Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google searches are redirected and sometimes at startup I get "no bootable device"


  • This topic is locked This topic is locked
56 replies to this topic

#1 changuito242

changuito242

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 09 February 2012 - 10:59 PM

Recently my computer has been very slow. Sometimes startup fails and it says "No bootable device" on a black screen. Starting yesterday the links from my google search results would redirect me to different websites which were different from the links I was clicking. This led me to believe I had a virus so I ran a malwarebytes full scan, but it didn't change anything. So then I posted this thread: http://www.bleepingcomputer.com/forums/topic442017.html

I followed the instructions I was given and now I'm here. The DDS log is below and I attached the file I was told to attach. I couldn't create a GMER log because I'm on a 64-bit version of Windows. Thanks in advance for any help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by HP at 22:34:37 on 2012-02-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1508 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
LSP: mswsock.dll
Trusted Zone: hrsaccount.com\www
Trusted Zone: salliemae.com\www
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E103DACB-7E45-471A-AE11-93FA1B144EFD} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
BHO-X64: EgisPBIE - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\aiat0cgu.default\
FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/HPNOT/1
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20111201&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\HP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-11 89600]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-6-25 338168]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-6-8 697712]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-6-8 646000]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-30 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-8 652872]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-30 2533400]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-1 136176]
S3 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-2 352976]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-1 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-09 20:20:03 20480 ------w- C:\Windows\svchost.exe
2012-02-09 02:54:22 -------- d-sh--w- C:\found.003
2012-02-01 03:42:09 -------- d-sh--w- C:\found.002
2012-02-01 03:16:28 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7E76.tmp
2012-02-01 03:16:28 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7E46.tmp
2012-01-23 01:54:15 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-01-20 03:15:29 -------- d-----w- C:\Program Files (x86)\Samsung
2012-01-18 23:52:49 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8969F0D-9EB4-42DD-91AA-981C308E247A}\mpengine.dll
2012-01-12 22:13:32 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-12 22:13:32 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-12 22:13:32 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-12 22:13:32 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-11 06:47:14 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 06:47:14 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 06:47:13 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 06:47:13 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 06:47:00 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 06:47:00 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 06:46:43 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 06:46:43 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-25 03:23:32 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2011-11-25 03:23:28 98616 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 22:38:50.88 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 11 February 2012 - 07:02 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 changuito242

changuito242
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 11 February 2012 - 10:03 PM

Hello, thanks for helping me out. When I ran combofix my computer crashed and went to a blue screen. It said a problem has been detected and windows has been shut down to prevent damage to your computer.

Also now when I start the computer I get several notifications at once saying "Failed to save all the components for the file \\System32\\0000000d. The file is corrupt or unreadable. This may be caused by a PC hardware problem." Each notification is for a different file. And within a couple minutes it shuts down to the blue screen I mentioned above.

Edited by changuito242, 11 February 2012 - 10:43 PM.


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 11 February 2012 - 11:54 PM

Please boot into the Safe Mode and try running ComboFix again.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 changuito242

changuito242
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 12 February 2012 - 09:40 PM

Hey, tried running it in safe mode and it went to the blue screen again.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 12 February 2012 - 10:18 PM

OK, thanks for trying. Do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt log into your next post, (I don't need to see Extras.txt).
Please include the following in your next post:
  • TDSSKiller log
  • OTL.txt log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 changuito242

changuito242
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 13 February 2012 - 01:56 PM

Same problem lol. Crashed before I could even get to this thread. Should I try it in safe mode?

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 13 February 2012 - 02:20 PM

Yes, please.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 changuito242

changuito242
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 13 February 2012 - 02:52 PM

14:34:30.0848 1840 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
14:34:32.0127 1840 ============================================================
14:34:32.0127 1840 Current date / time: 2012/02/13 14:34:32.0127
14:34:32.0127 1840 SystemInfo:
14:34:32.0127 1840
14:34:32.0127 1840 OS Version: 6.1.7600 ServicePack: 0.0
14:34:32.0127 1840 Product type: Workstation
14:34:32.0127 1840 ComputerName: HP-HP
14:34:32.0127 1840 UserName: HP
14:34:32.0127 1840 Windows directory: C:\Windows
14:34:32.0127 1840 System windows directory: C:\Windows
14:34:32.0127 1840 Running under WOW64
14:34:32.0127 1840 Processor architecture: Intel x64
14:34:32.0127 1840 Number of processors: 4
14:34:32.0127 1840 Page size: 0x1000
14:34:32.0127 1840 Boot type: Safe boot with network
14:34:32.0127 1840 ============================================================
14:34:33.0999 1840 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:34:33.0999 1840 \Device\Harddisk0\DR0:
14:34:33.0999 1840 MBR used
14:34:33.0999 1840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:34:33.0999 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x4786E000
14:34:33.0999 1840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x478D2000, BlocksNum 0x2F52000
14:34:33.0999 1840 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
14:34:34.0077 1840 Initialize success
14:34:34.0077 1840 ============================================================
14:34:54.0279 1836 ============================================================
14:34:54.0279 1836 Scan started
14:34:54.0279 1836 Mode: Manual; TDLFS;
14:34:54.0279 1836 ============================================================
14:34:55.0559 1836 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:34:55.0574 1836 1394ohci - ok
14:34:55.0668 1836 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:34:55.0668 1836 Accelerometer - ok
14:34:55.0777 1836 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:34:55.0777 1836 ACPI - ok
14:34:55.0871 1836 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:34:55.0871 1836 AcpiPmi - ok
14:34:55.0995 1836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:34:55.0995 1836 adp94xx - ok
14:34:56.0120 1836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:34:56.0120 1836 adpahci - ok
14:34:56.0229 1836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:34:56.0229 1836 adpu320 - ok
14:34:56.0370 1836 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
14:34:56.0385 1836 AFD - ok
14:34:56.0479 1836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:34:56.0479 1836 agp440 - ok
14:34:56.0666 1836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:34:56.0666 1836 aliide - ok
14:34:56.0760 1836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:34:56.0760 1836 amdide - ok
14:34:56.0853 1836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:34:56.0853 1836 AmdK8 - ok
14:34:56.0963 1836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:34:56.0963 1836 AmdPPM - ok
14:34:57.0072 1836 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:34:57.0072 1836 amdsata - ok
14:34:57.0181 1836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:34:57.0181 1836 amdsbs - ok
14:34:57.0275 1836 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:34:57.0275 1836 amdxata - ok
14:34:57.0399 1836 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:34:57.0399 1836 AppID - ok
14:34:57.0633 1836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:34:57.0633 1836 arc - ok
14:34:57.0743 1836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:34:57.0743 1836 arcsas - ok
14:34:57.0836 1836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:34:57.0836 1836 AsyncMac - ok
14:34:57.0930 1836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:34:57.0930 1836 atapi - ok
14:34:58.0070 1836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:34:58.0070 1836 b06bdrv - ok
14:34:58.0195 1836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:34:58.0195 1836 b57nd60a - ok
14:34:58.0507 1836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:34:58.0585 1836 Beep - ok
14:34:58.0866 1836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:34:58.0866 1836 blbdrive - ok
14:34:58.0991 1836 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:34:58.0991 1836 bowser - ok
14:34:59.0100 1836 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
14:34:59.0100 1836 bpenum - ok
14:34:59.0225 1836 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
14:34:59.0240 1836 bpmp - ok
14:34:59.0334 1836 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
14:34:59.0334 1836 bpusb - ok
14:34:59.0427 1836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:34:59.0427 1836 BrFiltLo - ok
14:34:59.0599 1836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:34:59.0599 1836 BrFiltUp - ok
14:34:59.0724 1836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:34:59.0724 1836 Brserid - ok
14:34:59.0802 1836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:34:59.0802 1836 BrSerWdm - ok
14:34:59.0911 1836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:34:59.0911 1836 BrUsbMdm - ok
14:35:00.0005 1836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:35:00.0005 1836 BrUsbSer - ok
14:35:00.0114 1836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:35:00.0114 1836 BTHMODEM - ok
14:35:00.0223 1836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:35:00.0223 1836 cdfs - ok
14:35:00.0332 1836 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:35:00.0332 1836 cdrom - ok
14:35:00.0473 1836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:35:00.0473 1836 circlass - ok
14:35:00.0566 1836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:35:00.0566 1836 CLFS - ok
14:35:00.0691 1836 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
14:35:00.0707 1836 clwvd - ok
14:35:00.0800 1836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:35:00.0800 1836 CmBatt - ok
14:35:00.0894 1836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:35:00.0894 1836 cmdide - ok
14:35:00.0987 1836 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
14:35:01.0003 1836 CNG - ok
14:35:01.0097 1836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:35:01.0097 1836 Compbatt - ok
14:35:01.0206 1836 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:35:01.0206 1836 CompositeBus - ok
14:35:01.0299 1836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:35:01.0299 1836 crcdisk - ok
14:35:01.0440 1836 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:35:01.0440 1836 DfsC - ok
14:35:01.0674 1836 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
14:35:01.0674 1836 dg_ssudbus - ok
14:35:01.0799 1836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:35:01.0799 1836 discache - ok
14:35:01.0908 1836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:35:01.0908 1836 Disk - ok
14:35:02.0048 1836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:35:02.0048 1836 drmkaud - ok
14:35:02.0157 1836 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
14:35:02.0157 1836 DVMIO - ok
14:35:02.0267 1836 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\Windows\System32\drivers\dxgkrnl.sys
14:35:02.0282 1836 DXGKrnl - ok
14:35:02.0423 1836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:35:02.0469 1836 ebdrv - ok
14:35:02.0625 1836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:35:02.0625 1836 elxstor - ok
14:35:02.0735 1836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:35:02.0735 1836 ErrDev - ok
14:35:02.0859 1836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:35:02.0859 1836 exfat - ok
14:35:02.0953 1836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:35:02.0969 1836 fastfat - ok
14:35:03.0062 1836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:35:03.0062 1836 fdc - ok
14:35:03.0156 1836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:35:03.0171 1836 FileInfo - ok
14:35:03.0249 1836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:35:03.0265 1836 Filetrace - ok
14:35:03.0359 1836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:35:03.0359 1836 flpydisk - ok
14:35:03.0468 1836 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:35:03.0468 1836 FltMgr - ok
14:35:03.0655 1836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:35:03.0655 1836 FsDepends - ok
14:35:03.0749 1836 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:35:03.0749 1836 Fs_Rec - ok
14:35:03.0951 1836 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:35:03.0951 1836 fvevol - ok
14:35:04.0045 1836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:35:04.0061 1836 gagp30kx - ok
14:35:04.0185 1836 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:35:04.0185 1836 GEARAspiWDM - ok
14:35:04.0341 1836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:35:04.0341 1836 hcw85cir - ok
14:35:04.0482 1836 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:35:04.0482 1836 HdAudAddService - ok
14:35:04.0591 1836 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:35:04.0591 1836 HDAudBus - ok
14:35:04.0685 1836 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:35:04.0685 1836 HECIx64 - ok
14:35:04.0778 1836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:35:04.0778 1836 HidBatt - ok
14:35:04.0887 1836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:35:04.0887 1836 HidBth - ok
14:35:04.0981 1836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:35:04.0981 1836 HidIr - ok
14:35:05.0121 1836 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:35:05.0121 1836 HidUsb - ok
14:35:05.0246 1836 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:35:05.0246 1836 hpdskflt - ok
14:35:05.0371 1836 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:35:05.0371 1836 HpSAMD - ok
14:35:05.0652 1836 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:35:05.0652 1836 HTTP - ok
14:35:05.0745 1836 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:35:05.0745 1836 hwpolicy - ok
14:35:05.0870 1836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:35:05.0870 1836 i8042prt - ok
14:35:05.0979 1836 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:35:05.0979 1836 iaStor - ok
14:35:06.0104 1836 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:35:06.0104 1836 iaStorV - ok
14:35:06.0416 1836 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:35:06.0635 1836 igfx - ok
14:35:06.0728 1836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:35:06.0728 1836 iirsp - ok
14:35:06.0837 1836 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
14:35:06.0837 1836 Impcd - ok
14:35:06.0962 1836 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:35:06.0962 1836 IntcDAud - ok
14:35:07.0040 1836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:35:07.0040 1836 intelide - ok
14:35:07.0149 1836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:35:07.0149 1836 intelppm - ok
14:35:07.0259 1836 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:35:07.0259 1836 IpFilterDriver - ok
14:35:07.0352 1836 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:35:07.0352 1836 IPMIDRV - ok
14:35:07.0461 1836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:35:07.0461 1836 IPNAT - ok
14:35:07.0664 1836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:35:07.0664 1836 IRENUM - ok
14:35:07.0742 1836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:35:07.0742 1836 isapnp - ok
14:35:07.0851 1836 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:35:07.0851 1836 iScsiPrt - ok
14:35:07.0961 1836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:35:07.0961 1836 kbdclass - ok
14:35:08.0070 1836 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:35:08.0070 1836 kbdhid - ok
14:35:08.0319 1836 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
14:35:08.0319 1836 KL1 - ok
14:35:08.0444 1836 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
14:35:08.0444 1836 kl2 - ok
14:35:08.0569 1836 KLIF (177505577604c94c4be7b9316a90ada1) C:\Windows\system32\DRIVERS\klif.sys
14:35:08.0569 1836 KLIF - ok
14:35:08.0678 1836 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
14:35:08.0678 1836 KLIM6 - ok
14:35:08.0837 1836 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
14:35:08.0837 1836 klmouflt - ok
14:35:08.0932 1836 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
14:35:08.0933 1836 KSecDD - ok
14:35:09.0233 1836 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
14:35:09.0234 1836 KSecPkg - ok
14:35:09.0340 1836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:35:09.0341 1836 ksthunk - ok
14:35:09.0470 1836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:35:09.0471 1836 lltdio - ok
14:35:09.0689 1836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:35:09.0691 1836 LSI_FC - ok
14:35:09.0798 1836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:35:09.0799 1836 LSI_SAS - ok
14:35:09.0906 1836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:35:09.0907 1836 LSI_SAS2 - ok
14:35:10.0016 1836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:35:10.0017 1836 LSI_SCSI - ok
14:35:10.0128 1836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:35:10.0130 1836 luafv - ok
14:35:10.0247 1836 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:35:10.0248 1836 MBAMProtector - ok
14:35:10.0381 1836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:35:10.0382 1836 megasas - ok
14:35:10.0482 1836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:35:10.0485 1836 MegaSR - ok
14:35:10.0576 1836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:35:10.0577 1836 Modem - ok
14:35:10.0678 1836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:35:10.0678 1836 monitor - ok
14:35:10.0787 1836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:35:10.0787 1836 mouclass - ok
14:35:10.0912 1836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:35:10.0912 1836 mouhid - ok
14:35:11.0005 1836 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:35:11.0005 1836 mountmgr - ok
14:35:11.0099 1836 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:35:11.0114 1836 mpio - ok
14:35:11.0208 1836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:35:11.0208 1836 mpsdrv - ok
14:35:11.0302 1836 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:35:11.0302 1836 MRxDAV - ok
14:35:11.0411 1836 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:35:11.0411 1836 mrxsmb - ok
14:35:11.0614 1836 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:35:11.0614 1836 mrxsmb10 - ok
14:35:11.0707 1836 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:35:11.0707 1836 mrxsmb20 - ok
14:35:11.0801 1836 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
14:35:11.0801 1836 msahci - ok
14:35:11.0879 1836 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:35:11.0879 1836 msdsm - ok
14:35:12.0004 1836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:35:12.0004 1836 Msfs - ok
14:35:12.0082 1836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:35:12.0082 1836 mshidkmdf - ok
14:35:12.0175 1836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:35:12.0175 1836 msisadrv - ok
14:35:12.0284 1836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:35:12.0284 1836 MSKSSRV - ok
14:35:12.0394 1836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:35:12.0394 1836 MSPCLOCK - ok
14:35:12.0503 1836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:35:12.0503 1836 MSPQM - ok
14:35:12.0612 1836 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:35:12.0612 1836 MsRPC - ok
14:35:12.0706 1836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:35:12.0706 1836 mssmbios - ok
14:35:12.0815 1836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:35:12.0815 1836 MSTEE - ok
14:35:12.0924 1836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:35:12.0924 1836 MTConfig - ok
14:35:13.0018 1836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:35:13.0018 1836 Mup - ok
14:35:13.0142 1836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:35:13.0142 1836 NativeWifiP - ok
14:35:13.0252 1836 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:35:13.0267 1836 NDIS - ok
14:35:13.0376 1836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:35:13.0376 1836 NdisCap - ok
14:35:13.0486 1836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:35:13.0486 1836 NdisTapi - ok
14:35:13.0688 1836 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:35:13.0688 1836 Ndisuio - ok
14:35:13.0782 1836 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:35:13.0782 1836 NdisWan - ok
14:35:13.0876 1836 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:35:13.0876 1836 NDProxy - ok
14:35:13.0985 1836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:35:13.0985 1836 NetBIOS - ok
14:35:14.0078 1836 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:35:14.0094 1836 NetBT - ok
14:35:14.0406 1836 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
14:35:14.0562 1836 NETw5s64 - ok
14:35:14.0749 1836 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
14:35:14.0858 1836 netw5v64 - ok
14:35:15.0077 1836 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
14:35:15.0217 1836 NETwNs64 - ok
14:35:15.0326 1836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:35:15.0326 1836 nfrd960 - ok
14:35:15.0467 1836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:35:15.0467 1836 Npfs - ok
14:35:15.0638 1836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:35:15.0638 1836 nsiproxy - ok
14:35:15.0794 1836 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:35:15.0794 1836 Ntfs - ok
14:35:15.0919 1836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:35:15.0919 1836 Null - ok
14:35:16.0028 1836 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:35:16.0028 1836 nvraid - ok
14:35:16.0122 1836 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:35:16.0122 1836 nvstor - ok
14:35:16.0216 1836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:35:16.0216 1836 nv_agp - ok
14:35:16.0309 1836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:35:16.0309 1836 ohci1394 - ok
14:35:16.0434 1836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:35:16.0450 1836 Parport - ok
14:35:16.0528 1836 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:35:16.0543 1836 partmgr - ok
14:35:16.0637 1836 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:35:16.0637 1836 pci - ok
14:35:16.0746 1836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:35:16.0746 1836 pciide - ok
14:35:16.0840 1836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:35:16.0840 1836 pcmcia - ok
14:35:16.0933 1836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:35:16.0933 1836 pcw - ok
14:35:17.0058 1836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:35:17.0074 1836 PEAUTH - ok
14:35:17.0230 1836 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:35:17.0230 1836 PptpMiniport - ok
14:35:17.0323 1836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:35:17.0323 1836 Processor - ok
14:35:17.0432 1836 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:35:17.0432 1836 Psched - ok
14:35:17.0807 1836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:35:17.0838 1836 ql2300 - ok
14:35:17.0932 1836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:35:17.0932 1836 ql40xx - ok
14:35:18.0041 1836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:35:18.0041 1836 QWAVEdrv - ok
14:35:18.0134 1836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:35:18.0134 1836 RasAcd - ok
14:35:18.0244 1836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:35:18.0244 1836 RasAgileVpn - ok
14:35:18.0368 1836 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:35:18.0368 1836 Rasl2tp - ok
14:35:18.0478 1836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:35:18.0478 1836 RasPppoe - ok
14:35:18.0587 1836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:35:18.0587 1836 RasSstp - ok
14:35:18.0680 1836 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:35:18.0696 1836 rdbss - ok
14:35:18.0774 1836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:35:18.0774 1836 rdpbus - ok
14:35:18.0883 1836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:35:18.0883 1836 RDPCDD - ok
14:35:18.0992 1836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:35:18.0992 1836 RDPENCDD - ok
14:35:19.0086 1836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:35:19.0086 1836 RDPREFMP - ok
14:35:19.0195 1836 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:35:19.0195 1836 RDPWD - ok
14:35:19.0304 1836 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:35:19.0304 1836 rdyboost - ok
14:35:19.0429 1836 RimUsb (71700b4c5797da5412e9250e26894586) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:35:19.0429 1836 RimUsb - ok
14:35:19.0960 1836 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:35:19.0960 1836 RimVSerPort - ok
14:35:20.0053 1836 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
14:35:20.0069 1836 ROOTMODEM - ok
14:35:20.0178 1836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:35:20.0178 1836 rspndr - ok
14:35:20.0272 1836 RTL8167 (6074829c74c5c72ab65ad2cee9c1bb47) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:35:20.0272 1836 RTL8167 - ok
14:35:20.0396 1836 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:35:20.0396 1836 sbp2port - ok
14:35:20.0490 1836 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:35:20.0490 1836 scfilter - ok
14:35:20.0615 1836 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
14:35:20.0615 1836 sdbus - ok
14:35:20.0740 1836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:35:20.0740 1836 secdrv - ok
14:35:20.0849 1836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:35:20.0849 1836 Serenum - ok
14:35:20.0958 1836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:35:20.0958 1836 Serial - ok
14:35:21.0052 1836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:35:21.0052 1836 sermouse - ok
14:35:21.0161 1836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:35:21.0161 1836 sffdisk - ok
14:35:21.0239 1836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:35:21.0239 1836 sffp_mmc - ok
14:35:21.0348 1836 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:35:21.0348 1836 sffp_sd - ok
14:35:21.0457 1836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:35:21.0457 1836 sfloppy - ok
14:35:21.0644 1836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:35:21.0660 1836 SiSRaid2 - ok
14:35:21.0769 1836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:35:21.0769 1836 SiSRaid4 - ok
14:35:21.0863 1836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:35:21.0878 1836 Smb - ok
14:35:21.0988 1836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:35:21.0988 1836 spldr - ok
14:35:22.0300 1836 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:35:22.0300 1836 srv - ok
14:35:22.0580 1836 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:35:22.0596 1836 srv2 - ok
14:35:22.0721 1836 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:35:22.0721 1836 SrvHsfHDA - ok
14:35:22.0830 1836 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:35:22.0846 1836 SrvHsfV92 - ok
14:35:22.0939 1836 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:35:22.0955 1836 SrvHsfWinac - ok
14:35:23.0158 1836 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:35:23.0158 1836 srvnet - ok
14:35:23.0298 1836 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
14:35:23.0298 1836 ssudmdm - ok
14:35:23.0407 1836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:35:23.0407 1836 stexstor - ok
14:35:23.0891 1836 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
14:35:23.0891 1836 STHDA - ok
14:35:24.0000 1836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:35:24.0000 1836 swenum - ok
14:35:24.0125 1836 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
14:35:24.0140 1836 SynTP - ok
14:35:24.0484 1836 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
14:35:24.0499 1836 Tcpip - ok
14:35:24.0936 1836 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
14:35:24.0952 1836 TCPIP6 - ok
14:35:25.0045 1836 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:35:25.0139 1836 tcpipreg - ok
14:35:25.0342 1836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:35:25.0342 1836 TDPIPE - ok
14:35:25.0420 1836 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:35:25.0420 1836 TDTCP - ok
14:35:25.0498 1836 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:35:25.0498 1836 tdx - ok
14:35:26.0231 1836 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:35:26.0231 1836 TermDD - ok
14:35:26.0324 1836 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:35:26.0324 1836 tssecsrv - ok
14:35:26.0434 1836 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:35:26.0434 1836 tunnel - ok
14:35:26.0543 1836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:35:26.0543 1836 uagp35 - ok
14:35:26.0636 1836 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
14:35:26.0636 1836 udfs - ok
14:35:26.0746 1836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:35:26.0746 1836 uliagpkx - ok
14:35:26.0855 1836 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:35:26.0855 1836 umbus - ok
14:35:26.0948 1836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:35:26.0948 1836 UmPass - ok
14:35:27.0073 1836 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
14:35:27.0073 1836 USBAAPL64 - ok
14:35:27.0167 1836 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
14:35:27.0167 1836 usbccgp - ok
14:35:27.0276 1836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:35:27.0276 1836 usbcir - ok
14:35:27.0385 1836 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
14:35:27.0385 1836 usbehci - ok
14:35:27.0479 1836 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
14:35:27.0479 1836 usbhub - ok
14:35:27.0666 1836 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
14:35:27.0682 1836 usbohci - ok
14:35:27.0760 1836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:35:27.0760 1836 usbprint - ok
14:35:27.0853 1836 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:35:27.0853 1836 USBSTOR - ok
14:35:27.0978 1836 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
14:35:27.0978 1836 usbuhci - ok
14:35:28.0103 1836 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
14:35:28.0103 1836 usbvideo - ok
14:35:28.0212 1836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:35:28.0212 1836 vdrvroot - ok
14:35:28.0306 1836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:35:28.0306 1836 vga - ok
14:35:28.0399 1836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:35:28.0399 1836 VgaSave - ok
14:35:28.0508 1836 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:35:28.0508 1836 vhdmp - ok
14:35:28.0602 1836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:35:28.0602 1836 viaide - ok
14:35:28.0696 1836 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:35:28.0696 1836 volmgr - ok
14:35:28.0789 1836 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:35:28.0789 1836 volmgrx - ok
14:35:28.0898 1836 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:35:28.0898 1836 volsnap - ok
14:35:29.0008 1836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:35:29.0008 1836 vsmraid - ok
14:35:29.0101 1836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:35:29.0101 1836 vwifibus - ok
14:35:29.0210 1836 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:35:29.0210 1836 vwififlt - ok
14:35:29.0304 1836 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:35:29.0304 1836 vwifimp - ok
14:35:29.0398 1836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:35:29.0398 1836 WacomPen - ok
14:35:29.0897 1836 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:35:29.0975 1836 WANARP - ok
14:35:30.0427 1836 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:35:30.0427 1836 Wanarpv6 - ok
14:35:30.0895 1836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:35:30.0895 1836 Wd - ok
14:35:31.0004 1836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:35:31.0004 1836 Wdf01000 - ok
14:35:31.0098 1836 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\Windows\system32\DRIVERS\WDKMD.sys
14:35:31.0098 1836 wdkmd - ok
14:35:31.0207 1836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:35:31.0207 1836 WfpLwf - ok
14:35:31.0316 1836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:35:31.0316 1836 WIMMount - ok
14:35:31.0426 1836 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
14:35:31.0426 1836 WinUSB - ok
14:35:31.0597 1836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:35:31.0597 1836 WmiAcpi - ok
14:35:31.0706 1836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:35:31.0706 1836 ws2ifsl - ok
14:35:31.0800 1836 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:35:31.0800 1836 WudfPf - ok
14:35:31.0894 1836 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:35:31.0894 1836 WUDFRd - ok
14:35:32.0018 1836 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:35:32.0018 1836 yukonw7 - ok
14:35:32.0065 1836 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0
14:35:32.0081 1836 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:35:32.0081 1836 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:35:32.0830 1836 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:35:32.0830 1836 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:35:32.0861 1836 Boot (0x1200) (c0e0ed91110788c33c628f7de1faefd9) \Device\Harddisk0\DR0\Partition0
14:35:32.0861 1836 \Device\Harddisk0\DR0\Partition0 - ok
14:35:32.0861 1836 Boot (0x1200) (92403252246310769a6fb3181699ca9d) \Device\Harddisk0\DR0\Partition1
14:35:32.0876 1836 \Device\Harddisk0\DR0\Partition1 - ok
14:35:32.0908 1836 Boot (0x1200) (299f344ecdf9649e5e2caef5ab5219ce) \Device\Harddisk0\DR0\Partition2
14:35:32.0908 1836 \Device\Harddisk0\DR0\Partition2 - ok
14:35:32.0923 1836 Boot (0x1200) (1ddcce2eeada88bcb4526f3a57966a6d) \Device\Harddisk0\DR0\Partition3
14:35:32.0923 1836 \Device\Harddisk0\DR0\Partition3 - ok
14:35:32.0939 1836 ============================================================
14:35:32.0939 1836 Scan finished
14:35:32.0939 1836 ============================================================
14:35:32.0939 1564 Detected object count: 2
14:35:32.0939 1564 Actual detected object count: 2
14:36:14.0502 1564 \Device\Harddisk0\DR0\# - copied to quarantine
14:36:14.0502 1564 \Device\Harddisk0\DR0 - copied to quarantine
14:36:14.0939 1564 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:36:14.0939 1564 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:36:15.0064 1564 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:36:15.0095 1564 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:36:15.0095 1564 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:36:15.0095 1564 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:36:15.0095 1564 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:36:15.0095 1564 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:36:15.0095 1564 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:36:15.0095 1564 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:36:15.0111 1564 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
14:36:15.0142 1564 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:36:15.0142 1564 \Device\Harddisk0\DR0 - ok
14:36:17.0856 1564 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:36:17.0856 1564 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:36:17.0856 1564 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:36:40.0713 0760 Deinitialize success






OTL logfile created on: 2/13/2012 2:45:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\HP\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 3.24 Gb Available Physical Memory | 85.15% Memory free
7.60 Gb Paging File | 7.07 Gb Available in Paging File | 92.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 572.21 Gb Total Space | 505.87 Gb Free Space | 88.41% Space Free | Partition Type: NTFS
Drive D: | 23.66 Gb Total Space | 3.46 Gb Free Space | 14.61% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 89.38 Mb Free Space | 89.98% Space Free | Partition Type: FAT32

Computer Name: HP-HP | User Name: HP | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/13 14:43:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Downloads\OTL.exe
PRC - [2012/02/13 14:41:54 | 000,285,696 | ---- | M] () -- C:\Program Files (x86)\LP\2D98\C55.exe
PRC - [2012/02/13 14:00:31 | 000,168,960 | ---- | M] () -- C:\Users\HP\AppData\Roaming\8E331\6688D.exe
PRC - [2012/02/13 13:59:48 | 000,182,272 | ---- | M] () -- C:\Program Files (x86)\3161D\lvvm.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/13 14:41:54 | 000,285,696 | ---- | M] () -- C:\Program Files (x86)\LP\2D98\C55.exe
MOD - [2012/02/13 14:00:31 | 000,168,960 | ---- | M] () -- C:\Users\HP\AppData\Roaming\8E331\6688D.exe
MOD - [2012/02/13 13:59:48 | 000,182,272 | ---- | M] () -- C:\Program Files (x86)\3161D\lvvm.exe
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/11 20:07:04 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/03/11 20:07:03 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/07 18:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/06/07 18:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/03/05 13:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 13:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 13:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/23 10:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/08 15:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/25 09:59:16 | 000,244,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/14 13:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/01/22 04:51:58 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/25 08:15:46 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/06/08 23:06:12 | 000,697,712 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe -- (EgisTec Service)
SRV - [2010/06/08 23:05:16 | 000,646,000 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/15 11:45:42 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/04/15 11:44:48 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/23 10:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/24 22:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/11/24 22:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/04/23 20:34:36 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/03/11 20:07:05 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 13:57:30 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/22 04:51:57 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/12/14 21:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 22:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/25 00:19:40 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/25 01:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/16 16:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/06/09 20:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 20:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/05/16 20:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2010/05/16 20:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 20:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/04/22 22:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/16 14:45:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/03/18 01:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/11/11 16:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2009/11/02 23:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 15:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 15:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 19:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z129&ocid=zdhp&install_date=20111201
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53515

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://g.msn.com/HPNOT/1"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20111201&q="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53515
FF - prefs.js..network.proxy.type: 1

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HP\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2010/11/30 20:48:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/11/30 20:58:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/30 20:58:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/12 17:13:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2011/01/22 03:22:51 | 000,000,000 | ---D | M]

[2011/09/30 03:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Extensions
[2012/02/11 11:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\aiat0cgu.default\extensions
[2011/12/01 16:44:55 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\aiat0cgu.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/12/01 16:44:53 | 000,001,945 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\aiat0cgu.default\searchplugins\bing-zugo.xml
[2011/09/30 03:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/30 03:51:49 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
() (No name found) -- C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AIAT0CGU.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/01/12 17:13:32 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/10 13:36:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGACDF&install_date=20111201
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\HP\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HP\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/02/08 14:55:13 | 000,000,882 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [258.exe] C:\Program Files (x86)\LP\3B68\258.exe ()
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [C55.exe] C:\Program Files (x86)\LP\2D98\C55.exe ()
O4 - HKLM..\Run: [E40.exe] C:\Program Files (x86)\LP\8D88\E40.exe ()
O4 - HKLM..\Run: [E71.exe] C:\Program Files (x86)\LP\DB48\E71.exe ()
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe (Egis Technology Inc. )
O4 - HKCU..\Run: [107.exe] C:\Users\HP\AppData\Roaming\Microsoft\8B38\107.exe ()
O4 - HKCU..\Run: [44B.exe] C:\Users\HP\AppData\Roaming\Microsoft\1B58\44B.exe ()
O4 - HKCU..\Run: [57D.exe] C:\Users\HP\AppData\Roaming\Microsoft\DAD8\57D.exe ()
O4 - HKCU..\Run: [8AC.exe] C:\Users\HP\AppData\Roaming\Microsoft\4A78\8AC.exe ()
O4 - HKCU..\Run: [BCD.exe] C:\Users\HP\AppData\Roaming\Microsoft\DB68\BCD.exe ()
O4 - HKCU..\Run: [DBE.exe] C:\Users\HP\AppData\Roaming\Microsoft\AB48\DBE.exe ()
O4 - HKCU..\Run: [E00.exe] C:\Users\HP\AppData\Roaming\Microsoft\7B08\E00.exe ()
O4 - HKCU..\Run: [E71.exe] C:\Users\HP\AppData\Roaming\Microsoft\DB48\E71.exe ()
O4 - HKCU..\Run: [F3C.exe] C:\Users\HP\AppData\Roaming\Microsoft\1B78\F3C.exe ()
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [QrYVrxLHQgNNQj.exe] C:\ProgramData\QrYVrxLHQgNNQj.exe ()
O4 - HKCU..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" File not found
F3:64bit: - HKCU WinNT: Load - (C:\Users\HP\AppData\Roaming\3161D\lvvm.exe) - C:\Users\HP\AppData\Roaming\3161D\lvvm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\HP\AppData\Roaming\3161D\lvvm.exe) -C:\Users\HP\AppData\Roaming\3161D\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hrsaccount.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: salliemae.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E103DACB-7E45-471A-AE11-93FA1B144EFD}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\HP\AppData\Roaming\8E331\08B2D.exe) -C:\Users\HP\AppData\Roaming\8E331\08B2D.exe ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d0670ac3-eda4-11e0-bfac-f621911c7588}\Shell - "" = AutoRun
O33 - MountPoints2\{d0670ac3-eda4-11e0-bfac-f621911c7588}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = 7jv] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = 7jv] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 14:36:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/13 14:33:16 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HP\Desktop\TDSSKiller.exe
[2012/02/11 21:59:01 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/02/11 21:10:21 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\3161D
[2012/02/11 21:09:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\8E331
[2012/02/11 21:05:48 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/02/11 21:04:17 | 004,402,217 | R--- | C] (Swearware) -- C:\Users\HP\Desktop\ComboFix.exe
[2012/02/10 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3161D
[2012/02/10 13:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2012/02/10 13:46:14 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/02/08 21:54:22 | 000,000,000 | -HSD | C] -- C:\found.003
[2012/02/01 20:06:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/31 22:42:09 | 000,000,000 | -HSD | C] -- C:\found.002
[2012/01/26 15:35:35 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/26 15:35:35 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/26 15:35:35 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/26 15:35:35 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/26 15:35:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/26 15:35:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/22 21:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/01/22 20:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/01/19 22:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/13 14:47:35 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/13 14:47:35 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/13 14:47:35 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/13 14:40:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/13 14:39:57 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 14:38:34 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/13 13:54:03 | 434,950,057 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/12 22:17:55 | 000,000,448 | ---- | M] () -- C:\ProgramData\14Ive32sVNwUe9
[2012/02/12 22:16:10 | 000,000,304 | ---- | M] () -- C:\ProgramData\~14Ive32sVNwUe9
[2012/02/12 22:16:10 | 000,000,208 | ---- | M] () -- C:\ProgramData\~14Ive32sVNwUe9r
[2012/02/12 22:15:36 | 000,352,768 | ---- | M] () -- C:\ProgramData\14Ive32sVNwUe9.exe
[2012/02/12 21:28:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-749227208-554072773-4036495959-1000UA.job
[2012/02/11 22:19:57 | 000,000,344 | ---- | M] () -- C:\ProgramData\n8mrX2lPzXJxjP
[2012/02/11 22:19:15 | 000,352,768 | ---- | M] () -- C:\ProgramData\n8mrX2lPzXJxjP.exe
[2012/02/11 22:09:05 | 000,352,768 | ---- | M] () -- C:\ProgramData\mOlMxOpKVb1zkz.exe
[2012/02/11 21:59:08 | 000,000,677 | ---- | M] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/11 21:59:07 | 000,000,653 | ---- | M] () -- C:\Users\HP\Desktop\System Check.lnk
[2012/02/11 21:59:02 | 000,000,296 | ---- | M] () -- C:\ProgramData\~gpCv1BcxfzNAo7
[2012/02/11 21:59:02 | 000,000,208 | ---- | M] () -- C:\ProgramData\~gpCv1BcxfzNAo7r
[2012/02/11 21:58:37 | 000,000,344 | ---- | M] () -- C:\ProgramData\gpCv1BcxfzNAo7
[2012/02/11 21:58:04 | 000,352,768 | ---- | M] () -- C:\ProgramData\gpCv1BcxfzNAo7.exe
[2012/02/11 21:53:36 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2012/02/11 21:29:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 21:29:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 21:25:04 | 000,446,464 | ---- | M] () -- C:\ProgramData\QrYVrxLHQgNNQj.exe
[2012/02/11 21:12:08 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/11 21:10:42 | 000,280,576 | ---- | M] () -- C:\Users\HP\AppData\Roaming\firefox.exe
[2012/02/11 21:08:08 | 000,000,158 | ---- | M] () -- C:\Users\HP\AppData\Local\mv_Photo.xml
[2012/02/11 21:08:08 | 000,000,111 | ---- | M] () -- C:\Users\HP\AppData\Local\mv_music.xml
[2012/02/11 21:04:20 | 004,402,217 | R--- | M] (Swearware) -- C:\Users\HP\Desktop\ComboFix.exe
[2012/02/11 20:37:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/11 19:36:01 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-749227208-554072773-4036495959-1000Core.job
[2012/02/11 16:59:22 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HP\Desktop\TDSSKiller.exe
[2012/02/09 22:28:20 | 000,000,000 | ---- | M] () -- C:\Users\HP\defogger_reenable
[2012/02/09 19:46:30 | 000,000,512 | ---- | M] () -- C:\Users\HP\Desktop\MBR.dat
[2012/02/09 00:36:53 | 000,002,379 | ---- | M] () -- C:\Users\HP\Desktop\Google Chrome.lnk
[2012/02/08 14:55:13 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/28 20:44:12 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP.job
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 22:16:10 | 000,000,208 | ---- | C] () -- C:\ProgramData\~14Ive32sVNwUe9r
[2012/02/12 22:16:08 | 000,000,304 | ---- | C] () -- C:\ProgramData\~14Ive32sVNwUe9
[2012/02/12 22:15:50 | 000,000,448 | ---- | C] () -- C:\ProgramData\14Ive32sVNwUe9
[2012/02/12 22:15:36 | 000,352,768 | ---- | C] () -- C:\ProgramData\14Ive32sVNwUe9.exe
[2012/02/11 22:19:56 | 000,000,344 | ---- | C] () -- C:\ProgramData\n8mrX2lPzXJxjP
[2012/02/11 22:19:15 | 000,352,768 | ---- | C] () -- C:\ProgramData\n8mrX2lPzXJxjP.exe
[2012/02/11 22:09:01 | 000,352,768 | ---- | C] () -- C:\ProgramData\mOlMxOpKVb1zkz.exe
[2012/02/11 21:59:08 | 000,000,677 | ---- | C] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/11 21:59:07 | 000,000,653 | ---- | C] () -- C:\Users\HP\Desktop\System Check.lnk
[2012/02/11 21:59:02 | 000,000,208 | ---- | C] () -- C:\ProgramData\~gpCv1BcxfzNAo7r
[2012/02/11 21:59:01 | 000,000,296 | ---- | C] () -- C:\ProgramData\~gpCv1BcxfzNAo7
[2012/02/11 21:58:37 | 000,000,344 | ---- | C] () -- C:\ProgramData\gpCv1BcxfzNAo7
[2012/02/11 21:58:04 | 000,352,768 | ---- | C] () -- C:\ProgramData\gpCv1BcxfzNAo7.exe
[2012/02/11 21:53:36 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2012/02/11 21:28:11 | 000,446,464 | ---- | C] () -- C:\ProgramData\QrYVrxLHQgNNQj.exe
[2012/02/11 21:12:05 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At1.job
[2012/02/11 21:10:42 | 000,280,576 | ---- | C] () -- C:\Users\HP\AppData\Roaming\firefox.exe
[2012/02/09 22:28:20 | 000,000,000 | ---- | C] () -- C:\Users\HP\defogger_reenable
[2012/02/09 19:46:30 | 000,000,512 | ---- | C] () -- C:\Users\HP\Desktop\MBR.dat
[2011/12/22 13:00:24 | 000,006,762 | ---- | C] () -- C:\ProgramData\646861a3
[2011/12/22 13:00:24 | 000,006,752 | ---- | C] () -- C:\Users\HP\AppData\Roaming\d665fdc0
[2011/12/22 13:00:24 | 000,006,584 | ---- | C] () -- C:\Users\HP\AppData\Local\84d79d68
[2011/12/21 01:12:42 | 000,009,092 | -HS- | C] () -- C:\Users\HP\AppData\Local\7ra25ti5251d0gr583s63657vregb5867
[2011/12/21 01:12:42 | 000,009,092 | -HS- | C] () -- C:\ProgramData\7ra25ti5251d0gr583s63657vregb5867
[2011/12/21 01:04:50 | 000,009,228 | -HS- | C] () -- C:\Users\HP\AppData\Local\k1ye34x6nm1ugc
[2011/12/21 01:04:50 | 000,009,228 | -HS- | C] () -- C:\ProgramData\k1ye34x6nm1ugc
[2011/12/21 00:09:45 | 000,010,432 | -HS- | C] () -- C:\ProgramData\3307304831
[2011/12/17 22:57:57 | 000,010,432 | -HS- | C] () -- C:\Users\HP\AppData\Local\4ru37yu5643u8bb528u82254efsrd0284
[2011/12/17 22:57:57 | 000,010,432 | -HS- | C] () -- C:\ProgramData\4ru37yu5643u8bb528u82254efsrd0284
[2011/12/17 01:09:50 | 000,010,548 | -HS- | C] () -- C:\Users\HP\AppData\Local\apeppn1h4idd2iho5rqx5t676v5h
[2011/12/17 01:09:50 | 000,010,548 | -HS- | C] () -- C:\ProgramData\apeppn1h4idd2iho5rqx5t676v5h
[2011/12/12 19:42:13 | 000,001,268 | -HS- | C] () -- C:\Users\HP\AppData\Local\u4mv34k0fq2qcs
[2011/12/12 19:42:13 | 000,001,268 | -HS- | C] () -- C:\ProgramData\u4mv34k0fq2qcs
[2011/10/23 14:54:19 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\{E0DECC3B-04DB-4351-B98A-F9FDD1A9A514}
[2011/10/23 14:37:20 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\{E902814D-9C53-4C22-8F89-CF8528954A5F}
[2011/06/08 21:11:11 | 000,004,930 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2011/04/30 20:29:42 | 000,001,854 | ---- | C] () -- C:\Users\HP\AppData\Roaming\GhostObjGAFix.xml
[2011/01/21 23:48:01 | 000,000,158 | ---- | C] () -- C:\Users\HP\AppData\Local\mv_Photo.xml
[2011/01/21 23:48:01 | 000,000,111 | ---- | C] () -- C:\Users\HP\AppData\Local\mv_music.xml
[2010/11/30 20:17:18 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/30 20:17:18 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/30 20:17:18 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/11/30 20:17:16 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/11/30 20:15:27 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/30 20:15:27 | 000,000,253 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/10/26 15:10:58 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/10/26 12:43:09 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/08/25 22:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/02/09 20:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/10 00:03:56 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 13 February 2012 - 06:00 PM

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the following box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53515
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
    FF - prefs.js..network.proxy.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.socks_port: 9050
    FF - prefs.js..network.proxy.socks_remote_dns: true
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 53515
    FF - prefs.js..network.proxy.type: 1
    O4 - HKLM..\Run: [258.exe] C:\Program Files (x86)\LP\3B68\258.exe ()
    O4 - HKLM..\Run: [C55.exe] C:\Program Files (x86)\LP\2D98\C55.exe ()
    O4 - HKLM..\Run: [E40.exe] C:\Program Files (x86)\LP\8D88\E40.exe ()
    O4 - HKLM..\Run: [E71.exe] C:\Program Files (x86)\LP\DB48\E71.exe ()
    O4 - HKCU..\Run: [107.exe] C:\Users\HP\AppData\Roaming\Microsoft\8B38\107.exe ()
    O4 - HKCU..\Run: [44B.exe] C:\Users\HP\AppData\Roaming\Microsoft\1B58\44B.exe ()
    O4 - HKCU..\Run: [57D.exe] C:\Users\HP\AppData\Roaming\Microsoft\DAD8\57D.exe ()
    O4 - HKCU..\Run: [8AC.exe] C:\Users\HP\AppData\Roaming\Microsoft\4A78\8AC.exe ()
    O4 - HKCU..\Run: [BCD.exe] C:\Users\HP\AppData\Roaming\Microsoft\DB68\BCD.exe ()
    O4 - HKCU..\Run: [DBE.exe] C:\Users\HP\AppData\Roaming\Microsoft\AB48\DBE.exe ()
    O4 - HKCU..\Run: [E00.exe] C:\Users\HP\AppData\Roaming\Microsoft\7B08\E00.exe ()
    O4 - HKCU..\Run: [E71.exe] C:\Users\HP\AppData\Roaming\Microsoft\DB48\E71.exe ()
    O4 - HKCU..\Run: [F3C.exe] C:\Users\HP\AppData\Roaming\Microsoft\1B78\F3C.exe ()
    O4 - HKCU..\Run: [QrYVrxLHQgNNQj.exe] C:\ProgramData\QrYVrxLHQgNNQj.exe ()
    [2012/02/11 21:59:01 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/02/11 21:10:21 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\3161D
    [2012/02/11 21:09:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\8E331
    [2012/02/10 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3161D
    [2012/02/10 13:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
    [2012/02/12 22:17:55 | 000,000,448 | ---- | M] () -- C:\ProgramData\14Ive32sVNwUe9
    [2012/02/12 22:16:10 | 000,000,304 | ---- | M] () -- C:\ProgramData\~14Ive32sVNwUe9
    [2012/02/12 22:16:10 | 000,000,208 | ---- | M] () -- C:\ProgramData\~14Ive32sVNwUe9r
    [2012/02/12 22:15:36 | 000,352,768 | ---- | M] () -- C:\ProgramData\14Ive32sVNwUe9.exe
    [2012/02/11 22:19:57 | 000,000,344 | ---- | M] () -- C:\ProgramData\n8mrX2lPzXJxjP
    [2012/02/11 22:19:15 | 000,352,768 | ---- | M] () -- C:\ProgramData\n8mrX2lPzXJxjP.exe
    [2012/02/11 22:09:05 | 000,352,768 | ---- | M] () -- C:\ProgramData\mOlMxOpKVb1zkz.exe
    [2012/02/11 21:59:08 | 000,000,677 | ---- | M] () -- C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/02/11 21:59:07 | 000,000,653 | ---- | M] () -- C:\Users\HP\Desktop\System Check.lnk
    [2012/02/11 21:59:02 | 000,000,296 | ---- | M] () -- C:\ProgramData\~gpCv1BcxfzNAo7
    [2012/02/11 21:59:02 | 000,000,208 | ---- | M] () -- C:\ProgramData\~gpCv1BcxfzNAo7r
    [2012/02/11 21:58:37 | 000,000,344 | ---- | M] () -- C:\ProgramData\gpCv1BcxfzNAo7
    [2012/02/11 21:58:04 | 000,352,768 | ---- | M] () -- C:\ProgramData\gpCv1BcxfzNAo7.exe
    [2012/02/11 21:25:04 | 000,446,464 | ---- | M] () -- C:\ProgramData\QrYVrxLHQgNNQj.exe
    [2012/02/11 21:12:08 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2011/12/22 13:00:24 | 000,006,762 | ---- | C] () -- C:\ProgramData\646861a3
    [2011/12/22 13:00:24 | 000,006,752 | ---- | C] () -- C:\Users\HP\AppData\Roaming\d665fdc0
    [2011/12/22 13:00:24 | 000,006,584 | ---- | C] () -- C:\Users\HP\AppData\Local\84d79d68
    [2011/12/21 01:12:42 | 000,009,092 | -HS- | C] () -- C:\Users\HP\AppData\Local\7ra25ti5251d0gr583s63657vregb5867
    [2011/12/21 01:12:42 | 000,009,092 | -HS- | C] () -- C:\ProgramData\7ra25ti5251d0gr583s63657vregb5867
    [2011/12/21 01:04:50 | 000,009,228 | -HS- | C] () -- C:\Users\HP\AppData\Local\k1ye34x6nm1ugc
    [2011/12/21 01:04:50 | 000,009,228 | -HS- | C] () -- C:\ProgramData\k1ye34x6nm1ugc
    [2011/12/21 00:09:45 | 000,010,432 | -HS- | C] () -- C:\ProgramData\3307304831
    [2011/12/17 22:57:57 | 000,010,432 | -HS- | C] () -- C:\Users\HP\AppData\Local\4ru37yu5643u8bb528u82254efsrd0284
    [2011/12/17 22:57:57 | 000,010,432 | -HS- | C] () -- C:\ProgramData\4ru37yu5643u8bb528u82254efsrd0284
    [2011/12/17 01:09:50 | 000,010,548 | -HS- | C] () -- C:\Users\HP\AppData\Local\apeppn1h4idd2iho5rqx5t676v5h
    [2011/12/17 01:09:50 | 000,010,548 | -HS- | C] () -- C:\ProgramData\apeppn1h4idd2iho5rqx5t676v5h
    [2011/12/12 19:42:13 | 000,001,268 | -HS- | C] () -- C:\Users\HP\AppData\Local\u4mv34k0fq2qcs
    [2011/12/12 19:42:13 | 000,001,268 | -HS- | C] () -- C:\ProgramData\u4mv34k0fq2qcs
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [ResetHosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Please include the following in your next post:
  • OTL Fix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 changuito242

changuito242
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 13 February 2012 - 08:15 PM

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 53515 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\258.exe deleted successfully.
C:\Program Files (x86)\LP\3B68\258.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\C55.exe deleted successfully.
C:\Program Files (x86)\LP\2D98\C55.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\E40.exe deleted successfully.
C:\Program Files (x86)\LP\8D88\E40.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\E71.exe deleted successfully.
C:\Program Files (x86)\LP\DB48\E71.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\107.exe deleted successfully.
C:\Users\HP\AppData\Roaming\Microsoft\8B38\107.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\44B.exe deleted successfully.
C:\Users\HP\AppData\Roaming\Microsoft\1B58\44B.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\57D.exe deleted successfully.
C:\Users\HP\AppData\Roaming\Microsoft\DAD8\57D.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\8AC.exe deleted successfully.
C:\Users\HP\AppData\Roaming\Microsoft\4A78\8AC.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BCD.exe deleted successfully.
C:\Users\HP\AppData\Roaming\Microsoft\DB68\BCD.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DBE.exe deleted successfully.
C:\Users\HP\AppData\Roaming\Microsoft\AB48\DBE.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\E00.exe deleted successfully.
C:\Users\HP\AppData\Roaming\Microsoft\7B08\E00.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\E71.exe deleted successfully.
C:\Users\HP\AppData\Roaming\Microsoft\DB48\E71.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\F3C.exe deleted successfully.
C:\Users\HP\AppData\Roaming\Microsoft\1B78\F3C.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QrYVrxLHQgNNQj.exe deleted successfully.
C:\ProgramData\QrYVrxLHQgNNQj.exe moved successfully.
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\Users\HP\AppData\Roaming\3161D folder moved successfully.
C:\Users\HP\AppData\Roaming\8E331 folder moved successfully.
C:\Program Files (x86)\3161D folder moved successfully.
C:\Program Files (x86)\LP\DB48 folder moved successfully.
C:\Program Files (x86)\LP\BD18 folder moved successfully.
C:\Program Files (x86)\LP\8DB8 folder moved successfully.
C:\Program Files (x86)\LP\8D88 folder moved successfully.
C:\Program Files (x86)\LP\3B68 folder moved successfully.
C:\Program Files (x86)\LP\2D98 folder moved successfully.
C:\Program Files (x86)\LP folder moved successfully.
C:\ProgramData\14Ive32sVNwUe9 moved successfully.
C:\ProgramData\~14Ive32sVNwUe9 moved successfully.
C:\ProgramData\~14Ive32sVNwUe9r moved successfully.
C:\ProgramData\14Ive32sVNwUe9.exe moved successfully.
C:\ProgramData\n8mrX2lPzXJxjP moved successfully.
C:\ProgramData\n8mrX2lPzXJxjP.exe moved successfully.
C:\ProgramData\mOlMxOpKVb1zkz.exe moved successfully.
C:\Users\HP\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Users\HP\Desktop\System Check.lnk moved successfully.
C:\ProgramData\~gpCv1BcxfzNAo7 moved successfully.
C:\ProgramData\~gpCv1BcxfzNAo7r moved successfully.
C:\ProgramData\gpCv1BcxfzNAo7 moved successfully.
C:\ProgramData\gpCv1BcxfzNAo7.exe moved successfully.
File C:\ProgramData\QrYVrxLHQgNNQj.exe not found.
C:\Windows\Tasks\At1.job moved successfully.
C:\ProgramData\646861a3 moved successfully.
C:\Users\HP\AppData\Roaming\d665fdc0 moved successfully.
C:\Users\HP\AppData\Local\84d79d68 moved successfully.
C:\Users\HP\AppData\Local\7ra25ti5251d0gr583s63657vregb5867 moved successfully.
C:\ProgramData\7ra25ti5251d0gr583s63657vregb5867 moved successfully.
C:\Users\HP\AppData\Local\k1ye34x6nm1ugc moved successfully.
C:\ProgramData\k1ye34x6nm1ugc moved successfully.
C:\ProgramData\3307304831 moved successfully.
C:\Users\HP\AppData\Local\4ru37yu5643u8bb528u82254efsrd0284 moved successfully.
C:\ProgramData\4ru37yu5643u8bb528u82254efsrd0284 moved successfully.
C:\Users\HP\AppData\Local\apeppn1h4idd2iho5rqx5t676v5h moved successfully.
C:\ProgramData\apeppn1h4idd2iho5rqx5t676v5h moved successfully.
C:\Users\HP\AppData\Local\u4mv34k0fq2qcs moved successfully.
C:\ProgramData\u4mv34k0fq2qcs moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: HP
->Flash cache emptied: 2925042 bytes

User: Public

Total Flash Files Cleaned = 3.00 mb


[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HP
->Temp folder emptied: 1239392803 bytes
->Temporary Internet Files folder emptied: 2263126938 bytes
->Java cache emptied: 1405150 bytes
->FireFox cache emptied: 53064298 bytes
->Google Chrome cache emptied: 22828237 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1185556224 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,545.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01012009_001631

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 13 February 2012 - 11:10 PM

Hi,

I'd like you to try running ComboFix once more - if it doesn't work, just move on to the next step, please.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log (if you were able to run it)
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 changuito242

changuito242
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 16 February 2012 - 09:44 PM

Hello sir. My computer does not turn on anymore. Nothing happens when I press the power button. Is there anything in these logs that might suggest to you that I need to replace the hard drive or anything like that? If there's nothing else you can do for me, I appreciate your help.

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 16 February 2012 - 11:56 PM

There were a lot of malicious files and registry entries that I removed with OTL, but nothing that should have caused your PC not to boot. Does it do anything at all when you press the power button, or does it appear to be totally dead?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 changuito242

changuito242
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 17 February 2012 - 12:25 AM

Nope no response whatsoever. Could the battery be fried?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users