74a9f0920000000000000a60768242f4&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.id - 74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.hardId - 74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15357
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-02-14 09:58:15
ComboFix-quarantined-files.txt 2012-02-14 08:58
.
Pre-Run: 243.575.111.680 bytes beschikbaar
Post-Run: 243.779.371.008 bytes beschikbaar
.
- - End Of File - - 36240E0FC1BCAD995052ACE115C9AA1A


--------------------



When I open a newbrowser I don't get the babylon, but if I open a new tabbblad (a new window) I get the babylon again.

My problem is still not solved :(

I put a screenshot of my browser after the combofix so you can see it.


Regards
Tanya

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 AM

Posted 14 February 2012 - 10:46 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 twerkman

twerkman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:16 AM

Posted 14 February 2012 - 11:32 AM

17:20:11.0703 3536 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
17:20:11.0859 3536 ============================================================
17:20:11.0859 3536 Current date / time: 2012/02/14 17:20:11.0859
17:20:11.0859 3536 SystemInfo:
17:20:11.0859 3536
17:20:11.0859 3536 OS Version: 6.1.7601 ServicePack: 1.0
17:20:11.0859 3536 Product type: Workstation
17:20:11.0859 3536 ComputerName: TANYA-PC
17:20:11.0859 3536 UserName: Tanya
17:20:11.0859 3536 Windows directory: C:\Windows
17:20:11.0859 3536 System windows directory: C:\Windows
17:20:11.0859 3536 Running under WOW64
17:20:11.0859 3536 Processor architecture: Intel x64
17:20:11.0859 3536 Number of processors: 2
17:20:11.0859 3536 Page size: 0x1000
17:20:11.0859 3536 Boot type: Normal boot
17:20:11.0859 3536 ============================================================
17:20:12.0936 3536 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:20:13.0029 3536 \Device\Harddisk0\DR0:
17:20:13.0029 3536 MBR used
17:20:13.0029 3536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:20:13.0029 3536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38954000
17:20:13.0029 3536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x389B8000, BlocksNum 0x19CD800
17:20:13.0154 3536 Initialize success
17:20:13.0154 3536 ============================================================
17:20:17.0351 3772 ============================================================
17:20:17.0351 3772 Scan started
17:20:17.0351 3772 Mode: Manual;
17:20:17.0351 3772 ============================================================
17:20:18.0193 3772 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:20:18.0193 3772 1394ohci - ok
17:20:18.0255 3772 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:20:18.0255 3772 ACPI - ok
17:20:18.0287 3772 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:20:18.0287 3772 AcpiPmi - ok
17:20:18.0318 3772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:20:18.0333 3772 adp94xx - ok
17:20:18.0365 3772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:20:18.0365 3772 adpahci - ok
17:20:18.0411 3772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:20:18.0411 3772 adpu320 - ok
17:20:18.0489 3772 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:20:18.0489 3772 AFD - ok
17:20:18.0552 3772 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
17:20:18.0552 3772 AgereSoftModem - ok
17:20:18.0599 3772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:20:18.0599 3772 agp440 - ok
17:20:18.0645 3772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:20:18.0645 3772 aliide - ok
17:20:18.0677 3772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:20:18.0677 3772 amdide - ok
17:20:18.0708 3772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:20:18.0708 3772 AmdK8 - ok
17:20:18.0723 3772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:20:18.0723 3772 AmdPPM - ok
17:20:18.0786 3772 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:20:18.0786 3772 amdsata - ok
17:20:18.0817 3772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:20:18.0833 3772 amdsbs - ok
17:20:18.0848 3772 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:20:18.0848 3772 amdxata - ok
17:20:18.0895 3772 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:20:18.0895 3772 AppID - ok
17:20:18.0957 3772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:20:18.0957 3772 arc - ok
17:20:18.0973 3772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:20:18.0973 3772 arcsas - ok
17:20:19.0035 3772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:20:19.0035 3772 AsyncMac - ok
17:20:19.0067 3772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:20:19.0067 3772 atapi - ok
17:20:19.0129 3772 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
17:20:19.0145 3772 athr - ok
17:20:19.0207 3772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:20:19.0207 3772 b06bdrv - ok
17:20:19.0238 3772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:20:19.0238 3772 b57nd60a - ok
17:20:19.0269 3772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:20:19.0269 3772 Beep - ok
17:20:19.0316 3772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:20:19.0316 3772 blbdrive - ok
17:20:19.0363 3772 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:20:19.0363 3772 bowser - ok
17:20:19.0410 3772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:20:19.0410 3772 BrFiltLo - ok
17:20:19.0441 3772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:20:19.0441 3772 BrFiltUp - ok
17:20:19.0503 3772 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:20:19.0503 3772 BridgeMP - ok
17:20:19.0535 3772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:20:19.0535 3772 Brserid - ok
17:20:19.0550 3772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:20:19.0550 3772 BrSerWdm - ok
17:20:19.0581 3772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:20:19.0581 3772 BrUsbMdm - ok
17:20:19.0597 3772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:20:19.0597 3772 BrUsbSer - ok
17:20:19.0659 3772 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:20:19.0675 3772 BthEnum - ok
17:20:19.0706 3772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:20:19.0706 3772 BTHMODEM - ok
17:20:19.0737 3772 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:20:19.0737 3772 BthPan - ok
17:20:19.0784 3772 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
17:20:19.0784 3772 BTHPORT - ok
17:20:19.0815 3772 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
17:20:19.0815 3772 BTHUSB - ok
17:20:19.0831 3772 catchme - ok
17:20:19.0862 3772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:20:19.0878 3772 cdfs - ok
17:20:19.0925 3772 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:20:19.0940 3772 cdrom - ok
17:20:19.0971 3772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:20:19.0971 3772 circlass - ok
17:20:20.0003 3772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:20:20.0003 3772 CLFS - ok
17:20:20.0081 3772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:20:20.0081 3772 CmBatt - ok
17:20:20.0127 3772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:20:20.0127 3772 cmdide - ok
17:20:20.0299 3772 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:20:20.0315 3772 CNG - ok
17:20:20.0361 3772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:20:20.0361 3772 Compbatt - ok
17:20:20.0408 3772 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:20:20.0408 3772 CompositeBus - ok
17:20:20.0455 3772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:20:20.0455 3772 crcdisk - ok
17:20:20.0502 3772 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:20:20.0517 3772 DfsC - ok
17:20:20.0533 3772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:20:20.0549 3772 discache - ok
17:20:20.0580 3772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:20:20.0580 3772 Disk - ok
17:20:20.0627 3772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:20:20.0627 3772 drmkaud - ok
17:20:20.0673 3772 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:20:20.0705 3772 DXGKrnl - ok
17:20:20.0798 3772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:20:20.0814 3772 ebdrv - ok
17:20:20.0876 3772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:20:20.0876 3772 elxstor - ok
17:20:20.0907 3772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:20:20.0907 3772 ErrDev - ok
17:20:20.0954 3772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:20:20.0954 3772 exfat - ok
17:20:21.0001 3772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:20:21.0001 3772 fastfat - ok
17:20:21.0032 3772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:20:21.0032 3772 fdc - ok
17:20:21.0063 3772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:20:21.0063 3772 FileInfo - ok
17:20:21.0079 3772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:20:21.0079 3772 Filetrace - ok
17:20:21.0110 3772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:20:21.0110 3772 flpydisk - ok
17:20:21.0157 3772 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:20:21.0157 3772 FltMgr - ok
17:20:21.0204 3772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:20:21.0204 3772 FsDepends - ok
17:20:21.0235 3772 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:20:21.0235 3772 Fs_Rec - ok
17:20:21.0282 3772 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:20:21.0282 3772 fvevol - ok
17:20:21.0297 3772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:20:21.0297 3772 gagp30kx - ok
17:20:21.0360 3772 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
17:20:21.0360 3772 ggflt - ok
17:20:21.0391 3772 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
17:20:21.0391 3772 ggsemc - ok
17:20:21.0453 3772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:20:21.0453 3772 hcw85cir - ok
17:20:21.0500 3772 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:20:21.0500 3772 HdAudAddService - ok
17:20:21.0563 3772 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:20:21.0563 3772 HDAudBus - ok
17:20:21.0578 3772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:20:21.0578 3772 HidBatt - ok
17:20:21.0594 3772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:20:21.0594 3772 HidBth - ok
17:20:21.0625 3772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:20:21.0625 3772 HidIr - ok
17:20:21.0656 3772 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:20:21.0656 3772 HidUsb - ok
17:20:21.0734 3772 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:20:21.0734 3772 HpqKbFiltr - ok
17:20:21.0797 3772 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:20:21.0797 3772 HpSAMD - ok
17:20:21.0843 3772 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:20:21.0843 3772 HTCAND64 - ok
17:20:21.0890 3772 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
17:20:21.0890 3772 htcnprot - ok
17:20:21.0953 3772 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:20:21.0968 3772 HTTP - ok
17:20:21.0999 3772 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:20:21.0999 3772 hwpolicy - ok
17:20:22.0015 3772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:20:22.0015 3772 i8042prt - ok
17:20:22.0077 3772 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:20:22.0077 3772 iaStorV - ok
17:20:22.0249 3772 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:20:22.0296 3772 igfx - ok
17:20:22.0327 3772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:20:22.0327 3772 iirsp - ok
17:20:22.0374 3772 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
17:20:22.0374 3772 IntcHdmiAddService - ok
17:20:22.0389 3772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:20:22.0389 3772 intelide - ok
17:20:22.0436 3772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:20:22.0436 3772 intelppm - ok
17:20:22.0467 3772 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:20:22.0467 3772 IpFilterDriver - ok
17:20:22.0514 3772 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:20:22.0514 3772 IPMIDRV - ok
17:20:22.0545 3772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:20:22.0545 3772 IPNAT - ok
17:20:22.0577 3772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:20:22.0577 3772 IRENUM - ok
17:20:22.0592 3772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:20:22.0608 3772 isapnp - ok
17:20:22.0623 3772 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:20:22.0639 3772 iScsiPrt - ok
17:20:22.0655 3772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:20:22.0670 3772 kbdclass - ok
17:20:22.0686 3772 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:20:22.0686 3772 kbdhid - ok
17:20:22.0733 3772 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:20:22.0733 3772 KSecDD - ok
17:20:22.0764 3772 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:20:22.0764 3772 KSecPkg - ok
17:20:22.0795 3772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:20:22.0795 3772 ksthunk - ok
17:20:22.0842 3772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:20:22.0842 3772 lltdio - ok
17:20:22.0889 3772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:20:22.0889 3772 LSI_FC - ok
17:20:22.0920 3772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:20:22.0920 3772 LSI_SAS - ok
17:20:22.0935 3772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:20:22.0935 3772 LSI_SAS2 - ok
17:20:22.0982 3772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:20:22.0982 3772 LSI_SCSI - ok
17:20:23.0013 3772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:20:23.0013 3772 luafv - ok
17:20:23.0045 3772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:20:23.0045 3772 megasas - ok
17:20:23.0060 3772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:20:23.0060 3772 MegaSR - ok
17:20:23.0091 3772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:20:23.0091 3772 Modem - ok
17:20:23.0123 3772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:20:23.0123 3772 monitor - ok
17:20:23.0154 3772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:20:23.0169 3772 mouclass - ok
17:20:23.0185 3772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:20:23.0201 3772 mouhid - ok
17:20:23.0232 3772 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:20:23.0247 3772 mountmgr - ok
17:20:23.0279 3772 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
17:20:23.0279 3772 MpFilter - ok
17:20:23.0325 3772 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:20:23.0341 3772 mpio - ok
17:20:23.0372 3772 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:20:23.0372 3772 MpNWMon - ok
17:20:23.0403 3772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:20:23.0419 3772 mpsdrv - ok
17:20:23.0466 3772 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:20:23.0466 3772 MRxDAV - ok
17:20:23.0497 3772 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:20:23.0497 3772 mrxsmb - ok
17:20:23.0544 3772 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:20:23.0544 3772 mrxsmb10 - ok
17:20:23.0591 3772 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:20:23.0591 3772 mrxsmb20 - ok
17:20:23.0622 3772 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:20:23.0622 3772 msahci - ok
17:20:23.0653 3772 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:20:23.0669 3772 msdsm - ok
17:20:23.0684 3772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:20:23.0684 3772 Msfs - ok
17:20:23.0700 3772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:20:23.0715 3772 mshidkmdf - ok
17:20:23.0731 3772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:20:23.0731 3772 msisadrv - ok
17:20:23.0762 3772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:20:23.0762 3772 MSKSSRV - ok
17:20:23.0825 3772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:20:23.0825 3772 MSPCLOCK - ok
17:20:23.0840 3772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:20:23.0840 3772 MSPQM - ok
17:20:23.0887 3772 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:20:23.0903 3772 MsRPC - ok
17:20:23.0918 3772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:20:23.0918 3772 mssmbios - ok
17:20:23.0949 3772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:20:23.0949 3772 MSTEE - ok
17:20:23.0981 3772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:20:23.0981 3772 MTConfig - ok
17:20:24.0012 3772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:20:24.0012 3772 Mup - ok
17:20:24.0059 3772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:20:24.0059 3772 NativeWifiP - ok
17:20:24.0168 3772 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:20:24.0183 3772 NDIS - ok
17:20:24.0215 3772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:20:24.0215 3772 NdisCap - ok
17:20:24.0246 3772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:20:24.0246 3772 NdisTapi - ok
17:20:24.0293 3772 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:20:24.0293 3772 Ndisuio - ok
17:20:24.0324 3772 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:20:24.0339 3772 NdisWan - ok
17:20:24.0371 3772 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:20:24.0371 3772 NDProxy - ok
17:20:24.0402 3772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:20:24.0402 3772 NetBIOS - ok
17:20:24.0449 3772 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:20:24.0464 3772 NetBT - ok
17:20:24.0605 3772 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:20:24.0651 3772 netw5v64 - ok
17:20:24.0683 3772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:20:24.0683 3772 nfrd960 - ok
17:20:24.0729 3772 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:20:24.0729 3772 NisDrv - ok
17:20:24.0807 3772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:20:24.0807 3772 Npfs - ok
17:20:24.0823 3772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:20:24.0823 3772 nsiproxy - ok
17:20:24.0885 3772 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:20:24.0932 3772 Ntfs - ok
17:20:24.0948 3772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:20:24.0948 3772 Null - ok
17:20:24.0995 3772 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:20:24.0995 3772 nvraid - ok
17:20:25.0026 3772 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:20:25.0041 3772 nvstor - ok
17:20:25.0073 3772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:20:25.0073 3772 nv_agp - ok
17:20:25.0119 3772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:20:25.0119 3772 ohci1394 - ok
17:20:25.0197 3772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:20:25.0197 3772 Parport - ok
17:20:25.0229 3772 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:20:25.0229 3772 partmgr - ok
17:20:25.0291 3772 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:20:25.0322 3772 pci - ok
17:20:25.0353 3772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:20:25.0353 3772 pciide - ok
17:20:25.0385 3772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:20:25.0385 3772 pcmcia - ok
17:20:25.0431 3772 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
17:20:25.0431 3772 pcouffin - ok
17:20:25.0463 3772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:20:25.0463 3772 pcw - ok
17:20:25.0494 3772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:20:25.0509 3772 PEAUTH - ok
17:20:25.0587 3772 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:20:25.0587 3772 PptpMiniport - ok
17:20:25.0619 3772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:20:25.0619 3772 Processor - ok
17:20:25.0665 3772 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:20:25.0665 3772 Psched - ok
17:20:25.0728 3772 pwdrvio (9e97e62098fa1238d189181aab13c402) C:\Windows\system32\pwdrvio.sys
17:20:25.0743 3772 pwdrvio - ok
17:20:25.0790 3772 pwdspio (1a8011b9bd9b5cb53783e7f91109b946) C:\Windows\system32\pwdspio.sys
17:20:25.0806 3772 pwdspio - ok
17:20:25.0853 3772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:20:25.0868 3772 ql2300 - ok
17:20:25.0899 3772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:20:25.0899 3772 ql40xx - ok
17:20:25.0931 3772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:20:25.0931 3772 QWAVEdrv - ok
17:20:25.0962 3772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:20:25.0962 3772 RasAcd - ok
17:20:25.0993 3772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:20:25.0993 3772 RasAgileVpn - ok
17:20:26.0040 3772 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:20:26.0040 3772 Rasl2tp - ok
17:20:26.0071 3772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:20:26.0087 3772 RasPppoe - ok
17:20:26.0102 3772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:20:26.0118 3772 RasSstp - ok
17:20:26.0149 3772 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:20:26.0149 3772 rdbss - ok
17:20:26.0180 3772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:20:26.0180 3772 rdpbus - ok
17:20:26.0196 3772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:20:26.0211 3772 RDPCDD - ok
17:20:26.0243 3772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:20:26.0243 3772 RDPENCDD - ok
17:20:26.0258 3772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:20:26.0274 3772 RDPREFMP - ok
17:20:26.0305 3772 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:20:26.0321 3772 RDPWD - ok
17:20:26.0352 3772 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:20:26.0352 3772 rdyboost - ok
17:20:26.0414 3772 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:20:26.0414 3772 RFCOMM - ok
17:20:26.0445 3772 RimUsb - ok
17:20:26.0492 3772 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:20:26.0492 3772 RimVSerPort - ok
17:20:26.0539 3772 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
17:20:26.0539 3772 ROOTMODEM - ok
17:20:26.0586 3772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:20:26.0586 3772 rspndr - ok
17:20:26.0648 3772 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
17:20:26.0648 3772 RSUSBSTOR - ok
17:20:26.0695 3772 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:20:26.0695 3772 RTL8167 - ok
17:20:26.0742 3772 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:20:26.0742 3772 sbp2port - ok
17:20:26.0789 3772 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:20:26.0789 3772 scfilter - ok
17:20:26.0835 3772 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:20:26.0835 3772 sdbus - ok
17:20:26.0882 3772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:20:26.0882 3772 secdrv - ok
17:20:26.0929 3772 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
17:20:26.0929 3772 seehcri - ok
17:20:26.0991 3772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:20:26.0991 3772 Serenum - ok
17:20:27.0007 3772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:20:27.0007 3772 Serial - ok
17:20:27.0054 3772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:20:27.0054 3772 sermouse - ok
17:20:27.0101 3772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:20:27.0116 3772 sffdisk - ok
17:20:27.0132 3772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:20:27.0132 3772 sffp_mmc - ok
17:20:27.0163 3772 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:20:27.0163 3772 sffp_sd - ok
17:20:27.0179 3772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:20:27.0179 3772 sfloppy - ok
17:20:27.0241 3772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:20:27.0241 3772 SiSRaid2 - ok
17:20:27.0272 3772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:20:27.0272 3772 SiSRaid4 - ok
17:20:27.0319 3772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:20:27.0319 3772 Smb - ok
17:20:27.0366 3772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:20:27.0366 3772 spldr - ok
17:20:27.0444 3772 sptd (131575cdf93fdf365de107d0242e52d8) C:\Windows\System32\Drivers\sptd.sys
17:20:27.0459 3772 sptd - ok
17:20:27.0506 3772 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:20:27.0522 3772 srv - ok
17:20:27.0553 3772 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:20:27.0569 3772 srv2 - ok
17:20:27.0600 3772 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:20:27.0600 3772 SrvHsfHDA - ok
17:20:27.0647 3772 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:20:27.0662 3772 SrvHsfV92 - ok
17:20:27.0693 3772 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:20:27.0693 3772 SrvHsfWinac - ok
17:20:27.0725 3772 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:20:27.0725 3772 srvnet - ok
17:20:27.0771 3772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:20:27.0771 3772 stexstor - ok
17:20:27.0818 3772 STHDA (a3fb7ad8720d7e02aa0111a6b51c2744) C:\Windows\system32\DRIVERS\stwrt64.sys
17:20:27.0834 3772 STHDA - ok
17:20:27.0881 3772 StkTMini (b6baf8151060f07386c72bc5641290b3) C:\Windows\system32\Drivers\StkTMini.sys
17:20:27.0912 3772 StkTMini - ok
17:20:27.0959 3772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:20:27.0959 3772 swenum - ok
17:20:28.0021 3772 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
17:20:28.0021 3772 SynTP - ok
17:20:28.0115 3772 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:20:28.0161 3772 Tcpip - ok
17:20:28.0208 3772 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:20:28.0224 3772 TCPIP6 - ok
17:20:28.0255 3772 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:20:28.0271 3772 tcpipreg - ok
17:20:28.0302 3772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:20:28.0302 3772 TDPIPE - ok
17:20:28.0317 3772 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:20:28.0317 3772 TDTCP - ok
17:20:28.0349 3772 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:20:28.0364 3772 tdx - ok
17:20:28.0380 3772 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:20:28.0380 3772 TermDD - ok
17:20:28.0458 3772 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:20:28.0458 3772 tssecsrv - ok
17:20:28.0505 3772 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:20:28.0505 3772 TsUsbFlt - ok
17:20:28.0551 3772 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:20:28.0551 3772 tunnel - ok
17:20:28.0583 3772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:20:28.0583 3772 uagp35 - ok
17:20:28.0645 3772 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:20:28.0645 3772 udfs - ok
17:20:28.0707 3772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:20:28.0707 3772 uliagpkx - ok
17:20:28.0754 3772 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:20:28.0754 3772 umbus - ok
17:20:28.0801 3772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:20:28.0801 3772 UmPass - ok
17:20:28.0832 3772 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:20:28.0848 3772 usbaudio - ok
17:20:28.0879 3772 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:20:28.0895 3772 usbccgp - ok
17:20:28.0926 3772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:20:28.0926 3772 usbcir - ok
17:20:28.0957 3772 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:20:28.0957 3772 usbehci - ok
17:20:29.0019 3772 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
17:20:29.0019 3772 usbhub - ok
17:20:29.0051 3772 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:20:29.0051 3772 usbohci - ok
17:20:29.0097 3772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:20:29.0097 3772 usbprint - ok
17:20:29.0129 3772 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:20:29.0129 3772 usbscan - ok
17:20:29.0160 3772 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:20:29.0175 3772 USBSTOR - ok
17:20:29.0238 3772 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:20:29.0238 3772 usbuhci - ok
17:20:29.0285 3772 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:20:29.0300 3772 usbvideo - ok
17:20:29.0347 3772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:20:29.0347 3772 vdrvroot - ok
17:20:29.0425 3772 VF0470Vid (8108e4573f819a6c76c7efb4021b4dfe) C:\Windows\system32\DRIVERS\V0470Vid.sys
17:20:29.0425 3772 VF0470Vid - ok
17:20:29.0456 3772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:20:29.0456 3772 vga - ok
17:20:29.0472 3772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:20:29.0472 3772 VgaSave - ok
17:20:29.0519 3772 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:20:29.0519 3772 vhdmp - ok
17:20:29.0565 3772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:20:29.0565 3772 viaide - ok
17:20:29.0581 3772 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:20:29.0597 3772 volmgr - ok
17:20:29.0628 3772 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:20:29.0628 3772 volmgrx - ok
17:20:29.0675 3772 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:20:29.0675 3772 volsnap - ok
17:20:29.0721 3772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:20:29.0721 3772 vsmraid - ok
17:20:29.0753 3772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:20:29.0753 3772 vwifibus - ok
17:20:29.0784 3772 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:20:29.0784 3772 vwififlt - ok
17:20:29.0799 3772 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:20:29.0799 3772 vwifimp - ok
17:20:29.0846 3772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:20:29.0846 3772 WacomPen - ok
17:20:29.0877 3772 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:29.0877 3772 WANARP - ok
17:20:29.0877 3772 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:29.0877 3772 Wanarpv6 - ok
17:20:29.0940 3772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:20:29.0940 3772 Wd - ok
17:20:29.0971 3772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:20:29.0987 3772 Wdf01000 - ok
17:20:30.0049 3772 WFMC_VAD (c48ca80fdc6926a9fc2f520379bdb635) C:\Windows\system32\DRIVERS\wfmcvad.sys
17:20:30.0049 3772 WFMC_VAD - ok
17:20:30.0065 3772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:20:30.0065 3772 WfpLwf - ok
17:20:30.0096 3772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:20:30.0096 3772 WIMMount - ok
17:20:30.0174 3772 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:20:30.0189 3772 WinUsb - ok
17:20:30.0236 3772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:20:30.0236 3772 WmiAcpi - ok
17:20:30.0283 3772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:20:30.0299 3772 ws2ifsl - ok
17:20:30.0361 3772 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:20:30.0361 3772 WudfPf - ok
17:20:30.0408 3772 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:20:30.0408 3772 WUDFRd - ok
17:20:30.0439 3772 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:20:30.0439 3772 yukonw7 - ok
17:20:30.0470 3772 MBR (0x1B8) (0abf140be1db30a2d6b4fa09a6e00574) \Device\Harddisk0\DR0
17:20:30.0517 3772 \Device\Harddisk0\DR0 - ok
17:20:30.0533 3772 Boot (0x1200) (1a696b90d0fd276cee98c9a3bd443e48) \Device\Harddisk0\DR0\Partition0
17:20:30.0548 3772 \Device\Harddisk0\DR0\Partition0 - ok
17:20:30.0548 3772 Boot (0x1200) (1f85bc76155e60fc819647cfba24ed12) \Device\Harddisk0\DR0\Partition1
17:20:30.0548 3772 \Device\Harddisk0\DR0\Partition1 - ok
17:20:30.0579 3772 Boot (0x1200) (a7b82551cca099c57b9863c94cf0efad) \Device\Harddisk0\DR0\Partition2
17:20:30.0595 3772 \Device\Harddisk0\DR0\Partition2 - ok
17:20:30.0595 3772 ============================================================
17:20:30.0595 3772 Scan finished
17:20:30.0595 3772 ============================================================
17:20:30.0595 2728 Detected object count: 0
17:20:30.0595 2728 Actual detected object count: 0






______________________



17:20:11.0703 3536 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
17:20:11.0859 3536 ============================================================
17:20:11.0859 3536 Current date / time: 2012/02/14 17:20:11.0859
17:20:11.0859 3536 SystemInfo:
17:20:11.0859 3536
17:20:11.0859 3536 OS Version: 6.1.7601 ServicePack: 1.0
17:20:11.0859 3536 Product type: Workstation
17:20:11.0859 3536 ComputerName: TANYA-PC
17:20:11.0859 3536 UserName: Tanya
17:20:11.0859 3536 Windows directory: C:\Windows
17:20:11.0859 3536 System windows directory: C:\Windows
17:20:11.0859 3536 Running under WOW64
17:20:11.0859 3536 Processor architecture: Intel x64
17:20:11.0859 3536 Number of processors: 2
17:20:11.0859 3536 Page size: 0x1000
17:20:11.0859 3536 Boot type: Normal boot
17:20:11.0859 3536 ============================================================
17:20:12.0936 3536 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:20:13.0029 3536 \Device\Harddisk0\DR0:
17:20:13.0029 3536 MBR used
17:20:13.0029 3536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:20:13.0029 3536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38954000
17:20:13.0029 3536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x389B8000, BlocksNum 0x19CD800
17:20:13.0154 3536 Initialize success
17:20:13.0154 3536 ============================================================
17:20:17.0351 3772 ============================================================
17:20:17.0351 3772 Scan started
17:20:17.0351 3772 Mode: Manual;
17:20:17.0351 3772 ============================================================
17:20:18.0193 3772 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:20:18.0193 3772 1394ohci - ok
17:20:18.0255 3772 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:20:18.0255 3772 ACPI - ok
17:20:18.0287 3772 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:20:18.0287 3772 AcpiPmi - ok
17:20:18.0318 3772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:20:18.0333 3772 adp94xx - ok
17:20:18.0365 3772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:20:18.0365 3772 adpahci - ok
17:20:18.0411 3772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:20:18.0411 3772 adpu320 - ok
17:20:18.0489 3772 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:20:18.0489 3772 AFD - ok
17:20:18.0552 3772 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
17:20:18.0552 3772 AgereSoftModem - ok
17:20:18.0599 3772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:20:18.0599 3772 agp440 - ok
17:20:18.0645 3772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:20:18.0645 3772 aliide - ok
17:20:18.0677 3772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:20:18.0677 3772 amdide - ok
17:20:18.0708 3772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:20:18.0708 3772 AmdK8 - ok
17:20:18.0723 3772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:20:18.0723 3772 AmdPPM - ok
17:20:18.0786 3772 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:20:18.0786 3772 amdsata - ok
17:20:18.0817 3772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:20:18.0833 3772 amdsbs - ok
17:20:18.0848 3772 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:20:18.0848 3772 amdxata - ok
17:20:18.0895 3772 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:20:18.0895 3772 AppID - ok
17:20:18.0957 3772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:20:18.0957 3772 arc - ok
17:20:18.0973 3772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:20:18.0973 3772 arcsas - ok
17:20:19.0035 3772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:20:19.0035 3772 AsyncMac - ok
17:20:19.0067 3772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:20:19.0067 3772 atapi - ok
17:20:19.0129 3772 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
17:20:19.0145 3772 athr - ok
17:20:19.0207 3772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:20:19.0207 3772 b06bdrv - ok
17:20:19.0238 3772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:20:19.0238 3772 b57nd60a - ok
17:20:19.0269 3772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:20:19.0269 3772 Beep - ok
17:20:19.0316 3772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:20:19.0316 3772 blbdrive - ok
17:20:19.0363 3772 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:20:19.0363 3772 bowser - ok
17:20:19.0410 3772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:20:19.0410 3772 BrFiltLo - ok
17:20:19.0441 3772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:20:19.0441 3772 BrFiltUp - ok
17:20:19.0503 3772 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:20:19.0503 3772 BridgeMP - ok
17:20:19.0535 3772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:20:19.0535 3772 Brserid - ok
17:20:19.0550 3772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:20:19.0550 3772 BrSerWdm - ok
17:20:19.0581 3772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:20:19.0581 3772 BrUsbMdm - ok
17:20:19.0597 3772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:20:19.0597 3772 BrUsbSer - ok
17:20:19.0659 3772 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:20:19.0675 3772 BthEnum - ok
17:20:19.0706 3772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:20:19.0706 3772 BTHMODEM - ok
17:20:19.0737 3772 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:20:19.0737 3772 BthPan - ok
17:20:19.0784 3772 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
17:20:19.0784 3772 BTHPORT - ok
17:20:19.0815 3772 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
17:20:19.0815 3772 BTHUSB - ok
17:20:19.0831 3772 catchme - ok
17:20:19.0862 3772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:20:19.0878 3772 cdfs - ok
17:20:19.0925 3772 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:20:19.0940 3772 cdrom - ok
17:20:19.0971 3772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:20:19.0971 3772 circlass - ok
17:20:20.0003 3772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:20:20.0003 3772 CLFS - ok
17:20:20.0081 3772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:20:20.0081 3772 CmBatt - ok
17:20:20.0127 3772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:20:20.0127 3772 cmdide - ok
17:20:20.0299 3772 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:20:20.0315 3772 CNG - ok
17:20:20.0361 3772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:20:20.0361 3772 Compbatt - ok
17:20:20.0408 3772 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:20:20.0408 3772 CompositeBus - ok
17:20:20.0455 3772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:20:20.0455 3772 crcdisk - ok
17:20:20.0502 3772 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:20:20.0517 3772 DfsC - ok
17:20:20.0533 3772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:20:20.0549 3772 discache - ok
17:20:20.0580 3772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:20:20.0580 3772 Disk - ok
17:20:20.0627 3772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:20:20.0627 3772 drmkaud - ok
17:20:20.0673 3772 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:20:20.0705 3772 DXGKrnl - ok
17:20:20.0798 3772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:20:20.0814 3772 ebdrv - ok
17:20:20.0876 3772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:20:20.0876 3772 elxstor - ok
17:20:20.0907 3772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:20:20.0907 3772 ErrDev - ok
17:20:20.0954 3772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:20:20.0954 3772 exfat - ok
17:20:21.0001 3772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:20:21.0001 3772 fastfat - ok
17:20:21.0032 3772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:20:21.0032 3772 fdc - ok
17:20:21.0063 3772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:20:21.0063 3772 FileInfo - ok
17:20:21.0079 3772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:20:21.0079 3772 Filetrace - ok
17:20:21.0110 3772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:20:21.0110 3772 flpydisk - ok
17:20:21.0157 3772 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:20:21.0157 3772 FltMgr - ok
17:20:21.0204 3772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:20:21.0204 3772 FsDepends - ok
17:20:21.0235 3772 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:20:21.0235 3772 Fs_Rec - ok
17:20:21.0282 3772 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:20:21.0282 3772 fvevol - ok
17:20:21.0297 3772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:20:21.0297 3772 gagp30kx - ok
17:20:21.0360 3772 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
17:20:21.0360 3772 ggflt - ok
17:20:21.0391 3772 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
17:20:21.0391 3772 ggsemc - ok
17:20:21.0453 3772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:20:21.0453 3772 hcw85cir - ok
17:20:21.0500 3772 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:20:21.0500 3772 HdAudAddService - ok
17:20:21.0563 3772 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:20:21.0563 3772 HDAudBus - ok
17:20:21.0578 3772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:20:21.0578 3772 HidBatt - ok
17:20:21.0594 3772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:20:21.0594 3772 HidBth - ok
17:20:21.0625 3772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:20:21.0625 3772 HidIr - ok
17:20:21.0656 3772 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:20:21.0656 3772 HidUsb - ok
17:20:21.0734 3772 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:20:21.0734 3772 HpqKbFiltr - ok
17:20:21.0797 3772 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:20:21.0797 3772 HpSAMD - ok
17:20:21.0843 3772 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
17:20:21.0843 3772 HTCAND64 - ok
17:20:21.0890 3772 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
17:20:21.0890 3772 htcnprot - ok
17:20:21.0953 3772 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:20:21.0968 3772 HTTP - ok
17:20:21.0999 3772 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:20:21.0999 3772 hwpolicy - ok
17:20:22.0015 3772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:20:22.0015 3772 i8042prt - ok
17:20:22.0077 3772 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:20:22.0077 3772 iaStorV - ok
17:20:22.0249 3772 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:20:22.0296 3772 igfx - ok
17:20:22.0327 3772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:20:22.0327 3772 iirsp - ok
17:20:22.0374 3772 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
17:20:22.0374 3772 IntcHdmiAddService - ok
17:20:22.0389 3772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:20:22.0389 3772 intelide - ok
17:20:22.0436 3772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:20:22.0436 3772 intelppm - ok
17:20:22.0467 3772 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:20:22.0467 3772 IpFilterDriver - ok
17:20:22.0514 3772 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:20:22.0514 3772 IPMIDRV - ok
17:20:22.0545 3772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:20:22.0545 3772 IPNAT - ok
17:20:22.0577 3772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:20:22.0577 3772 IRENUM - ok
17:20:22.0592 3772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:20:22.0608 3772 isapnp - ok
17:20:22.0623 3772 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:20:22.0639 3772 iScsiPrt - ok
17:20:22.0655 3772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:20:22.0670 3772 kbdclass - ok
17:20:22.0686 3772 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:20:22.0686 3772 kbdhid - ok
17:20:22.0733 3772 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:20:22.0733 3772 KSecDD - ok
17:20:22.0764 3772 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:20:22.0764 3772 KSecPkg - ok
17:20:22.0795 3772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:20:22.0795 3772 ksthunk - ok
17:20:22.0842 3772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:20:22.0842 3772 lltdio - ok
17:20:22.0889 3772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:20:22.0889 3772 LSI_FC - ok
17:20:22.0920 3772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:20:22.0920 3772 LSI_SAS - ok
17:20:22.0935 3772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:20:22.0935 3772 LSI_SAS2 - ok
17:20:22.0982 3772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:20:22.0982 3772 LSI_SCSI - ok
17:20:23.0013 3772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:20:23.0013 3772 luafv - ok
17:20:23.0045 3772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:20:23.0045 3772 megasas - ok
17:20:23.0060 3772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:20:23.0060 3772 MegaSR - ok
17:20:23.0091 3772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:20:23.0091 3772 Modem - ok
17:20:23.0123 3772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:20:23.0123 3772 monitor - ok
17:20:23.0154 3772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:20:23.0169 3772 mouclass - ok
17:20:23.0185 3772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:20:23.0201 3772 mouhid - ok
17:20:23.0232 3772 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:20:23.0247 3772 mountmgr - ok
17:20:23.0279 3772 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
17:20:23.0279 3772 MpFilter - ok
17:20:23.0325 3772 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:20:23.0341 3772 mpio - ok
17:20:23.0372 3772 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:20:23.0372 3772 MpNWMon - ok
17:20:23.0403 3772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:20:23.0419 3772 mpsdrv - ok
17:20:23.0466 3772 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:20:23.0466 3772 MRxDAV - ok
17:20:23.0497 3772 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:20:23.0497 3772 mrxsmb - ok
17:20:23.0544 3772 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:20:23.0544 3772 mrxsmb10 - ok
17:20:23.0591 3772 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:20:23.0591 3772 mrxsmb20 - ok
17:20:23.0622 3772 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:20:23.0622 3772 msahci - ok
17:20:23.0653 3772 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:20:23.0669 3772 msdsm - ok
17:20:23.0684 3772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:20:23.0684 3772 Msfs - ok
17:20:23.0700 3772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:20:23.0715 3772 mshidkmdf - ok
17:20:23.0731 3772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:20:23.0731 3772 msisadrv - ok
17:20:23.0762 3772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:20:23.0762 3772 MSKSSRV - ok
17:20:23.0825 3772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:20:23.0825 3772 MSPCLOCK - ok
17:20:23.0840 3772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:20:23.0840 3772 MSPQM - ok
17:20:23.0887 3772 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:20:23.0903 3772 MsRPC - ok
17:20:23.0918 3772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:20:23.0918 3772 mssmbios - ok
17:20:23.0949 3772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:20:23.0949 3772 MSTEE - ok
17:20:23.0981 3772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:20:23.0981 3772 MTConfig - ok
17:20:24.0012 3772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:20:24.0012 3772 Mup - ok
17:20:24.0059 3772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:20:24.0059 3772 NativeWifiP - ok
17:20:24.0168 3772 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:20:24.0183 3772 NDIS - ok
17:20:24.0215 3772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:20:24.0215 3772 NdisCap - ok
17:20:24.0246 3772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:20:24.0246 3772 NdisTapi - ok
17:20:24.0293 3772 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:20:24.0293 3772 Ndisuio - ok
17:20:24.0324 3772 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:20:24.0339 3772 NdisWan - ok
17:20:24.0371 3772 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:20:24.0371 3772 NDProxy - ok
17:20:24.0402 3772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:20:24.0402 3772 NetBIOS - ok
17:20:24.0449 3772 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:20:24.0464 3772 NetBT - ok
17:20:24.0605 3772 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:20:24.0651 3772 netw5v64 - ok
17:20:24.0683 3772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:20:24.0683 3772 nfrd960 - ok
17:20:24.0729 3772 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:20:24.0729 3772 NisDrv - ok
17:20:24.0807 3772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:20:24.0807 3772 Npfs - ok
17:20:24.0823 3772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:20:24.0823 3772 nsiproxy - ok
17:20:24.0885 3772 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:20:24.0932 3772 Ntfs - ok
17:20:24.0948 3772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:20:24.0948 3772 Null - ok
17:20:24.0995 3772 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:20:24.0995 3772 nvraid - ok
17:20:25.0026 3772 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:20:25.0041 3772 nvstor - ok
17:20:25.0073 3772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:20:25.0073 3772 nv_agp - ok
17:20:25.0119 3772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:20:25.0119 3772 ohci1394 - ok
17:20:25.0197 3772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:20:25.0197 3772 Parport - ok
17:20:25.0229 3772 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:20:25.0229 3772 partmgr - ok
17:20:25.0291 3772 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:20:25.0322 3772 pci - ok
17:20:25.0353 3772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:20:25.0353 3772 pciide - ok
17:20:25.0385 3772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:20:25.0385 3772 pcmcia - ok
17:20:25.0431 3772 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
17:20:25.0431 3772 pcouffin - ok
17:20:25.0463 3772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:20:25.0463 3772 pcw - ok
17:20:25.0494 3772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:20:25.0509 3772 PEAUTH - ok
17:20:25.0587 3772 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:20:25.0587 3772 PptpMiniport - ok
17:20:25.0619 3772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:20:25.0619 3772 Processor - ok
17:20:25.0665 3772 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:20:25.0665 3772 Psched - ok
17:20:25.0728 3772 pwdrvio (9e97e62098fa1238d189181aab13c402) C:\Windows\system32\pwdrvio.sys
17:20:25.0743 3772 pwdrvio - ok
17:20:25.0790 3772 pwdspio (1a8011b9bd9b5cb53783e7f91109b946) C:\Windows\system32\pwdspio.sys
17:20:25.0806 3772 pwdspio - ok
17:20:25.0853 3772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:20:25.0868 3772 ql2300 - ok
17:20:25.0899 3772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:20:25.0899 3772 ql40xx - ok
17:20:25.0931 3772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:20:25.0931 3772 QWAVEdrv - ok
17:20:25.0962 3772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:20:25.0962 3772 RasAcd - ok
17:20:25.0993 3772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:20:25.0993 3772 RasAgileVpn - ok
17:20:26.0040 3772 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:20:26.0040 3772 Rasl2tp - ok
17:20:26.0071 3772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:20:26.0087 3772 RasPppoe - ok
17:20:26.0102 3772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:20:26.0118 3772 RasSstp - ok
17:20:26.0149 3772 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:20:26.0149 3772 rdbss - ok
17:20:26.0180 3772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:20:26.0180 3772 rdpbus - ok
17:20:26.0196 3772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:20:26.0211 3772 RDPCDD - ok
17:20:26.0243 3772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:20:26.0243 3772 RDPENCDD - ok
17:20:26.0258 3772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:20:26.0274 3772 RDPREFMP - ok
17:20:26.0305 3772 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:20:26.0321 3772 RDPWD - ok
17:20:26.0352 3772 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:20:26.0352 3772 rdyboost - ok
17:20:26.0414 3772 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:20:26.0414 3772 RFCOMM - ok
17:20:26.0445 3772 RimUsb - ok
17:20:26.0492 3772 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:20:26.0492 3772 RimVSerPort - ok
17:20:26.0539 3772 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
17:20:26.0539 3772 ROOTMODEM - ok
17:20:26.0586 3772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:20:26.0586 3772 rspndr - ok
17:20:26.0648 3772 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
17:20:26.0648 3772 RSUSBSTOR - ok
17:20:26.0695 3772 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:20:26.0695 3772 RTL8167 - ok
17:20:26.0742 3772 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:20:26.0742 3772 sbp2port - ok
17:20:26.0789 3772 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:20:26.0789 3772 scfilter - ok
17:20:26.0835 3772 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:20:26.0835 3772 sdbus - ok
17:20:26.0882 3772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:20:26.0882 3772 secdrv - ok
17:20:26.0929 3772 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
17:20:26.0929 3772 seehcri - ok
17:20:26.0991 3772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:20:26.0991 3772 Serenum - ok
17:20:27.0007 3772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:20:27.0007 3772 Serial - ok
17:20:27.0054 3772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:20:27.0054 3772 sermouse - ok
17:20:27.0101 3772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:20:27.0116 3772 sffdisk - ok
17:20:27.0132 3772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:20:27.0132 3772 sffp_mmc - ok
17:20:27.0163 3772 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:20:27.0163 3772 sffp_sd - ok
17:20:27.0179 3772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:20:27.0179 3772 sfloppy - ok
17:20:27.0241 3772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:20:27.0241 3772 SiSRaid2 - ok
17:20:27.0272 3772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:20:27.0272 3772 SiSRaid4 - ok
17:20:27.0319 3772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:20:27.0319 3772 Smb - ok
17:20:27.0366 3772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:20:27.0366 3772 spldr - ok
17:20:27.0444 3772 sptd (131575cdf93fdf365de107d0242e52d8) C:\Windows\System32\Drivers\sptd.sys
17:20:27.0459 3772 sptd - ok
17:20:27.0506 3772 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:20:27.0522 3772 srv - ok
17:20:27.0553 3772 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:20:27.0569 3772 srv2 - ok
17:20:27.0600 3772 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:20:27.0600 3772 SrvHsfHDA - ok
17:20:27.0647 3772 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:20:27.0662 3772 SrvHsfV92 - ok
17:20:27.0693 3772 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:20:27.0693 3772 SrvHsfWinac - ok
17:20:27.0725 3772 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:20:27.0725 3772 srvnet - ok
17:20:27.0771 3772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:20:27.0771 3772 stexstor - ok
17:20:27.0818 3772 STHDA (a3fb7ad8720d7e02aa0111a6b51c2744) C:\Windows\system32\DRIVERS\stwrt64.sys
17:20:27.0834 3772 STHDA - ok
17:20:27.0881 3772 StkTMini (b6baf8151060f07386c72bc5641290b3) C:\Windows\system32\Drivers\StkTMini.sys
17:20:27.0912 3772 StkTMini - ok
17:20:27.0959 3772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:20:27.0959 3772 swenum - ok
17:20:28.0021 3772 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
17:20:28.0021 3772 SynTP - ok
17:20:28.0115 3772 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:20:28.0161 3772 Tcpip - ok
17:20:28.0208 3772 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:20:28.0224 3772 TCPIP6 - ok
17:20:28.0255 3772 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:20:28.0271 3772 tcpipreg - ok
17:20:28.0302 3772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:20:28.0302 3772 TDPIPE - ok
17:20:28.0317 3772 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:20:28.0317 3772 TDTCP - ok
17:20:28.0349 3772 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:20:28.0364 3772 tdx - ok
17:20:28.0380 3772 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:20:28.0380 3772 TermDD - ok
17:20:28.0458 3772 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:20:28.0458 3772 tssecsrv - ok
17:20:28.0505 3772 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:20:28.0505 3772 TsUsbFlt - ok
17:20:28.0551 3772 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:20:28.0551 3772 tunnel - ok
17:20:28.0583 3772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:20:28.0583 3772 uagp35 - ok
17:20:28.0645 3772 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:20:28.0645 3772 udfs - ok
17:20:28.0707 3772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:20:28.0707 3772 uliagpkx - ok
17:20:28.0754 3772 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:20:28.0754 3772 umbus - ok
17:20:28.0801 3772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:20:28.0801 3772 UmPass - ok
17:20:28.0832 3772 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:20:28.0848 3772 usbaudio - ok
17:20:28.0879 3772 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:20:28.0895 3772 usbccgp - ok
17:20:28.0926 3772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:20:28.0926 3772 usbcir - ok
17:20:28.0957 3772 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:20:28.0957 3772 usbehci - ok
17:20:29.0019 3772 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
17:20:29.0019 3772 usbhub - ok
17:20:29.0051 3772 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:20:29.0051 3772 usbohci - ok
17:20:29.0097 3772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:20:29.0097 3772 usbprint - ok
17:20:29.0129 3772 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:20:29.0129 3772 usbscan - ok
17:20:29.0160 3772 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:20:29.0175 3772 USBSTOR - ok
17:20:29.0238 3772 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:20:29.0238 3772 usbuhci - ok
17:20:29.0285 3772 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:20:29.0300 3772 usbvideo - ok
17:20:29.0347 3772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:20:29.0347 3772 vdrvroot - ok
17:20:29.0425 3772 VF0470Vid (8108e4573f819a6c76c7efb4021b4dfe) C:\Windows\system32\DRIVERS\V0470Vid.sys
17:20:29.0425 3772 VF0470Vid - ok
17:20:29.0456 3772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:20:29.0456 3772 vga - ok
17:20:29.0472 3772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:20:29.0472 3772 VgaSave - ok
17:20:29.0519 3772 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:20:29.0519 3772 vhdmp - ok
17:20:29.0565 3772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:20:29.0565 3772 viaide - ok
17:20:29.0581 3772 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:20:29.0597 3772 volmgr - ok
17:20:29.0628 3772 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:20:29.0628 3772 volmgrx - ok
17:20:29.0675 3772 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:20:29.0675 3772 volsnap - ok
17:20:29.0721 3772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:20:29.0721 3772 vsmraid - ok
17:20:29.0753 3772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:20:29.0753 3772 vwifibus - ok
17:20:29.0784 3772 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:20:29.0784 3772 vwififlt - ok
17:20:29.0799 3772 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:20:29.0799 3772 vwifimp - ok
17:20:29.0846 3772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:20:29.0846 3772 WacomPen - ok
17:20:29.0877 3772 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:29.0877 3772 WANARP - ok
17:20:29.0877 3772 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:29.0877 3772 Wanarpv6 - ok
17:20:29.0940 3772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:20:29.0940 3772 Wd - ok
17:20:29.0971 3772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:20:29.0987 3772 Wdf01000 - ok
17:20:30.0049 3772 WFMC_VAD (c48ca80fdc6926a9fc2f520379bdb635) C:\Windows\system32\DRIVERS\wfmcvad.sys
17:20:30.0049 3772 WFMC_VAD - ok
17:20:30.0065 3772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:20:30.0065 3772 WfpLwf - ok
17:20:30.0096 3772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:20:30.0096 3772 WIMMount - ok
17:20:30.0174 3772 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:20:30.0189 3772 WinUsb - ok
17:20:30.0236 3772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:20:30.0236 3772 WmiAcpi - ok
17:20:30.0283 3772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:20:30.0299 3772 ws2ifsl - ok
17:20:30.0361 3772 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:20:30.0361 3772 WudfPf - ok
17:20:30.0408 3772 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:20:30.0408 3772 WUDFRd - ok
17:20:30.0439 3772 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:20:30.0439 3772 yukonw7 - ok
17:20:30.0470 3772 MBR (0x1B8) (0abf140be1db30a2d6b4fa09a6e00574) \Device\Harddisk0\DR0
17:20:30.0517 3772 \Device\Harddisk0\DR0 - ok
17:20:30.0533 3772 Boot (0x1200) (1a696b90d0fd276cee98c9a3bd443e48) \Device\Harddisk0\DR0\Partition0
17:20:30.0548 3772 \Device\Harddisk0\DR0\Partition0 - ok
17:20:30.0548 3772 Boot (0x1200) (1f85bc76155e60fc819647cfba24ed12) \Device\Harddisk0\DR0\Partition1
17:20:30.0548 3772 \Device\Harddisk0\DR0\Partition1 - ok
17:20:30.0579 3772 Boot (0x1200) (a7b82551cca099c57b9863c94cf0efad) \Device\Harddisk0\DR0\Partition2
17:20:30.0595 3772 \Device\Harddisk0\DR0\Partition2 - ok
17:20:30.0595 3772 ============================================================
17:20:30.0595 3772 Scan finished
17:20:30.0595 3772 ============================================================
17:20:30.0595 2728 Detected object count: 0
17:20:30.0595 2728 Actual detected object count: 0



_______

Done, hope you can find something.
Regards
tanya

#12 twerkman

twerkman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:16 AM

Posted 14 February 2012 - 11:34 AM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-14 17:21:30
-----------------------------
17:21:30.944 OS Version: Windows x64 6.1.7601 Service Pack 1
17:21:30.944 Number of processors: 2 586 0x170A
17:21:30.944 ComputerName: TANYA-PC UserName: Tanya
17:21:32.286 Initialize success
17:22:30.376 AVAST engine defs: 12021400
17:22:37.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:22:37.225 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 11
17:22:37.334 Disk 0 MBR read successfully
17:22:37.334 Disk 0 MBR scan
17:22:37.381 Disk 0 unknown MBR code
17:22:37.396 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:22:37.443 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463528 MB offset 409600
17:22:37.521 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13211 MB offset 949714944
17:22:37.552 Service scanning
17:22:39.768 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
17:22:40.626 Modules scanning
17:22:40.626 Disk 0 trace - called modules:
17:22:40.657 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:22:40.672 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003396630]
17:22:40.672 3 CLASSPNP.SYS[fffff8800112243f] -> nt!IofCallDriver -> [0xfffffa8002e47520]
17:22:40.672 5 ACPI.sys[fffff88000f5f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e351f0]
17:22:45.867 AVAST engine scan C:\Windows
17:23:04.010 AVAST engine scan C:\Windows\system32
17:28:45.947 AVAST engine scan C:\Windows\system32\drivers
17:29:15.135 AVAST engine scan C:\Users\Tanya
17:30:16.521 Disk 0 MBR has been saved successfully to "C:\Users\Tanya\Desktop\MBR.dat"
17:30:16.536 The log file has been saved successfully to "C:\Users\Tanya\Desktop\aswMBR.txt"

#13 twerkman

twerkman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:16 AM

Posted 14 February 2012 - 11:52 AM

was I supposed to do the aswMBR and the tdsskiller with the antivirus out?
because I did them with the antivirus on.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:16 AM

Posted 14 February 2012 - 01:23 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\users\Tanya\AppData\Local\Babylon
c:\users\Tanya\AppData\Roaming\Babylon
c:\programdata\Babylon

Firefox::
FF - ProfilePath - c:\users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\nt5x4yao.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=74a9f0920000000000000a60768242f4&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.id - 74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.hardId - 74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15357
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 twerkman

twerkman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:16 AM

Posted 14 February 2012 - 02:28 PM

ComboFix 12-02-13.01 - Tanya 14-02-2012 20:03:33.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3003.1143 [GMT 1:00]
Gestart vanuit: c:\users\Tanya\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Tanya\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-14 to 2012-02-14 ))))))))))))))))))))))))))))))
.
.
2012-02-14 19:11 . 2012-02-14 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 16:22 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5636CC9-311F-4AAF-9C46-7B7655FC033F}\mpengine.dll
2012-02-10 08:35 . 2012-02-10 08:34 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E677F84-CB9D-44D1-90E3-75750F2044BC}\gapaengine.dll
2012-01-30 09:25 . 2012-01-30 09:25 388096 ----a-r- c:\users\Tanya\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-30 09:25 . 2012-01-30 09:25 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-18 14:56 . 2012-01-18 14:56 237 ----a-w- C:\user.js
2012-01-18 14:56 . 2012-01-18 14:56 -------- d-----w- c:\users\Tanya\AppData\Local\Babylon
2012-01-18 14:56 . 2012-01-18 14:56 -------- d-----w- c:\users\Tanya\AppData\Roaming\Babylon
2012-01-18 14:56 . 2012-01-18 14:56 -------- d-----w- c:\programdata\Babylon
2012-01-18 14:56 . 2012-01-18 14:56 -------- d-----w- c:\program files (x86)\PDFReader
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-02-15 07:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 05:15 . 2010-04-18 07:01 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-15 21:30 . 2010-06-23 06:09 882512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-05 09:11 . 2010-06-23 06:09 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-11-24 04:52 . 2011-12-14 06:36 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 21:52 . 2010-02-28 13:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-11-23 21:52 . 2010-02-28 13:10 882496 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-19 14:58 . 2012-01-11 09:42 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 09:42 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-13 00:19 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:49 . 2012-01-13 00:19 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:44 . 2012-01-13 00:19 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-11 09:42 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-13 00:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-13 00:19 29184 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-13 00:19 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-13 00:19 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-13 00:19 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-13 00:19 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-13 00:19 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-11 09:42 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-13 00:19 314880 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-13 00:19 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-13 00:19 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-13 00:19 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-14_08.54.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-15 04:25 . 2012-02-14 17:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-15 04:25 . 2012-02-13 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-15 04:25 . 2012-02-14 17:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-15 04:25 . 2012-02-13 16:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-13 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-14 17:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-15 04:29 . 2012-02-14 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-15 04:29 . 2012-02-14 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-15 04:29 . 2012-02-14 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-15 04:29 . 2012-02-14 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-13 16:15 . 2012-02-13 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-14 19:14 . 2012-02-14 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-14 19:14 . 2012-02-14 19:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-13 16:15 . 2012-02-13 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2012-02-13 16:57 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-02-14 17:48 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-02-13 16:14 418344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-14 19:13 418344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-13 19:15 . 2012-02-14 19:13 9184227 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2521898867-1464384672-1165248564-1000-8192.dat
- 2010-10-13 19:15 . 2012-02-13 16:14 9184227 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2521898867-1464384672-1165248564-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TomTomHOME.exe="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-12-05 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
QlbCtrl.exe="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
Easybits Recovery="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
WirelessAssistant="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
c:\windows\SysWOW64\V0470Cvw.dll="c:\windows\system32\RegSvr32.exe" [2009-07-14 14848]
c:\windows\SysWOW64\V0470Ext.ax="c:\windows\system32\RegSvr32.exe" [2009-07-14 14848]
SunJavaUpdateSched="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
Adobe Reader Speed Launcher="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
HP Software Update="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
Adobe ARM="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Manager for Skype.lnk - c:\program files (x86)\Manager for Skype\Manager For Skype.exe [2010-12-14 670720]
Manager for Voipbuster.lnk - c:\program files (x86)\Manager for Voipbuster\ManagerForVoipbuster.exe [2007-9-29 425984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wi-Fi MediaConnect.lnk - c:\program files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe [2011-2-25 2345984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
ConsentPromptBehaviorAdmin= 5 (0x5)
ConsentPromptBehaviorUser= 3 (0x3)
EnableUIADesktopToggle= 0 (0x0)
HideFastUserSwitching= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WFMC_VAD;WFMCVAD (WDM);c:\windows\system32\DRIVERS\wfmcvad.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
20-8-2009 11:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-19 16:30]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-19 16:30]
.
2012-02-07 c:\windows\Tasks\HPCeeScheduleForTanya.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray="c:\windows\system32\igfxtray.exe" [2009-09-10 165912]
HotKeysCmds="c:\windows\system32\hkcmd.exe" [2009-09-10 387608]
Persistence="c:\windows\system32\igfxpers.exe" [2009-09-10 365592]
SynTPEnh="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
SunJavaUpdateSched="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-13 171520]
SysTrayApp="c:\program files\IDT\WDM\sttray64.exe" [2010-05-13 487424]
MSC="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
c:\windows\system32\V0470Ext.ax="c:\windows\system32\RegSvr32.exe" [2009-07-14 19456]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{E7DCA26F-5ACC-41A4-AF40-CBA2CD20B9E5}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = hxxp://217.64.59.190:80
uInternet Settings,ProxyOverride = local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
TCP: DhcpNameServer = 192.168.1.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Tanya\AppData\Roaming\Mozilla\Firefox\Profiles\nt5x4yao.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=74a9f0920000000000000a60768242f4&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.id - 74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.hardId - 74a9f0920000000000000a60768242f4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15357
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
LocalizedString="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
Enabled=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
ThreadingModel="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
ThreadingModel="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
Version="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Voltooingstijd: 2012-02-14 20:21:53 - machine werd herstart
ComboFix-quarantined-files.txt 2012-02-14 19:21
ComboFix2.txt 2012-02-14 08:58
.
Pre-Run: 243.607.035.904 bytes beschikbaar
Post-Run: 243.332.440.064 bytes beschikbaar
.
- - End Of File - - 74E0A4D02EB80C093CA65411CF2BEEE8




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users