Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet explorer opens by itself


  • This topic is locked This topic is locked
23 replies to this topic

#1 jonnyp85

jonnyp85

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 13 April 2012 - 08:16 AM

Attached File  ark.txt   1.36KB   0 downloadsMy internet explorer keeps opening itself when im playing world of warcraft, but doesnt do it when wow is minimised. this happened before with another programme but i ran vulnerability scan with kaspersky which fixed it but once i installed and patched wow it happened when using that programme. i've used both malwarebytes anf kaspersky but they cant find any problems, please help me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:52 a.m., on 14/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Users\Public\Games\World of Warcraft\Wow.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\JayP\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/15
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD36BD1B-8E8F-47DD-8CC3-E6C72CAAB4A4}: NameServer = 203.118.191.1 203.109.191.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 14041 bytes

Edited by jonnyp85, 13 April 2012 - 09:30 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 16 April 2012 - 12:50 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jonnyp85

jonnyp85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 April 2012 - 06:14 PM

hi gringo, thanks for the reply, dunno if wouldv helped running all the programmes with world of warcraft open, since its the problem programme, it wasnt open when running them

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Kaspersky Internet Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
Kaspersky Lab Kaspersky Internet Security 2012 x64 klwtblfs.exe
Kaspersky Lab Kaspersky Internet Security 2012 x64 klwtbws.exe
``````````End of Log````````````


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by JayP at 11:09:53 on 2012-04-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.8140.5939 [GMT 12:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DD36BD1B-8E8F-47DD-8CC3-E6C72CAAB4A4} : NameServer = 203.118.191.1 203.109.191.1
TCP: Interfaces\{DD36BD1B-8E8F-47DD-8CC3-E6C72CAAB4A4} : DhcpNameServer = 203.118.191.1 203.109.191.1
TCP: Interfaces\{E8BB0DEE-A5F5-4CB8-B4A7-6F0E390B0D8D} : DhcpNameServer = 172.168.51.52
TCP: Interfaces\{F37E6F88-2AE0-4556-B591-F39842747704} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F37E6F88-2AE0-4556-B591-F39842747704}\47F6E6970277F627B6 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F37E6F88-2AE0-4556-B591-F39842747704}\A4F4E4E495D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-3 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-10-22 106144]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-21 249648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-10 86072]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-13 227896]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-3 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-3 2413056]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-3 2656536]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-22 158880]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vodafone_K380x-z_dc_enum;Vodafone K380x-z DC Enumerator (ZTE);C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys --> C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-2 195320]
S3 EraserUtilDrv11122;EraserUtilDrv11122;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [2012-3-4 138360]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vodafone_K380x-z_cdc_acm;Vodafone K380x-z CDC-ACM driver (ZTE);C:\Windows\system32\DRIVERS\vodafone_K380x-z_cdc_acm.sys --> C:\Windows\system32\DRIVERS\vodafone_K380x-z_cdc_acm.sys [?]
S3 vodafone_K380x-z_cdc_ecm;vodafone_K380x-z_cdc_ecm;C:\Windows\system32\DRIVERS\vodafone_K380x-z_cdc_ecm.sys --> C:\Windows\system32\DRIVERS\vodafone_K380x-z_cdc_ecm.sys [?]
S3 vodafone_K380x-z_cpo;Vodafone K380x-z Install;C:\Windows\system32\DRIVERS\vodafone_K380x-z_cpo.sys --> C:\Windows\system32\DRIVERS\vodafone_K380x-z_cpo.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-04-14 01:24:18 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 23:16:10 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E4CF10D-A70D-42EA-8579-EEF4492076B4}\mpengine.dll
2012-04-11 15:00:31 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 15:00:31 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 15:00:31 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 15:00:30 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 15:00:30 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 15:00:30 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 15:00:30 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 22:39:50 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-31 22:18:37 -------- d-----w- C:\Users\JayP\AppData\Local\SCE
2012-03-31 22:18:29 -------- d--h--w- C:\Windows\msdownld.tmp
2012-03-31 22:18:26 -------- d-----w- C:\Windows\SysWow64\directx
2012-03-30 23:48:34 -------- d-----w- C:\Users\JayP\AppData\Local\Google
2012-03-30 23:47:30 -------- d-----w- C:\Users\JayP\AppData\Local\Apps
2012-03-30 23:47:29 -------- d-----w- C:\Users\JayP\AppData\Local\Deployment
2012-03-29 10:13:34 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-03-29 08:42:46 -------- d-----w- C:\ProgramData\Blizzard
2012-03-29 08:03:04 -------- d-----w- C:\ProgramData\PopCapY
2012-03-29 08:02:53 -------- d-----w- C:\ProgramData\PopCap Games
2012-03-29 08:02:53 -------- d-----w- C:\Program Files (x86)\PopCap Games
2012-03-28 10:04:40 -------- d-----w- C:\ProgramData\PMB Files
2012-03-28 10:04:22 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-03-27 08:44:09 -------- d-----w- C:\Users\JayP\AppData\Local\Microsoft Games
2012-03-24 01:24:59 -------- d-----w- C:\Users\JayP\AppData\Local\{040C7D81-A46F-4EE8-95B3-E454766B852C}
2012-03-24 01:24:38 -------- d-----w- C:\Users\JayP\AppData\Local\{09024B2B-2E04-4545-96FB-4B01337826B4}
2012-03-23 23:30:51 -------- d-----w- C:\Users\JayP\AppData\Local\{C4ABD33C-5381-4206-AD4E-62B43E889324}
2012-03-23 23:30:25 -------- d-----w- C:\Users\JayP\AppData\Local\{5A40CF81-7A50-4DEF-9603-3CE21FE29874}
2012-03-23 03:08:04 -------- d-----w- C:\Users\JayP\AppData\Local\{11BE1F44-B123-4684-B635-1DFC4E54B647}
2012-03-23 03:07:26 -------- d-----w- C:\Users\JayP\AppData\Local\{65DFA987-749B-4DE4-B135-33C1656A1934}
2012-03-22 04:13:08 -------- d-----w- C:\Users\JayP\AppData\Local\{E14F27EA-3092-48C7-BC8A-F119AF82E03A}
2012-03-22 04:12:58 -------- d-----w- C:\Users\JayP\AppData\Local\{E5AA114F-3355-4069-A3BD-B57457726B04}
2012-03-21 11:21:03 -------- d-----w- C:\Users\JayP\AppData\Roaming\Malwarebytes
2012-03-21 11:20:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-21 01:30:00 -------- d-----w- C:\Users\JayP\AppData\Local\{1E9C535C-5AB1-4CEA-88D9-0199D5BD020B}
2012-03-21 01:29:18 -------- d-----w- C:\Users\JayP\AppData\Local\{9DC9D018-9944-4095-ADD4-FA0F01FFF2D5}
2012-03-20 09:48:07 -------- d-----w- C:\Users\JayP\AppData\Local\{C9389613-9362-4CE9-B4C8-AA532EA55CA2}
2012-03-20 09:47:45 -------- d-----w- C:\Users\JayP\AppData\Local\{BCBC2423-7A13-46C2-95D2-72224821543F}
2012-03-20 09:47:45 -------- d-----w- C:\Users\JayP\AppData\Local\{1F63275A-C2E7-42B5-A345-F39D2F7F45CD}
2012-03-20 09:47:31 -------- d-----w- C:\Users\JayP\Tracing
.
==================== Find3M ====================
.
2012-04-14 01:24:52 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-03 05:31:47 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-22 20:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-06 23:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-03 01:57:15 0 ----a-w- C:\Windows\ativpsrm.bin
2012-02-03 01:38:40 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-02-03 01:38:40 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-02-03 01:38:40 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-02-03 01:38:40 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-02-03 01:38:18 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-02-03 01:38:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-02-03 01:38:18 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-02-03 01:38:18 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 11:11:06.98 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/03/2012 2:37:12 a.m.
System Uptime: 17/04/2012 10:53:11 a.m. (1 hours ago)
.
Motherboard: Hewlett-Packard | | 17FD
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU1 | 775/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 441 GiB total, 302.949 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.264 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP51: 3/04/2012 5:33:00 p.m. - Windows Modules Installer
RP52: 3/04/2012 5:46:13 p.m. - Windows Modules Installer
RP53: 3/04/2012 10:04:00 p.m. - Windows Modules Installer
RP54: 8/04/2012 3:53:31 p.m. - Windows Update
RP55: 8/04/2012 3:29:45 p.m. - Windows Modules Installer
RP56: 8/04/2012 4:00:56 p.m. - Windows Modules Installer
RP57: 8/04/2012 4:07:00 p.m. - Windows Modules Installer
RP58: 11/04/2012 5:36:17 p.m. - Windows Modules Installer
RP59: 12/04/2012 12:22:56 a.m. - Windows Update
RP60: 12/04/2012 3:00:13 a.m. - Windows Update
RP61: 12/04/2012 11:27:47 a.m. - Windows Modules Installer
RP62: 12/04/2012 12:24:52 p.m. - Windows Modules Installer
RP63: 14/04/2012 11:44:04 a.m. - Removed TheSims3EP5
RP64: 14/04/2012 11:45:55 a.m. - Removed The Sims 3 High-End Loft Stuff
RP65: 14/04/2012 11:46:54 a.m. - Removed The Sims 3 Ambitions
RP66: 14/04/2012 11:47:49 a.m. - Removed The Sims 3 Late Night
RP67: 14/04/2012 11:48:45 a.m. - Removed The Sims 3 Town Life Stuff
RP68: 14/04/2012 11:49:33 a.m. - Removed TheSims3EP4
RP69: 14/04/2012 11:50:36 a.m. - Removed The Sims 3 World Adventures
RP70: 14/04/2012 11:51:37 a.m. - Removed The Sims 3
RP71: 14/04/2012 11:52:26 a.m. - ##IDS_ERROR_1717##
RP72: 15/04/2012 1:04:15 a.m. - Windows Modules Installer
RP73: 15/04/2012 2:24:20 p.m. - Windows Modules Installer
RP74: 15/04/2012 2:34:33 p.m. - Windows Modules Installer
RP75: 15/04/2012 7:18:16 p.m. - Windows Modules Installer
RP76: 15/04/2012 7:31:54 p.m. - Windows Modules Installer
RP77: 15/04/2012 10:03:46 p.m. - HPSF Applying updates
RP78: 16/04/2012 3:36:46 a.m. - Windows Modules Installer
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blio
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cradle of Rome 2
CyberLink YouCam
D3DX10
DC Universe Online Live
Diablo II
Dora's World Adventure
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Facebook Video Calling 1.2.0.159
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
Hewlett-Packard ACLM.NET v1.1.2.0
Hoyle Card Games
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Setup
HP Setup Manager
HP SimplePass PE 2012
HP Software Framework
HP Support Assistant
IDT Audio
Intel® Control Center
Intel® Display Audio Driver
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 31
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Kaspersky Internet Security 2012
Letters from Nowhere 2
Luxor HD
Mah Jong Medley
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
opensource
Pando Media Booster
Penguins!
Plants vs. Zombies
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PX Profile Update
QuickTime
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype™ 5.5
Star Wars: The Old Republic
swMSM
The Treasures of Mystery Island: The Ghost Ship
Torchlight
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VIP Access SDK (1.0.1.2)
Virtual Villagers 4 - The Tree of Life
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
Zuma's Revenge
.
==== End Of File ===========================

Edited by jonnyp85, 16 April 2012 - 06:18 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 16 April 2012 - 06:32 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jonnyp85

jonnyp85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 April 2012 - 09:21 PM

im not sure if it found any malware or anything

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 14:18:09
-----------------------------
14:18:09.032 OS Version: Windows x64 6.1.7601 Service Pack 1
14:18:09.032 Number of processors: 4 586 0x2A07
14:18:09.032 ComputerName: JAYP-HP UserName: JayP
14:18:35.989 Initialize success
14:18:48.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:18:48.342 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
14:18:48.342 Disk 0 MBR read successfully
14:18:48.357 Disk 0 MBR scan
14:18:48.357 Disk 0 Windows 7 default MBR code
14:18:48.373 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:18:48.388 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 451190 MB offset 409600
14:18:48.435 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21486 MB offset 924446720
14:18:48.451 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 968450048
14:18:48.529 Disk 0 scanning C:\Windows\system32\drivers
14:18:56.937 Service scanning
14:19:06.328 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
14:19:06.375 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
14:19:07.015 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
14:19:07.639 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
14:19:17.794 Modules scanning
14:19:17.794 Disk 0 trace - called modules:
14:19:17.872 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
14:19:17.888 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007330790]
14:19:17.904 3 CLASSPNP.SYS[fffff88001db443f] -> nt!IofCallDriver -> [0xfffffa800a505b10]
14:19:17.919 5 hpdskflt.sys[fffff880025da189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007e8e050]
14:19:17.919 Scan finished successfully
14:19:30.368 Disk 0 MBR has been saved successfully to "C:\Users\JayP\Downloads\MBR.dat"
14:19:30.368 The log file has been saved successfully to "C:\Users\JayP\Downloads\aswMBR.txt"


14:15:41.0501 6052 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
14:15:42.0437 6052 ============================================================
14:15:42.0437 6052 Current date / time: 2012/04/17 14:15:42.0437
14:15:42.0437 6052 SystemInfo:
14:15:42.0437 6052
14:15:42.0437 6052 OS Version: 6.1.7601 ServicePack: 1.0
14:15:42.0437 6052 Product type: Workstation
14:15:42.0437 6052 ComputerName: JAYP-HP
14:15:42.0437 6052 UserName: JayP
14:15:42.0437 6052 Windows directory: C:\Windows
14:15:42.0437 6052 System windows directory: C:\Windows
14:15:42.0437 6052 Running under WOW64
14:15:42.0437 6052 Processor architecture: Intel x64
14:15:42.0437 6052 Number of processors: 4
14:15:42.0437 6052 Page size: 0x1000
14:15:42.0437 6052 Boot type: Normal boot
14:15:42.0437 6052 ============================================================
14:15:43.0154 6052 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:15:43.0170 6052 \Device\Harddisk0\DR0:
14:15:43.0170 6052 MBR used
14:15:43.0170 6052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:15:43.0170 6052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3713B000
14:15:43.0170 6052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3719F000, BlocksNum 0x29F7000
14:15:43.0170 6052 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF800
14:15:43.0326 6052 Initialize success
14:15:43.0326 6052 ============================================================
14:15:46.0118 4800 ============================================================
14:15:46.0118 4800 Scan started
14:15:46.0118 4800 Mode: Manual;
14:15:46.0118 4800 ============================================================
14:15:48.0739 4800 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:15:48.0739 4800 1394ohci - ok
14:15:49.0035 4800 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:15:49.0035 4800 Accelerometer - ok
14:15:49.0207 4800 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:15:49.0316 4800 ACPI - ok
14:15:49.0457 4800 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:15:49.0457 4800 AcpiPmi - ok
14:15:49.0597 4800 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:15:49.0597 4800 AdobeARMservice - ok
14:15:49.0784 4800 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:15:49.0784 4800 AdobeFlashPlayerUpdateSvc - ok
14:15:49.0956 4800 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:15:49.0971 4800 adp94xx - ok
14:15:50.0112 4800 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:15:50.0143 4800 adpahci - ok
14:15:50.0268 4800 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:15:50.0268 4800 adpu320 - ok
14:15:50.0346 4800 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:15:50.0346 4800 AeLookupSvc - ok
14:15:50.0424 4800 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
14:15:50.0424 4800 AESTFilters - ok
14:15:50.0611 4800 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:15:50.0642 4800 AFD - ok
14:15:50.0892 4800 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:15:50.0892 4800 agp440 - ok
14:15:51.0017 4800 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:15:51.0017 4800 ALG - ok
14:15:51.0126 4800 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:15:51.0141 4800 aliide - ok
14:15:51.0235 4800 AMD External Events Utility (c53d784d7303c463d004c0d5782917b4) C:\Windows\system32\atiesrxx.exe
14:15:51.0251 4800 AMD External Events Utility - ok
14:15:51.0313 4800 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:15:51.0329 4800 amdide - ok
14:15:51.0360 4800 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:15:51.0375 4800 AmdK8 - ok
14:15:51.0641 4800 amdkmdag (06778049a44c316e8d016039b9d14667) C:\Windows\system32\DRIVERS\atikmdag.sys
14:15:51.0906 4800 amdkmdag - ok
14:15:52.0031 4800 amdkmdap (94b4028f0eea1f166d78186a254676b5) C:\Windows\system32\DRIVERS\atikmpag.sys
14:15:52.0031 4800 amdkmdap - ok
14:15:52.0062 4800 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:15:52.0077 4800 AmdPPM - ok
14:15:52.0124 4800 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:15:52.0140 4800 amdsata - ok
14:15:52.0202 4800 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:15:52.0218 4800 amdsbs - ok
14:15:52.0327 4800 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:15:52.0327 4800 amdxata - ok
14:15:52.0467 4800 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:15:52.0483 4800 AppID - ok
14:15:52.0514 4800 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:15:52.0514 4800 AppIDSvc - ok
14:15:52.0577 4800 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:15:52.0577 4800 Appinfo - ok
14:15:52.0701 4800 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:15:52.0701 4800 Apple Mobile Device - ok
14:15:52.0826 4800 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:15:52.0842 4800 arc - ok
14:15:52.0967 4800 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:15:52.0967 4800 arcsas - ok
14:15:53.0107 4800 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:15:53.0123 4800 aspnet_state - ok
14:15:53.0216 4800 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:15:53.0216 4800 AsyncMac - ok
14:15:53.0325 4800 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:15:53.0325 4800 atapi - ok
14:15:53.0606 4800 AthBTPort (185f180536188c1a4ed605234721a5b9) C:\Windows\system32\DRIVERS\btath_flt.sys
14:15:53.0606 4800 AthBTPort - ok
14:15:53.0684 4800 AtherosSvc (5c71082a459dadb28866c982c79bb11a) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
14:15:53.0684 4800 AtherosSvc - ok
14:15:53.0903 4800 athr (25463e0604f0608d926474e667bd7b76) C:\Windows\system32\DRIVERS\athrx.sys
14:15:54.0012 4800 athr - ok
14:15:54.0137 4800 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:15:54.0168 4800 AudioEndpointBuilder - ok
14:15:54.0183 4800 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:15:54.0199 4800 AudioSrv - ok
14:15:54.0293 4800 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
14:15:54.0308 4800 AVP - ok
14:15:54.0417 4800 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:15:54.0417 4800 AxInstSV - ok
14:15:54.0527 4800 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:15:54.0542 4800 b06bdrv - ok
14:15:54.0636 4800 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:15:54.0651 4800 b57nd60a - ok
14:15:54.0745 4800 BBSvc (28a4012e68bc9597bcb9b26b51aac4b6) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:15:54.0761 4800 BBSvc - ok
14:15:54.0792 4800 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:15:54.0792 4800 BBUpdate - ok
14:15:54.0932 4800 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:15:54.0963 4800 BCM43XX - ok
14:15:55.0010 4800 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:15:55.0026 4800 BDESVC - ok
14:15:55.0104 4800 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:15:55.0104 4800 Beep - ok
14:15:55.0229 4800 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:15:55.0244 4800 BFE - ok
14:15:55.0291 4800 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:15:55.0322 4800 BITS - ok
14:15:55.0431 4800 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:15:55.0447 4800 blbdrive - ok
14:15:55.0525 4800 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:15:55.0525 4800 Bonjour Service - ok
14:15:55.0650 4800 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:15:55.0650 4800 bowser - ok
14:15:55.0712 4800 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:15:55.0712 4800 BrFiltLo - ok
14:15:55.0759 4800 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:15:55.0759 4800 BrFiltUp - ok
14:15:55.0821 4800 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:15:55.0837 4800 Browser - ok
14:15:55.0915 4800 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:15:55.0915 4800 Brserid - ok
14:15:56.0024 4800 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:15:56.0040 4800 BrSerWdm - ok
14:15:56.0133 4800 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:15:56.0133 4800 BrUsbMdm - ok
14:15:56.0196 4800 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:15:56.0196 4800 BrUsbSer - ok
14:15:56.0321 4800 BTATH_A2DP (58c4425368625d275bfc412b59363ce9) C:\Windows\system32\drivers\btath_a2dp.sys
14:15:56.0321 4800 BTATH_A2DP - ok
14:15:56.0352 4800 btath_avdt (31d4ac3be7bd37328d49885c380ec506) C:\Windows\system32\drivers\btath_avdt.sys
14:15:56.0352 4800 btath_avdt - ok
14:15:56.0477 4800 BTATH_BUS (e6b734a37ade36fe1a77035f4e484c8c) C:\Windows\system32\DRIVERS\btath_bus.sys
14:15:56.0477 4800 BTATH_BUS - ok
14:15:56.0523 4800 BTATH_HCRP (fb3833e63ff602b69c2ff085846dcf43) C:\Windows\system32\DRIVERS\btath_hcrp.sys
14:15:56.0523 4800 BTATH_HCRP - ok
14:15:56.0633 4800 BTATH_LWFLT (371a11c1333ba526263a987a93acde3d) C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:15:56.0633 4800 BTATH_LWFLT - ok
14:15:56.0695 4800 BTATH_RCP (abcd3c16ca850a7594ceb9ad5d966810) C:\Windows\system32\DRIVERS\btath_rcp.sys
14:15:56.0711 4800 BTATH_RCP - ok
14:15:56.0882 4800 BtFilter (651a839118adb99dd0225a1b784c81ee) C:\Windows\system32\DRIVERS\btfilter.sys
14:15:56.0882 4800 BtFilter - ok
14:15:57.0007 4800 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
14:15:57.0007 4800 BthEnum - ok
14:15:57.0069 4800 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:15:57.0069 4800 BTHMODEM - ok
14:15:57.0194 4800 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:15:57.0194 4800 BthPan - ok
14:15:57.0272 4800 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
14:15:57.0288 4800 BTHPORT - ok
14:15:57.0381 4800 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:15:57.0397 4800 bthserv - ok
14:15:57.0475 4800 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
14:15:57.0475 4800 BTHUSB - ok
14:15:57.0506 4800 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:15:57.0506 4800 cdfs - ok
14:15:57.0584 4800 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:15:57.0584 4800 cdrom - ok
14:15:57.0678 4800 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:15:57.0693 4800 CertPropSvc - ok
14:15:57.0771 4800 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:15:57.0771 4800 circlass - ok
14:15:57.0865 4800 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:15:57.0881 4800 CLFS - ok
14:15:57.0943 4800 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:15:58.0037 4800 clr_optimization_v2.0.50727_32 - ok
14:15:58.0083 4800 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:15:58.0099 4800 clr_optimization_v2.0.50727_64 - ok
14:15:58.0208 4800 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:15:58.0224 4800 clr_optimization_v4.0.30319_32 - ok
14:15:58.0317 4800 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:15:58.0317 4800 clr_optimization_v4.0.30319_64 - ok
14:15:58.0458 4800 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
14:15:58.0458 4800 clwvd - ok
14:15:58.0520 4800 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:15:58.0520 4800 CmBatt - ok
14:15:58.0598 4800 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:15:58.0598 4800 cmdide - ok
14:15:58.0723 4800 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:15:58.0739 4800 CNG - ok
14:15:58.0863 4800 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:15:58.0863 4800 Compbatt - ok
14:15:58.0910 4800 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:15:58.0910 4800 CompositeBus - ok
14:15:59.0004 4800 COMSysApp - ok
14:15:59.0066 4800 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:15:59.0066 4800 crcdisk - ok
14:15:59.0160 4800 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:15:59.0175 4800 CryptSvc - ok
14:15:59.0269 4800 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
14:15:59.0269 4800 dc3d - ok
14:15:59.0394 4800 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:15:59.0425 4800 DcomLaunch - ok
14:15:59.0487 4800 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:15:59.0487 4800 defragsvc - ok
14:15:59.0581 4800 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:15:59.0597 4800 DfsC - ok
14:15:59.0675 4800 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:15:59.0675 4800 Dhcp - ok
14:15:59.0768 4800 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:15:59.0768 4800 discache - ok
14:15:59.0893 4800 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:15:59.0893 4800 Disk - ok
14:15:59.0955 4800 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:15:59.0971 4800 Dnscache - ok
14:16:00.0033 4800 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:16:00.0033 4800 dot3svc - ok
14:16:00.0065 4800 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:16:00.0080 4800 DPS - ok
14:16:00.0158 4800 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:16:00.0158 4800 drmkaud - ok
14:16:00.0236 4800 DXGKrnl (a4f408ad1065c7ad2ed332c68025b435) C:\Windows\System32\drivers\dxgkrnl.sys
14:16:00.0252 4800 DXGKrnl - ok
14:16:00.0330 4800 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:16:00.0330 4800 EapHost - ok
14:16:00.0486 4800 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:16:00.0579 4800 ebdrv - ok
14:16:00.0704 4800 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:16:00.0735 4800 eeCtrl - ok
14:16:00.0813 4800 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:16:00.0829 4800 EFS - ok
14:16:00.0923 4800 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:16:00.0954 4800 ehRecvr - ok
14:16:00.0985 4800 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:16:01.0001 4800 ehSched - ok
14:16:01.0094 4800 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:16:01.0110 4800 elxstor - ok
14:16:01.0235 4800 EraserUtilDrv11122 (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
14:16:01.0235 4800 EraserUtilDrv11122 - ok
14:16:01.0344 4800 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:16:01.0344 4800 ErrDev - ok
14:16:01.0453 4800 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:16:01.0469 4800 EventSystem - ok
14:16:01.0562 4800 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:16:01.0562 4800 exfat - ok
14:16:01.0593 4800 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:16:01.0609 4800 fastfat - ok
14:16:01.0687 4800 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:16:01.0703 4800 Fax - ok
14:16:01.0781 4800 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:16:01.0796 4800 fdc - ok
14:16:01.0905 4800 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:16:01.0905 4800 fdPHost - ok
14:16:01.0921 4800 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:16:01.0921 4800 FDResPub - ok
14:16:01.0968 4800 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:16:01.0983 4800 FileInfo - ok
14:16:01.0999 4800 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:16:01.0999 4800 Filetrace - ok
14:16:02.0046 4800 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:16:02.0061 4800 flpydisk - ok
14:16:02.0108 4800 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:16:02.0124 4800 FltMgr - ok
14:16:02.0233 4800 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:16:02.0264 4800 FontCache - ok
14:16:02.0358 4800 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:16:02.0358 4800 FontCache3.0.0.0 - ok
14:16:02.0451 4800 FPLService (f80bdc0d9e7b9595e74b434446ad3781) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
14:16:02.0451 4800 FPLService - ok
14:16:02.0545 4800 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:16:02.0545 4800 FsDepends - ok
14:16:02.0592 4800 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:16:02.0607 4800 Fs_Rec - ok
14:16:02.0670 4800 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:16:02.0670 4800 fvevol - ok
14:16:02.0748 4800 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:16:02.0748 4800 gagp30kx - ok
14:16:02.0857 4800 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:16:02.0919 4800 GamesAppService - ok
14:16:03.0044 4800 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:16:03.0044 4800 GEARAspiWDM - ok
14:16:03.0091 4800 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:16:03.0122 4800 gpsvc - ok
14:16:03.0185 4800 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:16:03.0200 4800 hcw85cir - ok
14:16:03.0278 4800 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:16:03.0278 4800 HdAudAddService - ok
14:16:03.0372 4800 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:16:03.0372 4800 HDAudBus - ok
14:16:03.0419 4800 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:16:03.0419 4800 HidBatt - ok
14:16:03.0481 4800 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:16:03.0481 4800 HidBth - ok
14:16:03.0575 4800 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:16:03.0575 4800 HidIr - ok
14:16:03.0621 4800 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:16:03.0621 4800 hidserv - ok
14:16:03.0762 4800 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:16:03.0762 4800 HidUsb - ok
14:16:03.0793 4800 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:16:03.0809 4800 hkmsvc - ok
14:16:03.0855 4800 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:16:03.0855 4800 HomeGroupListener - ok
14:16:03.0902 4800 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:16:03.0918 4800 HomeGroupProvider - ok
14:16:04.0011 4800 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:16:04.0011 4800 HP Support Assistant Service - ok
14:16:04.0074 4800 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
14:16:04.0074 4800 HPAuto - ok
14:16:04.0105 4800 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:16:04.0121 4800 HPClientSvc - ok
14:16:04.0245 4800 HPDrvMntSvc.exe (e6ab9e7ff923928e9f549fddfcedb28a) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:16:04.0245 4800 HPDrvMntSvc.exe - ok
14:16:04.0370 4800 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:16:04.0370 4800 hpdskflt - ok
14:16:04.0511 4800 hpqwmiex (dbdc0581d4506c13e6bef48d14b1c55b) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:16:04.0526 4800 hpqwmiex - ok
14:16:04.0635 4800 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:16:04.0651 4800 HpSAMD - ok
14:16:04.0682 4800 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
14:16:04.0682 4800 hpsrv - ok
14:16:04.0760 4800 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:16:04.0760 4800 HPWMISVC - ok
14:16:04.0885 4800 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:16:04.0916 4800 HTTP - ok
14:16:04.0963 4800 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:16:04.0963 4800 hwpolicy - ok
14:16:05.0072 4800 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:16:05.0072 4800 i8042prt - ok
14:16:05.0119 4800 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
14:16:05.0135 4800 iaStor - ok
14:16:05.0213 4800 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:16:05.0213 4800 IAStorDataMgrSvc - ok
14:16:05.0337 4800 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:16:05.0353 4800 iaStorV - ok
14:16:05.0525 4800 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
14:16:05.0556 4800 IconMan_R - ok
14:16:05.0665 4800 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:16:05.0696 4800 idsvc - ok
14:16:05.0821 4800 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:16:05.0837 4800 iirsp - ok
14:16:05.0899 4800 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:16:05.0930 4800 IKEEXT - ok
14:16:06.0071 4800 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:16:06.0086 4800 IntcDAud - ok
14:16:06.0117 4800 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:16:06.0117 4800 intelide - ok
14:16:06.0445 4800 intelkmd (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
14:16:06.0695 4800 intelkmd - ok
14:16:06.0788 4800 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:16:06.0788 4800 intelppm - ok
14:16:06.0851 4800 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:16:06.0851 4800 IPBusEnum - ok
14:16:06.0944 4800 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:16:06.0960 4800 IpFilterDriver - ok
14:16:07.0069 4800 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:16:07.0100 4800 iphlpsvc - ok
14:16:07.0163 4800 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:16:07.0163 4800 IPMIDRV - ok
14:16:07.0225 4800 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:16:07.0225 4800 IPNAT - ok
14:16:07.0334 4800 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
14:16:07.0350 4800 iPod Service - ok
14:16:07.0475 4800 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:16:07.0475 4800 IRENUM - ok
14:16:07.0584 4800 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:16:07.0599 4800 isapnp - ok
14:16:07.0631 4800 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:16:07.0631 4800 iScsiPrt - ok
14:16:07.0771 4800 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
14:16:07.0771 4800 jhi_service - ok
14:16:07.0896 4800 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:16:07.0896 4800 kbdclass - ok
14:16:08.0021 4800 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:16:08.0021 4800 kbdhid - ok
14:16:08.0067 4800 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:08.0067 4800 KeyIso - ok
14:16:08.0161 4800 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
14:16:08.0177 4800 KL1 - ok
14:16:08.0333 4800 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
14:16:08.0333 4800 kl2 - ok
14:16:08.0442 4800 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
14:16:08.0457 4800 KLIF - ok
14:16:08.0567 4800 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
14:16:08.0582 4800 KLIM6 - ok
14:16:08.0738 4800 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
14:16:08.0754 4800 klmouflt - ok
14:16:08.0785 4800 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:16:08.0785 4800 KSecDD - ok
14:16:08.0879 4800 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:16:08.0894 4800 KSecPkg - ok
14:16:08.0988 4800 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:16:08.0988 4800 ksthunk - ok
14:16:09.0035 4800 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:16:09.0050 4800 KtmRm - ok
14:16:09.0113 4800 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:16:09.0128 4800 LanmanServer - ok
14:16:09.0159 4800 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:16:09.0159 4800 LanmanWorkstation - ok
14:16:09.0237 4800 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:16:09.0237 4800 lltdio - ok
14:16:09.0300 4800 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:16:09.0315 4800 lltdsvc - ok
14:16:09.0362 4800 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:16:09.0362 4800 lmhosts - ok
14:16:09.0456 4800 LMS (519d66259df1672aabce9d2e0acc5552) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:16:09.0471 4800 LMS - ok
14:16:09.0581 4800 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:16:09.0581 4800 LSI_FC - ok
14:16:09.0612 4800 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:16:09.0627 4800 LSI_SAS - ok
14:16:09.0643 4800 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:16:09.0659 4800 LSI_SAS2 - ok
14:16:09.0674 4800 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:16:09.0674 4800 LSI_SCSI - ok
14:16:09.0752 4800 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:16:09.0752 4800 luafv - ok
14:16:09.0815 4800 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:16:09.0830 4800 Mcx2Svc - ok
14:16:09.0893 4800 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:16:09.0893 4800 megasas - ok
14:16:09.0986 4800 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:16:10.0002 4800 MegaSR - ok
14:16:10.0111 4800 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:16:10.0111 4800 MEIx64 - ok
14:16:10.0142 4800 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:16:10.0142 4800 MMCSS - ok
14:16:10.0189 4800 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:16:10.0189 4800 Modem - ok
14:16:10.0236 4800 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:16:10.0236 4800 monitor - ok
14:16:10.0314 4800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:16:10.0314 4800 mouclass - ok
14:16:10.0376 4800 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:16:10.0376 4800 mouhid - ok
14:16:10.0454 4800 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:16:10.0454 4800 mountmgr - ok
14:16:10.0517 4800 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:16:10.0517 4800 mpio - ok
14:16:10.0563 4800 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:16:10.0563 4800 mpsdrv - ok
14:16:10.0657 4800 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:16:10.0688 4800 MpsSvc - ok
14:16:10.0751 4800 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:16:10.0766 4800 MRxDAV - ok
14:16:10.0844 4800 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:16:10.0844 4800 mrxsmb - ok
14:16:10.0922 4800 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:16:10.0938 4800 mrxsmb10 - ok
14:16:10.0953 4800 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:16:10.0953 4800 mrxsmb20 - ok
14:16:10.0985 4800 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:16:10.0985 4800 msahci - ok
14:16:11.0031 4800 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:16:11.0031 4800 msdsm - ok
14:16:11.0141 4800 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:16:11.0141 4800 MSDTC - ok
14:16:11.0234 4800 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:16:11.0234 4800 Msfs - ok
14:16:11.0343 4800 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:16:11.0343 4800 mshidkmdf - ok
14:16:11.0375 4800 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:16:11.0375 4800 msisadrv - ok
14:16:11.0484 4800 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:16:11.0484 4800 MSiSCSI - ok
14:16:11.0499 4800 msiserver - ok
14:16:11.0577 4800 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:16:11.0593 4800 MSKSSRV - ok
14:16:11.0640 4800 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:16:11.0640 4800 MSPCLOCK - ok
14:16:11.0733 4800 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:16:11.0733 4800 MSPQM - ok
14:16:11.0780 4800 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:16:11.0796 4800 MsRPC - ok
14:16:11.0843 4800 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:16:11.0843 4800 mssmbios - ok
14:16:11.0889 4800 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:16:11.0889 4800 MSTEE - ok
14:16:11.0936 4800 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:16:11.0936 4800 MTConfig - ok
14:16:11.0983 4800 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:16:11.0983 4800 Mup - ok
14:16:12.0077 4800 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:16:12.0092 4800 napagent - ok
14:16:12.0186 4800 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:16:12.0201 4800 NativeWifiP - ok
14:16:12.0311 4800 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
14:16:12.0342 4800 NDIS - ok
14:16:12.0451 4800 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:16:12.0451 4800 NdisCap - ok
14:16:12.0498 4800 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:16:12.0498 4800 NdisTapi - ok
14:16:12.0607 4800 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:16:12.0607 4800 Ndisuio - ok
14:16:12.0654 4800 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:16:12.0654 4800 NdisWan - ok
14:16:12.0747 4800 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:16:12.0747 4800 NDProxy - ok
14:16:12.0841 4800 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:16:12.0841 4800 NetBIOS - ok
14:16:12.0903 4800 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:16:12.0919 4800 NetBT - ok
14:16:13.0075 4800 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:13.0075 4800 Netlogon - ok
14:16:13.0137 4800 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:16:13.0169 4800 Netman - ok
14:16:13.0293 4800 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:16:13.0293 4800 NetMsmqActivator - ok
14:16:13.0309 4800 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:16:13.0309 4800 NetPipeActivator - ok
14:16:13.0387 4800 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:16:13.0418 4800 netprofm - ok
14:16:13.0527 4800 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:16:13.0543 4800 NetTcpActivator - ok
14:16:13.0543 4800 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:16:13.0543 4800 NetTcpPortSharing - ok
14:16:13.0683 4800 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:16:13.0683 4800 nfrd960 - ok
14:16:13.0777 4800 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:16:13.0808 4800 NlaSvc - ok
14:16:13.0871 4800 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:16:13.0871 4800 Npfs - ok
14:16:13.0917 4800 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:16:13.0917 4800 nsi - ok
14:16:13.0964 4800 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:16:13.0980 4800 nsiproxy - ok
14:16:14.0089 4800 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:16:14.0167 4800 Ntfs - ok
14:16:14.0198 4800 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:16:14.0198 4800 Null - ok
14:16:14.0307 4800 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:16:14.0339 4800 NVENETFD - ok
14:16:14.0432 4800 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:16:14.0432 4800 nvraid - ok
14:16:14.0463 4800 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:16:14.0463 4800 nvstor - ok
14:16:14.0573 4800 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:16:14.0573 4800 nv_agp - ok
14:16:14.0713 4800 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:16:14.0729 4800 odserv - ok
14:16:14.0853 4800 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:16:14.0853 4800 ohci1394 - ok
14:16:14.0978 4800 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:16:14.0978 4800 ose - ok
14:16:15.0087 4800 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:16:15.0087 4800 p2pimsvc - ok
14:16:15.0197 4800 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:16:15.0228 4800 p2psvc - ok
14:16:15.0290 4800 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:16:15.0290 4800 Parport - ok
14:16:15.0321 4800 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:16:15.0337 4800 partmgr - ok
14:16:15.0384 4800 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:16:15.0384 4800 PcaSvc - ok
14:16:15.0415 4800 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:16:15.0415 4800 pci - ok
14:16:15.0446 4800 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:16:15.0446 4800 pciide - ok
14:16:15.0477 4800 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:16:15.0477 4800 pcmcia - ok
14:16:15.0509 4800 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:16:15.0509 4800 pcw - ok
14:16:15.0555 4800 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:16:15.0587 4800 PEAUTH - ok
14:16:15.0696 4800 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:16:15.0696 4800 PerfHost - ok
14:16:15.0805 4800 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:16:15.0867 4800 pla - ok
14:16:15.0945 4800 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:16:15.0961 4800 PlugPlay - ok
14:16:16.0023 4800 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:16:16.0023 4800 PNRPAutoReg - ok
14:16:16.0055 4800 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:16:16.0070 4800 PNRPsvc - ok
14:16:16.0148 4800 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:16:16.0179 4800 PolicyAgent - ok
14:16:16.0273 4800 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:16:16.0289 4800 Power - ok
14:16:16.0398 4800 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:16:16.0398 4800 PptpMiniport - ok
14:16:16.0429 4800 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:16:16.0429 4800 Processor - ok
14:16:16.0476 4800 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:16:16.0491 4800 ProfSvc - ok
14:16:16.0523 4800 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:16.0523 4800 ProtectedStorage - ok
14:16:16.0601 4800 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:16:16.0601 4800 Psched - ok
14:16:16.0741 4800 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:16:16.0803 4800 ql2300 - ok
14:16:16.0913 4800 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:16:16.0913 4800 ql40xx - ok
14:16:16.0959 4800 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:16:16.0975 4800 QWAVE - ok
14:16:17.0022 4800 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:16:17.0037 4800 QWAVEdrv - ok
14:16:17.0069 4800 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:16:17.0069 4800 RasAcd - ok
14:16:17.0162 4800 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:16:17.0162 4800 RasAgileVpn - ok
14:16:17.0240 4800 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:16:17.0240 4800 RasAuto - ok
14:16:17.0334 4800 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:16:17.0349 4800 Rasl2tp - ok
14:16:17.0443 4800 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:16:17.0459 4800 RasMan - ok
14:16:17.0552 4800 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:16:17.0568 4800 RasPppoe - ok
14:16:17.0677 4800 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:16:17.0693 4800 RasSstp - ok
14:16:17.0739 4800 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:16:17.0739 4800 rdbss - ok
14:16:17.0771 4800 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:16:17.0786 4800 rdpbus - ok
14:16:17.0880 4800 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:16:17.0880 4800 RDPCDD - ok
14:16:17.0989 4800 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:16:17.0989 4800 RDPENCDD - ok
14:16:18.0114 4800 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:16:18.0114 4800 RDPREFMP - ok
14:16:18.0161 4800 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:16:18.0176 4800 RDPWD - ok
14:16:18.0285 4800 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:16:18.0301 4800 rdyboost - ok
14:16:18.0332 4800 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:16:18.0332 4800 RemoteAccess - ok
14:16:18.0395 4800 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:16:18.0395 4800 RemoteRegistry - ok
14:16:18.0488 4800 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:16:18.0488 4800 RFCOMM - ok
14:16:18.0582 4800 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:16:18.0582 4800 RpcEptMapper - ok
14:16:18.0629 4800 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:16:18.0629 4800 RpcLocator - ok
14:16:18.0660 4800 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:16:18.0675 4800 RpcSs - ok
14:16:18.0753 4800 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
14:16:18.0753 4800 RSPCIESTOR - ok
14:16:18.0863 4800 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:16:18.0863 4800 rspndr - ok
14:16:18.0956 4800 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:16:18.0972 4800 RTL8167 - ok
14:16:19.0003 4800 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:19.0003 4800 SamSs - ok
14:16:19.0034 4800 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:16:19.0034 4800 sbp2port - ok
14:16:19.0081 4800 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:16:19.0097 4800 SCardSvr - ok
14:16:19.0143 4800 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:16:19.0159 4800 scfilter - ok
14:16:19.0206 4800 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:16:19.0253 4800 Schedule - ok
14:16:19.0299 4800 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:16:19.0299 4800 SCPolicySvc - ok
14:16:19.0409 4800 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
14:16:19.0424 4800 sdbus - ok
14:16:19.0471 4800 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:16:19.0487 4800 SDRSVC - ok
14:16:19.0565 4800 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:16:19.0580 4800 secdrv - ok
14:16:19.0627 4800 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:16:19.0627 4800 seclogon - ok
14:16:19.0689 4800 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:16:19.0705 4800 SENS - ok
14:16:19.0767 4800 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:16:19.0783 4800 SensrSvc - ok
14:16:19.0861 4800 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:16:19.0877 4800 Serenum - ok
14:16:19.0939 4800 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:16:19.0955 4800 Serial - ok
14:16:20.0001 4800 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:16:20.0001 4800 sermouse - ok
14:16:20.0095 4800 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:16:20.0095 4800 SessionEnv - ok
14:16:20.0173 4800 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:16:20.0173 4800 sffdisk - ok
14:16:20.0204 4800 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:16:20.0204 4800 sffp_mmc - ok
14:16:20.0235 4800 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:16:20.0251 4800 sffp_sd - ok
14:16:20.0298 4800 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:16:20.0298 4800 sfloppy - ok
14:16:20.0360 4800 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:16:20.0391 4800 SharedAccess - ok
14:16:20.0469 4800 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:16:20.0485 4800 ShellHWDetection - ok
14:16:20.0610 4800 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:16:20.0610 4800 SiSRaid2 - ok
14:16:20.0657 4800 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:16:20.0657 4800 SiSRaid4 - ok
14:16:20.0750 4800 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:16:20.0750 4800 Smb - ok
14:16:20.0859 4800 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:16:20.0859 4800 SNMPTRAP - ok
14:16:20.0922 4800 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:16:20.0922 4800 spldr - ok
14:16:20.0984 4800 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:16:21.0000 4800 Spooler - ok
14:16:21.0140 4800 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:16:21.0187 4800 sppsvc - ok
14:16:21.0218 4800 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:16:21.0234 4800 sppuinotify - ok
14:16:21.0281 4800 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:16:21.0312 4800 srv - ok
14:16:21.0421 4800 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:16:21.0437 4800 srv2 - ok
14:16:21.0515 4800 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:16:21.0530 4800 SrvHsfHDA - ok
14:16:21.0639 4800 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:16:21.0702 4800 SrvHsfV92 - ok
14:16:21.0795 4800 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:16:21.0827 4800 SrvHsfWinac - ok
14:16:21.0936 4800 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:16:21.0936 4800 srvnet - ok
14:16:22.0029 4800 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:16:22.0045 4800 SSDPSRV - ok
14:16:22.0076 4800 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:16:22.0092 4800 SstpSvc - ok
14:16:22.0154 4800 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe
14:16:22.0154 4800 STacSV - ok
14:16:22.0263 4800 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:16:22.0263 4800 stexstor - ok
14:16:22.0357 4800 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys
14:16:22.0373 4800 STHDA - ok
14:16:22.0482 4800 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:16:22.0513 4800 stisvc - ok
14:16:22.0575 4800 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:16:22.0575 4800 swenum - ok
14:16:22.0622 4800 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:16:22.0653 4800 swprv - ok
14:16:22.0825 4800 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
14:16:22.0841 4800 SynTP - ok
14:16:22.0950 4800 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:16:23.0028 4800 SysMain - ok
14:16:23.0059 4800 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:16:23.0059 4800 TabletInputService - ok
14:16:23.0121 4800 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:16:23.0137 4800 TapiSrv - ok
14:16:23.0168 4800 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:16:23.0184 4800 TBS - ok
14:16:23.0309 4800 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:16:23.0371 4800 Tcpip - ok
14:16:23.0511 4800 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:16:23.0543 4800 TCPIP6 - ok
14:16:23.0605 4800 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:16:23.0605 4800 tcpipreg - ok
14:16:23.0652 4800 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:16:23.0652 4800 TDPIPE - ok
14:16:23.0714 4800 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:16:23.0730 4800 TDTCP - ok
14:16:23.0761 4800 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:16:23.0777 4800 tdx - ok
14:16:23.0839 4800 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:16:23.0839 4800 TermDD - ok
14:16:23.0917 4800 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:16:23.0964 4800 TermService - ok
14:16:23.0995 4800 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:16:24.0011 4800 Themes - ok
14:16:24.0057 4800 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:16:24.0057 4800 THREADORDER - ok
14:16:24.0104 4800 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:16:24.0120 4800 TrkWks - ok
14:16:24.0167 4800 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:16:24.0167 4800 TrustedInstaller - ok
14:16:24.0229 4800 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:16:24.0229 4800 tssecsrv - ok
14:16:24.0307 4800 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:16:24.0307 4800 TsUsbFlt - ok
14:16:24.0385 4800 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:16:24.0385 4800 TsUsbGD - ok
14:16:24.0479 4800 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:16:24.0479 4800 tunnel - ok
14:16:24.0557 4800 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:16:24.0557 4800 uagp35 - ok
14:16:24.0619 4800 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:16:24.0619 4800 udfs - ok
14:16:24.0681 4800 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:16:24.0681 4800 UI0Detect - ok
14:16:24.0775 4800 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:16:24.0775 4800 uliagpkx - ok
14:16:24.0884 4800 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:16:24.0884 4800 umbus - ok
14:16:24.0931 4800 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:16:24.0931 4800 UmPass - ok
14:16:25.0087 4800 UNS (1b71370aec1115f80d9a4a209317c968) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:16:25.0134 4800 UNS - ok
14:16:25.0259 4800 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:16:25.0274 4800 upnphost - ok
14:16:25.0383 4800 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:16:25.0383 4800 USBAAPL64 - ok
14:16:25.0446 4800 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:16:25.0446 4800 usbccgp - ok
14:16:25.0508 4800 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:16:25.0508 4800 usbcir - ok
14:16:25.0571 4800 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:16:25.0571 4800 usbehci - ok
14:16:25.0633 4800 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:16:25.0649 4800 usbhub - ok
14:16:25.0727 4800 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:16:25.0727 4800 usbohci - ok
14:16:25.0789 4800 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:16:25.0789 4800 usbprint - ok
14:16:25.0914 4800 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:16:25.0914 4800 USBSTOR - ok
14:16:25.0945 4800 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:16:25.0945 4800 usbuhci - ok
14:16:26.0007 4800 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:16:26.0007 4800 usbvideo - ok
14:16:26.0101 4800 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:16:26.0101 4800 UxSms - ok
14:16:26.0148 4800 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:26.0148 4800 VaultSvc - ok
14:16:26.0195 4800 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:16:26.0195 4800 vdrvroot - ok
14:16:26.0351 4800 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:16:26.0382 4800 vds - ok
14:16:26.0491 4800 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:16:26.0491 4800 vga - ok
14:16:26.0522 4800 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:16:26.0522 4800 VgaSave - ok
14:16:26.0585 4800 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:16:26.0600 4800 vhdmp - ok
14:16:26.0616 4800 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:16:26.0631 4800 viaide - ok
14:16:26.0678 4800 vodafone_K380x-z_cdc_acm (90fc918f5a0dd1082e06b5b406ec5d47) C:\Windows\system32\DRIVERS\vodafone_K380x-z_cdc_acm.sys
14:16:26.0694 4800 vodafone_K380x-z_cdc_acm - ok
14:16:26.0819 4800 vodafone_K380x-z_cdc_ecm (d9c8ac948021f18544f1434b2025c4ad) C:\Windows\system32\DRIVERS\vodafone_K380x-z_cdc_ecm.sys
14:16:26.0819 4800 vodafone_K380x-z_cdc_ecm - ok
14:16:26.0881 4800 vodafone_K380x-z_cpo (515ccca84c38c681d95917f788361ce6) C:\Windows\system32\DRIVERS\vodafone_K380x-z_cpo.sys
14:16:26.0881 4800 vodafone_K380x-z_cpo - ok
14:16:27.0021 4800 vodafone_K380x-z_dc_enum (63a26ad5494933fe99b1ff3b0660f45a) C:\Windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys
14:16:27.0021 4800 vodafone_K380x-z_dc_enum - ok
14:16:27.0053 4800 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:16:27.0068 4800 volmgr - ok
14:16:27.0146 4800 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:16:27.0162 4800 volmgrx - ok
14:16:27.0193 4800 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
14:16:27.0193 4800 volsnap - ok
14:16:27.0333 4800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:16:27.0333 4800 vsmraid - ok
14:16:27.0427 4800 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:16:27.0489 4800 VSS - ok
14:16:27.0536 4800 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:16:27.0536 4800 vwifibus - ok
14:16:27.0630 4800 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:16:27.0630 4800 vwififlt - ok
14:16:27.0723 4800 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:16:27.0723 4800 vwifimp - ok
14:16:27.0833 4800 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:16:27.0848 4800 W32Time - ok
14:16:27.0926 4800 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:16:27.0926 4800 WacomPen - ok
14:16:28.0020 4800 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:16:28.0020 4800 WANARP - ok
14:16:28.0051 4800 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:16:28.0051 4800 Wanarpv6 - ok
14:16:28.0145 4800 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:16:28.0191 4800 WatAdminSvc - ok
14:16:28.0285 4800 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:16:28.0347 4800 wbengine - ok
14:16:28.0379 4800 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:16:28.0379 4800 WbioSrvc - ok
14:16:28.0410 4800 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:16:28.0425 4800 wcncsvc - ok
14:16:28.0457 4800 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:16:28.0472 4800 WcsPlugInService - ok
14:16:28.0535 4800 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:16:28.0535 4800 Wd - ok
14:16:28.0581 4800 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:16:28.0628 4800 Wdf01000 - ok
14:16:28.0659 4800 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:16:28.0675 4800 WdiServiceHost - ok
14:16:28.0675 4800 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:16:28.0691 4800 WdiSystemHost - ok
14:16:28.0722 4800 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:16:28.0737 4800 WebClient - ok
14:16:28.0753 4800 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:16:28.0769 4800 Wecsvc - ok
14:16:28.0800 4800 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:16:28.0800 4800 wercplsupport - ok
14:16:28.0831 4800 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:16:28.0847 4800 WerSvc - ok
14:16:28.0940 4800 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:16:28.0940 4800 WfpLwf - ok
14:16:29.0018 4800 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:16:29.0018 4800 WIMMount - ok
14:16:29.0049 4800 WinDefend - ok
14:16:29.0065 4800 WinHttpAutoProxySvc - ok
14:16:29.0174 4800 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:16:29.0190 4800 Winmgmt - ok
14:16:29.0299 4800 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:16:29.0377 4800 WinRM - ok
14:16:29.0471 4800 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:16:29.0502 4800 Wlansvc - ok
14:16:29.0549 4800 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:16:29.0549 4800 wlcrasvc - ok
14:16:29.0658 4800 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:16:29.0673 4800 wlidsvc - ok
14:16:29.0783 4800 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:16:29.0783 4800 WmiAcpi - ok
14:16:29.0845 4800 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:16:29.0861 4800 wmiApSrv - ok
14:16:29.0939 4800 WMPNetworkSvc - ok
14:16:30.0032 4800 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:16:30.0032 4800 WPCSvc - ok
14:16:30.0079 4800 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:16:30.0079 4800 WPDBusEnum - ok
14:16:30.0141 4800 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:16:30.0141 4800 ws2ifsl - ok
14:16:30.0173 4800 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:16:30.0188 4800 wscsvc - ok
14:16:30.0204 4800 WSearch - ok
14:16:30.0297 4800 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:16:30.0391 4800 wuauserv - ok
14:16:30.0453 4800 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:16:30.0453 4800 WudfPf - ok
14:16:30.0516 4800 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:16:30.0516 4800 WUDFRd - ok
14:16:30.0609 4800 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:16:30.0609 4800 wudfsvc - ok
14:16:30.0656 4800 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
14:16:30.0672 4800 WwanSvc - ok
14:16:30.0797 4800 ZAtheros Bt&Wlan Coex Agent (28b051b78471fc290c1790623d5908e1) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
14:16:30.0797 4800 ZAtheros Bt&Wlan Coex Agent - ok
14:16:30.0875 4800 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:16:30.0953 4800 \Device\Harddisk0\DR0 - ok
14:16:30.0968 4800 Boot (0x1200) (38147d185650dbfab480c8765d51fc34) \Device\Harddisk0\DR0\Partition0
14:16:30.0968 4800 \Device\Harddisk0\DR0\Partition0 - ok
14:16:30.0984 4800 Boot (0x1200) (5665982f53792c3656dc1970a42c107f) \Device\Harddisk0\DR0\Partition1
14:16:30.0999 4800 \Device\Harddisk0\DR0\Partition1 - ok
14:16:31.0031 4800 Boot (0x1200) (9e21fcb1f41616ea77f87abc382933d3) \Device\Harddisk0\DR0\Partition2
14:16:31.0031 4800 \Device\Harddisk0\DR0\Partition2 - ok
14:16:31.0093 4800 Boot (0x1200) (0cb2b13a51526ab0ab67b4e7b8058087) \Device\Harddisk0\DR0\Partition3
14:16:31.0093 4800 \Device\Harddisk0\DR0\Partition3 - ok
14:16:31.0093 4800 ============================================================
14:16:31.0093 4800 Scan finished
14:16:31.0093 4800 ============================================================
14:16:31.0109 2736 Detected object count: 0
14:16:31.0109 2736 Actual detected object count: 0
14:16:44.0369 6616 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 16 April 2012 - 09:46 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jonnyp85

jonnyp85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 April 2012 - 10:12 PM

IE still opening up when world of warcraft is open

ComboFix 12-04-16.02 - JayP 17/04/2012 14:55:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.8140.6088 [GMT 12:00]
Running from: c:\users\JayP\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-14 01:24 . 2012-04-14 01:24 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 23:16 . 2012-03-19 14:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E4CF10D-A70D-42EA-8579-EEF4492076B4}\mpengine.dll
2012-04-11 15:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 15:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 15:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 15:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 15:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 15:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 15:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 07:18 . 2012-04-11 07:18 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-11 07:18 . 2012-04-11 07:18 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 22:39 . 2012-04-14 01:24 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-02 22:39 . 2012-04-02 22:39 -------- d-----w- c:\windows\system32\Macromed
2012-04-01 23:00 . 2012-04-01 23:40 -------- d-----w- c:\users\Public\Games
2012-03-31 22:18 . 2012-03-31 22:18 -------- d-----w- c:\users\JayP\AppData\Local\SCE
2012-03-31 22:18 . 2012-03-31 22:18 -------- d--h--w- c:\windows\msdownld.tmp
2012-03-31 22:18 . 2012-03-31 22:18 -------- d-----w- c:\users\Public\Sony Online Entertainment
2012-03-30 23:48 . 2012-04-02 23:02 -------- d-----w- c:\users\JayP\AppData\Local\Google
2012-03-30 23:47 . 2012-03-30 23:47 -------- d-----w- c:\users\JayP\AppData\Local\Apps
2012-03-30 23:47 . 2012-04-02 21:56 -------- d-----w- c:\users\JayP\AppData\Local\Deployment
2012-03-29 10:13 . 2012-03-31 01:00 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-03-29 08:42 . 2012-03-29 08:42 -------- d-----w- c:\programdata\Blizzard
2012-03-29 08:03 . 2012-03-31 01:44 -------- d-----w- c:\programdata\PopCapY
2012-03-29 08:02 . 2012-03-31 01:44 -------- d-----w- c:\program files (x86)\PopCap Games
2012-03-29 08:02 . 2012-03-29 08:02 -------- d-----w- c:\programdata\PopCap Games
2012-03-28 10:04 . 2012-03-28 10:04 -------- d-----w- c:\programdata\PMB Files
2012-03-28 10:04 . 2012-03-28 10:04 -------- d-----w- c:\program files (x86)\Pando Networks
2012-03-27 08:44 . 2012-03-27 08:44 -------- d-----w- c:\users\JayP\AppData\Local\Microsoft Games
2012-03-21 11:21 . 2012-03-21 11:21 -------- d-----w- c:\users\JayP\AppData\Roaming\Malwarebytes
2012-03-21 11:20 . 2012-03-24 22:21 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 09:47 . 2012-03-24 01:55 -------- d-----w- c:\users\JayP\Tracing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 01:24 . 2011-11-17 00:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-03 05:31 . 2012-03-03 05:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-03 03:01 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-22 20:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 04:56 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 04:56 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 04:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 04:56 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 04:57 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 04:57 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-06 23:02 . 2012-02-06 23:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 04:57 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-03 01:38 . 2012-02-03 01:38 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-02-03 01:38 . 2012-02-03 01:38 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-02-03 01:38 . 2012-02-03 01:38 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-02-03 01:38 . 2012-02-03 01:38 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-02-03 01:38 . 2012-02-03 01:38 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-03 01:38 . 2012-02-03 01:38 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-02-03 01:38 . 2012-02-03 01:38 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-02-03 01:38 . 2012-02-03 01:38 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-01-25 06:38 . 2012-03-14 04:56 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 04:56 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 04:56 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [2012-03-04 138360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vodafone_K380x-z_cdc_acm;Vodafone K380x-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K380x-z_cdc_acm.sys [x]
R3 vodafone_K380x-z_cdc_ecm;vodafone_K380x-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K380x-z_cdc_ecm.sys [x]
R3 vodafone_K380x-z_cpo;Vodafone K380x-z Install;c:\windows\system32\DRIVERS\vodafone_K380x-z_cpo.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-02 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-10-21 106144]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-14 34872]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-21 158880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vodafone_K380x-z_dc_enum;Vodafone K380x-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 26734197
*NewlyCreated* - ASWMBR
*Deregistered* - 26734197
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 01:24]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3081644629-124515513-3774494036-1000Core.job
- c:\users\JayP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 07:15]
.
2012-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3081644629-124515513-3774494036-1000UA.job
- c:\users\JayP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-07 07:15]
.
2012-04-16 c:\windows\Tasks\HPCeeScheduleForJayP.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-02 1128448]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-10-21 984736]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-10-21 799904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DD36BD1B-8E8F-47DD-8CC3-E6C72CAAB4A4}: NameServer = 203.118.191.1 203.109.191.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-17 15:05:34
ComboFix-quarantined-files.txt 2012-04-17 03:05
.
Pre-Run: 324,915,433,472 bytes free
Post-Run: 324,771,586,048 bytes free
.
- - End Of File - - 3064C0E1B22A79951A764404173C1717

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 16 April 2012 - 10:16 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jonnyp85

jonnyp85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 April 2012 - 10:39 PM

OTL logfile created on: 17/04/2012 3:33:14 p.m. - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\JayP\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

7.95 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.42% Memory free
15.90 Gb Paging File | 13.67 Gb Available in Paging File | 85.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440.62 Gb Total Space | 302.53 Gb Free Space | 68.66% Space Free | Partition Type: NTFS
Drive D: | 20.98 Gb Total Space | 2.26 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.22% Space Free | Partition Type: FAT32

Computer Name: JAYP-HP | User Name: JayP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\JayP\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0642b0c04fa10e6986baf58cf1580879\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\91fa5cc7230b88e3e42b3bccd198f681\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe (HP)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (jhi_service) Intel® -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (vodafone_K380x-z_cdc_ecm) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_cdc_ecm.sys (Vodafone)
DRV:64bit: - (vodafone_K380x-z_dc_enum) Vodafone K380x-z DC Enumerator (ZTE) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_dc_enum.sys (Vodafone)
DRV:64bit: - (vodafone_K380x-z_cdc_acm) Vodafone K380x-z CDC-ACM driver (ZTE) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_cdc_acm.sys (Vodafone)
DRV:64bit: - (vodafone_K380x-z_cpo) -- C:\Windows\SysNative\drivers\vodafone_K380x-z_cpo.sys (Vodafone)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilDrv11122) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\JayP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/03/06 11:00:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/03/06 11:00:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/03/06 11:00:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/11 09:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD36BD1B-8E8F-47DD-8CC3-E6C72CAAB4A4}: DhcpNameServer = 203.118.191.1 203.109.191.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD36BD1B-8E8F-47DD-8CC3-E6C72CAAB4A4}: NameServer = 203.118.191.1 203.109.191.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8BB0DEE-A5F5-4CB8-B4A7-6F0E390B0D8D}: DhcpNameServer = 172.168.51.52
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F37E6F88-2AE0-4556-B591-F39842747704}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/17 15:27:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/17 15:25:12 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\Diagnostics
[2012/04/17 15:03:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/17 14:51:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/17 14:51:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/17 14:51:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/17 14:51:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/17 14:51:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/17 14:51:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/14 13:24:18 | 008,766,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 03:03:49 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 03:03:48 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/12 03:03:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 03:03:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 03:03:47 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/12 03:03:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 03:03:47 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/12 03:03:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/12 03:03:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 03:03:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 03:03:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 03:03:18 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/12 03:03:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/12 03:03:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/12 03:00:31 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 03:00:31 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/12 03:00:30 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 19:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/04/11 19:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/04/11 19:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/04/03 10:39:50 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/03 10:39:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/04/02 11:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/04/02 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2012/04/01 16:32:40 | 000,000,000 | ---D | C] -- C:\Users\JayP\Documents\My Games
[2012/04/01 10:34:37 | 000,000,000 | ---D | C] -- C:\Users\JayP\Desktop\Photos Port Douglas Nov 10 to Rotorua 31 May 11
[2012/04/01 10:19:42 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012/04/01 10:19:42 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/04/01 10:19:42 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012/04/01 10:19:42 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/04/01 10:19:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/04/01 10:19:41 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012/04/01 10:19:39 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012/04/01 10:19:39 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/04/01 10:19:37 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012/04/01 10:19:37 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/04/01 10:19:37 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012/04/01 10:19:37 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/04/01 10:19:35 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/04/01 10:19:35 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012/04/01 10:19:33 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012/04/01 10:19:33 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/04/01 10:19:30 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/04/01 10:19:30 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/04/01 10:19:30 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/04/01 10:19:30 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/04/01 10:19:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/04/01 10:19:26 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/04/01 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\SCE
[2012/04/01 10:18:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/03/31 11:48:34 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\Google
[2012/03/31 11:47:30 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\Apps
[2012/03/31 11:47:29 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\Deployment
[2012/03/29 22:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/03/29 20:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2012/03/29 20:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCapY
[2012/03/29 20:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2012/03/29 20:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2012/03/29 20:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2012/03/28 22:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/03/28 22:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/03/27 20:44:09 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\Microsoft Games
[2012/03/24 13:24:59 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{040C7D81-A46F-4EE8-95B3-E454766B852C}
[2012/03/24 13:24:38 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{09024B2B-2E04-4545-96FB-4B01337826B4}
[2012/03/24 11:30:51 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{C4ABD33C-5381-4206-AD4E-62B43E889324}
[2012/03/24 11:30:25 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{5A40CF81-7A50-4DEF-9603-3CE21FE29874}
[2012/03/23 15:08:04 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{11BE1F44-B123-4684-B635-1DFC4E54B647}
[2012/03/23 15:07:26 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{65DFA987-749B-4DE4-B135-33C1656A1934}
[2012/03/22 16:13:08 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{E14F27EA-3092-48C7-BC8A-F119AF82E03A}
[2012/03/22 16:12:58 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{E5AA114F-3355-4069-A3BD-B57457726B04}
[2012/03/21 23:21:03 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Roaming\Malwarebytes
[2012/03/21 23:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/21 22:33:42 | 054,215,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/03/21 13:30:00 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{1E9C535C-5AB1-4CEA-88D9-0199D5BD020B}
[2012/03/21 13:29:18 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{9DC9D018-9944-4095-ADD4-FA0F01FFF2D5}
[2012/03/20 21:48:07 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{C9389613-9362-4CE9-B4C8-AA532EA55CA2}
[2012/03/20 21:47:45 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{BCBC2423-7A13-46C2-95D2-72224821543F}
[2012/03/20 21:47:45 | 000,000,000 | ---D | C] -- C:\Users\JayP\AppData\Local\{1F63275A-C2E7-42B5-A345-F39D2F7F45CD}
[2012/03/20 21:47:31 | 000,000,000 | ---D | C] -- C:\Users\JayP\Tracing
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/17 15:34:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 15:34:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 15:31:46 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/17 15:31:46 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/17 15:31:46 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/17 15:26:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/17 15:26:44 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/17 15:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/17 15:08:31 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/04/17 14:20:09 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3081644629-124515513-3774494036-1000UA.job
[2012/04/17 11:04:30 | 000,000,000 | ---- | M] () -- C:\Users\JayP\defogger_reenable
[2012/04/17 10:58:26 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/17 10:54:03 | 000,001,437 | ---- | M] () -- C:\Users\JayP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/17 10:53:35 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJayP.job
[2012/04/15 20:20:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3081644629-124515513-3774494036-1000Core.job
[2012/04/15 14:25:37 | 000,002,255 | ---- | M] () -- C:\Users\JayP\Desktop\iexplore.exe.lnk
[2012/04/14 13:24:52 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 13:24:52 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 13:24:18 | 008,766,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/12 20:10:36 | 009,194,473 | ---- | M] () -- C:\Users\JayP\Desktop\NZS3604.pdf
[2012/04/08 14:57:45 | 000,764,746 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/01 16:25:31 | 000,002,621 | ---- | M] () -- C:\Users\JayP\Desktop\DC Universe Online Live.lnk
[2012/03/29 22:10:57 | 000,000,178 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/29 20:02:57 | 000,001,313 | ---- | M] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2012/03/29 20:02:57 | 000,000,202 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 14:51:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/17 14:51:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/17 14:51:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/17 14:51:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/17 14:51:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/17 11:04:30 | 000,000,000 | ---- | C] () -- C:\Users\JayP\defogger_reenable
[2012/04/17 10:53:58 | 000,001,443 | ---- | C] () -- C:\Users\JayP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/17 10:53:58 | 000,001,437 | ---- | C] () -- C:\Users\JayP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/17 10:53:58 | 000,001,409 | ---- | C] () -- C:\Users\JayP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/04/15 14:25:18 | 000,002,255 | ---- | C] () -- C:\Users\JayP\Desktop\iexplore.exe.lnk
[2012/04/12 20:08:59 | 009,194,473 | ---- | C] () -- C:\Users\JayP\Desktop\NZS3604.pdf
[2012/04/03 10:39:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/02 11:00:35 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/04/01 10:18:21 | 000,002,621 | ---- | C] () -- C:\Users\JayP\Desktop\DC Universe Online Live.lnk
[2012/04/01 10:18:21 | 000,002,505 | ---- | C] () -- C:\Users\JayP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk
[2012/03/29 20:02:57 | 000,001,313 | ---- | C] () -- C:\Users\Public\Desktop\Plants vs. Zombies.lnk
[2012/03/29 20:02:57 | 000,000,202 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2012/03/28 20:51:33 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/03/08 22:57:01 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/06 10:49:21 | 000,017,408 | ---- | C] () -- C:\Users\JayP\AppData\Local\WebpageIcons.db
[2012/03/05 10:14:48 | 000,000,178 | ---- | C] () -- C:\Windows\wininit.ini
[2012/02/03 13:57:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/03 13:47:25 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/02/03 13:46:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/03 13:46:09 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/03 13:46:09 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/03 13:46:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/02/03 13:46:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/03 13:46:08 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/10/01 18:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/07 08:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/10 14:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 16 April 2012 - 10:48 PM

Hello

I am not seeing anything unusual

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF>
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF>
    IE - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF>
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jonnyp85

jonnyp85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 April 2012 - 10:52 PM

Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF>> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF>> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3081644629-124515513-3774494036-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF>> in the current context!

OTL by OldTimer - Version 3.2.39.2 log created on 04172012_155129

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 16 April 2012 - 11:00 PM

Hello


when you ran the script did you include :OTL
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jonnyp85

jonnyp85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 April 2012 - 11:05 PM

no i mustnt of

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-3081644629-124515513-3774494036-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

OTL by OldTimer - Version 3.2.39.2 log created on 04172012_160509

#14 jonnyp85

jonnyp85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 16 April 2012 - 11:06 PM

no i mustnt of

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-3081644629-124515513-3774494036-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

OTL by OldTimer - Version 3.2.39.2 log created on 04172012_160509

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:49 PM

Posted 16 April 2012 - 11:12 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users