Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 different problems with browsers


  • This topic is locked This topic is locked
25 replies to this topic

#1 starbaby78

starbaby78

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:08:08 PM

Posted 25 April 2012 - 11:57 AM

Problem 1:
I have been having a browser redirect problem on both internet explorer and firefox. When I use any search engine and try to click the results I am redirected to another search engine type site. If I right click and try to copy the results and open them in another tab the same thing happens.

Problem 2:
Everytime I open internet explorer or a new internet explorer tab a pop up window pops up saying "DirectSearchFrame.createTBO_IE: Unable to get value of the property 'Client Version': object is null or undefined"

Thank you in advance for your time and help with this. It's been driving me crazy for a while.





DDS LOG
_____________________________________________________________________________________________
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Angela Star at 12:22:03 on 2012-04-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5675 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\xampp\xampp\mysql\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Angela Star\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\D-Link\Wireless G WUA-1340\airgcfg.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=16
uLocal Page =
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0110&m=dx4300
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Community Smart Bar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [AdobeBridge]
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [beaaabeabcefdct] "C:\ProgramData\beaaabeabcefdct.exe"
mRun: [D-Link Wireless G WUA-1340] "C:\Program Files (x86)\D-Link\Wireless G WUA-1340\AirGCFG.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\Users\ANGELA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Angela Star\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3465F934-13E9-4E36-937E-B4404D0231C9} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7EA19222-B291-4A59-AE26-B4E7CE1DE5BA} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{B7343AA6-197C-46AB-BEDA-808994944E5E} : DhcpNameServer = 68.87.72.130 68.87.77.130
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Community Smart Bar: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [D-Link Wireless G WUA-1340] "C:\Program Files (x86)\D-Link\Wireless G WUA-1340\AirGCFG.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Angela Star\AppData\Roaming\Mozilla\Firefox\Profiles\m1hoi7jy.default\
FF - prefs.js: browser.search.selectedEngine - Xfinity
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/?cid=insDate02282012
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-18 44768]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-20 21504]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cxpl_mhd;CX23885/8 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\system32\drivers\y_cx88x.sys --> C:\Windows\system32\drivers\y_cx88x.sys [?]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-2 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-2 135664]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 V0330VID;WebCam Vista/Live! Cam Chat;C:\Windows\system32\DRIVERS\V0330Vid.sys --> C:\Windows\system32\DRIVERS\V0330Vid.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S4 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 Apache2.2;Apache2.2;C:\xampp\xampp\apache\bin\httpd.exe [2011-6-22 29416]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-1-19 89920]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-17 1038088]
S4 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-2-8 124832]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-17 1153368]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-25 16:32:43 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98995CA6-C990-4328-82B7-D47D44034849}\mpengine.dll
2012-04-25 16:27:03 8917360 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-04-25 16:11:35 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-25 05:03:38 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-04-25 05:03:38 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-04-25 03:38:42 -------- d-----w- C:\Users\Angela Star\AppData\Local\temp
2012-04-18 21:03:16 -------- d-----w- C:\skins
2012-04-11 17:10:14 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-04-11 17:10:14 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-04-10 16:50:34 -------- d-----w- C:\Users\Angela Star\AppData\Roaming\BlogDesk
2012-04-10 16:47:41 765952 ----a-w- C:\Windows\SysWow64\PolarSpellChecker.dll
2012-04-10 16:47:41 536576 ----a-w- C:\Windows\SysWow64\SftTree_IX86_A_45.ocx
2012-04-10 16:47:41 276320 ----a-w- C:\Windows\SysWow64\csftpapi.dll
2012-04-10 16:47:41 221184 ----a-w- C:\Windows\SysWow64\TidyATL.dll
2012-04-10 16:47:41 202576 ----a-w- C:\Windows\SysWow64\csncdapi.dll
2012-04-10 16:47:40 -------- d-----w- C:\Program Files (x86)\BlogDesk
2012-03-26 18:50:01 -------- d-----w- C:\Users\Angela Star\AppData\Local\{15E7ADE2-5D4E-449D-9A29-A63666098D09}
2012-03-26 18:49:40 -------- d-----w- C:\Users\Angela Star\AppData\Local\{AAD3289F-2B9B-4CF1-B575-1D9587D3EC65}
.
==================== Find3M ====================
.
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-29 15:37:41 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-02-29 15:37:38 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-29 15:35:44 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-02-29 15:11:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-02-29 13:52:46 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-21 16:57:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 12:32:19.99 ===============

Attached Files


Edited by starbaby78, 25 April 2012 - 01:31 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 26 April 2012 - 01:10 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 starbaby78

starbaby78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:08:08 PM

Posted 26 April 2012 - 04:16 PM

Hello Gringo,

Thank you very much for your help in this matter :) I am going crazy with all of this. During the combofix process I kept getting an error that said...

PEV.3XE has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available. The button that was on that popup window only had one option, Close Program.

It don't think it had any effect on the scan though. I will post my results below.

Again, thank you very much for your help. :)




-------------------------------------------------------------------------------------------------------------
ComboFix 12-04-26.01 - Angela Star 04/26/2012 11:35:44.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5373 [GMT -5:00]
Running from: c:\users\Angela Star\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 17:52 . 2012-04-26 18:01 -------- d-----w- c:\users\Angela Star\AppData\Local\temp
2012-04-26 17:52 . 2012-04-26 17:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-26 17:52 . 2012-04-26 17:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-26 17:52 . 2012-04-26 17:52 -------- d-----w- c:\users\Isai\AppData\Local\temp
2012-04-26 17:52 . 2012-04-26 17:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 16:32 . 2012-04-18 08:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98995CA6-C990-4328-82B7-D47D44034849}\mpengine.dll
2012-04-25 05:03 . 2012-04-25 05:03 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-25 05:03 . 2012-04-25 05:03 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-25 05:02 . 2012-04-25 05:02 -------- d-----w- c:\program files\Java
2012-04-18 21:03 . 2012-04-18 21:03 -------- d-----w- C:\skins
2012-04-11 17:10 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 17:10 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-10 16:50 . 2012-04-10 16:50 -------- d-----w- c:\users\Angela Star\AppData\Roaming\BlogDesk
2012-04-10 16:47 . 2006-03-21 15:27 276320 ----a-w- c:\windows\SysWow64\csftpapi.dll
2012-04-10 16:47 . 2006-03-21 15:27 202576 ----a-w- c:\windows\SysWow64\csncdapi.dll
2012-04-10 16:47 . 2006-01-30 22:26 765952 ----a-w- c:\windows\SysWow64\PolarSpellChecker.dll
2012-04-10 16:47 . 2003-02-20 15:59 221184 ----a-w- c:\windows\SysWow64\TidyATL.dll
2012-04-10 16:47 . 2003-01-04 16:10 536576 ----a-w- c:\windows\SysWow64\SftTree_IX86_A_45.ocx
2012-04-10 16:47 . 2012-04-10 16:47 -------- d-----w- c:\program files (x86)\BlogDesk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2011-02-12 05:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 15:18 . 2010-01-16 03:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 16:57 . 2011-09-07 15:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 16:49 . 2012-03-14 20:18 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 20:18 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 20:18 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 20:18 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 20:18 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 20:18 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 20:18 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 20:18 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 20:18 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 20:18 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-02 15:34 . 2012-03-14 20:18 2765824 ----a-w- c:\windows\system32\win32k.sys
.
<pre>
c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files (x86)\Creative\Shared Files\camtray .exe
c:\program files (x86)\DAEMON Tools Lite\dtlite .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot_2012-04-25_03.08.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-04-25 02:34 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-04-26 17:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-12 06:25 . 2012-04-25 02:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-12 06:25 . 2012-04-26 17:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-04-26 17:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-04-25 02:34 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-04-26 17:58 82636 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-01-14 20:43 . 2012-04-26 17:58 24718 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1712992746-1247806449-2519789356-1000_UserData.bin
- 2010-01-14 20:43 . 2012-04-25 03:08 24718 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1712992746-1247806449-2519789356-1000_UserData.bin
- 2010-01-14 20:37 . 2012-04-25 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-14 20:37 . 2012-04-26 04:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-15 00:45 . 2012-04-25 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-15 00:45 . 2012-04-26 04:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-14 20:37 . 2012-04-25 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-14 20:37 . 2012-04-26 04:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-25 02:34 . 2012-04-25 02:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-26 17:55 . 2012-04-26 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-25 02:34 . 2012-04-25 02:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-26 17:55 . 2012-04-26 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-10 19:18 . 2012-04-26 16:10 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2010-03-10 19:18 . 2012-04-24 14:43 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-14 22:21 . 2012-04-26 04:11 671400 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:45 . 2012-04-26 17:58 143146 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-25 05:03 . 2012-04-25 05:03 264584 c:\windows\system32\javaws.exe
+ 2012-04-25 05:03 . 2012-04-25 05:03 188808 c:\windows\system32\javaw.exe
+ 2012-04-25 05:03 . 2012-04-25 05:03 188808 c:\windows\system32\java.exe
+ 2010-11-12 07:55 . 2012-04-26 17:54 458844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-11-12 07:55 . 2012-04-25 02:32 458844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-25 05:02 . 2012-04-25 05:02 970752 c:\windows\Installer\8886a2.msi
+ 2010-11-12 07:55 . 2012-04-26 17:54 24972604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1712992746-1247806449-2519789356-1000-8192.dat
+ 2009-04-04 22:08 . 2009-04-04 22:08 343058432 c:\windows\Installer\99250.msp
+ 2009-04-04 22:08 . 2009-04-04 22:08 343058432 c:\windows\Installer\8d01a.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [N/A]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"beaaabeabcefdct"="c:\programdata\beaaabeabcefdct.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"D-Link Wireless G WUA-1340"="c:\program files (x86)\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-12-21 39424]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
c:\users\Angela Star\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Angela Star\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-12 26950560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 06:14]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 06:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=16
uLocal Page =
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0110&m=dx4300
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Angela Star\AppData\Roaming\Mozilla\Firefox\Profiles\m1hoi7jy.default\
FF - prefs.js: browser.search.selectedEngine - Xfinity
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/?cid=insDate02282012
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\xampp\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
.
**************************************************************************
.
Completion time: 2012-04-26 13:27:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-26 18:26
ComboFix2.txt 2012-04-25 03:38
ComboFix3.txt 2012-01-29 21:30
.
Pre-Run: 340,222,197,760 bytes free
Post-Run: 340,834,394,112 bytes free
.
- - End Of File - - 21418DA369512DB7E695A251CDA630F4

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 26 April 2012 - 06:20 PM

reetings

I would like to know which browsers are redirecting - please check all that are installed

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 starbaby78

starbaby78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:08:08 PM

Posted 26 April 2012 - 06:44 PM

Hello Gringo :)

It happens with both Internet Explorer and Firefox.


Programs that you sent me:
I downloaded, saved to desktop and allowed admin access to both programs. When I double click on the first program nothing happens. I tried several times, waiting a while in between each try. I figured that maybe it was just the first program but I went through the same process with the second program and nothing happens. I am not sure what to do now.


On a side note: I just logged into my facebook (password is very secured) and it was in some crazy language. (not sure if this has anything to do with the problems on this browser)

Again, thank you very much for your help :)

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 26 April 2012 - 08:41 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 starbaby78

starbaby78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:08:08 PM

Posted 26 April 2012 - 09:15 PM

Hello Gringo :)

I ran the fixTDSS and it said (Infected MBR detected) when I hit repair it said that the repair was successful. :)

Here is a copy of the TDSSKiller Report. Do you still want me to do the ASWmbr? I didn't want to do it without asking first.

Again, thank you very much for your help

---------------------------------------------------------------------------------------------------------------------------------------

21:08:47.0843 1168 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:08:48.0155 1168 ============================================================
21:08:48.0155 1168 Current date / time: 2012/04/26 21:08:48.0155
21:08:48.0155 1168 SystemInfo:
21:08:48.0155 1168
21:08:48.0155 1168 OS Version: 6.0.6002 ServicePack: 2.0
21:08:48.0155 1168 Product type: Workstation
21:08:48.0155 1168 ComputerName: ANGELASTAR-PC
21:08:48.0171 1168 UserName: Angela Star
21:08:48.0171 1168 Windows directory: C:\Windows
21:08:48.0171 1168 System windows directory: C:\Windows
21:08:48.0171 1168 Running under WOW64
21:08:48.0171 1168 Processor architecture: Intel x64
21:08:48.0171 1168 Number of processors: 4
21:08:48.0171 1168 Page size: 0x1000
21:08:48.0171 1168 Boot type: Normal boot
21:08:48.0171 1168 ============================================================
21:08:49.0356 1168 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:08:49.0387 1168 ============================================================
21:08:49.0387 1168 \Device\Harddisk0\DR0:
21:08:49.0387 1168 MBR partitions:
21:08:49.0387 1168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x729B6800
21:08:49.0387 1168 ============================================================
21:08:49.0419 1168 C: <-> \Device\Harddisk0\DR0\Partition0
21:08:49.0419 1168 ============================================================
21:08:49.0419 1168 Initialize success
21:08:49.0419 1168 ============================================================
21:09:04.0894 3304 ============================================================
21:09:04.0894 3304 Scan started
21:09:04.0894 3304 Mode: Manual;
21:09:04.0894 3304 ============================================================
21:09:07.0234 3304 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
21:09:07.0249 3304 ACPI - ok
21:09:07.0327 3304 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
21:09:07.0343 3304 adfs - ok
21:09:07.0795 3304 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
21:09:07.0936 3304 Adobe Version Cue CS4 - ok
21:09:08.0731 3304 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
21:09:09.0043 3304 adp94xx - ok
21:09:09.0964 3304 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
21:09:10.0011 3304 adpahci - ok
21:09:10.0026 3304 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
21:09:10.0026 3304 adpu160m - ok
21:09:10.0104 3304 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
21:09:10.0120 3304 adpu320 - ok
21:09:10.0151 3304 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
21:09:10.0151 3304 AeLookupSvc - ok
21:09:10.0619 3304 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
21:09:10.0635 3304 AFD - ok
21:09:10.0728 3304 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
21:09:10.0728 3304 AgereModemAudio - ok
21:09:11.0274 3304 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
21:09:11.0305 3304 AgereSoftModem - ok
21:09:11.0680 3304 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
21:09:11.0742 3304 agp440 - ok
21:09:12.0475 3304 ahcix64s (97dd49ccdb89a22cfcea78b29d393d87) C:\Windows\system32\drivers\ahcix64s.sys
21:09:12.0522 3304 ahcix64s - ok
21:09:12.0772 3304 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
21:09:12.0787 3304 aic78xx - ok
21:09:12.0803 3304 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
21:09:12.0819 3304 ALG - ok
21:09:12.0850 3304 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
21:09:12.0850 3304 aliide - ok
21:09:12.0990 3304 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
21:09:13.0021 3304 AMD External Events Utility - ok
21:09:13.0037 3304 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
21:09:13.0037 3304 amdide - ok
21:09:13.0084 3304 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
21:09:13.0084 3304 AmdK8 - ok
21:09:21.0414 3304 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:09:21.0773 3304 amdkmdag - ok
21:09:22.0475 3304 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
21:09:22.0475 3304 amdkmdap - ok
21:09:22.0631 3304 Apache2.2 (fb32f046a2578755fa0da5052c6a9cd3) C:\xampp\xampp\apache\bin\httpd.exe
21:09:22.0631 3304 Apache2.2 - ok
21:09:22.0803 3304 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
21:09:22.0803 3304 Appinfo - ok
21:09:23.0005 3304 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
21:09:23.0005 3304 arc - ok
21:09:23.0193 3304 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
21:09:23.0208 3304 arcsas - ok
21:09:23.0349 3304 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
21:09:23.0349 3304 aswFsBlk - ok
21:09:23.0442 3304 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
21:09:23.0442 3304 aswMonFlt - ok
21:09:23.0520 3304 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
21:09:23.0520 3304 aswRdr - ok
21:09:23.0692 3304 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
21:09:23.0707 3304 aswSnx - ok
21:09:23.0879 3304 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
21:09:23.0879 3304 aswSP - ok
21:09:24.0051 3304 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
21:09:24.0051 3304 aswTdi - ok
21:09:24.0129 3304 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:24.0129 3304 AsyncMac - ok
21:09:24.0175 3304 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
21:09:24.0175 3304 atapi - ok
21:09:28.0263 3304 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:09:28.0356 3304 atikmdag - ok
21:09:29.0745 3304 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:09:29.0745 3304 AtiPcie - ok
21:09:30.0025 3304 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:09:30.0041 3304 AudioEndpointBuilder - ok
21:09:30.0041 3304 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:09:30.0057 3304 AudioSrv - ok
21:09:30.0244 3304 avast! Antivirus (c76769f246250edad34a5581419e9d60) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
21:09:30.0244 3304 avast! Antivirus - ok
21:09:30.0493 3304 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:09:30.0509 3304 BBSvc - ok
21:09:30.0556 3304 Beep - ok
21:09:30.0774 3304 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
21:09:30.0930 3304 BFE - ok
21:09:31.0476 3304 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
21:09:31.0632 3304 BITS - ok
21:09:31.0757 3304 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
21:09:31.0773 3304 blbdrive - ok
21:09:31.0819 3304 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
21:09:31.0819 3304 bowser - ok
21:09:31.0897 3304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
21:09:31.0897 3304 BrFiltLo - ok
21:09:31.0944 3304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
21:09:31.0944 3304 BrFiltUp - ok
21:09:31.0991 3304 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
21:09:32.0007 3304 Browser - ok
21:09:32.0085 3304 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
21:09:32.0085 3304 Brserid - ok
21:09:32.0178 3304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
21:09:32.0178 3304 BrSerWdm - ok
21:09:32.0209 3304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
21:09:32.0225 3304 BrUsbMdm - ok
21:09:32.0272 3304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
21:09:32.0272 3304 BrUsbSer - ok
21:09:32.0334 3304 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
21:09:32.0334 3304 BTHMODEM - ok
21:09:32.0755 3304 catchme - ok
21:09:32.0911 3304 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
21:09:32.0974 3304 cdfs - ok
21:09:33.0114 3304 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
21:09:33.0114 3304 cdrom - ok
21:09:33.0208 3304 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:09:33.0208 3304 CertPropSvc - ok
21:09:33.0239 3304 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
21:09:33.0255 3304 circlass - ok
21:09:33.0457 3304 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
21:09:33.0489 3304 CLFS - ok
21:09:33.0582 3304 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:33.0613 3304 clr_optimization_v2.0.50727_32 - ok
21:09:33.0816 3304 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:09:33.0847 3304 clr_optimization_v2.0.50727_64 - ok
21:09:34.0159 3304 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:34.0362 3304 clr_optimization_v4.0.30319_32 - ok
21:09:34.0440 3304 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:09:34.0596 3304 clr_optimization_v4.0.30319_64 - ok
21:09:34.0627 3304 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
21:09:34.0643 3304 cmdide - ok
21:09:34.0705 3304 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
21:09:34.0705 3304 Compbatt - ok
21:09:34.0705 3304 COMSysApp - ok
21:09:34.0752 3304 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
21:09:34.0752 3304 crcdisk - ok
21:09:34.0893 3304 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
21:09:34.0893 3304 CryptSvc - ok
21:09:35.0189 3304 cxpl_mhd (53c879266efa8d2fa54b99841392dfaf) C:\Windows\system32\drivers\y_cx88x.sys
21:09:35.0205 3304 cxpl_mhd - ok
21:09:35.0735 3304 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:09:35.0875 3304 DcomLaunch - ok
21:09:36.0063 3304 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
21:09:36.0109 3304 DfsC - ok
21:09:38.0621 3304 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
21:09:39.0229 3304 DFSR - ok
21:09:39.0682 3304 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
21:09:39.0760 3304 Dhcp - ok
21:09:39.0869 3304 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
21:09:39.0869 3304 disk - ok
21:09:39.0978 3304 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
21:09:40.0041 3304 Dnscache - ok
21:09:40.0165 3304 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
21:09:40.0181 3304 dot3svc - ok
21:09:40.0321 3304 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
21:09:40.0321 3304 Dot4 - ok
21:09:40.0509 3304 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:09:40.0524 3304 Dot4Print - ok
21:09:40.0555 3304 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
21:09:40.0571 3304 dot4usb - ok
21:09:40.0665 3304 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
21:09:40.0680 3304 DPS - ok
21:09:40.0821 3304 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
21:09:40.0836 3304 drmkaud - ok
21:09:41.0538 3304 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
21:09:41.0554 3304 DXGKrnl - ok
21:09:41.0944 3304 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
21:09:41.0959 3304 E1G60 - ok
21:09:42.0037 3304 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
21:09:42.0037 3304 EapHost - ok
21:09:42.0334 3304 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
21:09:42.0334 3304 Ecache - ok
21:09:42.0412 3304 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
21:09:42.0412 3304 ehRecvr - ok
21:09:42.0443 3304 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
21:09:42.0443 3304 ehSched - ok
21:09:42.0474 3304 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
21:09:42.0490 3304 ehstart - ok
21:09:42.0646 3304 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
21:09:42.0661 3304 elxstor - ok
21:09:42.0739 3304 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
21:09:42.0755 3304 EMDMgmt - ok
21:09:42.0786 3304 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
21:09:42.0786 3304 ErrDev - ok
21:09:42.0911 3304 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
21:09:42.0911 3304 EventSystem - ok
21:09:42.0958 3304 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
21:09:42.0973 3304 exfat - ok
21:09:43.0005 3304 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
21:09:43.0005 3304 fastfat - ok
21:09:43.0036 3304 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
21:09:43.0036 3304 fdc - ok
21:09:43.0051 3304 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
21:09:43.0051 3304 fdPHost - ok
21:09:43.0083 3304 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
21:09:43.0083 3304 FDResPub - ok
21:09:43.0098 3304 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
21:09:43.0098 3304 FileInfo - ok
21:09:43.0129 3304 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
21:09:43.0129 3304 Filetrace - ok
21:09:43.0441 3304 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:09:43.0457 3304 FLEXnet Licensing Service - ok
21:09:43.0597 3304 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
21:09:43.0613 3304 FLEXnet Licensing Service 64 - ok
21:09:43.0769 3304 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:43.0769 3304 flpydisk - ok
21:09:43.0800 3304 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
21:09:43.0800 3304 FltMgr - ok
21:09:44.0065 3304 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
21:09:44.0097 3304 FontCache - ok
21:09:44.0206 3304 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:09:44.0206 3304 FontCache3.0.0.0 - ok
21:09:44.0424 3304 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:09:44.0424 3304 fssfltr - ok
21:09:45.0735 3304 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:09:46.0249 3304 fsssvc - ok
21:09:46.0998 3304 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
21:09:46.0998 3304 Fs_Rec - ok
21:09:47.0154 3304 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
21:09:47.0185 3304 gagp30kx - ok
21:09:47.0794 3304 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
21:09:47.0903 3304 GameConsoleService - ok
21:09:48.0231 3304 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
21:09:48.0262 3304 gpsvc - ok
21:09:48.0324 3304 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:48.0340 3304 gupdate - ok
21:09:48.0355 3304 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:48.0355 3304 gupdatem - ok
21:09:48.0418 3304 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:09:48.0433 3304 gusvc - ok
21:09:48.0496 3304 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
21:09:48.0511 3304 HdAudAddService - ok
21:09:48.0714 3304 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:49.0385 3304 HDAudBus - ok
21:09:49.0603 3304 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
21:09:49.0713 3304 HidBth - ok
21:09:49.0775 3304 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
21:09:49.0791 3304 HidIr - ok
21:09:49.0806 3304 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
21:09:49.0806 3304 hidserv - ok
21:09:49.0822 3304 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
21:09:49.0822 3304 HidUsb - ok
21:09:49.0853 3304 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
21:09:49.0869 3304 hkmsvc - ok
21:09:49.0993 3304 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
21:09:49.0993 3304 HpCISSs - ok
21:09:50.0961 3304 hpqcxs08 (682358f730b84b63e09c6b4edc1de7ae) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:09:50.0961 3304 hpqcxs08 - ok
21:09:51.0647 3304 hpqddsvc (2e7bee4aa776cf1c37836b26d1d29403) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:09:51.0647 3304 hpqddsvc - ok
21:09:53.0425 3304 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
21:09:53.0613 3304 HTTP - ok
21:09:53.0784 3304 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
21:09:53.0847 3304 i2omp - ok
21:09:54.0642 3304 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
21:09:54.0642 3304 i8042prt - ok
21:09:55.0235 3304 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
21:09:55.0235 3304 iaStorV - ok
21:09:56.0109 3304 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:09:56.0311 3304 idsvc - ok
21:09:56.0374 3304 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
21:09:56.0374 3304 iirsp - ok
21:09:56.0499 3304 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
21:09:56.0499 3304 IKEEXT - ok
21:09:57.0341 3304 IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys
21:09:57.0357 3304 IntcAzAudAddService - ok
21:09:58.0402 3304 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
21:09:58.0402 3304 intelide - ok
21:09:58.0433 3304 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
21:09:58.0433 3304 intelppm - ok
21:09:58.0464 3304 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
21:09:58.0480 3304 IPBusEnum - ok
21:09:58.0511 3304 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:58.0511 3304 IpFilterDriver - ok
21:09:58.0573 3304 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
21:09:58.0573 3304 iphlpsvc - ok
21:09:58.0573 3304 IpInIp - ok
21:09:58.0620 3304 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
21:09:58.0636 3304 IPMIDRV - ok
21:09:58.0729 3304 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
21:09:58.0761 3304 IPNAT - ok
21:09:59.0010 3304 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
21:09:59.0010 3304 IRENUM - ok
21:09:59.0057 3304 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
21:09:59.0057 3304 isapnp - ok
21:09:59.0119 3304 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
21:09:59.0119 3304 iScsiPrt - ok
21:09:59.0229 3304 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
21:09:59.0229 3304 iteatapi - ok
21:09:59.0353 3304 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
21:09:59.0369 3304 iteraid - ok
21:09:59.0400 3304 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:59.0400 3304 kbdclass - ok
21:09:59.0447 3304 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:59.0447 3304 kbdhid - ok
21:09:59.0478 3304 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:09:59.0494 3304 KeyIso - ok
21:09:59.0541 3304 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
21:09:59.0556 3304 KSecDD - ok
21:09:59.0587 3304 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
21:09:59.0587 3304 ksthunk - ok
21:09:59.0650 3304 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
21:09:59.0650 3304 KtmRm - ok
21:09:59.0681 3304 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
21:09:59.0681 3304 LanmanServer - ok
21:09:59.0712 3304 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
21:09:59.0712 3304 LanmanWorkstation - ok
21:09:59.0743 3304 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
21:09:59.0743 3304 lltdio - ok
21:09:59.0775 3304 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
21:09:59.0790 3304 lltdsvc - ok
21:09:59.0806 3304 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
21:09:59.0806 3304 lmhosts - ok
21:09:59.0853 3304 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
21:09:59.0884 3304 LSI_FC - ok
21:10:00.0102 3304 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
21:10:00.0133 3304 LSI_SAS - ok
21:10:00.0149 3304 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
21:10:00.0149 3304 LSI_SCSI - ok
21:10:00.0180 3304 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
21:10:00.0196 3304 luafv - ok
21:10:00.0227 3304 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
21:10:00.0243 3304 Mcx2Svc - ok
21:10:00.0305 3304 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
21:10:00.0352 3304 megasas - ok
21:10:00.0601 3304 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
21:10:00.0601 3304 MegaSR - ok
21:10:00.0867 3304 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:10:00.0867 3304 Microsoft Office Groove Audit Service - ok
21:10:00.0898 3304 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:10:00.0898 3304 MMCSS - ok
21:10:00.0898 3304 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
21:10:00.0898 3304 Modem - ok
21:10:00.0960 3304 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
21:10:00.0960 3304 monitor - ok
21:10:00.0976 3304 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
21:10:00.0976 3304 mouclass - ok
21:10:00.0991 3304 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
21:10:00.0991 3304 mouhid - ok
21:10:01.0007 3304 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
21:10:01.0007 3304 MountMgr - ok
21:10:01.0038 3304 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
21:10:01.0038 3304 mpio - ok
21:10:01.0069 3304 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
21:10:01.0069 3304 mpsdrv - ok
21:10:01.0179 3304 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
21:10:01.0179 3304 MpsSvc - ok
21:10:01.0210 3304 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
21:10:01.0210 3304 Mraid35x - ok
21:10:01.0444 3304 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
21:10:01.0459 3304 MRxDAV - ok
21:10:01.0475 3304 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:10:01.0475 3304 mrxsmb - ok
21:10:01.0600 3304 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:10:01.0615 3304 mrxsmb10 - ok
21:10:01.0631 3304 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:10:01.0647 3304 mrxsmb20 - ok
21:10:01.0662 3304 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
21:10:01.0678 3304 msahci - ok
21:10:01.0693 3304 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
21:10:01.0693 3304 msdsm - ok
21:10:01.0740 3304 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
21:10:01.0756 3304 MSDTC - ok
21:10:01.0787 3304 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
21:10:01.0787 3304 Msfs - ok
21:10:02.0458 3304 MsgPlusService (3f3d6e8bd31b3c017d0ab24cd5ec0d05) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
21:10:02.0458 3304 MsgPlusService - ok
21:10:02.0489 3304 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
21:10:02.0489 3304 msisadrv - ok
21:10:02.0536 3304 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
21:10:02.0536 3304 MSiSCSI - ok
21:10:02.0536 3304 msiserver - ok
21:10:02.0598 3304 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
21:10:02.0598 3304 MSKSSRV - ok
21:10:02.0614 3304 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
21:10:02.0614 3304 MSPCLOCK - ok
21:10:02.0614 3304 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
21:10:02.0614 3304 MSPQM - ok
21:10:02.0661 3304 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
21:10:02.0661 3304 MsRPC - ok
21:10:02.0692 3304 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
21:10:02.0692 3304 mssmbios - ok
21:10:02.0770 3304 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
21:10:02.0770 3304 MSTEE - ok
21:10:02.0801 3304 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
21:10:02.0801 3304 Mup - ok
21:10:04.0657 3304 MySQL (21eef976d53a0bcb603abff4ab6e4c88) C:\xampp\xampp\mysql\bin\mysqld.exe
21:10:04.0767 3304 MySQL - ok
21:10:05.0047 3304 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
21:10:05.0172 3304 napagent - ok
21:10:06.0093 3304 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
21:10:06.0093 3304 NativeWifiP - ok
21:10:06.0139 3304 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
21:10:06.0202 3304 NDIS - ok
21:10:06.0217 3304 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
21:10:06.0217 3304 NdisTapi - ok
21:10:06.0233 3304 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
21:10:06.0233 3304 Ndisuio - ok
21:10:06.0249 3304 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
21:10:06.0249 3304 NdisWan - ok
21:10:06.0264 3304 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
21:10:06.0264 3304 NDProxy - ok
21:10:06.0311 3304 Net Driver HPZ12 (bd94210175c488f18add3e189ee9304c) C:\Windows\system32\HPZinw12.dll
21:10:06.0311 3304 Net Driver HPZ12 - ok
21:10:06.0327 3304 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
21:10:06.0327 3304 NetBIOS - ok
21:10:06.0342 3304 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
21:10:06.0358 3304 netbt - ok
21:10:06.0373 3304 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:10:06.0373 3304 Netlogon - ok
21:10:06.0405 3304 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
21:10:06.0420 3304 Netman - ok
21:10:06.0436 3304 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
21:10:06.0451 3304 netprofm - ok
21:10:06.0514 3304 netr7364 (a011ac63b12fd7f7c022df676cb01711) C:\Windows\system32\DRIVERS\netr7364.sys
21:10:06.0529 3304 netr7364 - ok
21:10:06.0685 3304 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:10:06.0701 3304 NetTcpPortSharing - ok
21:10:06.0732 3304 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
21:10:06.0732 3304 nfrd960 - ok
21:10:06.0779 3304 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
21:10:06.0779 3304 NlaSvc - ok
21:10:06.0997 3304 NMSAccessU (b400ed9fa710f2e5fc3c1cb14d7947b0) C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
21:10:07.0013 3304 NMSAccessU - ok
21:10:07.0153 3304 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
21:10:07.0169 3304 Npfs - ok
21:10:07.0309 3304 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
21:10:07.0309 3304 nsi - ok
21:10:07.0341 3304 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
21:10:07.0341 3304 nsiproxy - ok
21:10:07.0746 3304 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
21:10:07.0777 3304 Ntfs - ok
21:10:07.0918 3304 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
21:10:07.0918 3304 Null - ok
21:10:07.0949 3304 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
21:10:07.0949 3304 nvraid - ok
21:10:07.0965 3304 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
21:10:07.0965 3304 nvstor - ok
21:10:07.0996 3304 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
21:10:07.0996 3304 nv_agp - ok
21:10:07.0996 3304 NwlnkFlt - ok
21:10:08.0011 3304 NwlnkFwd - ok
21:10:08.0339 3304 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:10:08.0355 3304 odserv - ok
21:10:08.0386 3304 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
21:10:08.0386 3304 ohci1394 - ok
21:10:08.0433 3304 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:10:08.0448 3304 ose - ok
21:10:08.0667 3304 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:10:08.0682 3304 p2pimsvc - ok
21:10:08.0698 3304 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:10:08.0698 3304 p2psvc - ok
21:10:08.0791 3304 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
21:10:08.0807 3304 Parport - ok
21:10:08.0854 3304 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
21:10:08.0854 3304 partmgr - ok
21:10:08.0885 3304 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
21:10:08.0885 3304 PcaSvc - ok
21:10:08.0916 3304 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
21:10:08.0932 3304 pci - ok
21:10:08.0947 3304 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
21:10:08.0947 3304 pciide - ok
21:10:08.0994 3304 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
21:10:09.0010 3304 pcmcia - ok
21:10:09.0057 3304 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
21:10:09.0072 3304 PEAUTH - ok
21:10:09.0135 3304 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
21:10:09.0150 3304 PerfHost - ok
21:10:09.0556 3304 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
21:10:09.0587 3304 pla - ok
21:10:10.0242 3304 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
21:10:10.0242 3304 PlugPlay - ok
21:10:10.0383 3304 Pml Driver HPZ12 (7fe2afb17d91cf39843d6766ea31cfc7) C:\Windows\system32\HPZipm12.dll
21:10:10.0383 3304 Pml Driver HPZ12 - ok
21:10:10.0476 3304 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:10:10.0492 3304 PNRPAutoReg - ok
21:10:10.0492 3304 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:10:10.0507 3304 PNRPsvc - ok
21:10:10.0632 3304 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
21:10:10.0663 3304 PolicyAgent - ok
21:10:10.0929 3304 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
21:10:10.0944 3304 PptpMiniport - ok
21:10:11.0053 3304 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
21:10:11.0069 3304 Processor - ok
21:10:11.0475 3304 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
21:10:11.0475 3304 ProfSvc - ok
21:10:11.0521 3304 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:10:11.0537 3304 ProtectedStorage - ok
21:10:11.0740 3304 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
21:10:11.0740 3304 PSched - ok
21:10:11.0787 3304 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
21:10:11.0787 3304 PxHlpa64 - ok
21:10:12.0301 3304 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
21:10:12.0333 3304 ql2300 - ok
21:10:12.0364 3304 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
21:10:12.0364 3304 ql40xx - ok
21:10:12.0426 3304 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
21:10:12.0426 3304 QWAVE - ok
21:10:12.0442 3304 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
21:10:12.0442 3304 QWAVEdrv - ok
21:10:12.0457 3304 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
21:10:12.0457 3304 RasAcd - ok
21:10:12.0473 3304 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
21:10:12.0489 3304 RasAuto - ok
21:10:12.0691 3304 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:10:12.0707 3304 Rasl2tp - ok
21:10:12.0723 3304 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
21:10:12.0738 3304 RasMan - ok
21:10:12.0754 3304 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
21:10:12.0754 3304 RasPppoe - ok
21:10:12.0769 3304 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
21:10:12.0785 3304 RasSstp - ok
21:10:12.0801 3304 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
21:10:12.0816 3304 rdbss - ok
21:10:12.0832 3304 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:10:12.0832 3304 RDPCDD - ok
21:10:12.0863 3304 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
21:10:12.0863 3304 rdpdr - ok
21:10:12.0863 3304 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
21:10:12.0879 3304 RDPENCDD - ok
21:10:12.0910 3304 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
21:10:12.0910 3304 RDPWD - ok
21:10:12.0941 3304 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
21:10:12.0941 3304 RemoteAccess - ok
21:10:12.0972 3304 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
21:10:12.0988 3304 RemoteRegistry - ok
21:10:13.0003 3304 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:10:13.0003 3304 RimUsb - ok
21:10:13.0035 3304 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
21:10:13.0035 3304 RimVSerPort - ok
21:10:13.0050 3304 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
21:10:13.0050 3304 ROOTMODEM - ok
21:10:13.0066 3304 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
21:10:13.0066 3304 RpcLocator - ok
21:10:13.0315 3304 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:10:13.0331 3304 RpcSs - ok
21:10:13.0409 3304 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
21:10:13.0425 3304 rspndr - ok
21:10:13.0503 3304 RT73 (1bf56ef13988348f2ac8bd932fadea0b) C:\Windows\system32\DRIVERS\Dr71WU.sys
21:10:13.0518 3304 RT73 - ok
21:10:13.0581 3304 RTHDMIAzAudService (67c7695d3b18682addf8419eda4bbfb8) C:\Windows\system32\drivers\RtHDMIVX.sys
21:10:13.0581 3304 RTHDMIAzAudService - ok
21:10:13.0752 3304 RTL85n64 (4cd2d0a19bb2b597f24ea1735c3a4d80) C:\Windows\system32\DRIVERS\RTL85n64.sys
21:10:13.0768 3304 RTL85n64 - ok
21:10:14.0111 3304 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:10:14.0111 3304 SamSs - ok
21:10:14.0361 3304 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
21:10:14.0361 3304 sbp2port - ok
21:10:14.0626 3304 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:10:14.0641 3304 SBSDWSCService - ok
21:10:14.0953 3304 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
21:10:14.0969 3304 SCardSvr - ok
21:10:15.0016 3304 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
21:10:15.0078 3304 Schedule - ok
21:10:15.0109 3304 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:10:15.0109 3304 SCPolicySvc - ok
21:10:15.0125 3304 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
21:10:15.0141 3304 SDRSVC - ok
21:10:15.0406 3304 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:10:15.0421 3304 SeaPort - ok
21:10:15.0453 3304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:10:15.0468 3304 secdrv - ok
21:10:15.0484 3304 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
21:10:15.0484 3304 seclogon - ok
21:10:15.0499 3304 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
21:10:15.0499 3304 SENS - ok
21:10:15.0562 3304 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
21:10:15.0562 3304 Serenum - ok
21:10:15.0577 3304 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
21:10:15.0577 3304 Serial - ok
21:10:15.0624 3304 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
21:10:15.0624 3304 sermouse - ok
21:10:15.0796 3304 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
21:10:15.0796 3304 SessionEnv - ok
21:10:15.0827 3304 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
21:10:15.0827 3304 sffdisk - ok
21:10:15.0843 3304 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
21:10:15.0843 3304 sffp_mmc - ok
21:10:15.0858 3304 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
21:10:15.0858 3304 sffp_sd - ok
21:10:15.0874 3304 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
21:10:15.0874 3304 sfloppy - ok
21:10:15.0921 3304 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
21:10:15.0936 3304 SharedAccess - ok
21:10:15.0983 3304 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
21:10:15.0999 3304 ShellHWDetection - ok
21:10:16.0045 3304 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
21:10:16.0045 3304 SiSRaid2 - ok
21:10:16.0061 3304 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
21:10:16.0061 3304 SiSRaid4 - ok
21:10:17.0590 3304 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
21:10:17.0668 3304 slsvc - ok
21:10:18.0619 3304 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
21:10:18.0635 3304 SLUINotify - ok
21:10:18.0682 3304 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
21:10:18.0682 3304 Smb - ok
21:10:18.0713 3304 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
21:10:18.0713 3304 SNMPTRAP - ok
21:10:18.0744 3304 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
21:10:18.0744 3304 spldr - ok
21:10:19.0072 3304 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
21:10:19.0072 3304 Spooler - ok
21:10:19.0150 3304 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
21:10:19.0165 3304 sptd - ok
21:10:19.0197 3304 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
21:10:19.0212 3304 srv - ok
21:10:19.0228 3304 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
21:10:19.0243 3304 srv2 - ok
21:10:19.0290 3304 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
21:10:19.0290 3304 srvnet - ok
21:10:19.0649 3304 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
21:10:19.0665 3304 SSDPSRV - ok
21:10:19.0758 3304 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
21:10:19.0805 3304 SstpSvc - ok
21:10:19.0867 3304 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
21:10:19.0883 3304 stisvc - ok
21:10:19.0899 3304 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
21:10:19.0914 3304 swenum - ok
21:10:19.0945 3304 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
21:10:19.0992 3304 swprv - ok
21:10:20.0023 3304 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
21:10:20.0023 3304 Symc8xx - ok
21:10:20.0039 3304 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
21:10:20.0039 3304 Sym_hi - ok
21:10:20.0070 3304 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
21:10:20.0070 3304 Sym_u3 - ok
21:10:20.0148 3304 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
21:10:20.0164 3304 SysMain - ok
21:10:20.0179 3304 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
21:10:20.0195 3304 TabletInputService - ok
21:10:20.0226 3304 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
21:10:20.0226 3304 TapiSrv - ok
21:10:20.0242 3304 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
21:10:20.0257 3304 TBS - ok
21:10:20.0772 3304 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
21:10:20.0819 3304 Tcpip - ok
21:10:20.0835 3304 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
21:10:20.0850 3304 Tcpip6 - ok
21:10:21.0037 3304 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
21:10:21.0069 3304 tcpipreg - ok
21:10:21.0084 3304 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
21:10:21.0100 3304 TDPIPE - ok
21:10:21.0147 3304 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
21:10:21.0147 3304 TDTCP - ok
21:10:21.0178 3304 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
21:10:21.0193 3304 tdx - ok
21:10:21.0396 3304 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
21:10:21.0396 3304 TermDD - ok
21:10:21.0739 3304 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
21:10:21.0755 3304 TermService - ok
21:10:22.0207 3304 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
21:10:22.0223 3304 Themes - ok
21:10:22.0301 3304 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:10:22.0301 3304 THREADORDER - ok
21:10:22.0426 3304 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
21:10:22.0426 3304 TrkWks - ok
21:10:22.0582 3304 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
21:10:22.0597 3304 TrustedInstaller - ok
21:10:22.0722 3304 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:22.0722 3304 tssecsrv - ok
21:10:22.0753 3304 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
21:10:22.0753 3304 tunmp - ok
21:10:22.0785 3304 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
21:10:22.0785 3304 tunnel - ok
21:10:22.0816 3304 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
21:10:22.0816 3304 uagp35 - ok
21:10:23.0315 3304 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
21:10:23.0377 3304 udfs - ok
21:10:23.0409 3304 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
21:10:23.0409 3304 UI0Detect - ok
21:10:23.0565 3304 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
21:10:23.0596 3304 uliagpkx - ok
21:10:23.0767 3304 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
21:10:23.0799 3304 uliahci - ok
21:10:23.0908 3304 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
21:10:23.0908 3304 UlSata - ok
21:10:24.0079 3304 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
21:10:24.0079 3304 ulsata2 - ok
21:10:24.0111 3304 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
21:10:24.0111 3304 umbus - ok
21:10:24.0142 3304 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
21:10:24.0189 3304 upnphost - ok
21:10:24.0251 3304 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
21:10:24.0267 3304 usbaudio - ok
21:10:24.0454 3304 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
21:10:24.0469 3304 usbccgp - ok
21:10:24.0485 3304 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
21:10:24.0485 3304 usbcir - ok
21:10:24.0516 3304 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
21:10:24.0516 3304 usbehci - ok
21:10:24.0547 3304 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
21:10:24.0547 3304 usbhub - ok
21:10:24.0563 3304 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
21:10:24.0563 3304 usbohci - ok
21:10:24.0672 3304 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
21:10:24.0688 3304 usbprint - ok
21:10:24.0781 3304 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
21:10:24.0797 3304 usbscan - ok
21:10:25.0031 3304 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:25.0047 3304 USBSTOR - ok
21:10:25.0171 3304 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
21:10:25.0171 3304 usbuhci - ok
21:10:25.0203 3304 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
21:10:25.0203 3304 UxSms - ok
21:10:25.0281 3304 V0330VID (3fbb9df34e7a41c53904521e084b5294) C:\Windows\system32\DRIVERS\V0330Vid.sys
21:10:25.0281 3304 V0330VID - ok
21:10:25.0343 3304 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
21:10:25.0359 3304 vds - ok
21:10:25.0437 3304 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:25.0452 3304 vga - ok
21:10:25.0468 3304 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
21:10:25.0483 3304 VgaSave - ok
21:10:25.0499 3304 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
21:10:25.0515 3304 viaide - ok
21:10:25.0546 3304 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
21:10:25.0546 3304 volmgr - ok
21:10:25.0577 3304 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
21:10:25.0577 3304 volmgrx - ok
21:10:25.0608 3304 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
21:10:25.0624 3304 volsnap - ok
21:10:25.0655 3304 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
21:10:25.0655 3304 vsmraid - ok
21:10:26.0263 3304 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
21:10:26.0341 3304 VSS - ok
21:10:26.0669 3304 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
21:10:26.0685 3304 W32Time - ok
21:10:26.0763 3304 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
21:10:26.0763 3304 WacomPen - ok
21:10:26.0919 3304 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:10:26.0965 3304 Wanarp - ok
21:10:26.0965 3304 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:10:26.0965 3304 Wanarpv6 - ok
21:10:27.0277 3304 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
21:10:27.0293 3304 wcncsvc - ok
21:10:27.0324 3304 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
21:10:27.0324 3304 WcsPlugInService - ok
21:10:27.0355 3304 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
21:10:27.0355 3304 Wd - ok
21:10:27.0433 3304 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:10:27.0449 3304 Wdf01000 - ok
21:10:27.0543 3304 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:10:27.0574 3304 WdiServiceHost - ok
21:10:27.0574 3304 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:10:27.0574 3304 WdiSystemHost - ok
21:10:27.0730 3304 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
21:10:27.0730 3304 WebClient - ok
21:10:28.0151 3304 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
21:10:28.0167 3304 Wecsvc - ok
21:10:28.0307 3304 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
21:10:28.0323 3304 wercplsupport - ok
21:10:28.0354 3304 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
21:10:28.0354 3304 WerSvc - ok
21:10:28.0463 3304 WinDefend - ok
21:10:28.0479 3304 WinHttpAutoProxySvc - ok
21:10:28.0666 3304 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
21:10:28.0666 3304 Winmgmt - ok
21:10:28.0915 3304 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
21:10:28.0978 3304 WinRM - ok
21:10:29.0446 3304 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
21:10:29.0461 3304 Wlansvc - ok
21:10:29.0539 3304 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:10:29.0539 3304 wlcrasvc - ok
21:10:30.0163 3304 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:10:30.0210 3304 wlidsvc - ok
21:10:30.0366 3304 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:10:30.0366 3304 WmiAcpi - ok
21:10:30.0429 3304 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
21:10:30.0444 3304 wmiApSrv - ok
21:10:30.0553 3304 WMPNetworkSvc - ok
21:10:30.0585 3304 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
21:10:30.0600 3304 WPCSvc - ok
21:10:30.0631 3304 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
21:10:30.0647 3304 WPDBusEnum - ok
21:10:30.0678 3304 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
21:10:30.0694 3304 WpdUsb - ok
21:10:30.0834 3304 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:10:30.0850 3304 WPFFontCache_v0400 - ok
21:10:30.0881 3304 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
21:10:30.0881 3304 ws2ifsl - ok
21:10:30.0975 3304 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
21:10:30.0975 3304 wscsvc - ok
21:10:30.0990 3304 WSearch - ok
21:10:31.0677 3304 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
21:10:31.0723 3304 wuauserv - ok
21:10:31.0942 3304 WUDFRd (36bfa519521878b3bcd35d79bcddc757) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:31.0973 3304 WUDFRd - ok
21:10:32.0020 3304 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
21:10:32.0035 3304 wudfsvc - ok
21:10:32.0425 3304 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:10:32.0457 3304 YahooAUService - ok
21:10:32.0519 3304 yksvc (d433f6726a727b0528f6e39f423fe1fd) C:\Windows\System32\ykx64mpcoinst.dll
21:10:32.0550 3304 yksvc - ok
21:10:32.0613 3304 yukonx64 (d34faa40d8af3db716e67de203ef62ca) C:\Windows\system32\DRIVERS\yk60x64.sys
21:10:32.0628 3304 yukonx64 - ok
21:10:32.0644 3304 MBR (0x1B8) (ef932eaa6ef4c94e66a7f6ceec7eb422) \Device\Harddisk0\DR0
21:10:35.0608 3304 \Device\Harddisk0\DR0 - ok
21:10:35.0655 3304 Boot (0x1200) (1f7ea145218034fdfd8e94e4f6309fad) \Device\Harddisk0\DR0\Partition0
21:10:35.0826 3304 \Device\Harddisk0\DR0\Partition0 - ok
21:10:35.0826 3304 ============================================================
21:10:35.0826 3304 Scan finished
21:10:35.0826 3304 ============================================================
21:10:35.0842 2180 Detected object count: 0
21:10:35.0842 2180 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 26 April 2012 - 09:19 PM

Hello


Very good!! and yes I would like you to run aswMBR now for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 starbaby78

starbaby78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:08:08 PM

Posted 27 April 2012 - 01:48 PM

Hello Gringo :)

I have tried running the program at least 5 times now and I always get a pop up window a while into running it that says that there has been an error and the program shuts down.
What should I do?

Again, thank you very much for your help

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 27 April 2012 - 02:32 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

RenV::
c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files (x86)\Creative\Shared Files\camtray .exe
c:\program files (x86)\DAEMON Tools Lite\dtlite .exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 30 April 2012 - 02:57 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 starbaby78

starbaby78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:08:08 PM

Posted 30 April 2012 - 03:25 PM

Hello Gringo :)

I apologize for taking a while. I was away from the computer this weekend. I am running ComboFix right now (as you directed) and I will be posting my log as soon as it's done :)

Again, thank you very much for your help

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 30 April 2012 - 03:54 PM

ok see you later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 starbaby78

starbaby78
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL
  • Local time:08:08 PM

Posted 30 April 2012 - 05:29 PM

Hello Gringo

Here is my combofix log. It finally finished :)

Again, thank you very much for your help





Combo Fix Log
----------------------------------------------------------------------------------------
ComboFix 12-04-31.02 - Angela Star 04/30/2012 15:28:35.4.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5663 [GMT -5:00]
Running from: c:\users\Angela Star\Desktop\ComboFix.exe
Command switches used :: c:\users\Angela Star\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 21:14 . 2012-04-30 22:16 -------- d-----w- c:\users\Angela Star\AppData\Local\temp
2012-04-30 21:14 . 2012-04-30 21:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-30 21:14 . 2012-04-30 21:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-30 21:14 . 2012-04-30 21:14 -------- d-----w- c:\users\Isai\AppData\Local\temp
2012-04-30 21:14 . 2012-04-30 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 16:34 . 2012-04-18 08:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A224FC23-1F32-4BAE-BC4A-04650C621DA1}\mpengine.dll
2012-04-27 16:15 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-25 05:03 . 2012-04-25 05:03 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-25 05:03 . 2012-04-25 05:03 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-25 05:02 . 2012-04-25 05:02 -------- d-----w- c:\program files\Java
2012-04-18 21:03 . 2012-04-18 21:03 -------- d-----w- C:\skins
2012-04-11 17:10 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 17:10 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-10 16:50 . 2012-04-10 16:50 -------- d-----w- c:\users\Angela Star\AppData\Roaming\BlogDesk
2012-04-10 16:47 . 2006-03-21 15:27 276320 ----a-w- c:\windows\SysWow64\csftpapi.dll
2012-04-10 16:47 . 2006-03-21 15:27 202576 ----a-w- c:\windows\SysWow64\csncdapi.dll
2012-04-10 16:47 . 2006-01-30 22:26 765952 ----a-w- c:\windows\SysWow64\PolarSpellChecker.dll
2012-04-10 16:47 . 2003-02-20 15:59 221184 ----a-w- c:\windows\SysWow64\TidyATL.dll
2012-04-10 16:47 . 2003-01-04 16:10 536576 ----a-w- c:\windows\SysWow64\SftTree_IX86_A_45.ocx
2012-04-10 16:47 . 2012-04-10 16:47 -------- d-----w- c:\program files (x86)\BlogDesk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2011-02-12 05:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 15:18 . 2010-01-16 03:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 16:57 . 2011-09-07 15:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-14 16:49 . 2012-03-14 20:18 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 20:18 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 20:18 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 20:18 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 20:18 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 20:18 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 20:18 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 20:18 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 20:18 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 20:18 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-02 15:34 . 2012-03-14 20:18 2765824 ----a-w- c:\windows\system32\win32k.sys
.
<pre>
c:\program files (x86)\Gateway Photo Frame\buttonmonitor .exe
c:\program files (x86)\Java\jre6\bin\jusched .exe
c:\program files (x86)\Windows Live\Messenger\msnmsgr   .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot_2012-04-25_03.08.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-04-25 02:34 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-04-30 21:18 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-12 06:25 . 2012-04-30 21:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-12 06:25 . 2012-04-25 02:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-04-30 21:18 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-04-25 02:34 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-04-30 15:43 83046 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-01-14 20:43 . 2012-04-30 15:43 24868 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1712992746-1247806449-2519789356-1000_UserData.bin
- 2010-01-14 20:37 . 2012-04-25 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-14 20:37 . 2012-04-30 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-15 00:45 . 2012-04-30 17:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-15 00:45 . 2012-04-25 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-14 20:37 . 2012-04-25 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-14 20:37 . 2012-04-30 17:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-25 02:34 . 2012-04-25 02:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-30 21:17 . 2012-04-30 21:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-25 02:34 . 2012-04-25 02:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-30 21:17 . 2012-04-30 21:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-10 19:18 . 2012-04-24 14:43 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-10 19:18 . 2012-04-30 15:51 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-14 22:21 . 2012-04-29 05:09 671604 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 15:45 . 2012-04-30 15:43 143246 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-25 05:03 . 2012-04-25 05:03 264584 c:\windows\system32\javaws.exe
+ 2012-04-25 05:03 . 2012-04-25 05:03 188808 c:\windows\system32\javaw.exe
+ 2012-04-25 05:03 . 2012-04-25 05:03 188808 c:\windows\system32\java.exe
+ 2010-11-12 07:55 . 2012-04-30 21:15 458844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-11-12 07:55 . 2012-04-25 02:32 458844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-25 05:02 . 2012-04-25 05:02 970752 c:\windows\Installer\8886a2.msi
+ 2006-11-02 12:33 . 2012-04-27 16:38 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2012-04-13 03:48 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-11-12 07:55 . 2012-04-30 21:15 25112388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1712992746-1247806449-2519789356-1000-8192.dat
+ 2009-04-04 22:08 . 2009-04-04 22:08 343058432 c:\windows\Installer\99250.msp
+ 2009-04-04 22:08 . 2009-04-04 22:08 343058432 c:\windows\Installer\8fcf4.msp
+ 2009-04-04 22:08 . 2009-04-04 22:08 343058432 c:\windows\Installer\8d01a.msp
+ 2009-04-04 22:08 . 2009-04-04 22:08 343058432 c:\windows\Installer\8ab9a.msp
+ 2009-04-04 22:08 . 2009-04-04 22:08 343058432 c:\windows\Installer\89250.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [N/A]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"beaaabeabcefdct"="c:\programdata\beaaabeabcefdct.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"D-Link Wireless G WUA-1340"="c:\program files (x86)\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-12-21 39424]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
c:\users\Angela Star\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Angela Star\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-26 27264496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 06:14]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 06:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Angela Star\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=16
uLocal Page =
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0110&m=dx4300
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Angela Star\AppData\Roaming\Mozilla\Firefox\Profiles\m1hoi7jy.default\
FF - prefs.js: browser.search.selectedEngine - Xfinity
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/?cid=insDate02282012
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\xampp\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
.
**************************************************************************
.
Completion time: 2012-04-30 17:24:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 22:24
ComboFix2.txt 2012-04-26 18:27
ComboFix3.txt 2012-04-25 03:38
ComboFix4.txt 2012-01-29 21:30
.
Pre-Run: 337,149,427,712 bytes free
Post-Run: 337,247,744,000 bytes free
.
- - End Of File - - 3EC4EF0D0A19646E3A7A6EDDF5CB65CE

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 30 April 2012 - 08:51 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
RenV::
c:\program files (x86)\Gateway Photo Frame\buttonmonitor .exe
c:\program files (x86)\Java\jre6\bin\jusched .exe
c:\program files (x86)\Windows Live\Messenger\msnmsgr   .exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users