Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SMART HDD


  • This topic is locked This topic is locked
73 replies to this topic

#1 Crystal-PC

Crystal-PC

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri
  • Local time:09:22 PM

Posted 06 May 2012 - 10:46 PM

WAS TOLD TO RUN THESE AND POST HERE

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Crystal at 22:26:49 on 2012-05-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1315 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Windows\sysWOW64\svchost.exe -k netsvc
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingApp.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\ehome\mcupdate.EXE
C:\Windows\ehome\ehsched.exe
C:\Windows\eHome\EhTray.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: FCToolbarURLSearchHook Class: {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files (x86)\InboxDollars\Helper.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
BHO: InboxDollars BHO: {6ffb615d-e8ce-4add-8d9f-31c4be9c26e4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: InboxDollars: {47980628-3844-42aa-a0dd-e2d86bba9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "C:\Users\Crystal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [4Y3Y0C3A6IVBYB5ID] C:\ReGBe.Bin\071BAAF833A.exe /q
StartupFolder: C:\Users\Crystal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8
TCP: Interfaces\{8D4C700D-7E9A-4998-A937-7CECE78243F7} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{B94BC9CE-D373-4832-9604-2C9D925DEA94} : DhcpNameServer = 10.10.64.48 10.64.2.1
TCP: Interfaces\{B94BC9CE-D373-4832-9604-2C9D925DEA94}\542313 : DhcpNameServer = 192.168.2.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
BHO-X64: Coupons.com - No File
BHO-X64: InboxDollars BHO: {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
BHO-X64: BFlix Toolbar - No File
BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
TB-X64: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
TB-X64: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: InboxDollars: {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\uc74073x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20110916
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Crystal\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-4 654408]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
R2 SPService;SPService;C:\Windows\sysWOW64\svchost.exe -k netsvc --> C:\Windows\sysWOW64\svchost.exe -k netsvc [?]
R3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-15 136176]
S2 SessionLauncher;SessionLauncher;C:\Users\Crystal\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\Crystal\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 257696]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-15 136176]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-05 08:01:37 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-04 09:03:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-04 07:47:41 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 07:47:40 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 07:47:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-03 22:10:36 -------- d-----w- C:\Program Files (x86)\OpinionSquare
2012-05-03 22:08:41 -------- d-----w- C:\Users\Crystal\AppData\Local\Deployment
2012-05-03 22:08:41 -------- d-----w- C:\Users\Crystal\AppData\Local\Apps
2012-05-03 09:32:37 -------- d-----w- C:\Program Files (x86)\InboxDollars
2012-05-02 00:43:07 -------- d-----w- C:\Users\Crystal\AppData\Roaming\Malwarebytes
2012-05-02 00:42:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-02 00:42:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-01 23:56:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-25 04:40:18 -------- d-----we C:\Windows\system64
2012-04-22 00:31:41 655872 ----a-w- C:\Windows\SysWow64\msvcr90.dll
2012-04-22 00:31:41 568832 ----a-w- C:\Windows\SysWow64\msvcp90.dll
2012-04-22 00:31:41 224768 ----a-w- C:\Windows\SysWow64\msvcm90.dll
2012-04-22 00:31:32 53248 ----a-w- C:\Windows\SysWow64\CommonDL.dll
2012-04-22 00:31:32 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2012-04-22 00:29:50 -------- d-----w- C:\ProgramData\LGMOBILEAX
2012-04-22 00:27:52 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CBB79E6-031A-4953-8CF7-364F6D70CA53}\mpengine.dll
2012-04-12 08:11:22 -------- d-----w- C:\cffa1885981ab1c1744da36a5c3db930
2012-04-12 08:02:01 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 08:02:00 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 08:02:00 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 08:01:58 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 08:01:58 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 08:01:58 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 08:01:58 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
.
==================== Find3M ====================
.
2012-05-05 08:36:41 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 08:36:41 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 08:36:31 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 22:27:40.66 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:22 PM

Posted 06 May 2012 - 11:26 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Crystal-PC

Crystal-PC
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri
  • Local time:09:22 PM

Posted 07 May 2012 - 08:01 PM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java version out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

#4 Crystal-PC

Crystal-PC
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri
  • Local time:09:22 PM

Posted 07 May 2012 - 08:47 PM

im not able to access a few things on my laptop the system says that they are marked for deletion




ComboFix 12-05-07.03 - Crystal 05/07/2012 20:10:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1699 [GMT -5:00]
Running from: c:\users\Crystal\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\bflixtoolbar
c:\program files (x86)\bflixtoolbar\chrome\content\lib\external.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\bflixtoolbar\chrome\content\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\bflixtoolbar\components\windowmediator.js
c:\program files (x86)\bflixtoolbar\install.ico
c:\program files (x86)\bflixtoolbar\uninstall.exe
c:\program files (x86)\bflixtoolbar\vmntemplate.dll
c:\program files (x86)\bflixtoolbar\vmNTemplatex.dll
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\blinkx.ico
c:\program files (x86)\Blinkx\blinkxss.exe
c:\program files (x86)\Blinkx\blinkxstop.exe
c:\program files (x86)\Blinkx\lang.dll
c:\program files (x86)\Blinkx\templates\beat.ico
c:\program files (x86)\Blinkx\templates\uninstall.exe
c:\programdata\2HVweflFaO3nB3
c:\programdata\A3qF5510bvK04A
c:\programdata\z22P49cS8YVuR8
C:\ReGBe.Bin
c:\regbe.bin\E5E2E0FF203A681
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\config\systemprofile\appdata\roaming\adobe\sp.Dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 01:19 . 2012-05-08 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-05 08:01 . 2012-05-08 01:23 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-05-04 09:03 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-04 07:47 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 07:47 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 07:47 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-03 22:10 . 2012-05-04 05:24 -------- d-----w- c:\program files (x86)\OpinionSquare
2012-05-03 22:08 . 2012-05-03 22:09 -------- d-----w- c:\users\Crystal\AppData\Local\Deployment
2012-05-03 22:08 . 2012-05-03 22:08 -------- d-----w- c:\users\Crystal\AppData\Local\Apps
2012-05-03 09:32 . 2012-05-05 07:52 -------- d-----w- c:\program files (x86)\InboxDollars
2012-05-02 00:43 . 2012-05-02 00:43 -------- d-----w- c:\users\Crystal\AppData\Roaming\Malwarebytes
2012-05-02 00:42 . 2012-05-02 00:42 -------- d-----w- c:\programdata\Malwarebytes
2012-05-02 00:42 . 2012-05-04 09:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-01 23:56 . 2012-05-01 23:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 19:29 . 2012-05-04 05:17 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-22 00:31 . 2011-05-10 18:37 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2012-04-22 00:31 . 2011-05-10 18:37 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-04-22 00:31 . 2011-05-10 18:37 224768 ----a-w- c:\windows\SysWow64\msvcm90.dll
2012-04-22 00:31 . 2006-05-04 13:33 53248 ----a-w- c:\windows\SysWow64\CommonDL.dll
2012-04-22 00:31 . 2005-10-04 06:39 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-04-22 00:29 . 2012-05-04 05:17 -------- d-----w- c:\programdata\LGMOBILEAX
2012-04-22 00:27 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CBB79E6-031A-4953-8CF7-364F6D70CA53}\mpengine.dll
2012-04-12 08:11 . 2012-05-04 05:16 -------- d-----w- C:\cffa1885981ab1c1744da36a5c3db930
2012-04-12 08:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 08:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 08:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 08:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 03:30 . 2011-08-15 16:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-07 03:28 . 2011-08-19 00:41 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-07 03:19 . 2011-08-19 00:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-05 08:39 . 2011-08-19 01:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-05 08:38 . 2011-08-15 16:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-05 08:36 . 2012-03-28 22:22 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 08:36 . 2011-08-15 20:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 08:36 . 2012-03-28 22:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-05 08:22 . 2011-08-15 16:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-05 08:21 . 2011-08-19 00:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-24 19:43 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-24 19:42 . 2009-08-18 16:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-23 23:18 . 2011-08-15 16:27 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-08 18:15 . 2012-03-08 18:15 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\85F5.tmp
2012-03-08 18:15 . 2012-03-08 18:15 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\85D5.tmp
2012-02-23 15:18 . 2011-08-15 15:43 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 21:26 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 21:26 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 21:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 21:26 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 01:41 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 01:41 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4219427b-0228-4356-a78b-eb7668d37d07}"= "c:\program files (x86)\InboxDollars\Helper.dll" [2012-05-05 360960]
.
[HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 16:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\Coupons.com\prxtbCoup.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2012-05-05 07:52 1618944 ----a-w- c:\program files (x86)\InboxDollars\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 18:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files (x86)\Coupons.com\prxtbCoup.dll" [2011-03-28 176936]
"{eec0f710-38b5-4aba-99bf-ec87564a4e13}"= "c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" [2012-02-10 1307928]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files (x86)\InboxDollars\Toolbar.dll" [2012-05-05 1618944]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CLASSES_ROOT\clsid\{eec0f710-38b5-4aba-99bf-ec87564a4e13}]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Crystal\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2011-12-12 10448384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-11 487561]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-09-05 273528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-8-15 484976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 136176]
R2 SessionLauncher;SessionLauncher;c:\users\Crystal\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 136176]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 08:36]
.
2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1198073987-3426309728-3115954574-1000Core.job
- c:\users\Crystal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 06:55]
.
2012-05-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1198073987-3426309728-3115954574-1000UA.job
- c:\users\Crystal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 06:55]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 21:03]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 21:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"combofix"="c:\combofix\CF9246.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tmactmon
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
FF - ProfilePath - c:\users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\uc74073x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20110916
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-4Y3Y0C3A6IVBYB5ID - c:\regbe.bin\071BAAF833A.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
WebBrowser-{47980628-3844-42AA-A0DD-E2D86BBA9600} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-bflixtoolbar - c:\program files (x86)\bflixtoolbar\uninstall.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-blinkx beat - c:\program files (x86)\Blinkx\templates\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-07 20:33:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-08 01:33
.
Pre-Run: 278,355,750,912 bytes free
Post-Run: 277,906,841,600 bytes free
.
- - End Of File - - E120421BE49A34634BF70A6D91369EA3

i had to take short cut just to get back on the internet my internet explorer is said to be marked for deletion

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:22 PM

Posted 07 May 2012 - 09:01 PM

Greetings

restart the computer

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Crystal-PC

Crystal-PC
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri
  • Local time:09:22 PM

Posted 08 May 2012 - 01:53 PM

13:39:42.0168 1372 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:39:44.0195 1372 ============================================================
13:39:44.0195 1372 Current date / time: 2012/05/08 13:39:44.0195
13:39:44.0195 1372 SystemInfo:
13:39:44.0195 1372
13:39:44.0196 1372 OS Version: 6.1.7601 ServicePack: 1.0
13:39:44.0196 1372 Product type: Workstation
13:39:44.0196 1372 ComputerName: CRYSTAL-PC
13:39:44.0196 1372 UserName: Crystal
13:39:44.0196 1372 Windows directory: C:\Windows
13:39:44.0196 1372 System windows directory: C:\Windows
13:39:44.0196 1372 Running under WOW64
13:39:44.0196 1372 Processor architecture: Intel x64
13:39:44.0196 1372 Number of processors: 2
13:39:44.0196 1372 Page size: 0x1000
13:39:44.0196 1372 Boot type: Normal boot
13:39:44.0197 1372 ============================================================
13:39:47.0693 1372 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:39:47.0705 1372 ============================================================
13:39:47.0705 1372 \Device\Harddisk0\DR0:
13:39:47.0705 1372 MBR partitions:
13:39:47.0705 1372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:39:47.0705 1372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
13:39:47.0705 1372 ============================================================
13:39:47.0751 1372 C: <-> \Device\Harddisk0\DR0\Partition1
13:39:47.0751 1372 ============================================================
13:39:47.0751 1372 Initialize success
13:39:47.0751 1372 ============================================================
13:39:49.0967 3548 ============================================================
13:39:49.0967 3548 Scan started
13:39:49.0967 3548 Mode: Manual;
13:39:49.0967 3548 ============================================================
13:39:51.0964 3548 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:39:51.0982 3548 1394ohci - ok
13:39:52.0046 3548 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:39:52.0054 3548 ACPI - ok
13:39:52.0074 3548 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:39:52.0076 3548 AcpiPmi - ok
13:39:52.0401 3548 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:39:52.0405 3548 AdobeFlashPlayerUpdateSvc - ok
13:39:52.0636 3548 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:39:52.0782 3548 adp94xx - ok
13:39:52.0824 3548 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:39:52.0832 3548 adpahci - ok
13:39:52.0853 3548 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:39:52.0858 3548 adpu320 - ok
13:39:52.0906 3548 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:39:52.0909 3548 AeLookupSvc - ok
13:39:53.0030 3548 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:39:53.0040 3548 AFD - ok
13:39:53.0091 3548 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:39:53.0094 3548 agp440 - ok
13:39:53.0131 3548 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:39:53.0134 3548 ALG - ok
13:39:53.0142 3548 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:39:53.0144 3548 aliide - ok
13:39:53.0231 3548 AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
13:39:53.0236 3548 AMD External Events Utility - ok
13:39:53.0245 3548 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:39:53.0246 3548 amdide - ok
13:39:53.0277 3548 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:39:53.0281 3548 AmdK8 - ok
13:39:53.0304 3548 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:39:53.0305 3548 AmdPPM - ok
13:39:53.0322 3548 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:39:53.0327 3548 amdsata - ok
13:39:53.0347 3548 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:39:53.0352 3548 amdsbs - ok
13:39:53.0362 3548 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:39:53.0363 3548 amdxata - ok
13:39:53.0432 3548 Andbus (60257f0a7ed9781719a6b7b6f661a5b6) C:\Windows\system32\DRIVERS\lgandbus64.sys
13:39:53.0435 3548 Andbus - ok
13:39:53.0445 3548 androidusb (27466e519371c6fc3a39b1f7b8a297fc) C:\Windows\system32\Drivers\androidusb.sys
13:39:53.0446 3548 androidusb - ok
13:39:53.0503 3548 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:39:53.0506 3548 AppID - ok
13:39:53.0541 3548 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:39:53.0544 3548 AppIDSvc - ok
13:39:53.0555 3548 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:39:53.0558 3548 Appinfo - ok
13:39:53.0646 3548 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:39:53.0651 3548 arc - ok
13:39:53.0665 3548 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:39:53.0668 3548 arcsas - ok
13:39:54.0101 3548 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:39:54.0103 3548 aspnet_state - ok
13:39:54.0187 3548 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:39:54.0189 3548 AsyncMac - ok
13:39:54.0232 3548 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:39:54.0233 3548 atapi - ok
13:39:55.0098 3548 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
13:39:55.0304 3548 atikmdag - ok
13:39:55.0600 3548 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:39:55.0619 3548 AudioEndpointBuilder - ok
13:39:55.0637 3548 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:39:55.0649 3548 AudioSrv - ok
13:39:55.0705 3548 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:39:55.0709 3548 AxInstSV - ok
13:39:55.0849 3548 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:39:55.0866 3548 b06bdrv - ok
13:39:55.0931 3548 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:39:55.0937 3548 b57nd60a - ok
13:39:56.0479 3548 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
13:39:56.0483 3548 BBSvc - ok
13:39:56.0574 3548 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
13:39:56.0578 3548 BBUpdate - ok
13:39:56.0635 3548 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
13:39:56.0636 3548 BCM42RLY - ok
13:39:56.0988 3548 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:39:57.0116 3548 BCM43XX - ok
13:39:57.0324 3548 BcmVWL (d98f22c21d2969dad4f1faad8cd4faac) C:\Windows\system32\DRIVERS\bcmvwl64.sys
13:39:57.0325 3548 BcmVWL - ok
13:39:57.0379 3548 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:39:57.0383 3548 BDESVC - ok
13:39:57.0456 3548 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:39:57.0457 3548 Beep - ok
13:39:57.0557 3548 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:39:57.0620 3548 BITS - ok
13:39:57.0660 3548 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:39:57.0663 3548 blbdrive - ok
13:39:57.0722 3548 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:39:57.0724 3548 bowser - ok
13:39:57.0738 3548 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:39:57.0740 3548 BrFiltLo - ok
13:39:57.0749 3548 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:39:57.0751 3548 BrFiltUp - ok
13:39:57.0837 3548 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:39:57.0840 3548 BridgeMP - ok
13:39:57.0883 3548 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:39:57.0887 3548 Browser - ok
13:39:57.0930 3548 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:39:57.0947 3548 Brserid - ok
13:39:57.0957 3548 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:39:57.0959 3548 BrSerWdm - ok
13:39:57.0979 3548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:39:57.0981 3548 BrUsbMdm - ok
13:39:57.0991 3548 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:39:57.0992 3548 BrUsbSer - ok
13:39:58.0007 3548 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:39:58.0027 3548 BTHMODEM - ok
13:39:58.0109 3548 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:39:58.0121 3548 bthserv - ok
13:39:58.0203 3548 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:39:58.0206 3548 cdfs - ok
13:39:58.0266 3548 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:39:58.0271 3548 cdrom - ok
13:39:58.0321 3548 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:39:58.0324 3548 CertPropSvc - ok
13:39:58.0419 3548 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:39:58.0422 3548 circlass - ok
13:39:58.0482 3548 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:39:58.0491 3548 CLFS - ok
13:39:58.0594 3548 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:39:58.0597 3548 clr_optimization_v2.0.50727_32 - ok
13:39:58.0648 3548 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:39:58.0652 3548 clr_optimization_v2.0.50727_64 - ok
13:39:58.0856 3548 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:39:58.0859 3548 clr_optimization_v4.0.30319_32 - ok
13:39:59.0043 3548 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:39:59.0047 3548 clr_optimization_v4.0.30319_64 - ok
13:39:59.0126 3548 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:39:59.0128 3548 CmBatt - ok
13:39:59.0136 3548 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:39:59.0138 3548 cmdide - ok
13:39:59.0207 3548 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:39:59.0216 3548 CNG - ok
13:39:59.0245 3548 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:39:59.0247 3548 Compbatt - ok
13:39:59.0268 3548 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:39:59.0270 3548 CompositeBus - ok
13:39:59.0280 3548 COMSysApp - ok
13:39:59.0293 3548 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:39:59.0295 3548 crcdisk - ok
13:39:59.0346 3548 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:39:59.0352 3548 CryptSvc - ok
13:39:59.0383 3548 CtClsFlt (916f311a84b4d528694fd4d44b5eab1b) C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:39:59.0387 3548 CtClsFlt - ok
13:39:59.0466 3548 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:39:59.0481 3548 DcomLaunch - ok
13:39:59.0531 3548 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:39:59.0547 3548 defragsvc - ok
13:39:59.0586 3548 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:39:59.0589 3548 DfsC - ok
13:39:59.0702 3548 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:39:59.0719 3548 Dhcp - ok
13:39:59.0764 3548 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:39:59.0765 3548 discache - ok
13:39:59.0814 3548 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:39:59.0816 3548 Disk - ok
13:39:59.0887 3548 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:39:59.0893 3548 Dnscache - ok
13:39:59.0986 3548 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:40:00.0004 3548 dot3svc - ok
13:40:00.0056 3548 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:40:00.0060 3548 Dot4 - ok
13:40:00.0069 3548 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
13:40:00.0072 3548 Dot4Print - ok
13:40:00.0104 3548 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:40:00.0106 3548 dot4usb - ok
13:40:00.0144 3548 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:40:00.0157 3548 DPS - ok
13:40:00.0178 3548 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:40:00.0180 3548 drmkaud - ok
13:40:00.0342 3548 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:40:00.0357 3548 DXGKrnl - ok
13:40:00.0392 3548 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:40:00.0396 3548 EapHost - ok
13:40:00.0682 3548 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:40:00.0777 3548 ebdrv - ok
13:40:00.0962 3548 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:40:00.0965 3548 EFS - ok
13:40:01.0194 3548 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:40:01.0207 3548 ehRecvr - ok
13:40:01.0257 3548 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:40:01.0260 3548 ehSched - ok
13:40:01.0398 3548 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:40:01.0413 3548 elxstor - ok
13:40:01.0420 3548 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:40:01.0423 3548 ErrDev - ok
13:40:01.0493 3548 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:40:01.0502 3548 EventSystem - ok
13:40:01.0556 3548 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:40:01.0565 3548 exfat - ok
13:40:01.0598 3548 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:40:01.0608 3548 fastfat - ok
13:40:01.0719 3548 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:40:01.0741 3548 Fax - ok
13:40:01.0775 3548 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:40:01.0778 3548 fdc - ok
13:40:01.0804 3548 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:40:01.0807 3548 fdPHost - ok
13:40:01.0829 3548 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:40:01.0833 3548 FDResPub - ok
13:40:01.0862 3548 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:40:01.0864 3548 FileInfo - ok
13:40:01.0873 3548 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:40:01.0876 3548 Filetrace - ok
13:40:01.0885 3548 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:40:01.0887 3548 flpydisk - ok
13:40:01.0960 3548 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:40:01.0966 3548 FltMgr - ok
13:40:02.0139 3548 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:40:02.0171 3548 FontCache - ok
13:40:02.0319 3548 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:40:02.0322 3548 FontCache3.0.0.0 - ok
13:40:02.0421 3548 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:40:02.0424 3548 FsDepends - ok
13:40:02.0464 3548 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:40:02.0465 3548 Fs_Rec - ok
13:40:02.0555 3548 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:40:02.0560 3548 fvevol - ok
13:40:02.0633 3548 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:40:02.0636 3548 gagp30kx - ok
13:40:02.0869 3548 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:40:02.0911 3548 gpsvc - ok
13:40:03.0080 3548 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:03.0084 3548 gupdate - ok
13:40:03.0100 3548 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:03.0102 3548 gupdatem - ok
13:40:03.0133 3548 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:40:03.0136 3548 hcw85cir - ok
13:40:03.0207 3548 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:40:03.0215 3548 HdAudAddService - ok
13:40:03.0255 3548 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:40:03.0259 3548 HDAudBus - ok
13:40:03.0277 3548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:40:03.0279 3548 HidBatt - ok
13:40:03.0325 3548 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:40:03.0352 3548 HidBth - ok
13:40:03.0362 3548 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:40:03.0365 3548 HidIr - ok
13:40:03.0404 3548 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:40:03.0408 3548 hidserv - ok
13:40:03.0488 3548 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:40:03.0491 3548 HidUsb - ok
13:40:03.0529 3548 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:40:03.0535 3548 hkmsvc - ok
13:40:03.0581 3548 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:40:03.0589 3548 HomeGroupListener - ok
13:40:03.0639 3548 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:40:03.0646 3548 HomeGroupProvider - ok
13:40:03.0888 3548 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:40:03.0895 3548 hpqcxs08 - ok
13:40:03.0922 3548 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:40:03.0926 3548 hpqddsvc - ok
13:40:03.0959 3548 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:40:03.0962 3548 HpSAMD - ok
13:40:04.0106 3548 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:40:04.0129 3548 HPSLPSVC - ok
13:40:04.0170 3548 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
13:40:04.0174 3548 htcnprot - ok
13:40:04.0292 3548 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:40:04.0307 3548 HTTP - ok
13:40:04.0343 3548 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:40:04.0344 3548 hwpolicy - ok
13:40:04.0396 3548 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:40:04.0399 3548 i8042prt - ok
13:40:04.0465 3548 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:40:04.0475 3548 iaStorV - ok
13:40:04.0664 3548 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:40:04.0685 3548 idsvc - ok
13:40:04.0720 3548 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:40:04.0724 3548 iirsp - ok
13:40:04.0853 3548 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:40:04.0911 3548 IKEEXT - ok
13:40:04.0926 3548 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:40:04.0928 3548 intelide - ok
13:40:04.0963 3548 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:40:04.0967 3548 intelppm - ok
13:40:05.0010 3548 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:40:05.0015 3548 IPBusEnum - ok
13:40:05.0069 3548 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:40:05.0072 3548 IpFilterDriver - ok
13:40:05.0190 3548 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:40:05.0203 3548 iphlpsvc - ok
13:40:05.0233 3548 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:40:05.0237 3548 IPMIDRV - ok
13:40:05.0321 3548 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:40:05.0324 3548 IPNAT - ok
13:40:05.0386 3548 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:40:05.0388 3548 IRENUM - ok
13:40:05.0428 3548 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:40:05.0430 3548 isapnp - ok
13:40:05.0481 3548 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:40:05.0488 3548 iScsiPrt - ok
13:40:05.0529 3548 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:40:05.0531 3548 kbdclass - ok
13:40:05.0553 3548 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:40:05.0556 3548 kbdhid - ok
13:40:05.0592 3548 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:05.0595 3548 KeyIso - ok
13:40:05.0634 3548 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:40:05.0637 3548 KSecDD - ok
13:40:05.0686 3548 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:40:05.0689 3548 KSecPkg - ok
13:40:05.0753 3548 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:40:05.0755 3548 ksthunk - ok
13:40:05.0845 3548 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:40:05.0865 3548 KtmRm - ok
13:40:05.0971 3548 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:40:05.0981 3548 LanmanServer - ok
13:40:06.0051 3548 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:40:06.0059 3548 LanmanWorkstation - ok
13:40:06.0135 3548 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:40:06.0138 3548 lltdio - ok
13:40:06.0219 3548 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:40:06.0232 3548 lltdsvc - ok
13:40:06.0258 3548 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:40:06.0262 3548 lmhosts - ok
13:40:06.0338 3548 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:40:06.0342 3548 LSI_FC - ok
13:40:06.0359 3548 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:40:06.0362 3548 LSI_SAS - ok
13:40:06.0375 3548 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:40:06.0378 3548 LSI_SAS2 - ok
13:40:06.0394 3548 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:40:06.0398 3548 LSI_SCSI - ok
13:40:06.0469 3548 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:40:06.0472 3548 luafv - ok
13:40:06.0523 3548 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:40:06.0524 3548 MBAMProtector - ok
13:40:06.0672 3548 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:40:06.0683 3548 MBAMService - ok
13:40:06.0747 3548 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:40:06.0752 3548 Mcx2Svc - ok
13:40:06.0803 3548 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:40:06.0808 3548 megasas - ok
13:40:06.0842 3548 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:40:06.0849 3548 MegaSR - ok
13:40:06.0879 3548 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:40:06.0883 3548 MMCSS - ok
13:40:06.0916 3548 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:40:06.0919 3548 Modem - ok
13:40:06.0947 3548 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:40:06.0948 3548 monitor - ok
13:40:06.0965 3548 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:40:06.0967 3548 mouclass - ok
13:40:07.0001 3548 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:40:07.0004 3548 mouhid - ok
13:40:07.0048 3548 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:40:07.0051 3548 mountmgr - ok
13:40:07.0070 3548 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:40:07.0076 3548 mpio - ok
13:40:07.0118 3548 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:40:07.0121 3548 mpsdrv - ok
13:40:07.0169 3548 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:40:07.0182 3548 MRxDAV - ok
13:40:07.0245 3548 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:07.0256 3548 mrxsmb - ok
13:40:07.0304 3548 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:07.0318 3548 mrxsmb10 - ok
13:40:07.0345 3548 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:07.0349 3548 mrxsmb20 - ok
13:40:07.0366 3548 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:40:07.0367 3548 msahci - ok
13:40:07.0385 3548 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:40:07.0389 3548 msdsm - ok
13:40:07.0436 3548 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:40:07.0449 3548 MSDTC - ok
13:40:07.0505 3548 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:40:07.0507 3548 Msfs - ok
13:40:07.0558 3548 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:40:07.0560 3548 mshidkmdf - ok
13:40:07.0611 3548 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:40:07.0612 3548 msisadrv - ok
13:40:07.0676 3548 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:40:07.0689 3548 MSiSCSI - ok
13:40:07.0696 3548 msiserver - ok
13:40:07.0728 3548 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:40:07.0730 3548 MSKSSRV - ok
13:40:07.0790 3548 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:07.0792 3548 MSPCLOCK - ok
13:40:07.0809 3548 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:40:07.0811 3548 MSPQM - ok
13:40:07.0889 3548 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:40:07.0898 3548 MsRPC - ok
13:40:07.0937 3548 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:40:07.0939 3548 mssmbios - ok
13:40:07.0982 3548 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:40:07.0984 3548 MSTEE - ok
13:40:08.0003 3548 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:40:08.0005 3548 MTConfig - ok
13:40:08.0063 3548 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:40:08.0064 3548 Mup - ok
13:40:08.0156 3548 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:40:08.0173 3548 napagent - ok
13:40:08.0264 3548 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:40:08.0277 3548 NativeWifiP - ok
13:40:08.0411 3548 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:40:08.0431 3548 NDIS - ok
13:40:08.0476 3548 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:40:08.0479 3548 NdisCap - ok
13:40:08.0530 3548 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:08.0531 3548 NdisTapi - ok
13:40:08.0656 3548 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:08.0658 3548 Ndisuio - ok
13:40:09.0087 3548 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:09.0102 3548 NdisWan - ok
13:40:09.0135 3548 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:40:09.0138 3548 NDProxy - ok
13:40:09.0223 3548 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
13:40:09.0227 3548 Net Driver HPZ12 - ok
13:40:09.0296 3548 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:40:09.0298 3548 NetBIOS - ok
13:40:09.0356 3548 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:40:09.0362 3548 NetBT - ok
13:40:09.0425 3548 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:09.0428 3548 Netlogon - ok
13:40:09.0570 3548 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:40:09.0588 3548 Netman - ok
13:40:10.0041 3548 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:10.0052 3548 NetMsmqActivator - ok
13:40:10.0080 3548 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:10.0082 3548 NetPipeActivator - ok
13:40:10.0163 3548 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:40:10.0175 3548 netprofm - ok
13:40:10.0203 3548 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:10.0206 3548 NetTcpActivator - ok
13:40:10.0223 3548 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:40:10.0226 3548 NetTcpPortSharing - ok
13:40:10.0237 3548 NetworkLog - ok
13:40:10.0351 3548 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:40:10.0354 3548 nfrd960 - ok
13:40:10.0437 3548 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:40:10.0447 3548 NlaSvc - ok
13:40:10.0483 3548 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:40:10.0485 3548 Npfs - ok
13:40:10.0520 3548 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:40:10.0524 3548 nsi - ok
13:40:10.0534 3548 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:40:10.0536 3548 nsiproxy - ok
13:40:10.0708 3548 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:40:10.0775 3548 Ntfs - ok
13:40:10.0957 3548 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:40:10.0959 3548 Null - ok
13:40:11.0018 3548 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:40:11.0023 3548 nvraid - ok
13:40:11.0049 3548 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:40:11.0054 3548 nvstor - ok
13:40:11.0102 3548 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:40:11.0106 3548 nv_agp - ok
13:40:11.0120 3548 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:40:11.0123 3548 ohci1394 - ok
13:40:11.0184 3548 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:40:11.0253 3548 p2pimsvc - ok
13:40:11.0304 3548 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:40:11.0319 3548 p2psvc - ok
13:40:11.0353 3548 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:40:11.0357 3548 Parport - ok
13:40:11.0396 3548 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:40:11.0399 3548 partmgr - ok
13:40:11.0574 3548 PassThru Service (a1e779a0cf7a21b42e8fd3e8856d8481) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
13:40:11.0576 3548 PassThru Service - ok
13:40:11.0633 3548 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:40:11.0640 3548 PcaSvc - ok
13:40:11.0683 3548 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:40:11.0688 3548 pci - ok
13:40:11.0715 3548 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:40:11.0718 3548 pciide - ok
13:40:11.0742 3548 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:40:11.0748 3548 pcmcia - ok
13:40:11.0812 3548 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:40:11.0815 3548 pcw - ok
13:40:11.0892 3548 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:40:11.0915 3548 PEAUTH - ok
13:40:12.0006 3548 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:40:12.0010 3548 PerfHost - ok
13:40:12.0433 3548 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:40:12.0600 3548 pla - ok
13:40:12.0698 3548 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:40:12.0711 3548 PlugPlay - ok
13:40:12.0783 3548 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
13:40:12.0787 3548 Pml Driver HPZ12 - ok
13:40:12.0874 3548 pneteth (a010f13d27c1033a8be09d5fa9bf348b) C:\Windows\system32\DRIVERS\pneteth.sys
13:40:12.0876 3548 pneteth - ok
13:40:12.0889 3548 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) C:\Windows\system32\DRIVERS\pnetmdm64.sys
13:40:12.0891 3548 pnetmdm - ok
13:40:12.0962 3548 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:40:12.0967 3548 PNRPAutoReg - ok
13:40:13.0020 3548 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:40:13.0036 3548 PNRPsvc - ok
13:40:13.0146 3548 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:40:13.0161 3548 PolicyAgent - ok
13:40:13.0215 3548 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:40:13.0224 3548 Power - ok
13:40:13.0300 3548 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:40:13.0305 3548 PptpMiniport - ok
13:40:13.0326 3548 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:40:13.0328 3548 Processor - ok
13:40:13.0407 3548 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:40:13.0415 3548 ProfSvc - ok
13:40:13.0481 3548 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:13.0485 3548 ProtectedStorage - ok
13:40:13.0626 3548 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:40:13.0642 3548 Psched - ok
13:40:13.0704 3548 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
13:40:13.0707 3548 PxHlpa64 - ok
13:40:13.0878 3548 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:40:13.0931 3548 ql2300 - ok
13:40:14.0107 3548 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:40:14.0111 3548 ql40xx - ok
13:40:14.0158 3548 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:40:14.0198 3548 QWAVE - ok
13:40:14.0236 3548 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:40:14.0238 3548 QWAVEdrv - ok
13:40:14.0258 3548 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:40:14.0261 3548 RasAcd - ok
13:40:14.0330 3548 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:40:14.0332 3548 RasAgileVpn - ok
13:40:14.0364 3548 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:40:14.0371 3548 RasAuto - ok
13:40:14.0428 3548 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:40:14.0432 3548 Rasl2tp - ok
13:40:14.0482 3548 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:40:14.0493 3548 RasMan - ok
13:40:14.0548 3548 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:14.0551 3548 RasPppoe - ok
13:40:14.0588 3548 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:40:14.0592 3548 RasSstp - ok
13:40:14.0621 3548 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:40:14.0628 3548 rdbss - ok
13:40:14.0667 3548 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:40:14.0669 3548 rdpbus - ok
13:40:14.0693 3548 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:40:14.0694 3548 RDPCDD - ok
13:40:14.0731 3548 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:40:14.0732 3548 RDPENCDD - ok
13:40:14.0773 3548 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:40:14.0774 3548 RDPREFMP - ok
13:40:14.0844 3548 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:40:14.0887 3548 RDPWD - ok
13:40:14.0960 3548 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:40:14.0970 3548 rdyboost - ok
13:40:15.0043 3548 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:40:15.0048 3548 RemoteAccess - ok
13:40:15.0079 3548 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:40:15.0090 3548 RemoteRegistry - ok
13:40:15.0127 3548 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
13:40:15.0129 3548 ROOTMODEM - ok
13:40:15.0395 3548 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
13:40:15.0436 3548 RoxMediaDB10 - ok
13:40:15.0502 3548 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:40:15.0506 3548 RpcEptMapper - ok
13:40:15.0533 3548 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:40:15.0536 3548 RpcLocator - ok
13:40:15.0644 3548 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:40:15.0663 3548 RpcSs - ok
13:40:15.0781 3548 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:40:15.0784 3548 rspndr - ok
13:40:15.0867 3548 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
13:40:15.0885 3548 RSUSBSTOR - ok
13:40:15.0981 3548 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:40:15.0989 3548 RTL8167 - ok
13:40:16.0003 3548 RxFilter - ok
13:40:16.0059 3548 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:16.0063 3548 SamSs - ok
13:40:16.0080 3548 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:40:16.0084 3548 sbp2port - ok
13:40:16.0139 3548 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:40:16.0160 3548 SCardSvr - ok
13:40:16.0200 3548 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:40:16.0203 3548 scfilter - ok
13:40:16.0351 3548 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:40:16.0393 3548 Schedule - ok
13:40:16.0440 3548 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:40:16.0442 3548 SCPolicySvc - ok
13:40:16.0511 3548 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:40:16.0534 3548 SDRSVC - ok
13:40:16.0685 3548 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:40:16.0687 3548 secdrv - ok
13:40:16.0738 3548 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:40:16.0744 3548 seclogon - ok
13:40:16.0785 3548 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:40:16.0792 3548 SENS - ok
13:40:16.0844 3548 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:40:16.0850 3548 SensrSvc - ok
13:40:16.0881 3548 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:40:16.0883 3548 Serenum - ok
13:40:16.0942 3548 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:40:16.0945 3548 Serial - ok
13:40:16.0956 3548 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:40:16.0960 3548 sermouse - ok
13:40:17.0025 3548 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:40:17.0042 3548 SessionEnv - ok
13:40:17.0233 3548 SessionLauncher - ok
13:40:17.0267 3548 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:40:17.0270 3548 sffdisk - ok
13:40:17.0287 3548 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:40:17.0289 3548 sffp_mmc - ok
13:40:17.0311 3548 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:40:17.0314 3548 sffp_sd - ok
13:40:17.0331 3548 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:40:17.0333 3548 sfloppy - ok
13:40:17.0441 3548 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:40:17.0455 3548 SharedAccess - ok
13:40:17.0518 3548 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:40:17.0531 3548 ShellHWDetection - ok
13:40:17.0592 3548 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:40:17.0595 3548 SiSRaid2 - ok
13:40:17.0622 3548 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:40:17.0626 3548 SiSRaid4 - ok
13:40:17.0696 3548 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:40:17.0712 3548 Smb - ok
13:40:17.0802 3548 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:40:17.0808 3548 SNMPTRAP - ok
13:40:17.0849 3548 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:40:17.0851 3548 spldr - ok
13:40:17.0937 3548 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:40:17.0966 3548 Spooler - ok
13:40:18.0366 3548 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:40:18.0459 3548 sppsvc - ok
13:40:18.0628 3548 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:40:18.0646 3548 sppuinotify - ok
13:40:18.0888 3548 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
13:40:18.0892 3548 sprtsvc_DellSupportCenter - ok
13:40:19.0003 3548 SPService - ok
13:40:19.0161 3548 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:40:19.0177 3548 srv - ok
13:40:19.0263 3548 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:40:19.0283 3548 srv2 - ok
13:40:19.0346 3548 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:40:19.0357 3548 srvnet - ok
13:40:19.0430 3548 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:40:19.0438 3548 SSDPSRV - ok
13:40:19.0458 3548 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:40:19.0464 3548 SstpSvc - ok
13:40:19.0512 3548 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:40:19.0514 3548 stexstor - ok
13:40:19.0613 3548 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:40:19.0630 3548 stisvc - ok
13:40:19.0836 3548 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:40:19.0840 3548 stllssvr - ok
13:40:19.0866 3548 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:40:19.0868 3548 swenum - ok
13:40:19.0972 3548 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:40:19.0996 3548 swprv - ok
13:40:20.0050 3548 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
13:40:20.0057 3548 SynTP - ok
13:40:20.0222 3548 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:40:20.0281 3548 SysMain - ok
13:40:20.0426 3548 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:40:20.0433 3548 TabletInputService - ok
13:40:20.0491 3548 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:40:20.0504 3548 TapiSrv - ok
13:40:20.0538 3548 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:40:20.0545 3548 TBS - ok
13:40:20.0846 3548 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:40:20.0936 3548 Tcpip - ok
13:40:21.0364 3548 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:40:21.0393 3548 TCPIP6 - ok
13:40:21.0540 3548 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:40:21.0542 3548 tcpipreg - ok
13:40:21.0610 3548 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:40:21.0613 3548 TDPIPE - ok
13:40:21.0662 3548 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:40:21.0665 3548 TDTCP - ok
13:40:21.0708 3548 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:40:21.0712 3548 tdx - ok
13:40:21.0843 3548 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:40:21.0846 3548 TermDD - ok
13:40:22.0043 3548 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:40:22.0087 3548 TermService - ok
13:40:22.0240 3548 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:40:22.0245 3548 Themes - ok
13:40:22.0286 3548 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:40:22.0289 3548 THREADORDER - ok
13:40:22.0328 3548 tmactmon (5f22132c9153639762708909f156b33d) C:\Windows\system32\atitunep.dll
13:40:22.0329 3548 tmactmon ( Backdoor.Multi.ZAccess.gen ) - infected
13:40:22.0330 3548 tmactmon - detected Backdoor.Multi.ZAccess.gen (0)
13:40:22.0380 3548 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:40:22.0395 3548 TrkWks - ok
13:40:22.0464 3548 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:40:22.0467 3548 TrustedInstaller - ok
13:40:22.0523 3548 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:40:22.0525 3548 tssecsrv - ok
13:40:22.0567 3548 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:40:22.0570 3548 TsUsbFlt - ok
13:40:22.0626 3548 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:40:22.0629 3548 tunnel - ok
13:40:22.0664 3548 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:40:22.0667 3548 uagp35 - ok
13:40:22.0734 3548 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:40:22.0756 3548 udfs - ok
13:40:22.0866 3548 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:40:22.0871 3548 UI0Detect - ok
13:40:22.0897 3548 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:40:22.0900 3548 uliagpkx - ok
13:40:22.0925 3548 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:40:22.0928 3548 umbus - ok
13:40:22.0947 3548 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:40:22.0949 3548 UmPass - ok
13:40:23.0050 3548 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:40:23.0061 3548 upnphost - ok
13:40:23.0087 3548 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:40:23.0090 3548 usbccgp - ok
13:40:23.0129 3548 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:40:23.0133 3548 usbcir - ok
13:40:23.0148 3548 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:40:23.0150 3548 usbehci - ok
13:40:23.0211 3548 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:40:23.0220 3548 usbhub - ok
13:40:23.0240 3548 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:40:23.0242 3548 usbohci - ok
13:40:23.0279 3548 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:40:23.0281 3548 usbprint - ok
13:40:23.0292 3548 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:40:23.0296 3548 usbscan - ok
13:40:23.0310 3548 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:40:23.0313 3548 USBSTOR - ok
13:40:23.0323 3548 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:40:23.0325 3548 usbuhci - ok
13:40:23.0373 3548 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:40:23.0378 3548 usbvideo - ok
13:40:23.0441 3548 usgwrkfw (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\usgwrkfw.sys
13:40:23.0443 3548 usgwrkfw - ok
13:40:23.0521 3548 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:40:23.0526 3548 UxSms - ok
13:40:23.0577 3548 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:23.0583 3548 VaultSvc - ok
13:40:23.0617 3548 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:40:23.0619 3548 vdrvroot - ok
13:40:23.0886 3548 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:40:23.0916 3548 vds - ok
13:40:23.0965 3548 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:40:23.0967 3548 vga - ok
13:40:24.0010 3548 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:40:24.0012 3548 VgaSave - ok
13:40:24.0036 3548 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:40:24.0042 3548 vhdmp - ok
13:40:24.0051 3548 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:40:24.0053 3548 viaide - ok
13:40:24.0068 3548 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:40:24.0071 3548 volmgr - ok
13:40:24.0134 3548 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:40:24.0142 3548 volmgrx - ok
13:40:24.0170 3548 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:40:24.0177 3548 volsnap - ok
13:40:24.0225 3548 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:40:24.0249 3548 vsmraid - ok
13:40:24.0567 3548 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:40:24.0639 3548 VSS - ok
13:40:24.0785 3548 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:40:24.0787 3548 vwifibus - ok
13:40:24.0843 3548 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:40:24.0846 3548 vwififlt - ok
13:40:24.0907 3548 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:40:24.0991 3548 W32Time - ok
13:40:25.0049 3548 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:40:25.0052 3548 WacomPen - ok
13:40:25.0110 3548 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:40:25.0113 3548 WANARP - ok
13:40:25.0121 3548 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:40:25.0123 3548 Wanarpv6 - ok
13:40:25.0279 3548 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:40:25.0376 3548 WatAdminSvc - ok
13:40:25.0630 3548 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:40:25.0720 3548 wbengine - ok
13:40:25.0875 3548 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:40:25.0894 3548 WbioSrvc - ok
13:40:25.0987 3548 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:40:26.0008 3548 wcncsvc - ok
13:40:26.0045 3548 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:40:26.0051 3548 WcsPlugInService - ok
13:40:26.0149 3548 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:40:26.0151 3548 Wd - ok
13:40:26.0246 3548 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:40:26.0268 3548 Wdf01000 - ok
13:40:26.0324 3548 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:40:26.0330 3548 WdiServiceHost - ok
13:40:26.0338 3548 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:40:26.0343 3548 WdiSystemHost - ok
13:40:26.0416 3548 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:40:26.0433 3548 WebClient - ok
13:40:26.0491 3548 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:40:26.0508 3548 Wecsvc - ok
13:40:26.0531 3548 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:40:26.0536 3548 wercplsupport - ok
13:40:26.0590 3548 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:40:26.0596 3548 WerSvc - ok
13:40:26.0689 3548 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:40:26.0691 3548 WfpLwf - ok
13:40:26.0717 3548 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:40:26.0719 3548 WIMMount - ok
13:40:26.0816 3548 WinDefend - ok
13:40:26.0859 3548 WinHttpAutoProxySvc - ok
13:40:26.0996 3548 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:40:27.0001 3548 Winmgmt - ok
13:40:27.0208 3548 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:40:27.0291 3548 WinRM - ok
13:40:27.0495 3548 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
13:40:27.0497 3548 WinUSB - ok
13:40:27.0616 3548 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:40:27.0639 3548 Wlansvc - ok
13:40:27.0951 3548 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:40:28.0022 3548 wlidsvc - ok
13:40:28.0122 3548 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
13:40:28.0123 3548 wltrysvc - ok
13:40:28.0337 3548 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:40:28.0339 3548 WmiAcpi - ok
13:40:28.0448 3548 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:40:28.0453 3548 wmiApSrv - ok
13:40:28.0569 3548 WMPNetworkSvc - ok
13:40:28.0602 3548 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:40:28.0609 3548 WPCSvc - ok
13:40:28.0673 3548 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:40:28.0689 3548 WPDBusEnum - ok
13:40:28.0732 3548 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:40:28.0734 3548 ws2ifsl - ok
13:40:28.0839 3548 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:40:28.0846 3548 wscsvc - ok
13:40:28.0865 3548 WSearch - ok
13:40:29.0355 3548 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:40:29.0434 3548 wuauserv - ok
13:40:29.0614 3548 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:40:29.0618 3548 WudfPf - ok
13:40:29.0657 3548 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:29.0662 3548 WUDFRd - ok
13:40:29.0675 3548 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:40:29.0682 3548 wudfsvc - ok
13:40:29.0738 3548 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:40:29.0757 3548 WwanSvc - ok
13:40:29.0827 3548 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:40:29.0905 3548 \Device\Harddisk0\DR0 - ok
13:40:29.0912 3548 Boot (0x1200) (0b439bbeadeb8496883aee376bdd6df3) \Device\Harddisk0\DR0\Partition0
13:40:29.0915 3548 \Device\Harddisk0\DR0\Partition0 - ok
13:40:29.0934 3548 Boot (0x1200) (95fd52ee1e9259e23681f1e9e57ce212) \Device\Harddisk0\DR0\Partition1
13:40:29.0938 3548 \Device\Harddisk0\DR0\Partition1 - ok
13:40:29.0939 3548 ============================================================
13:40:29.0939 3548 Scan finished
13:40:29.0939 3548 ============================================================
13:40:29.0967 0584 Detected object count: 1
13:40:29.0967 0584 Actual detected object count: 1
13:40:33.0913 0584 C:\Windows\system32\atitunep.dll - copied to quarantine
13:40:33.0914 0584 HKLM\SYSTEM\ControlSet001\services\tmactmon - will be deleted on reboot
13:40:33.0969 0584 HKLM\SYSTEM\ControlSet002\services\tmactmon - will be deleted on reboot
13:40:34.0073 0584 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
13:40:34.0165 0584 C:\Windows\system32\atitunep.dll - will be deleted on reboot
13:40:34.0165 0584 tmactmon ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:40:39.0608 4044 Deinitialize success

#7 Crystal-PC

Crystal-PC
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri
  • Local time:09:22 PM

Posted 08 May 2012 - 02:14 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 13:54:28
-----------------------------
13:54:28.076 OS Version: Windows x64 6.1.7601 Service Pack 1
13:54:28.076 Number of processors: 2 586 0x603
13:54:28.076 ComputerName: CRYSTAL-PC UserName: Crystal
13:54:31.180 Initialize success
14:12:55.369 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:12:55.369 Disk 0 Vendor: WDC_WD3200BEVT-75A23T0 01.01A01 Size: 305245MB BusType: 11
14:12:55.416 Disk 0 MBR read successfully
14:12:55.431 Disk 0 MBR scan
14:12:55.431 Disk 0 Windows 7 default MBR code
14:12:55.431 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:12:55.447 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
14:12:55.478 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
14:12:55.478 Disk 0 scanning C:\Windows\system32\drivers
14:13:03.403 Service scanning
14:13:31.998 Modules scanning
14:13:31.998 Disk 0 trace - called modules:
14:13:32.060 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:13:32.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030ca060]
14:13:32.606 3 CLASSPNP.SYS[fffff880019cf43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002f77680]
14:13:32.606 Scan finished successfully
14:13:46.319 Disk 0 MBR has been saved successfully to "C:\Users\Crystal\Desktop\MBR.dat"
14:13:46.319 The log file has been saved successfully to "C:\Users\Crystal\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:22 PM

Posted 08 May 2012 - 03:16 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\programdata\Microsoft\Windows\DRM
c:\program files (x86)\Ask.com
c:\program files (x86)\Coupons.com
c:\program files (x86)\InboxDollars

File::
c:\windows\system32\dds_trash_log.cmd

Firefox::
FF - ProfilePath - c:\users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\uc74073x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Crystal-PC

Crystal-PC
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri
  • Local time:09:22 PM

Posted 09 May 2012 - 01:06 AM

When i rebooted the system it said that windows would not start and it had repair it and also my windows fire wall is not working it says that windows firewall cannot change some of my settings and my windows defender is now working again



ComboFix 12-05-07.03 - Crystal 05/08/2012 23:51:22.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1746 [GMT -5:00]
Running from: c:\users\Crystal\Desktop\ComboFix.exe
Command switches used :: c:\users\Crystal\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_5b12.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\bflixtoolbar
c:\program files (x86)\bflixtoolbar\chrome\content\lib\external.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\bflixtoolbar\chrome\content\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\bflixtoolbar\components\windowmediator.js
c:\program files (x86)\bflixtoolbar\install.ico
c:\program files (x86)\bflixtoolbar\uninstall.exe
c:\program files (x86)\bflixtoolbar\vmntemplate.dll
c:\program files (x86)\bflixtoolbar\vmntemplateX.dll
c:\program files (x86)\Blinkx
c:\program files (x86)\Coupons.com
c:\program files (x86)\Coupons.com\Coupons.comToolbarHelper.exe
c:\program files (x86)\Coupons.com\GottenAppsContextMenu.xml
c:\program files (x86)\Coupons.com\ldrtbCoup.dll
c:\program files (x86)\Coupons.com\OtherAppsContextMenu.xml
c:\program files (x86)\Coupons.com\prxtbCoup.dll
c:\program files (x86)\Coupons.com\SharedAppsContextMenu.xml
c:\program files (x86)\Coupons.com\tbCoup.dll
c:\program files (x86)\Coupons.com\toolbar.cfg
c:\program files (x86)\Coupons.com\ToolbarContextMenu.xml
c:\program files (x86)\Coupons.com\uninstall.exe
c:\program files (x86)\InboxDollars
c:\program files (x86)\InboxDollars\aboutTabs.7.js
c:\program files (x86)\InboxDollars\aboutTabs.8.js
c:\program files (x86)\InboxDollars\arrow.png
c:\program files (x86)\InboxDollars\audio.bmp
c:\program files (x86)\InboxDollars\banner_container.html
c:\program files (x86)\InboxDollars\bookmark_off.bmp
c:\program files (x86)\InboxDollars\bookmark_on.bmp
c:\program files (x86)\InboxDollars\bookmarksplugin.dll
c:\program files (x86)\InboxDollars\bubble_permissions.html
c:\program files (x86)\InboxDollars\build
c:\program files (x86)\InboxDollars\caching_banner.html
c:\program files (x86)\InboxDollars\chevron.bmp
c:\program files (x86)\InboxDollars\component.xsl
c:\program files (x86)\InboxDollars\default.xml
c:\program files (x86)\InboxDollars\efolder.bmp
c:\program files (x86)\InboxDollars\email.bmp
c:\program files (x86)\InboxDollars\email2.bmp
c:\program files (x86)\InboxDollars\email3.bmp
c:\program files (x86)\InboxDollars\emailchecker_plugin.dll
c:\program files (x86)\InboxDollars\facebook.feature
c:\program files (x86)\InboxDollars\fbrss.xsl
c:\program files (x86)\InboxDollars\ff.xsl
c:\program files (x86)\InboxDollars\FixToolbar1163.bat
c:\program files (x86)\InboxDollars\folder.bmp
c:\program files (x86)\InboxDollars\Helper.dll
c:\program files (x86)\InboxDollars\icons.bmp
c:\program files (x86)\InboxDollars\iefavelem.bmp
c:\program files (x86)\InboxDollars\images\amazon.bmp
c:\program files (x86)\InboxDollars\images\ebay.bmp
c:\program files (x86)\InboxDollars\images\email.bmp
c:\program files (x86)\InboxDollars\images\email2.bmp
c:\program files (x86)\InboxDollars\images\msgbox\down.gif
c:\program files (x86)\InboxDollars\images\msgbox\hr.bmp
c:\program files (x86)\InboxDollars\images\msgbox\mark.png
c:\program files (x86)\InboxDollars\images\msgbox\mark_do.png
c:\program files (x86)\InboxDollars\images\msgbox\mark_na.png
c:\program files (x86)\InboxDollars\images\msgbox\navbg.bmp
c:\program files (x86)\InboxDollars\images\msgbox\refresh.png
c:\program files (x86)\InboxDollars\images\msgbox\refresh_do.png
c:\program files (x86)\InboxDollars\images\msgbox\refresh_na.png
c:\program files (x86)\InboxDollars\images\msgbox\trash.png
c:\program files (x86)\InboxDollars\images\msgbox\trash_do.png
c:\program files (x86)\InboxDollars\images\msgbox\trash_na.png
c:\program files (x86)\InboxDollars\images\msgbox\unmark.png
c:\program files (x86)\InboxDollars\images\msgbox\unmark_do.png
c:\program files (x86)\InboxDollars\images\msgbox\unmark_na.png
c:\program files (x86)\InboxDollars\images\msgbox\up.gif
c:\program files (x86)\InboxDollars\images\ticker\left.gif
c:\program files (x86)\InboxDollars\images\ticker\right.gif
c:\program files (x86)\InboxDollars\images\weather\0.bmp
c:\program files (x86)\InboxDollars\images\weather\1.bmp
c:\program files (x86)\InboxDollars\images\weather\10.bmp
c:\program files (x86)\InboxDollars\images\weather\11.bmp
c:\program files (x86)\InboxDollars\images\weather\12.bmp
c:\program files (x86)\InboxDollars\images\weather\13.bmp
c:\program files (x86)\InboxDollars\images\weather\14.bmp
c:\program files (x86)\InboxDollars\images\weather\15.bmp
c:\program files (x86)\InboxDollars\images\weather\16.bmp
c:\program files (x86)\InboxDollars\images\weather\17.bmp
c:\program files (x86)\InboxDollars\images\weather\18.bmp
c:\program files (x86)\InboxDollars\images\weather\19.bmp
c:\program files (x86)\InboxDollars\images\weather\2.bmp
c:\program files (x86)\InboxDollars\images\weather\20.bmp
c:\program files (x86)\InboxDollars\images\weather\21.bmp
c:\program files (x86)\InboxDollars\images\weather\22.bmp
c:\program files (x86)\InboxDollars\images\weather\23.bmp
c:\program files (x86)\InboxDollars\images\weather\24.bmp
c:\program files (x86)\InboxDollars\images\weather\25.bmp
c:\program files (x86)\InboxDollars\images\weather\26.bmp
c:\program files (x86)\InboxDollars\images\weather\27.bmp
c:\program files (x86)\InboxDollars\images\weather\28.bmp
c:\program files (x86)\InboxDollars\images\weather\29.bmp
c:\program files (x86)\InboxDollars\images\weather\3.bmp
c:\program files (x86)\InboxDollars\images\weather\30.bmp
c:\program files (x86)\InboxDollars\images\weather\31.bmp
c:\program files (x86)\InboxDollars\images\weather\32.bmp
c:\program files (x86)\InboxDollars\images\weather\33.bmp
c:\program files (x86)\InboxDollars\images\weather\34.bmp
c:\program files (x86)\InboxDollars\images\weather\35.bmp
c:\program files (x86)\InboxDollars\images\weather\36.bmp
c:\program files (x86)\InboxDollars\images\weather\37.bmp
c:\program files (x86)\InboxDollars\images\weather\38.bmp
c:\program files (x86)\InboxDollars\images\weather\39.bmp
c:\program files (x86)\InboxDollars\images\weather\4.bmp
c:\program files (x86)\InboxDollars\images\weather\40.bmp
c:\program files (x86)\InboxDollars\images\weather\41.bmp
c:\program files (x86)\InboxDollars\images\weather\42.bmp
c:\program files (x86)\InboxDollars\images\weather\43.bmp
c:\program files (x86)\InboxDollars\images\weather\44.bmp
c:\program files (x86)\InboxDollars\images\weather\45.bmp
c:\program files (x86)\InboxDollars\images\weather\46.bmp
c:\program files (x86)\InboxDollars\images\weather\47.bmp
c:\program files (x86)\InboxDollars\images\weather\5.bmp
c:\program files (x86)\InboxDollars\images\weather\6.bmp
c:\program files (x86)\InboxDollars\images\weather\7.bmp
c:\program files (x86)\InboxDollars\images\weather\8.bmp
c:\program files (x86)\InboxDollars\images\weather\9.bmp
c:\program files (x86)\InboxDollars\images\weather\hr.bmp
c:\program files (x86)\InboxDollars\images\weather\na.bmp
c:\program files (x86)\InboxDollars\images\weather\png\0.png
c:\program files (x86)\InboxDollars\images\weather\png\1.png
c:\program files (x86)\InboxDollars\images\weather\png\10.png
c:\program files (x86)\InboxDollars\images\weather\png\11.png
c:\program files (x86)\InboxDollars\images\weather\png\12.png
c:\program files (x86)\InboxDollars\images\weather\png\13.png
c:\program files (x86)\InboxDollars\images\weather\png\14.png
c:\program files (x86)\InboxDollars\images\weather\png\15.png
c:\program files (x86)\InboxDollars\images\weather\png\16.png
c:\program files (x86)\InboxDollars\images\weather\png\17.png
c:\program files (x86)\InboxDollars\images\weather\png\18.png
c:\program files (x86)\InboxDollars\images\weather\png\19.png
c:\program files (x86)\InboxDollars\images\weather\png\2.png
c:\program files (x86)\InboxDollars\images\weather\png\20.png
c:\program files (x86)\InboxDollars\images\weather\png\21.png
c:\program files (x86)\InboxDollars\images\weather\png\22.png
c:\program files (x86)\InboxDollars\images\weather\png\23.png
c:\program files (x86)\InboxDollars\images\weather\png\24.png
c:\program files (x86)\InboxDollars\images\weather\png\25.png
c:\program files (x86)\InboxDollars\images\weather\png\26.png
c:\program files (x86)\InboxDollars\images\weather\png\27.png
c:\program files (x86)\InboxDollars\images\weather\png\28.png
c:\program files (x86)\InboxDollars\images\weather\png\29.png
c:\program files (x86)\InboxDollars\images\weather\png\3.png
c:\program files (x86)\InboxDollars\images\weather\png\30.png
c:\program files (x86)\InboxDollars\images\weather\png\31.png
c:\program files (x86)\InboxDollars\images\weather\png\32.png
c:\program files (x86)\InboxDollars\images\weather\png\33.png
c:\program files (x86)\InboxDollars\images\weather\png\34.png
c:\program files (x86)\InboxDollars\images\weather\png\35.png
c:\program files (x86)\InboxDollars\images\weather\png\36.png
c:\program files (x86)\InboxDollars\images\weather\png\37.png
c:\program files (x86)\InboxDollars\images\weather\png\38.png
c:\program files (x86)\InboxDollars\images\weather\png\39.png
c:\program files (x86)\InboxDollars\images\weather\png\4.png
c:\program files (x86)\InboxDollars\images\weather\png\40.png
c:\program files (x86)\InboxDollars\images\weather\png\41.png
c:\program files (x86)\InboxDollars\images\weather\png\42.png
c:\program files (x86)\InboxDollars\images\weather\png\43.png
c:\program files (x86)\InboxDollars\images\weather\png\44.png
c:\program files (x86)\InboxDollars\images\weather\png\45.png
c:\program files (x86)\InboxDollars\images\weather\png\46.png
c:\program files (x86)\InboxDollars\images\weather\png\47.png
c:\program files (x86)\InboxDollars\images\weather\png\5.png
c:\program files (x86)\InboxDollars\images\weather\png\6.png
c:\program files (x86)\InboxDollars\images\weather\png\7.png
c:\program files (x86)\InboxDollars\images\weather\png\8.png
c:\program files (x86)\InboxDollars\images\weather\png\9.png
c:\program files (x86)\InboxDollars\images\weather\png\na.png
c:\program files (x86)\InboxDollars\images\wikipedia.bmp
c:\program files (x86)\InboxDollars\images\yahoo.bmp
c:\program files (x86)\InboxDollars\localization.xml
c:\program files (x86)\InboxDollars\location.xsl
c:\program files (x86)\InboxDollars\magglass.ico
c:\program files (x86)\InboxDollars\manage_bookmarks.html
c:\program files (x86)\InboxDollars\marquee.html
c:\program files (x86)\InboxDollars\marquee_permissions.html
c:\program files (x86)\InboxDollars\messaging.bmp
c:\program files (x86)\InboxDollars\minus.bmp
c:\program files (x86)\InboxDollars\msgbox_bubble.tmpl
c:\program files (x86)\InboxDollars\msgbox_openmsg.tmpl
c:\program files (x86)\InboxDollars\msgboxplugin.dll
c:\program files (x86)\InboxDollars\offline.html
c:\program files (x86)\InboxDollars\patch.bat
c:\program files (x86)\InboxDollars\plus.bmp
c:\program files (x86)\InboxDollars\podcast.bmp
c:\program files (x86)\InboxDollars\podcast.xsl
c:\program files (x86)\InboxDollars\radio.bmp
c:\program files (x86)\InboxDollars\RadioPlugin.dll
c:\program files (x86)\InboxDollars\resize.bmp
c:\program files (x86)\InboxDollars\rssfeed.bmp
c:\program files (x86)\InboxDollars\RSSReader_plugin.dll
c:\program files (x86)\InboxDollars\search.xsl
c:\program files (x86)\InboxDollars\SearchComponent.dll
c:\program files (x86)\InboxDollars\settings
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_dropdwn_down.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_dropdwn_over.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_dropdwn_up.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_max_down.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_max_over.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_max_up.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_min_down.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_min_over.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_min_up.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_pause_down.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_pause_over.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_pause_up.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_play_down.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_play_over.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_play_up.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_playcntrl_over.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_playcntrl_up.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_stop_down.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_stop_over.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_stop_up.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_volcntrl_over.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\btn_volcntrl_up.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\Equalizer1.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\Equalizer2.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\Equalizer3.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\Equalizer4.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\Equalizer5.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\Equalizer6.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\playcntrl_bg.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\radio.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\radio_mask.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\radio_minimalized.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\radio_minimalized_mask.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\station.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\vol_01.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\vol_02.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\vol_03.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\volslide_bg.bmp
c:\program files (x86)\InboxDollars\skins\radio\gray03\volslide_track.bmp
c:\program files (x86)\InboxDollars\star_on.gif
c:\program files (x86)\InboxDollars\ticker.html
c:\program files (x86)\InboxDollars\Toolbar.dll
c:\program files (x86)\InboxDollars\ToolbarUpdate.exe
c:\program files (x86)\InboxDollars\TroubleShooter.exe
c:\program files (x86)\InboxDollars\Uninst.exe
c:\program files (x86)\InboxDollars\update_progress.html
c:\program files (x86)\InboxDollars\version.txt
c:\program files (x86)\InboxDollars\version.xsl
c:\program files (x86)\InboxDollars\weather_bubble.tmpl
c:\program files (x86)\InboxDollars\weatherplugin.dll
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\85D5.tmp
c:\programdata\Microsoft\Windows\DRM\85F5.tmp
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-1198073987-3426309728-3115954574-1000\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.bla
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.tmp
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01_64.key
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\IndivBox.key
c:\programdata\Microsoft\Windows\DRM\IndivBox_64.key
c:\programdata\Microsoft\Windows\DRM\v2ksndv.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
c:\users\Crystal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
c:\users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\uc74073x.default\searchplugins\bing-zugo.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
c:\windows\SysWow64\config\systemprofile\appdata\roaming\adobe\sp.Dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NetworkLog
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 05:12 . 2012-05-09 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 04:47 . 2012-05-09 04:47 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B36D6932-2EAF-438E-9ABF-543C8CBE525A}\offreg.dll
2012-05-09 04:06 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B36D6932-2EAF-438E-9ABF-543C8CBE525A}\mpengine.dll
2012-05-04 09:03 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-04 07:47 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 07:47 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 07:47 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-03 22:10 . 2012-05-04 05:24 -------- d-----w- c:\program files (x86)\OpinionSquare
2012-05-03 22:08 . 2012-05-03 22:09 -------- d-----w- c:\users\Crystal\AppData\Local\Deployment
2012-05-03 22:08 . 2012-05-03 22:08 -------- d-----w- c:\users\Crystal\AppData\Local\Apps
2012-05-02 00:43 . 2012-05-02 00:43 -------- d-----w- c:\users\Crystal\AppData\Roaming\Malwarebytes
2012-05-02 00:42 . 2012-05-02 00:42 -------- d-----w- c:\programdata\Malwarebytes
2012-05-02 00:42 . 2012-05-04 09:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-01 23:56 . 2012-05-08 18:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 19:29 . 2012-05-04 05:17 -------- d-----w- c:\program files (x86)\QuickTime
2012-04-22 00:31 . 2011-05-10 18:37 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2012-04-22 00:31 . 2011-05-10 18:37 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-04-22 00:31 . 2011-05-10 18:37 224768 ----a-w- c:\windows\SysWow64\msvcm90.dll
2012-04-22 00:31 . 2006-05-04 13:33 53248 ----a-w- c:\windows\SysWow64\CommonDL.dll
2012-04-22 00:31 . 2005-10-04 06:39 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-04-22 00:29 . 2012-05-04 05:17 -------- d-----w- c:\programdata\LGMOBILEAX
2012-04-12 08:11 . 2012-05-04 05:16 -------- d-----w- C:\cffa1885981ab1c1744da36a5c3db930
2012-04-12 08:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 08:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 08:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 08:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 03:30 . 2011-08-15 16:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-07 03:28 . 2011-08-19 00:41 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-07 03:19 . 2011-08-19 00:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-05 08:39 . 2011-08-19 01:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-05 08:38 . 2011-08-15 16:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-05 08:36 . 2012-03-28 22:22 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 08:36 . 2011-08-15 20:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 08:36 . 2012-03-28 22:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-05 08:22 . 2011-08-15 16:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-05 08:21 . 2011-08-19 00:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-24 19:43 . 2009-08-18 17:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-24 19:42 . 2009-08-18 16:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-23 23:18 . 2011-08-15 16:27 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-23 15:18 . 2011-08-15 15:43 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 21:26 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 21:26 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 21:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 21:26 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 01:41 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 01:41 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 16:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{eec0f710-38b5-4aba-99bf-ec87564a4e13}"= "c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" [2012-02-10 1307928]
.
[HKEY_CLASSES_ROOT\clsid\{eec0f710-38b5-4aba-99bf-ec87564a4e13}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Crystal\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-17 137536]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2011-12-12 10448384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-11 487561]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-09-05 273528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"="c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [BU]
"4Y3Y0C3A6IVBYB5ID"="c:\regbe.bin\071BAAF833A.exe" [BU]
.
c:\users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-8-15 484976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 kznryqvh;kznryqvh;c:\windows\system32\drivers\kznryqvh.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 136176]
R2 SessionLauncher;SessionLauncher;c:\users\Crystal\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 136176]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 08:36]
.
2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1198073987-3426309728-3115954574-1000Core.job
- c:\users\Crystal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 06:55]
.
2012-05-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1198073987-3426309728-3115954574-1000UA.job
- c:\users\Crystal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 06:55]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 21:03]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 21:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"combofix"="c:\combofix\CF6778.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ac97intc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 8.8.8.8
FF - ProfilePath - c:\users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\uc74073x.default\
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z134&install_date=20110916
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{4219427b-0228-4356-a78b-eb7668d37d07} - c:\program files (x86)\InboxDollars\Helper.dll
BHO-{37153479-1976-43c3-a1ee-557513977b64} - c:\program files (x86)\Coupons.com\prxtbCoup.dll
BHO-{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - c:\program files (x86)\InboxDollars\Toolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{37153479-1976-43c3-a1ee-557513977b64} - c:\program files (x86)\Coupons.com\prxtbCoup.dll
Toolbar-{47980628-3844-42AA-A0DD-E2D86BBA9600} - c:\program files (x86)\InboxDollars\Toolbar.dll
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
SafeBoot-62286760.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
WebBrowser-{47980628-3844-42AA-A0DD-E2D86BBA9600} - (no file)
AddRemove-Coupons.com Toolbar - c:\program files (x86)\Coupons.com\uninstall.exe
AddRemove-InboxDollars - c:\program files (x86)\InboxDollars\Uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-09 00:24:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-09 05:24
ComboFix2.txt 2012-05-08 01:33
.
Pre-Run: 278,377,357,312 bytes free
Post-Run: 278,414,946,304 bytes free
.
- - End Of File - - FD3A143EF49F2071C8747F9C54DE80B2

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:22 PM

Posted 09 May 2012 - 01:09 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:22 PM

Posted 11 May 2012 - 11:18 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Crystal-PC

Crystal-PC
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri
  • Local time:09:22 PM

Posted 13 May 2012 - 03:17 PM

sorry I've been busy with work and does it have to be a flash driver can it be a memory card or sd card

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:22 PM

Posted 13 May 2012 - 10:10 PM

I think that will work if it is big enough - I have not tried it tho


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:22 PM

Posted 15 May 2012 - 11:15 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Crystal-PC

Crystal-PC
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri
  • Local time:09:22 PM

Posted 16 May 2012 - 04:19 PM

sorry the internet on my laptop has not been working lately




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users